堆栈内存溢出
  简体   繁体   English

使用com.ibm.crypto.provider.RSAPrivateCrtKey进行WS安全性签名

[英]WS Security signing with com.ibm.crypto.provider.RSAPrivateCrtKey

 原文  2015-01-27 17:30:29       soap/ websphere/ rsa/ ws-security/ xml-dsig

问题描述

I am using CXF ws secuirty to create a client to send a WS Security SOAP envelope to a thuird party. 我正在使用CXF ws secuirty创建客户端,以将WS Security SOAP信封发送给第三方。 When I send the request from my local Tomcat server, I get a 200 response, however, when I deploy to websphere, I get a 500 response. 当我从本地Tomcat服务器发送请求时,得到200响应,但是,当我部署到Websphere时,得到500响应。 I have compared the envelopes and the logs from both Tomcat and Websphere. 我已经比较了Tomcat和Websphere的信封和日志。 Everything matches (the signing algorithm, the signature provider, the X509 cert). 一切都匹配(签名算法,签名提供者,X509证书)。 When I talked with the third party, they said the RSA Signature was invalid. 当我与第三方交谈时,他们说RSA签名无效。 The only difference I can find is the "Signing with key" log. 我可以找到的唯一区别是“使用密钥签名”日志。 On websphere the key appears to be provided by a different package. 在Websphere上,密钥似乎是由其他软件包提供的。 Is this the issue? 这是问题吗? If so, how do I fix it? 如果是这样,我该如何解决?

Websphere log: Websphere日志: 

org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: com.ibm.crypto.provider.RSAPrivateCrtKey
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA

Tomcat log (I removed some of the values): Tomcat日志(我删除了一些值): 

org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: RSA Private CRT Key
                modulus: --removed value--
        public exponent: --removed value--
       private exponent: --removed value--
                 primeP: --removed value--
                 primeQ: --removed value--
         primeExponentP: --removed value--
         primeExponentQ: --removed value--
         crtCoefficient: --removed value--
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA

1 个解决方案

解决方案1
 0  2015-02-03 19:38:20

I found it. 我找到了。 The default in Websphere is to have the WS-Security comply with the BSP (Basic Secuirty Provider). Websphere中的默认设置是使WS-Security符合BSP(基本安全提供程序)。 According to a blog post I read (still need to do some research) when this is enabled, additional information get's added to the KeyInfo of the request. 根据我读过的一篇博客文章(仍然需要做一些研究),启用此功能后,其他信息会添加到请求的KeyInfo中。 You can disable it in the client by adding this code to the outgoing port. 您可以在客户端中通过将此代码添加到传出端口来禁用它。 (replace "port" with whatever your port is called). (将“ port”替换为您的端口)。 

Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
ctx.put(WSHandlerConstants.IS_BSP_COMPLIANT, "false");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用客户端证书签名 XMLDsig、WS-Security 或 XADES 配置 WCF - Configure WCF with client certificate signing XMLDsig, WS-Security or XADES 无效的WS安全标头-使用IBM集成BUS / Message Broker的IRS ACA SOAP请求 - Invalid WS Security Header - IRS ACA SOAP Request using IBM integration BUS / Message Broker “错误404:com.ibm.ws.webcontainer.servlet.exception.NoTargetForURIException:没有为uri配置目标servlet:/ myService - "Error 404: com.ibm.ws.webcontainer.servlet.exception.NoTargetForURIException: No target servlet configured for uri: /myService WS安全性和UsernameToken节点 - WS Security and UsernameToken node 使用OpenAM的Web服务安全性(在Node.js作为客户端和Java Jax-ws作为提供者之间) - Web services security with OpenAM (between Node.js as client and Java Jax-ws as provider) 保安和运输安全 - ws-security and transport security WS-Security如何互通? - How interopable is WS-Security? PHP SOAP ws-security - PHP SOAP ws-security Ruby和WS-Security - Ruby and WS-Security 具有WS-Security的WCF客户端 - WCF Client with WS-Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM