복붙노트

[SPRING] SOAP 보안 헤더에서 X509Certificate 가져 오기

SPRING

SOAP 보안 헤더에서 X509Certificate 가져 오기

안녕, 안녕!

cxf 웹 서비스 (스프링 응용 프로그램)에 대한 간단한 스텁 클라이언트가 있습니다. 그것은 action = "Signature"를 가진 WSS4JOutInterceptor를 사용합니다. 그래서 soap 요청 메시지는 (header)입니다 :

Content-Type: text/xml; charset=UTF-8
Accept: */*
SOAPAction: ""
User-Agent: Apache CXF 2.4.3
Cache-Control: no-cache
Pragma: no-cache
Host: 127.0.0.1:8888
Connection: keep-alive
Content-Length: 1890

  < soap:Header >
    < wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-2">
        <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
              <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap" />
           </ds:CanonicalizationMethod>
           <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
           <ds:Reference URI="#id-1">
              <ds:Transforms>
                 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
                 </ds:Transform>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
              <ds:DigestValue>RJhc1ZVjXdUQEIwLTH356p7H0QY=</ds:DigestValue>
           </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>F0q0NV7kaSbAcsLHxVpYD1bQ1RAJcw6wPapDKAM9PIcs7EuS9S5PlE4cQMfAp1WgsKa91r3op1OQ5UrYmmdj/UneYawdPIYSaoFBGjndTXZnOCKp4YfRTQGZ2EVJRFHJbPsTsqHedPAyJLHhciViguTGeuA0hZAQN97KB/9ZLmY=</ds:SignatureValue>
        <ds:KeyInfo Id="KI-92A4EB90A2868689DC13289669720792">
           <wsse:SecurityTokenReference wsu:Id="STR-92A4EB90A2868689DC13289669720823">
              <ds:X509Data>
                 <ds:X509IssuerSerial>
                    <ds:X509IssuerName>CN=1,OU=1,O=1,L=1,ST=1,C=RU</ds:X509IssuerName>
                    <ds:X509SerialNumber>1328891280</ds:X509SerialNumber>
                 </ds:X509IssuerSerial>
              </ds:X509Data>
           </wsse:SecurityTokenReference>
        </ds:KeyInfo>
     </ds:Signature>
  </wsse:Security>
< /soap:Header>

어떻게 든이 데이터에서 인증서를 만들 수 있습니까? 검증 날짜 또는 공개 키에 대한 데이터는 없습니다. Reference / SecurityTokenReference 태그를 통하지 않고 헤더에 인증서를 삽입하는 방법이있을 수 있습니까 ???

진행:

를 사용하기 위해 인증서를 요청에 포함시키기 위해 읽었습니다. 요청이 다음과 같이 변경되었습니다.

< soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
< soap:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
     <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-A3BCFAE87E12A8813813289737654441">MIICCTCCAXKgAwIBAgIETzVFkDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJSVTEKMAgGA1UECBMBMTEKMAgGA1UEBxMBMTEKMAgGA1UEChMBMTEKMAgGA1UECxMBMTEKMAgGA1UEAxMBMTAeFw0xMjAyMTAxNjI4MDBaFw0xMjA1MTAxNjI4MDBaMEkxCzAJBgNVBAYTAlJVMQowCAYDVQQIEwExMQowCAYDVQQHEwExMQowCAYDVQQKEwExMQowCAYDVQQLEwExMQowCAYDVQQDEwExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdwxyRNYlWADnTtzH9/s/ehhD2iFzvF2xI+tBNyhbBb98EQNiIFdEegwGPhtd3Cfe1lQqtddWdFX2uLqozMAgd1KzSEuH9lI5DPiir3RfVdy+Irs5ZYiD/H4/DcUMUNyVcWspf9oG25wNdwNHKY8Aqz2269uYMCCoIBuWt6POwFQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGLgTXbn7h2rBjv++6OopDooRifc4e2k+9sSTpLNegs9OvQzR8DpmQ/6Vt0RFprIdXSv+IVMcmL8Q2dmI9v0R61NIhdEjzSVbO2+PF9h1ShUARzMawRC/EOdjwVjDsk1WMxF18+wvH9SQxBSK3H2WpJbDWBxZCOW5CK1N6AKKJiC</wsse:BinarySecurityToken>
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-2">
        <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
              <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap" />
           </ds:CanonicalizationMethod>
           <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
           <ds:Reference URI="#id-1">
              <ds:Transforms>
                 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
                 </ds:Transform>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
              <ds:DigestValue>RJhc1ZVjXdUQEIwLTH356p7H0QY=</ds:DigestValue>
           </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>F0q0NV7kaSbAcsLHxVpYD1bQ1RAJcw6wPapDKAM9PIcs7EuS9S5PlE4cQMfAp1WgsKa91r3op1OQ5UrYmmdj/UneYawdPIYSaoFBGjndTXZnOCKp4YfRTQGZ2EVJRFHJbPsTsqHedPAyJLHhciViguTGeuA0hZAQN97KB/9ZLmY=</ds:SignatureValue>
        <ds:KeyInfo Id="KI-A3BCFAE87E12A8813813289737654452">
           <wsse:SecurityTokenReference wsu:Id="STR-A3BCFAE87E12A8813813289737654483">
              <wsse:Reference URI="#X509-A3BCFAE87E12A8813813289737654441" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
           </wsse:SecurityTokenReference>
        </ds:KeyInfo>
     </ds:Signature>
  </wsse:Security>

아마 그 유형의 요청으로부터 인증서를 얻는 것이 더 간단 할 것입니다. 그러나 그것을하는 방법?

해결법

  1. ==============================

    1.해결책은 BinarySecurityToken 헤더의 요소를 사용하는 것입니다.

    해결책은 BinarySecurityToken 헤더의 요소를 사용하는 것입니다.

    SoapMessage soapMessage = (SoapMessage) message;
SOAPMessage doc = getSOAPMessage(soapMessage);

Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), "");
// get a BinarySignature tag
Node binarySignatureTag = elem.getFirstChild();
BinarySecurity token = new X509Security((Element) binarySignatureTag);

// a X509Certificate construction
InputStream in = new ByteArrayInputStream(token.getToken());
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);

    보시다시피 org.apache.ws.security 패키지를 사용해야합니다.

    2. from https://stackoverflow.com/questions/9241259/getting-a-x509certificate-from-a-soap-security-header by cc-by-sa and MIT license

'SPRING' 카테고리의 다른 글

[SPRING] 사용자 이름과 원격 IP 주소에 따라 다른 AuthenticationProvider 사용  (0) 2019.05.20
[SPRING] 스프링 부트 2, 스프링 시큐리티 5 및 @WithMockUser  (0) 2019.05.20
[SPRING] Spring 부팅을 사용하여 현재 활성 프로필을 프로그래밍 방식으로 확인하는 방법 [duplicate]  (0) 2019.05.20
[SPRING] AspectJ : 사용자 정의 * .aj 파일이 무시됩니다.  (0) 2019.05.20
[SPRING] web.xml없이 웹 애플리케이션에 Struts2를 추가하는 방법은 무엇입니까?  (0) 2019.05.20
,

티스토리툴바