JAX-WS，Websphere AS 8.5和XML數字標識

Question

我正在開發一個JAX-WS Web服務，該服務必須根據XML數字簽名規范來驗證傳入的SOAP消息。 我注意到一個奇怪的行為，我可以驗證第一個傳入的消息，但是隨后對后續消息的驗證失敗（在簽名和引用上）。 如果我重新啟動Application Server（Websphere 8.5），則可以驗證第一條消息。 似乎Application Server在我可以解析傳入的SOAP消息之前對其進行了修改。 修改后的SOAP消息在邏輯上是等效的XML文檔，但是它們的物理表示形式不同，規范化不能解決問題。

下面的代碼從SOAPMessageContext檢索SOAPMessage並打印信封。

@Override
public boolean handleMessage(SOAPMessageContext messageContext) {

    // get the message from the context 
    SOAPMessage message = messageContext.getMessage(); 

    // is an outgoing message?
    Boolean isOutgoing = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

    if(!isOutgoing){
        // incoming message...

        // Retrieve the SOAP part of the incoming message
        SOAPPart soapPart = message.getSOAPPart();

        try {
            System.out.println(soapPart.getEnvelope().toString());
        } catch (SOAPException e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }

        //...omissis...
     }
}

以下是第一條消息的輸出：

<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
    <CommandMessage xmlns="http://www.cryptomathic.com/ckms">
        <Commands Count="1">
            <PushServerPublicKeyCommand>
                <SerialNumber>10</SerialNumber>
                <Target>COPS</Target>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyValue>
                        <RSAKeyValue>
                            <Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</Modulus>
                            <Exponent>AQAB</Exponent>
                        </RSAKeyValue>
                    </KeyValue>
                </KeyInfo>
            </PushServerPublicKeyCommand>
        </Commands>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <Reference URI="">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>XKl5mK5WVr1RU95Zui14kVz4Bpo=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>NFakMv6OTJIDJowl2SabGmxSii55OuxLUoJcEIURVZKf4aqoeC03aKSY42agOnUep/Ov7ijF5rLOfrxdDsqT5TCYGaSNEaviR4LnCxFjZ5DJKHCNFuCvRQGTEKgzQFqxh9T7RpvyzuN0dh3WJvhCLMYGGZTmFqSpCpcpEU0pCcKO0U+VlwVGVK8eFrKxKYj+uo/y2p1KLpOl+BfdM/caUZ93CIS7AHgwABhQg0uW5Bg/3nuYnmtpHpoGgco0Ds+LTlUFmvInaCn8TK4tVe3TZB8s4bMnBLY1ztut4xdLL4OPRUyryV+r67H2oFnsfGrQ/GMstdcnYaM8GHm9EycjCg==</SignatureValue>
            <KeyInfo>
                <KeyValue>
                    <RSAKeyValue>
                        <Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</Modulus>
                        <Exponent>AQAB</Exponent>
                    </RSAKeyValue>
                </KeyValue>
            </KeyInfo>
        </Signature>
    </CommandMessage>
</soap:Body>

這是后續消息的輸出：

<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
    <CommandMessage xmlns="http://www.cryptomathic.com/ckms" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
        <Commands Count="1">
            <PushServerPublicKeyCommand>
                <SerialNumber>10</SerialNumber>
                <Target>COPS</Target>
                <ns2:KeyInfo>
                    <ns2:KeyValue>
                        <ns2:RSAKeyValue>
                            <ns2:Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</ns2:Modulus>
                            <ns2:Exponent>AQAB</ns2:Exponent>
                        </ns2:RSAKeyValue>
                    </ns2:KeyValue>
                </ns2:KeyInfo>
            </PushServerPublicKeyCommand>
        </Commands>
        <ns2:Signature>
            <ns2:SignedInfo>
                <ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ns2:Reference URI="">
                    <ns2:Transforms>
                        <ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ns2:Transforms>
                    <ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ns2:DigestValue>XKl5mK5WVr1RU95Zui14kVz4Bpo=</ns2:DigestValue>
                </ns2:Reference>
            </ns2:SignedInfo>
            <ns2:SignatureValue>NFakMv6OTJIDJowl2SabGmxSii55OuxLUoJcEIURVZKf4aqoeC03aKSY42agOnUep/Ov7ijF5rLOfrxdDsqT5TCYGaSNEaviR4LnCxFjZ5DJKHCNFuCvRQGTEKgzQFqxh9T7RpvyzuN0dh3WJvhCLMYGGZTmFqSpCpcpEU0pCcKO0U+VlwVGVK8eFrKxKYj+uo/y2p1KLpOl+BfdM/caUZ93CIS7AHgwABhQg0uW5Bg/3nuYnmtpHpoGgco0Ds+LTlUFmvInaCn8TK4tVe3TZB8s4bMnBLY1ztut4xdLL4OPRUyryV+r67H2oFnsfGrQ/GMstdcnYaM8GHm9EycjCg==</ns2:SignatureValue>
            <ns2:KeyInfo>
                <ns2:KeyValue>
                    <ns2:RSAKeyValue>
                        <ns2:Modulus>nnVA6qE9XnEtZPDLrtmWYfyh7nSC6R0543mwWoPFR+JtnRb6kQUXzf8fYaqyUFb3WD+57d1a9OxCzXLW4ilhe+QjrSy7zfqEQWTxkf+ajUuH3q3V/EpWqJvz4zwcxdTOkseap7skMh+zTacmViKAOm2oZAca3HQ2RwSiaYpiOTLAijnvPXieGGxBau8tlfyXZ8c+3TSRBevuiVT9Q5xBph+iT+Kk0Ay1762M3NoPJYAF3zUoaRZ95HqzmE0uuX/fJ4OAju87uvSD7V5uRW5L1LQ6vESIExZ3XmmCc6zOPSIiwBc3z+E6OZiIxoHw068qyNCdNk184X0rtw2ccl3nyQ==</ns2:Modulus>
                        <ns2:Exponent>AQAB</ns2:Exponent>
                    </ns2:RSAKeyValue>
                </ns2:KeyValue>
            </ns2:KeyInfo>
        </ns2:Signature>
    </CommandMessage>
</soap:Body>

我總是使用SoapUI發送相同的消息，但是如您所見，消息在邏輯上是等效的，但在物理上是不同的。 我如何避免這種行為？

此致喬凡尼

Answer 1

IBM的以下文檔中描述了您遇到的問題以及解決方案：

http://www-01.ibm.com/support/docview.wss?uid=swg1PK95199

JAX-WS，Websphere AS 8.5和XML數字標識

問題描述

1 個解決方案

解決方案1
1 已采納 2012-12-01 10:20:46

JAX-WS，Websphere AS 8.5和XML數字標識

問題描述

1 個解決方案

解決方案1 1 已采納 2012-12-01 10:20:46

解決方案1
1 已采納 2012-12-01 10:20:46