admin管理员组文章数量:1340359
<soap:Envelope
xmlns:soap=";>
<env:Header
xmlns:env=";>
<wsse:Security
xmlns:wsse=".0.xsd"
xmlns:wsu=".0.xsd" soap:mustUnderstand="true">
<ds:Signature
xmlns:ds="; Id="SIG-B9561BC9E482A7482717165370736895">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=";/>
<ds:SignatureMethod Algorithm=";/>
<ds:Reference URI="#id-B9561BC9E482A7482717165370736684">
<ds:Transforms>
<ds:Transform Algorithm=";>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm=";/>
<ds:DigestValue>some value</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>some value </ds:SignatureValue>
</ds:Signature>
</wsse:Security>
</env:Header>
<soap:Body
xmlns:wsu=".0.xsd" wsu:Id="id-B9561BC9E482A7482717165370736684">
<Test/>
</soap:Body>
</soap:Envelope>
I have the requirement to sign the soap body as shown above.
I believe this is called detached signing.
I want to use opensaml and the implementation till now looks like this:
signature.setSigningCredential(credential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
Then marshall the signature and call Signer.signObject(signature);. Reference: .html
I also added content reference pointing to the soap body i want to sign
Element bodyElement = (Element) doc.getDocumentElement().getElementsByTagName("SOAP-Body").item(0);
String bodyId = "body123"; // Unique reference ID
bodyElement.setAttribute("Id", bodyId);
bodyElement.setIdAttribute("Id", true);
DocumentInternalIDContentReference uriContentReference = new DocumentInternalIDContentReference( bodyId);
uriContentReference.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA256);
uriContentReference.getTransforms().add(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
signature.getContentReferences().add(uriContentReference);
But I get this error:
Exception in thread "main" .opensaml.xmlsec.signature.support.SignatureException: Signature computation error
at .opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl.signObject(ApacheSantuarioSignerProviderImpl.java:62)
at .opensaml.xmlsec.signature.support.Signer.signObject(Signer.java:73)
at com.amazon.bancomatpayremittancelambda.service.OpenSAMLDetachedSignature.main(OpenSAMLDetachedSignature.java:98)
Caused by: .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID body123
at .apache.xml.security.signature.Reference.calculateDigest(Reference.java:744)
at .apache.xml.security.signature.Reference.generateDigestValue(Reference.java:405)
at .apache.xml.security.signature.Manifest.generateDigestValues(Manifest.java:205)
at .apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:631)
at .opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl.signObject(ApacheSantuarioSignerProviderImpl.java:59)
... 2 more
tl;dr
How can I create the above xml request using openSaml?
<soap:Envelope
xmlns:soap="http://www.w3./2003/05/soap-envelope">
<env:Header
xmlns:env="http://www.w3./2003/05/soap-envelope">
<wsse:Security
xmlns:wsse="http://docs.oasis-open./wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open./wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true">
<ds:Signature
xmlns:ds="http://www.w3./2000/09/xmldsig#" Id="SIG-B9561BC9E482A7482717165370736895">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3./2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3./2001/04/xmldsig-more#rsa-sha512"/>
<ds:Reference URI="#id-B9561BC9E482A7482717165370736684">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3./2001/10/xml-exc-c14n#">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3./2001/04/xmlenc#sha512"/>
<ds:DigestValue>some value</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>some value </ds:SignatureValue>
</ds:Signature>
</wsse:Security>
</env:Header>
<soap:Body
xmlns:wsu="http://docs.oasis-open./wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-B9561BC9E482A7482717165370736684">
<Test/>
</soap:Body>
</soap:Envelope>
I have the requirement to sign the soap body as shown above.
I believe this is called detached signing.
I want to use opensaml and the implementation till now looks like this:
signature.setSigningCredential(credential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
Then marshall the signature and call Signer.signObject(signature);. Reference: https://blog.samlsecurity/2012/11/signing-with-opensaml.html
I also added content reference pointing to the soap body i want to sign
Element bodyElement = (Element) doc.getDocumentElement().getElementsByTagName("SOAP-Body").item(0);
String bodyId = "body123"; // Unique reference ID
bodyElement.setAttribute("Id", bodyId);
bodyElement.setIdAttribute("Id", true);
DocumentInternalIDContentReference uriContentReference = new DocumentInternalIDContentReference( bodyId);
uriContentReference.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA256);
uriContentReference.getTransforms().add(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
signature.getContentReferences().add(uriContentReference);
But I get this error:
Exception in thread "main" .opensaml.xmlsec.signature.support.SignatureException: Signature computation error
at .opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl.signObject(ApacheSantuarioSignerProviderImpl.java:62)
at .opensaml.xmlsec.signature.support.Signer.signObject(Signer.java:73)
at com.amazon.bancomatpayremittancelambda.service.OpenSAMLDetachedSignature.main(OpenSAMLDetachedSignature.java:98)
Caused by: .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID body123
Original Exception was .apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID body123
at .apache.xml.security.signature.Reference.calculateDigest(Reference.java:744)
at .apache.xml.security.signature.Reference.generateDigestValue(Reference.java:405)
at .apache.xml.security.signature.Manifest.generateDigestValues(Manifest.java:205)
at .apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:631)
at .opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl.signObject(ApacheSantuarioSignerProviderImpl.java:59)
... 2 more
tl;dr
How can I create the above xml request using openSaml?
Share Improve this question edited Mar 4 at 13:31 SynAck asked Feb 27 at 14:44 SynAckSynAck 2265 silver badges21 bronze badges 17- There are two types of signatures 1) The signature wraps the xml object 2) The signature is a sibling element of the xml object. Your XML is Detached XML (the second type) since the signature and the body (object) are sibling elements. The signature is in the heading which is a sibling of the body. See learn.microsoft/en-us/previous-versions/windows/desktop/… – jdweng Commented Feb 27 at 16:52
- I know mine is detached signature. But in the blog, it is not a detached signature. So I want to know how to sign a detached signature using opensaml – SynAck Commented Feb 27 at 21:48
- The BLOB is not code., it is pseudo code You have two XML objects. 1) The XML object (element and children) which gets signatured, compute a Key 2) The XML object (element) where the signature is added. The following is the XML interface for a Detached signature : litsec.github.io/opensaml-javadoc-mirror//opensaml/… – jdweng Commented Feb 27 at 22:23
- I think I might have framed the question incorrectly. Let me try to fix it @jdweng – SynAck Commented Feb 27 at 22:58
- 1 I'm trying the best I can to solve your issue. You said "In the signature interface, I do not see any method to set the digest algorithm, the transforms and the signingInfo or most importantly point the reference to my soap body:" I'm trying to provide other links to answer your issue. I'm not going to write code that you already know how to do. You only posted a portion of your code so I do not know exactly what you need. – jdweng Commented Mar 3 at 13:11
1 Answer
Reset to default 0I was able to figure out how to sign a detached internal signature by looking at some UTs in openSaml library :
//
本文标签:
javasign a detached signature using OpenSamlStack Overflow
版权声明:本文标题:java - sign a detached signature using OpenSaml - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人,
转载请联系作者并注明出处:http://www.betaflare.com/web/1743627049a2512462.html,
本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论