8
私は本当にこれで苦労しています。証明書とデジタル署名で保護されているWebサービスがあります。このすべては、Javaコードで作成しているSOAP要求の一部として渡す必要がありますが、作成しようとしているデジタル署名部分がうまく形成されていない日もあります。サンプルXMLからJava経由でSOAPメッセージを作成する
コードは、BinaryTokenまで要求を正しく作成し、 "Name signatureToken"から壊れます。
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1313056420712-845854837">MIIDVjCCAj6gAwIBAgIEThbQLTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJnYjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEUMBIGA1UEChMLaGVhbHRoc29sdmUxFDASBgNVBAsTC2hlYWx0aHNvbHZlMQ4wDAYDVQQDEwVzaW1vbjAeFw0xMTA3MDgwOTM4NTNaFw0xMjA3MDIwOTM4NTNaMG0x</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-13130564207092015610708">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-1313056421405-433059543">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3wCcYA8m7LN0TLchG80s6zUaTJE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ZkPCKEGpOmkhJA5Kq6oqUYU3OWQYyca676UhL
lOyRj7HQD7g0vS+wp70gY7Hos/2G7UpjmYDLPA==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421331317573418">
<wsse:Reference URI="#XWSSGID-1313056420712-845854837" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421405-433059543">
</ns2:GetEhaStatusRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
と私はコードを介して、上記のXMLを形成するために書かれているコードは通りである:
protected void setSecuritySection(SOAPFactory soapFactory, SOAPEnvelope envelope, SOAPPart soapPart) throws SOAPException, ECException {
String METHODNAME = "setSecuritySection";
KeyPairGenerator kpg;
boolean mustUnderstand = true;
SOAPHeader soapHeader = envelope.getHeader();
try {
Name securityName = soapFactory.createName("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement securityElement = soapHeader.addHeaderElement(securityName);
// SOAPHeaderElement securityElement =
// soapHeader.addHeaderElement(securityName);
// securityElement.setMustUnderstand(mustUnderstand);
Name binarySecurityToken = soapFactory.createName("BinarySecurityToken", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement binarySecurityTokenElement = securityElement.addChildElement(binarySecurityToken);
Certificate cert;
String trustStoreLocation = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE");
String trustStorePwd = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE_PWD");
InputStream path = new FileInputStream(trustStoreLocation);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(path, new String(new BASE64Decoder().decodeBuffer(trustStorePwd)).toCharArray());
cert = ks.getCertificate("test");
binarySecurityTokenElement.addTextNode(new BASE64Encoder().encode(cert.getEncoded()));
kpg = KeyPairGenerator.getInstance("DSA");
Name idToken = soapFactory.createName("Id", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement idElement = binarySecurityTokenElement.addChildElement(idToken);
idElement.addTextNode("test");
Name valueTypeToken = soapFactory.createName("ValueType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
SOAPElement valueTypeElement = binarySecurityTokenElement.addChildElement(valueTypeToken);
valueTypeElement.addTextNode("X509v3");
Name encodingTypeToken = soapFactory.createName("EncodingType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
SOAPElement encodingTypeElement = binarySecurityTokenElement.addChildElement(encodingTypeToken);
encodingTypeElement.addTextNode("Base64Binary");
Name signatureToken = soapFactory.createName("Signature", "ds", "http://www.w3.org/2000/09/xmldsig#");
SOAPHeaderElement signElement = soapHeader.addHeaderElement(signatureToken);
Name id1 = soapFactory.createName("Id");
signElement.addAttribute(id1,"XWSSGID-13130564207092015610708");
Name signedInfo = soapFactory.createName("SignedInfo");
SOAPElement signInfoElement = signElement.addChildElement(signedInfo);
//SOAPHeaderElement signInfoElement = soapHeader.addHeaderElement(signedInfo);
Name canonicalToken = soapFactory.createName("CanonicalizationMethod");
SOAPElement canonicalTokenTokenElement = signInfoElement.addChildElement(canonicalToken);
Name alg = soapFactory.createName("Algorithm");
canonicalTokenTokenElement.addAttribute(alg,"http://www.w3.org/2001/10/xml-exc-c14n#");
Name InclusiveNamespaceToken = soapFactory.createName("InclusiveNamespaces", "wsse", "http://www.w3.org/2001/10/xml-exc-c14n#");
SOAPElement element = canonicalTokenTokenElement.addChildElement(InclusiveNamespaceToken);
Name prefixList = soapFactory.createName("PrefixList");
element.addAttribute(prefixList,"wsse SOAP-ENV");
Name signatureMethodToken = soapFactory.createName("SignatureMethod","ds", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
SOAPElement signatureMethodTokenElement = signInfoElement.addChildElement(signatureMethodToken);
Name alg2 = soapFactory.createName("Algorithm");
signatureMethodTokenElement.addAttribute(alg2,"http://www.w3.org/2000/09/xmldsig#rsa-sha1");
Name referenceToken = soapFactory.createName("Reference", "ds", "#XWSSGID-1313056421405-433059543");
SOAPElement referenceTokenElement = signatureMethodTokenElement.addChildElement(referenceToken);
Name uri = soapFactory.createName("URI");
referenceTokenElement.addAttribute(uri,"#XWSSGID-1313056421405-433059543");
Name digestMethodAlgToken = soapFactory.createName("DigestMethod");
SOAPElement digestMethodAlgTokenElement = referenceTokenElement.addChildElement(digestMethodAlgToken);
Name alg3 = soapFactory.createName("Algorithm");
digestMethodAlgTokenElement.addAttribute(alg3,"http://www.w3.org/2000/09/xmldsig#sha1");
Name digestValueToken = soapFactory.createName("DigestValue" ,"ds" , "3wCcYA8m7LN0TLchG80s6zUaTJE=");
SOAPElement digestValueTokenElement = referenceTokenElement.addChildElement(digestValueToken);
digestValueTokenElement.addTextNode("3wCcYA8m7LN0TLchG80s6zUaTJE=");
Name signValueToken = soapFactory.createName("SignatureValue");
SOAPElement signValueElement = signElement.addChildElement(signValueToken);
signValueElement.addTextNode("QlYfURFjcYPu41G31bXgP4JbFdg6kWH+8ofrY+oc22FvLqVMUW3zdtvZN==");
Name keyInfoToken = soapFactory.createName("KeyInfo") ;
SOAPElement keyInfoElement = signElement.addChildElement(keyInfoToken);
Name securityRefToken = soapFactory.createName("SecurityTokenReference" ,"wsse" , "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPElement securityRefElement = keyInfoElement.addChildElement(securityRefToken);
Name id2 = soapFactory.createName("Id","wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
securityRefElement.addAttribute(id2,"XWSSGID-1313056421331317573418");
Name referenceURIToken = soapFactory.createName("Reference", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile1.0#X509v3");
SOAPElement refElement = securityRefElement.addChildElement(referenceURIToken);
Name uri1 = soapFactory.createName("URI");
refElement.addAttribute(uri1,"#XWSSGID-1313056420712-845854837");
Name valType = soapFactory.createName("ValueType");
refElement.addAttribute(valType,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
} catch (Exception ex) {
throw new SOAPException(ex);
}
には適切ではないものにこれはサンプルXMLであるとして指導を探して
まさに "壊れた" とは何ですか? – emboss
SOAPメッセージの構成は、サンプルメッセージとして出力されません。私はxmlの形成に使用する正確なメソッドが必要です。 – Nidhi
"手動で"署名付きXML文書を作成していますか? –