[英]WS Security signing with com.ibm.crypto.provider.RSAPrivateCrtKey
I am using CXF ws secuirty to create a client to send a WS Security SOAP envelope to a thuird party. 我正在使用CXF ws secuirty创建客户端,以将WS Security SOAP信封发送给第三方。 When I send the request from my local Tomcat server, I get a 200 response, however, when I deploy to websphere, I get a 500 response.
当我从本地Tomcat服务器发送请求时,得到200响应,但是,当我部署到Websphere时,得到500响应。 I have compared the envelopes and the logs from both Tomcat and Websphere.
我已经比较了Tomcat和Websphere的信封和日志。 Everything matches (the signing algorithm, the signature provider, the X509 cert).
一切都匹配(签名算法,签名提供者,X509证书)。 When I talked with the third party, they said the RSA Signature was invalid.
当我与第三方交谈时,他们说RSA签名无效。 The only difference I can find is the "Signing with key" log.
我可以找到的唯一区别是“使用密钥签名”日志。 On websphere the key appears to be provided by a different package.
在Websphere上,密钥似乎是由其他软件包提供的。 Is this the issue?
这是问题吗? If so, how do I fix it?
如果是这样,我该如何解决?
Websphere log: Websphere日志:
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: com.ibm.crypto.provider.RSAPrivateCrtKey
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA
Tomcat log (I removed some of the values): Tomcat日志(我删除了一些值):
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: RSA Private CRT Key
modulus: --removed value--
public exponent: --removed value--
private exponent: --removed value--
primeP: --removed value--
primeQ: --removed value--
primeExponentP: --removed value--
primeExponentQ: --removed value--
crtCoefficient: --removed value--
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA
I found it. 我找到了。 The default in Websphere is to have the WS-Security comply with the BSP (Basic Secuirty Provider).
Websphere中的默认设置是使WS-Security符合BSP(基本安全提供程序)。 According to a blog post I read (still need to do some research) when this is enabled, additional information get's added to the KeyInfo of the request.
根据我读过的一篇博客文章(仍然需要做一些研究),启用此功能后,其他信息会添加到请求的KeyInfo中。 You can disable it in the client by adding this code to the outgoing port.
您可以在客户端中通过将此代码添加到传出端口来禁用它。 (replace "port" with whatever your port is called).
(将“ port”替换为您的端口)。
Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
ctx.put(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.