1

在 WS-Security 标头中,我想像这样添加 InclusiveNamespaces 但我不知道如何:

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
     <InclusiveNamespaces PrefixList="wsse oas soapenv urn urn1 urn2 urn3 urn4" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>

这是我创建安全标头的代码,如何使用 WSS4J 添加 InclusiveNamespaces,如上面的 XML 片段所示?

public static SOAPMessage signSoapMessage(SOAPMessage message,
        String keystorePassword, String irsPrivateKeyPassword,
        char[] passphrase) throws WSSecurityException {

    PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(keystorePassword,
            irsPrivateKeyPassword);

    PrivateKey signingKey = privateKeyEntry.getPrivateKey();
    X509Certificate signingCert = (X509Certificate) privateKeyEntry
            .getCertificate();

    final String alias = "signingKey";
    final int signatureValidityTime = 3600; // 1hour in seconds

    WSSConfig config = new WSSConfig();
    config.setWsiBSPCompliant(false);

    WSSecSignature builder = new WSSecSignature(config);

    builder.setX509Certificate(signingCert);
    builder.setUserInfo(alias, new String(passphrase));
    builder.setUseSingleCertificate(true);
    builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);      
    builder.setDigestAlgo(WSConstants.SHA1);
    builder.setSignatureAlgorithm(WSConstants.RSA_SHA1);
    builder.setSigCanonicalization(WSConstants.C14N_EXCL_WITH_COMMENTS);

    try {
        Document document = toDocument(message);
        WSSecHeader secHeader = new WSSecHeader();
        //secHeader.setMustUnderstand(true);
        secHeader.insertSecurityHeader(document);

        WSSecTimestamp timestamp = new WSSecTimestamp();
        timestamp.setTimeToLive(signatureValidityTime);
        document = timestamp.build(document, secHeader);

        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
        WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp",
                WSConstants.WSU_NS, "");

        WSEncryptionPart aCATransmitterManifestReqDtlPart = new WSEncryptionPart(
                "ACATransmitterManifestReqDtl",
                "urn:us:gov:treasury:irs:ext:aca:air:7.0", "");
        WSEncryptionPart aCABusinessHeaderPart = new WSEncryptionPart(
                "ACABusinessHeader",
                "urn:us:gov:treasury:irs:msg:acabusinessheader", "");
        parts.add(timestampPart);
        parts.add(aCATransmitterManifestReqDtlPart);
        parts.add(aCABusinessHeaderPart);
        builder.setParts(parts);

        Properties properties = new Properties();
        properties.setProperty("org.apache.ws.security.crypto.provider",
                "org.apache.ws.security.components.crypto.Merlin");
        Crypto crypto = CryptoFactory.getInstance(properties);
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(null, passphrase);
        keystore.setKeyEntry(alias, signingKey, passphrase,
                new Certificate[] { signingCert });
        ((Merlin) crypto).setKeyStore(keystore);
        crypto.loadCertificate(new ByteArrayInputStream(signingCert
                .getEncoded()));

        document = builder.build(document, crypto, secHeader);

        updateSOAPMessage(document, message);


    } catch (Exception e) {
        // throw new
        // WSSecurityException(WSSecurityException.Reason.SIGNING_ISSUE, e);
        e.printStackTrace();
    }

    return message;
}

private static Document toDocument(SOAPMessage soapMsg)
        throws TransformerConfigurationException, TransformerException,
        SOAPException, IOException {
    Source src = soapMsg.getSOAPPart().getContent();
    TransformerFactory tf = TransformerFactory.newInstance();
    Transformer transformer = tf.newTransformer();
    DOMResult result = new DOMResult();
    transformer.transform(src, result);
    return (Document) result.getNode();
}

//https://svn.apache.org/repos/asf/webservices/wss4j/branches/WSS4J_1_1_0_FINAL/test/wssec/SOAPUtil.java
private static SOAPMessage updateSOAPMessage(Document doc,
                                            SOAPMessage message)
        throws Exception {
    DOMSource domSource = new DOMSource(doc);
    message.getSOAPPart().setContent(domSource);
    return message;
}

EDIT WITH ANSWER 以上代码适用于 WSS4J 的 v1.6.x,因此上述代码的解决方案是

WSSConfig config = new WSSConfig();
config.setWsiBSPCompliant(true);
4

0 回答 0