2
WSS4J를 사용하여 SOAP 메시지의 서명과 타임 스탬프를 확인하고 있습니다. 그러나 서명 된 타임 스탬프 부분이없는 메시지를 받으면 wssj4는 모든 것이 정상이라고 생각하고 그 상황에서 오류를보고 싶습니다.wss4j 서명 확인 프로그램을 구성하는 방법
내 좋은 메시지는 다음과 같습니다
<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>u8CMT7Q7fJJ1Dv5dEmzGU1FO5Y0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>m8XN2C3FUjK4WHAXhO9gLI82XeE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>X9EntCBO7nmNrYsYuugpHxN13wSUNhTF4exkRRWj0tTrfEqbz8potg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-B60AEEFF94DBA35E9413402583324452">
<wsse:SecurityTokenReference wsu:Id="STR-B60AEEFF94DBA35E9413402583324473">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=TEST,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown</ds:X509IssuerName>
<ds:X509SerialNumber>1332750124</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2012-06-21T05:58:52.392Z</wsu:Created>
<wsu:Expires>2012-06-21T06:03:52.392Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2">
[...]
</soap:Body>
</soap:Envelope>
그리고 잘못된 메시지 (이 하나가 "타임 스탬프 서명되지"와 같은 예외 뭔가를 던져해야합니다) :
<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>u8CMT7Q7fJJ1Dv5dEmzGU1FO5Y0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>U6TSJXJTCryEm5FhoMBbEoiUIL0jjFDvPxPJ3ihoOHsWCwk4t3++2w==</ds:SignatureValue>
<ds:KeyInfo Id="KI-9AEDF8EC92B112ADE113402583983992">
<wsse:SecurityTokenReference wsu:Id="STR-9AEDF8EC92B112ADE113402583984013">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=TEST,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown</ds:X509IssuerName>
<ds:X509SerialNumber>1332750124</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2012-06-21T05:59:58.376Z</wsu:Created>
<wsu:Expires>2012-06-21T06:04:58.376Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2">
[...]
</soap:Body>
</soap:Envelope>
을 그래서 내 잘못된 메시지하지 않는 다음을 포함합니다 :
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>m8XN2C3FUjK4WHAXhO9gLI82XeE=</ds:DigestValue>
</ds:Reference>
현재 나는 매우 멋진 인터셉터를 다음과 같이 구성했습니다.
// verifying incepteptor
final String actions = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE;
Map<String, Object> inProps = new HashMap<String, Object>();
Map<QName, Validator> validatorMap = new HashMap<QName, Validator>();
validatorMap.put(WSSecurityEngine.SIGNATURE, new SignatureTrustValidator());
validatorMap.put(WSSecurityEngine.TIMESTAMP, new TimeStampValidator());
inProps.put(WSS4JInInterceptor.VALIDATOR_MAP, validatorMap);
inProps.put(WSHandlerConstants.ACTION, actions);
inProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, SIG_PROPFILE);
WSS4JInInterceptor verifying = new WSS4JInInterceptor(inProps);
이러한 동작을 수행하기 위해 wss4j를 설정하는 방법은 무엇입니까? BTW : CXF 버전 : 2.5.1 WSS4J 버전 : 1.6.2