Spring boot Wss4jSecurityInterceptor

Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Error

Spring boot Wss4jSecurityInterceptor

Опции

Предыдущая тема Следующая тема

legioner052019		#1 Оставлено : 24 мая 2019 г. 10:18:53(UTC)
Статус: Активный участник Группы: Участники Зарегистрирован: 15.05.2019(UTC) Сообщений: 33		Добрый день на примере https://github.com/code-...ing-ws-digital-signature запустил создание подписи и проверку подписи Как видно из примера используется хранилище JKS. Код: @Bean public Wss4jSecurityInterceptor clientSecurityInterceptor() throws Exception { Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor(); // add a time stamp and sign the request securityInterceptor.setSecurementActions("Signature Timestamp"); // alias of the private key securityInterceptor.setSecurementUsername(keyAlias); // password of the private key securityInterceptor.setSecurementPassword(keyPassword); // key store that contains the private key securityInterceptor.setSecurementSignatureCrypto(clientKeyStoreCryptoFactoryBean().getObject()); // check the time stamp and signature of the request securityInterceptor.setValidationActions("Signature Timestamp"); // trust store that contains the trusted certificate securityInterceptor .setValidationSignatureCrypto(clientTrustStoreCryptoFactoryBean().getObject()); return securityInterceptor; } @Bean public CryptoFactoryBean clientKeyStoreCryptoFactoryBean() throws IOException { CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean(); cryptoFactoryBean.setKeyStoreLocation(keyStore); cryptoFactoryBean.setKeyStorePassword(keyStorePassword); return cryptoFactoryBean; } @Bean public CryptoFactoryBean clientTrustStoreCryptoFactoryBean() throws IOException { CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean(); cryptoFactoryBean.setKeyStoreLocation(trustStore); cryptoFactoryBean.setKeyStorePassword(trustStorePassword); return cryptoFactoryBean; } Переделал данные настройки для использования JCP c HDImageStore Код: @Bean @Throws(IOException::class) fun clientKeyStoreCryptoFactoryBean(): CryptoFactoryBean { val keystore = FileSystemResource(gisKeystorePath) val cryptoFactoryBean = CryptoFactoryBean() cryptoFactoryBean.setKeyStoreLocation(keystore) cryptoFactoryBean.setKeyStoreType("HDImageStore") cryptoFactoryBean.setKeyStoreProvider("JCP") cryptoFactoryBean.setKeyStorePassword("pass123") cryptoFactoryBean.afterPropertiesSet() return cryptoFactoryBean } @Bean @Throws(IOException::class) fun clientTrustStoreCryptoFactoryBean(): CryptoFactoryBean { val truststore = FileSystemResource(gisTruststorePath) val cryptoFactoryBean = CryptoFactoryBean() cryptoFactoryBean.setKeyStoreLocation(truststore) cryptoFactoryBean.setKeyStoreType("HDImageStore") cryptoFactoryBean.setKeyStoreProvider("JCP") cryptoFactoryBean.setKeyStorePassword("pass123") cryptoFactoryBean.afterPropertiesSet() return cryptoFactoryBean } @Bean @Throws(Exception::class) fun clientSecurityInterceptor(): Wss4jSecurityInterceptor { val securityInterceptor = Wss4jSecurityInterceptor() // add a time stamp and sign the request securityInterceptor.setSecurementActions("Signature") // alias of the private key securityInterceptor.setSecurementUsername("client") // password of the private key securityInterceptor.setSecurementPassword("pass123") // key store that contains the private key securityInterceptor.setSecurementSignatureCrypto(clientKeyStoreCryptoFactoryBean().getObject()) // securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411") // "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" // check the time stamp and signature of the request securityInterceptor.setValidationActions("Signature") // trust store that contains the trusted certificate securityInterceptor.setValidationSignatureCrypto(clientTrustStoreCryptoFactoryBean().getObject()) return securityInterceptor } при обращении получаем ошибку Код: 2019-05-24 10:16:26.282 ERROR 18376 --- [nio-8001-exec-1] o.s.w.s.s.w.Wss4jSecurityInterceptor : Could not secure response: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: An unknown signature algorithm was specified: GOST3410_2012_256 org.springframework.ws.soap.security.wss4j2.Wss4jSecuritySecurementException: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: An unknown signature algorithm was specified: GOST3410_2012_256 at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:577) ~[spring-ws-security-3.0.7.RELEASE.jar:na] at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) ~[spring-ws-security-3.0.7.RELEASE.jar:na] at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) [spring-ws-core-3.0.7.RELEASE.jar:na] at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) [spring-ws-core-3.0.7.RELEASE.jar:na] at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) [spring-ws-core-3.0.7.RELEASE.jar:na] at ru.ksbsoft.client.gis.GisServiceAdapter.exportInspectionPlans(GisServiceAdapter.kt:48) [classes/:na] at ru.ksbsoft.client.gis.GisController.exportInspectionPlans(GisController.kt:18) [classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_211] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_211] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_211] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_211] at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) [spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-embed-websocket-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) [tomcat-embed-core-9.0.17.jar:9.0.17] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.17.jar:9.0.17] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_211] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_211] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.17.jar:9.0.17] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_211] Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0] at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0] at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) ~[spring-ws-security-3.0.7.RELEASE.jar:na] at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) ~[spring-ws-security-3.0.7.RELEASE.jar:na] ... 60 common frames omitted Caused by: org.apache.wss4j.common.ext.WSSecurityException: An unknown signature algorithm was specified: GOST3410_2012_256 at org.apache.wss4j.dom.message.WSSecSignature.getSigningCerts(WSSecSignature.java:845) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0] at org.apache.wss4j.dom.message.WSSecSignature.prepare(WSSecSignature.java:167) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0] at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:105) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0] ... 63 common frames omitted Видим что не находит алгоритм подписи. Could not secure response: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: An unknown signature algorithm was specified: GOST3410_2012_256 Являюсь новичком в данной теме. Подскажите пожалуйста в какую сторону копать?


Профиль пользователя Просмотр всех сообщений пользователя Просмотр «Спасибо»


	Wanna join the discussion?! Login to your Форум КриптоПро forum account, or Register a new forum account.

RSS Лента

Atom Лента

Пользователи, просматривающие эту тему
Guest

Быстрый переход

Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.

Important Information: The Форум КриптоПро uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close