All geek questions in one place

Digital Signature and Fingerprint CXF WSS4JOutInterceptor

I use CXF to use the web service

It includes signing a <SignedInfo>node with my private key, as well as <soap:Body>node encryption .

I use WSS4JOutInterceptor to sign a soap message.

I cannot figure out how to tell WSS4J to sign the <SignedInfo>node header .

I also want to put my own Thumbprint in the header. Which, I think, is used by the service provider to identify the public key that they need to use.

Below is my Soap header generated right now with the Java code I used in the comments

<soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                   soap:mustUnderstand="1">
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<!-- 
  Have to transform body and message control block
  Did it using
    
  outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}  {http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{https://checkout.buckaroo.nl/PaymentEngine/}MessageControlBlock");
    
  I am not sure wether us should be SIGNATUE_ or ENCRYPT_ PARTS
-->
              <ds:Reference URI="#id-1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>Ougg/udU=</ds:DigestValue>
                </ds:Reference>
                <ds:Reference URI="#id-2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>9cObhmiilqw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
<!--
    Also have to generate a signature value which should be of the SignedInfo node
    outProps.put(WSHandlerConstants.ACTION, "Signature");
	outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");
	  outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,ClientCallbackHandler.class.getName());
-->
            <ds:SignatureValue>
                no6CvOuwhLNGVOP1ByuICAVnSFTNq77QQttl4GIgHzatxr/ldna6yf36kufuzsHNx2n0Fp1k/05WZF9UPnzw=
            </ds:SignatureValue>
            <ds:KeyInfo Id="KI-AB3C213816422">
                <wsse:SecurityTokenReference wsu:Id="STR-AB3C213816422">
<!--
        Have to include my custom Thumbprint value here in wsse:KeyIdentifier node
       outProps.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint"); 
-->
                  <wsse:KeyIdentifier
                            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">
                        z9576mEB7M7uRGq1vXGxwX4w4A0=
                    </wsse:KeyIdentifier>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
    </wsse:Security>
<!--
This block I have added manually using
List<Header> headersList = new ArrayList<Header>();

	MessageControlBlock messageControlBlock = new MessageControlBlock();
	messageControlBlock.setWebsiteKey("I6t2");
	messageControlBlock.setCulture("123L");
	
	ObjectFactory factory = new ObjectFactory();
			
	JAXBElement<MessageControlBlock> messCtlBlock = factory.createMessageControlBlock(messageControlBlock);
			
	JAXBContext context = JAXBContext.newInstance(https.checkout_buckaroo_nl.paymentengine.MessageControlBlock.class);
			
	Header messageControlBlockElement = new Header(
					new QName("https://checkout.buckaroo.nl/PaymentEngine/", "MessageControlBlock"), 
					messageControlBlock,
					new JAXBDataBinding(context));
			
	headersList.add(messageControlBlockElement);
			
	provider.getRequestContext().put(Header.HEADER_LIST, headersList); -->
    <MessageControlBlock xmlns="https://checkout.buckaroo.nl/PaymentEngine/"
                         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                         wsu:Id="id-2">
        <WebsiteKey>I6tNcjYiMt</WebsiteKey>
        <Culture>nl-NL</Culture>
    </MessageControlBlock>
</soap:Header>
Run codeHide result

** , . Signature Interceptor.

**

public class HeaderInterceptor extends AbstractSoapInterceptor {

    public HeaderInterceptor() {
        super(Phase.PRE_PROTOCOL_ENDING);
        getAfter().add(org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor.SAAJOutEndingInterceptor.class.getName());
    }

    public void handleMessage(SoapMessage message) throws Fault {
        System.out.println("HeaderInterceptor");

        List<Header> headers = message.getHeaders();

        System.out.println("Version is " + message.getVersion());

        Map<String, List<String>> headersw = CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));

        System.out.println("Headers w is " + headersw);

        message.getInterceptorChain().forEach(chain -> {

            System.out.println(chain.getClass());

        });

        Header security = message.getHeader(
                    new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security")
                );

        System.out.println("Security header is " + security);

        headers.stream().forEach(head ->{

            System.out.println(head.getName().getLocalPart());

        });
    }
}


Version is org.apache.cxf.binding.soap.Soap11@5404d5

Headers w is {Accept=[*/*], SOAPAction=["https://checkout.buckaroo.nl/PaymentEngine/CentralSoapGateway/InvoiceInfo"]}

class org.apache.cxf.jaxws.interceptors.HolderOutInterceptor
class org.apache.cxf.jaxws.interceptors.SwAOutInterceptor
class org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor
class org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor
class org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor
class org.apache.cxf.interceptor.MessageSenderInterceptor
class com.testapp.commons.MyLogInterceptor
class org.apache.cxf.interceptor.AttachmentOutInterceptor
class org.apache.cxf.interceptor.StaxOutInterceptor
class org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
class org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor
class org.apache.cxf.interceptor.WrappedOutInterceptor
class org.apache.cxf.interceptor.BareOutInterceptor
class org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal
class org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor
class org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor
**class com.testapp.commons.HeaderInterceptor**
class org.apache.cxf.interceptor.StaxOutEndingInterceptor
class org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor

Security header is null

MessageControlBlock
+4

:

Source: https://habr.com/ru/post/1588963/

More articles:


All Articles