1

我正在开发一个 JAX-WS Web 服务,它必须根据 XML 数字签名规范验证传入的 SOAP 消息。我注意到一个奇怪的行为,我可以验证第一条传入的消息,但随后的消息(签名和引用)验证失败。如果我重新启动应用程序服务器(Websphere 8.5),我可以验证第一条消息。似乎应用程序服务器在我解析传入的 SOAP 消息之前对其进行了修改。修改后的 SOAP 消息在逻辑上是等效的 XML 文档,但它们的物理表示不同,并且规范化并不能解决问题。

下面是从 SOAPMessageContext 检索 SOAPMessage 并打印信封的代码。

@Override
public boolean handleMessage(SOAPMessageContext messageContext) {

    // get the message from the context 
    SOAPMessage message = messageContext.getMessage(); 

    // is an outgoing message?
    Boolean isOutgoing = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

    if(!isOutgoing){
        // incoming message...

        // Retrieve the SOAP part of the incoming message
        SOAPPart soapPart = message.getSOAPPart();

        try {
            System.out.println(soapPart.getEnvelope().toString());
        } catch (SOAPException e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }

        //...omissis...
     }
}

以下是第一条消息的输出:

<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
    <CommandMessage xmlns="http://www.cryptomathic.com/ckms">
        <Commands Count="1">
            <PushServerPublicKeyCommand>
                <SerialNumber>10</SerialNumber>
                <Target>COPS</Target>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyValue>
                        <RSAKeyValue>
                            <Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</Modulus>
                            <Exponent>AQAB</Exponent>
                        </RSAKeyValue>
                    </KeyValue>
                </KeyInfo>
            </PushServerPublicKeyCommand>
        </Commands>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <Reference URI="">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>XKl5mK5WVr1RU95Zui14kVz4Bpo=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>NFakMv6OTJIDJowl2SabGmxSii55OuxLUoJcEIURVZKf4aqoeC03aKSY42agOnUep/Ov7ijF5rLOfrxdDsqT5TCYGaSNEaviR4LnCxFjZ5DJKHCNFuCvRQGTEKgzQFqxh9T7RpvyzuN0dh3WJvhCLMYGGZTmFqSpCpcpEU0pCcKO0U+VlwVGVK8eFrKxKYj+uo/y2p1KLpOl+BfdM/caUZ93CIS7AHgwABhQg0uW5Bg/3nuYnmtpHpoGgco0Ds+LTlUFmvInaCn8TK4tVe3TZB8s4bMnBLY1ztut4xdLL4OPRUyryV+r67H2oFnsfGrQ/GMstdcnYaM8GHm9EycjCg==</SignatureValue>
            <KeyInfo>
                <KeyValue>
                    <RSAKeyValue>
                        <Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</Modulus>
                        <Exponent>AQAB</Exponent>
                    </RSAKeyValue>
                </KeyValue>
            </KeyInfo>
        </Signature>
    </CommandMessage>
</soap:Body>

这是后续消息的输出:

<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
    <CommandMessage xmlns="http://www.cryptomathic.com/ckms" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
        <Commands Count="1">
            <PushServerPublicKeyCommand>
                <SerialNumber>10</SerialNumber>
                <Target>COPS</Target>
                <ns2:KeyInfo>
                    <ns2:KeyValue>
                        <ns2:RSAKeyValue>
                            <ns2:Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</ns2:Modulus>
                            <ns2:Exponent>AQAB</ns2:Exponent>
                        </ns2:RSAKeyValue>
                    </ns2:KeyValue>
                </ns2:KeyInfo>
            </PushServerPublicKeyCommand>
        </Commands>
        <ns2:Signature>
            <ns2:SignedInfo>
                <ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ns2:Reference URI="">
                    <ns2:Transforms>
                        <ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ns2:Transforms>
                    <ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ns2:DigestValue>XKl5mK5WVr1RU95Zui14kVz4Bpo=</ns2:DigestValue>
                </ns2:Reference>
            </ns2:SignedInfo>
            <ns2:SignatureValue>NFakMv6OTJIDJowl2SabGmxSii55OuxLUoJcEIURVZKf4aqoeC03aKSY42agOnUep/Ov7ijF5rLOfrxdDsqT5TCYGaSNEaviR4LnCxFjZ5DJKHCNFuCvRQGTEKgzQFqxh9T7RpvyzuN0dh3WJvhCLMYGGZTmFqSpCpcpEU0pCcKO0U+VlwVGVK8eFrKxKYj+uo/y2p1KLpOl+BfdM/caUZ93CIS7AHgwABhQg0uW5Bg/3nuYnmtpHpoGgco0Ds+LTlUFmvInaCn8TK4tVe3TZB8s4bMnBLY1ztut4xdLL4OPRUyryV+r67H2oFnsfGrQ/GMstdcnYaM8GHm9EycjCg==</ns2:SignatureValue>
            <ns2:KeyInfo>
                <ns2:KeyValue>
                    <ns2:RSAKeyValue>
                        <ns2:Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</ns2:Modulus>
                        <ns2:Exponent>AQAB</ns2:Exponent>
                    </ns2:RSAKeyValue>
                </ns2:KeyValue>
            </ns2:KeyInfo>
        </ns2:Signature>
    </CommandMessage>
</soap:Body>

我总是使用 SoapUI 发送相同的消息,但正如您所见,消息在逻辑上是等效的,但在物理上是不同的。我怎样才能避免这种行为?

问候,乔瓦尼

4

1 回答 1

1

IBM 的以下文档中描述了您遇到的问题以及解决方案:

http://www-01.ibm.com/support/docview.wss?uid=swg1PK95199

于 2012-12-01T10:20:46.590 回答