如何使用spring security在x509data下设置x509certificate

4sup72z8  于 2021-07-24  发布在  Java
关注(0)|答案(0)|浏览(262)

在签署soap请求时,我试图在x509data下添加x509certificate,下面是我的代码剪贴。伙计们,我对数字签名还不熟悉。所以我们有任何其他的解决方案,请发表评论。
我需要用jks文件对soap请求进行数字签名,然后将其发送给客户端。

@Bean
public Jaxb2Marshaller getLGMarshaller() {
    Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
    marshaller.setMtomEnabled(true);
    marshaller.setContextPath("pk.herman.wsdl");
    return marshaller;
}

@Bean
public CryptoFactoryBean getCryptoFactoryBean() throws IOException {

    CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
    cryptoFactoryBean.setKeyStorePassword(keyStorePassword);
    cryptoFactoryBean.setKeyStoreLocation(new ClassPathResource(keyStoreClassPathResource));

    return cryptoFactoryBean;
}

@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {
    Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();

    securityInterceptor.setSecurementActions("Signature Timestamp");

    securityInterceptor.setSecurementTimeToLive(300000);
    securityInterceptor.setTimestampPrecisionInMilliseconds(true);

    securityInterceptor.setSecurementUsername(privatekeyAlias);
    securityInterceptor.setSecurementPassword(privatekeyPassword);
    securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBean().getObject());

    securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
    securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");

    securityInterceptor.setSecurementMustUnderstand(false);
    securityInterceptor.setSecurementSignatureParts(
            "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");

    return securityInterceptor;
}

@Bean
public IIBSoapClient getLGClient() throws Exception {

    ClientInterceptor[] interceptors = new ClientInterceptor[] { securityInterceptor() };

    IIBSoapClient lgClient = new IIBSoapClient();
    lgClient.setMarshaller(getLGMarshaller());
    lgClient.setUnmarshaller(getLGMarshaller());
    lgClient.setInterceptors(interceptors);
    lgClient.getWebServiceTemplate().setMessageSender(new IIBBasicAuth());
    return lgClient;
}

当前低于输出

<ds:KeyInfo Id="KI-75e2259a-c70f-4f6d-92d0-752513e2919d">
    <wsse:SecurityTokenReference wsu:Id="STR-44406dea-3324-4eef-8dcb-21aca375e562">
        <ds:X509Data>
            <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</ds:X509IssuerName>
                <ds:X509SerialNumber>12345678</ds:X509SerialNumber>
            </ds:X509IssuerSerial>
        </ds:X509Data>
    </wsse:SecurityTokenReference>
</ds:KeyInfo>

预期输出应为

<ds:KeyInfo>
    <ds:X509Data>
        <ds:X509Certificate>MIIGDDCCBPSgAwIBAgIQC9qg6N4BpzKYe78RsUosyTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG0+ZIKSzv4COUxkKKkQ==</ds:X509Certificate>
    </ds:X509Data>
    <ds:KeyValue>
        <ds:RSAKeyValue>
            <ds:Modulus>sCIykcfZ1X0EkDLHSLu2bqI8qfwCk5IfD3Kqc2==</ds:Modulus>
            <ds:Exponent>AQAB</ds:Exponent>
        </ds:RSAKeyValue>
    </ds:KeyValue>
</ds:KeyInfo>
Javaspringspring-securityx509certificatedigital-signature

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com