5

我在 PHP 中构建了一个使用 UsernameToken 作为身份验证机制的 Web 服务。我有可以访问此 Web 服务的 PHP 客户端代码。现在我需要在 Java 中执行此操作。也许你可以帮助我!

可以使用以下 php 代码访问此服务:

$password="super_secure_pass";
$timestamp=gmdate('Y-m-d\TH:i:s\Z');
$nonce=mt_rand();
$passdigest=base64_encode(pack('H*',sha1(pack('H*',$nonce).pack('a*',$timestamp).pack('a*',$password))));
$nonce=base64_encode(pack('H*',$nonce))

这些值被解析到这个 Soap 头中。

<wsse:Security SOAP-ENV:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
    <wsse:Username>'.$username.'</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'.$passdigest.'</wsse:Password>
    <wsse:Nonce>'.$nonce.'</wsse:Nonce>
    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'.$timestamp.'</wsu:Created>
   </wsse:UsernameToken>
</wsse:Security>

使用此代码,我可以毫无问题地访问 Web 服务。现在我需要在 Java 中执行此操作。

我已经创建了必要的文件,实现了一个处理程序来添加一个带有 UsernameToken 的肥皂头。但是当我尝试访问 WS 时,我总是会收到“未授权”错误。我认为在创建 passdigest 或 nonce 条目时我遗漏了一些东西。

这是我计算它们的方法:

    Random generator = new Random();
    String nonceString = String.valueOf(generator.nextInt(999999999));
    String createTime=localToGmtTimestamp();//Returns a date with format (SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"))
    String pass="super_secure_pass";
    String tmp = AeSimpleSHA1.SHA1(nonce + createTime + pass);
    encodedPass = Base64.encodeBytes(tmp.getBytes());

创建soap标头时将使用这些值:

    SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
    SOAPHeader header = envelope.addHeader();
    SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
    SOAPElement username = usernameToken.addChildElement("Username", "wsse");
    username.addTextNode(user);

    SOAPElement password = usernameToken.addChildElement("Password", "wsse");
    password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
    password.addTextNode(encodedPass);

    SOAPElement nonce =
        usernameToken.addChildElement("Nonce", "wsse");
    nonce.addTextNode(Base64.encodeBytes(nonceString.getBytes()));

    SOAPElement created = usernameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

    created.addTextNode(creatTime);

这是生成的肥皂标题的样子:

    <S:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>myusername</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">ZDM4MjkwNzNlNTc3MjNmMTY4MjgyYWQ1ZjllN2JlZmJmNGY2NDE4MA==</wsse:Password>
            <wsse:Nonce>NTU5NzA2Mjkw</wsse:Nonce>
            <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-07-24T11:41:55Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
</S:Header>

有人看到我做错了吗?

4

1 回答 1

8

我找到了解决方案。我的问题是我忘记将十六进制编码添加到 NONCE 值和连接字符串中。这是我的解决方案,也许有些人需要这个。

创建通行证等的功能:

private String calculatePasswordDigest(String nonce, String created, String password) {
        String encoded = null;
        try {
            String pass = hexEncode(nonce) + created + password;
            MessageDigest md = MessageDigest.getInstance( "SHA1" );
            md.update( pass.getBytes() );
            byte[] encodedPassword = md.digest();
            encoded = Base64.encodeBytes(encodedPassword);
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(HeaderHandler.class.getName()).log(Level.SEVERE, null, ex);
        }

        return encoded;
    }

    private String hexEncode(String in) {
        StringBuilder sb = new StringBuilder("");
        for (int i = 0; i < (in.length() - 2) + 1; i = i + 2) {
            int c = Integer.parseInt(in.substring(i, i + 2), 16);
            char chr = (char) c;
            sb.append(chr);
        }
        return sb.toString();
    }

构建soap消息的代码:

String timestamp = HeaderHandler.localToGmtTimestamp();
String pass = "password";
String user = "username";
String nonceString = getNonce();


String dig=calculatePasswordDigest(nonceString, timestamp, pass);


SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.addHeader();

SOAPElement security =
header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");


SOAPElement usernameToken =
security.addChildElement("UsernameToken", "wsse");


SOAPElement username =
usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);

SOAPElement password =
usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
password.addTextNode(dig);

SOAPElement nonce =
usernameToken.addChildElement("Nonce", "wsse");
nonce.addTextNode(Base64.encodeBytes(hexEncode(nonceString).getBytes()));

SOAPElement created = usernameToken.addChildElement("Created", "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
created.addTextNode(timestamp);
于 2011-07-25T14:04:29.427 回答