public static SOAPMessage signSoapMessage(SOAPMessage message,String keystorePassword,String irsPrivateKeyPassword,Class<?> clazz) throws WSSecurityException { //Todo remove below hard coded final String _irsPrivateKeyPassword = "yourprivatekeypasswordyougotfromCA"; final String _keystorePassword = "yourpasswordtoyourJKS"; keystorePassword = _keystorePassword; irsPrivateKeyPassword = _irsPrivateKeyPassword; PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(keystorePassword,irsPrivateKeyPassword); PrivateKey signingKey = privateKeyEntry.getPrivateKey(); X509Certificate signingCert = (X509Certificate) privateKeyEntry .getCertificate(); //Todo add alias to database final String alias = "thealiasforthiscertandprivatekey"; final int signatureValIDityTime = 3600; // 1hour in seconds WSSConfig config = WSSConfig.getNewInstance(); //config.setWsiBSPCompliant(true); WsuIDAllocator IDAllocator = new WsuIDAllocator() { @OverrIDe public String createSecureID(String prefix,Object o) { //e.g. <ds:KeyInfo ID="KI-9F6A3A6B473244859D59710683FABFE1"> if(prefix.equals("KI-")) return "KI-" + UUID.randomUUID().toString().replace("-","").toupperCase(); //e.g. <wsse:SecurityTokenReference wsu:ID="STR-E6C0BA1EC73A4AB3BECFEBF6075EF175"> else if (prefix.equals("STR-")) return "STR-" + UUID.randomUUID().toString().replace("-","").toupperCase(); //Todo why is there a condition where prefix.equals("X509") and o.toString() is the public cert? else return null; } //e.g. <ds:Signature ID="SIG-9850525DA06CE28ED91448475206411147" @OverrIDe public String createID(String prefix,Object o) { return "SIG-" + UUID.randomUUID().toString().replace("-","").toupperCase(); } }; config.setIDAllocator(IDAllocator ); //WSSecSignature wsSecSignature = new WSSecSignature(config); WSSecSignature wsSecSignature = new WSSecSignature(); wsSecSignature.setX509Certificate(signingCert); wsSecSignature.setUserInfo(alias,new String(keystorePassword.tochararray())); wsSecSignature.setUseSingleCertificate(true); wsSecSignature.setKeyIDentifIErType(WSConstants.X509_KEY_IDENTIFIER); //wsSecSignature.setKeyIDentifIErType(WSConstants.SKI_KEY_IDENTIFIER); wsSecSignature.setDigestAlgo(WSConstants.SHA1); wsSecSignature.setSignatureAlgorithm(WSConstants.RSA_SHA1); wsSecSignature.setSigCanonicalization(WSConstants.C14N_EXCL_WITH_COMMENTS); try { document document = todocument(message); WSSecheader secheader = new WSSecheader(document); //secheader.setMustUnderstand(true); secheader.insertSecurityheader(); WSSecTimestamp timestamp = new WSSecTimestamp(); timestamp.setTimetolive(signatureValIDityTime); document = timestamp.build(document,secheader); List<WSEncryptionPart> wsEncryptionParts = new ArrayList<WSEncryptionPart>(); //Very important,ordering of the parts is critical: refer to page 34 of the guIDe //for ACAGetTransmitterBulkRequestService,it is Timestamp,ACATransmitterManifestReqDtl,ACABusinessheader if(clazz.equals(ACATransmitterManifestReqDtl.class)){ WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp",WSConstants.WSU_NS,""); //This is very important,Timestamp needs to be fist wsEncryptionParts.add(timestampPart); WSEncryptionPart aCATransmitterManifestReqDtlPart = new WSEncryptionPart( "ACATransmitterManifestReqDtl","urn:us:gov:treasury:irs:ext:aca:air:7.0",""); wsEncryptionParts.add(aCATransmitterManifestReqDtlPart); WSEncryptionPart aCABusinessheaderPart = new WSEncryptionPart( "ACABusinessheader","urn:us:gov:treasury:irs:msg:acabusinessheader",""); wsEncryptionParts.add(aCABusinessheaderPart); } //for ACAGetTransmitterBulkRequestStatus,ACABusinessheader,ACABulkRequestTransmitterStatusDetailRequest else if(clazz.equals(ACABulkRequestTransmitterStatusDetailRequest.class)){ WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp",Timestamp needs to be fist wsEncryptionParts.add(timestampPart); WSEncryptionPart aCABusinessheaderPart = new WSEncryptionPart( "ACABusinessheader",""); wsEncryptionParts.add(aCABusinessheaderPart); WSEncryptionPart aCABulkRequestTransmitterStatusDetailRequestPart = new WSEncryptionPart( "ACABulkRequestTransmitterStatusDetailRequest","urn:us:gov:treasury:irs:msg:irstransmitterstatusrequest",""); wsEncryptionParts.add(aCABulkRequestTransmitterStatusDetailRequestPart); } wsSecSignature.getParts().addAll(wsEncryptionParts); PropertIEs propertIEs = new PropertIEs(); propertIEs.setProperty("org.apache.ws.security.crypto.provIDer","org.apache.ws.security.components.crypto.merlin"); Crypto crypto = CryptoFactory.getInstance(propertIEs); KeyStore keystore = KeyStore.getInstance("JKS"); java.io.fileinputStream fis = null; try { fis = new java.io.fileinputStream(System.getProperty("java.home") + "//lib//security//meckeystore.jks"); if(fis != null) { keystore.load(fis,keystorePassword.tochararray()); } else { //Todo: replace with custom MEC exception throw new Exception("Unable to read keystore file."); } } finally { if (fis != null) { fis.close(); } } keystore.setKeyEntry(alias,signingKey,keystorePassword.tochararray(),new Certificate[]{signingCert}); ((merlin) crypto).setKeyStore(keystore); crypto.loadCertificate(new ByteArrayinputStream(signingCert.getEncoded())); document = wsSecSignature.build(document,crypto,secheader); updateSOAPMessage(document,message); } catch (Exception e) { // throw new // WSSecurityException(WSSecurityException.Reason.SIGNING_ISSUE,e); e.printstacktrace(); } return message;}/** * Changes the SOAPMessage to a dom.document. */private static document todocument(SOAPMessage soapMsg) throws transformerException,SOAPException,IOException { Source src = soapMsg.getSOAPPart().getContent(); transformerFactory tf = transformerFactory.newInstance(); transformer transformer = tf.newtransformer(); Domresult result = new Domresult(); transformer.transform(src,result); return (document) result.getNode();}//https://svn.apache.org/repos/asf/webservices/wss4j/branches/WSS4J_1_1_0_FINAL/test/wssec/SOAPUtil.javaprivate static SOAPMessage updateSOAPMessage(document doc,SOAPMessage message) throws Exception { DOMSource domSource = new DOMSource(doc); message.getSOAPPart().setContent(domSource); return message;} 这是示例SOAP请求
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn1="urn:us:gov:treasury:irs:common"> <SOAP-ENV:header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <ds:Signature ID="SIG-d62ad452-5219-4baf-9708-3ae1d2cf7e92" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#TS-6450a75d-45e4-463b-a1e8-2d3ae3b4c57c"> <ds:transforms> <ds:transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <Inclusivenamespaces PrefixList="wsse SOAP-ENV soap urn urn1" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:transform> </ds:transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>ojqiqHiXxPWIaEumCOO3bKJZ73A=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ID-0EB7188D138D494EA44AC09FE03F6BEE"> <ds:transforms> <ds:transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <Inclusivenamespaces PrefixList="SOAP-ENV soap urn urn1" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:transform> </ds:transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>cm3KGHFWHyJcBU9MEQzw6Ru04z0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ID-1183235E8ED44DE99B069411CD4837DC"> <ds:transforms> <ds:transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <Inclusivenamespaces PrefixList="SOAP-ENV soap urn urn1" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:transform> </ds:transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>6nM3ONVPyHtiupcznWiixpNG82k=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>removed==</ds:SignatureValue> <ds:KeyInfo ID="KI-e6a6c681-ccf7-49ab-a37f-dac69c52d32a"> <wsse:SecurityTokenReference wsu:ID="STR-c1b4d47e-fda6-49b0-a58a-7df24ab43e13"> <wsse:KeyIDentifIEr EnCodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">removed</wsse:KeyIDentifIEr> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:ID="TS-6450a75d-45e4-463b-a1e8-2d3ae3b4c57c"> <wsu:Created>2016-01-27T23:59:36.352Z</wsu:Created> <wsu:Expires>2016-01-28T00:59:36.352Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> <ACATransmitterManifestReqDtl ns3:ID="ID-0EB7188D138D494EA44AC09FE03F6BEE" xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:ns2="urn:us:gov:treasury:irs:common" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <PaymentYr>2015</PaymentYr> <PriorYearDataInd>0</PriorYearDataInd> <ns2:EIN></ns2:EIN> <TransmissionTypeCd>O</TransmissionTypeCd> <TestfileCd>T</TestfileCd> <TransmitternameGrp> <Businessnameline1Txt></Businessnameline1Txt> <Businessnameline2Txt>Health Systems</Businessnameline2Txt> </TransmitternameGrp> <CompanyinformationGrp> <CompanyNm></CompanyNm> <MailingAddressGrp> <USAddressGrp> <Addressline1Txt></Addressline1Txt> <ns2:CityNm>Rockville</ns2:CityNm> <UsstateCd>MD</UsstateCd> <ns2:USZIPCd></ns2:USZIPCd> </USAddressGrp> </MailingAddressGrp> <ContactnameGrp> <PersonFirstNm></PersonFirstNm> <PersonMIDdleNm>X</PersonMIDdleNm> <PersonLastNm></PersonLastNm> </ContactnameGrp> <ContactPhoneNum></ContactPhoneNum> </CompanyinformationGrp> <vendorinformationGrp> <vendorCd>I</vendorCd> <ContactnameGrp> <PersonFirstNm></PersonFirstNm> <PersonMIDdleNm></PersonMIDdleNm> <PersonLastNm></PersonLastNm> </ContactnameGrp> <ContactPhoneNum></ContactPhoneNum> </vendorinformationGrp> <TotalPayeeRecordCnt>1000</TotalPayeeRecordCnt> <TotalPayerRecordCnt>1</TotalPayerRecordCnt> <SoftwareID></SoftwareID> <FormTypeCd>1094/1095B</FormTypeCd> <ns2:BinaryFormatCd>application/xml</ns2:BinaryFormatCd> <ns2:ChecksumAugmentationNum>5bae956d7c6a01c95ce570dd11debe78</ns2:ChecksumAugmentationNum> <ns2:AttachmentByteSiZenum>5938</ns2:AttachmentByteSiZenum> <documentSystemfileNm>1094B_Request_BBBBB_20151019T121002000Z.xml</documentSystemfileNm> </ACATransmitterManifestReqDtl> <urn2:ACABusinessheader wsu:ID="ID-1183235E8ED44DE99B069411CD4837DC" xmlns:urn2="urn:us:gov:treasury:irs:msg:acabusinessheader" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <urn:UniqueTransmissionID>d81ead9b-1223-4d28-8d46-f7af58710268:SYS12:BBBBB::T</urn:UniqueTransmissionID> <urn1:Timestamp>2016-01-27T23:59:36Z</urn1:Timestamp> </urn2:ACABusinessheader> <Action xmlns="http://www.w3.org/2005/08/addressing">RequestSubmissionStatusDetail</Action>
真正对我们来说关键是来自irs文档,因为我们使用的是Apache CXF v2.1.4:
适用于7位内容类型编码和内容类型的Big Hack
5.4.2(来自irs文件)
消息附件内容类型ISS-A2AAIR Web服务要求发送方使用SOAP-over-http消息传递与MTOM发送XML数据文件.
在MTOM附件中编码的文件必须是未压缩的本机XML.用于标识的MTOM编码二进制对象的内容类型
Manifest标头必须是“application / xml”.表单数据文件的内容传输编码必须是7位.
在apache-cxf-3.1.4-src / core / src / main / java / org / apache / cxf / attachment / AttachmentSerializer.java中
194 private static voID writeheaders(String ContentType,String attachmentID,195 Map<String,List<String>> headers,Writer writer) throws IOException {196 // writer.write("\r\nContent-Type: ");197 // writer.write(ContentType);198 writer.write("\r\nContent-Type: application/xml");199 // writer.write("\r\nContent-transfer-encoding: binary\r\n");200 writer.write("\r\nContent-transfer-encoding: 7bit\r\n"); 总结 以上是内存溢出为你收集整理的Web服务 – IRS Soap Fault – 无效的WS安全标头全部内容,希望文章能够帮你解决Web服务 – IRS Soap Fault – 无效的WS安全标头所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)