签名或解密无效

问题描述 投票:0回答:1

我需要使用Java over https来访问web服务。我在jks商店中获得了密钥和证书。我还提供了下面的示例肥皂消息,该消息适用于soap UI

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:clic="http://www.xxxx.com/xxx/schema/foundation/service/TestSchema">
   <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="TS-10205c90-231b-4430-8ec1-429e022d1c79">
            <wsu:Created>2018-07-23T13:00:06.981Z</wsu:Created>
            <wsu:Expires>2018-12-23T13:16:46.981Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Gd9c929cb-1e7f-42b6-93dc-a48ed8bdcd33">MIIC9DCCAl2gAwIBAgICASAwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAtNYWhhcmFzaHRyYTEPMA0GA1UEBwwGTXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEQURNUzENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA3MTAxNTA2NTlaFw0xOTA3MTAxNTA2NTlaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NzZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoNuOqHEg2gwhJqU5/qJ97+nBZU5pR7plAvGjfsqdTRb8Qd/UBRkVWPaSWxVJm6yERi4km2qwoOetDiPRnedj32QJu2tUs0N52lTG/DGAHBHkinkUOTNfBwWlWSz8hvpCuz7GvbSGi1EQyOGBJq6OgDaSYbmwpHXDhYl6iaW/MjAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSVjKcFNjOT+RJyfHywsmDe3odF2zAfBgNVHSMEGDAWgBTpiJNUrifNvox2jit80t/e9BlxLjANBgkqhkiG9w0BAQUFAAOBgQBEpijq5vKRmWEZFUt9RTJ1cw6vpQbKSyhKOm7Sv1YgxHjzP5uGjddSkl8QmBBoHp5FIS/z1lBuRyMVNDChUrxqUR3Mz+qt+dM/xDJzYYA5oFkV3JAtZg5Re1uc0xq5uRkn5Qo5t5oj9RTN4a5zr9oK+AIxORSTWz33WUq7cHhJ0g==</wsse:BinarySecurityToken>
         <xenc:EncryptedKey Id="EK-5a112e0f-279e-43f2-b3ee-5a7044951d8d" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
               <wsse:SecurityTokenReference>
                  <wsse:Reference URI="#Gd9c929cb-1e7f-42b6-93dc-a48ed8bdcd33" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
               <xenc:CipherValue>dBTVGkwYgWNXBZ/20oAugPl57b5iE82sM344mvqppDfXYzIgWegF7KDI696xIbvyz1CqAFw/Km645180FuFKVsbXPYp5nTKs4QMNfivVu10QBksKaguKiRiowmSUNx5WUXef4x+qEbOqDjNbS98DdflpfOsJchOvdhBFSwUMf6o=</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:ReferenceList>
               <xenc:DataReference URI="#ED-c1e7ddcc-207d-4ebb-a165-64aebd752871"/>
            </xenc:ReferenceList>
         </xenc:EncryptedKey>
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-68055fd0-3aa4-4947-a7b6-a6ed2966a464">MIIC9DCCAl2gAwIBAgICASEwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAtNYWhhcmFzaHRyYTEPMA0GA1UEBwwGTXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEQURNUzENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA3MTAxNTE5NDZaFw0xOTA3MTAxNTE5NDZaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANM9PR5tuVI5sLvEvCu2dPPZmxvvJEMPHnCo8sKz1WGxlp9xyqjxln0o2tsSQXEwlpaWoVypMSvEDPVXxTRpypaJ2n1aD6Zda4X4lDda7G4nd//EalItZxrZ4cYmk4SueIz4JPmg1JyQfdoFg+8LAoJXuGjNcHN6+d8BQjJh+oD1AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQAaGiDClvXpk9AdblQa8w4oCRTdjAfBgNVHSMEGDAWgBTpiJNUrifNvox2jit80t/e9BlxLjANBgkqhkiG9w0BAQUFAAOBgQCBMmVzYVpNtQs5KqhQ/q7QcU2gkoQqaGbkngY2CgvDl7w65lJo7lB2dn0H/rDrTxzcTAusp71RzSpzCE8zTkkh8bWjghpDKBcp2s5rTxsGuNf2fHT7EHyIq/wxX/DAY6Z2t6Wb3BYIo9Xe7NN9+UEmi0aHxxZ5TzH0sbIviZ1x2Q==</wsse:BinarySecurityToken>
         <ds:Signature Id="SIG-af07415f-9af5-447b-ab52-6ed562332323" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="wsa SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </ds:CanonicalizationMethod>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#id-73d18922-a97d-4ef4-a3ce-a5476e2c876b">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>mek5MuRjirVXt8ly13SqLfVl7NA=</ds:DigestValue>
               </ds:Reference>
               <ds:Reference URI="#id-20cca316-6e2e-4434-a3a4-b855da57bb6e">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>TRCFwe1ZqDRAg4QSXZbZyGUDWIs=</ds:DigestValue>
               </ds:Reference>
               <ds:Reference URI="#id-26419ab7-c125-4c16-a41e-c8e1051577ef">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>hGs9BeHV6gWNzRt2bIOO6ufip6c=</ds:DigestValue>
               </ds:Reference>
               <ds:Reference URI="#id-3fefc90b-632a-426f-b8f7-74a99ec4f82a">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>jGO5ckp7b9JDGeLjDu2b9jyzSJ4=</ds:DigestValue>
               </ds:Reference>
               <ds:Reference URI="#id-ec181695-d50a-4579-94a4-410e8fd4e422">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>7lPYMD7/qYqiiw60hXnXoE7+hpc=</ds:DigestValue>
               </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>0vyKSyRw2br6F4AEGfynFw8HwlYOebJMdNASuwP6+Cch3hhteoydJ8H9JVqxiqRAnYHnR9Cx/rhRzkXhDLvBV9/NFw9EdrHBmdbAnbYVwfLA5dTndLPHUk+fvrvs7YjfjsNOlUNYhIZhnvfMt9MUoNKJlI62r5ijkPWIgpwIqLA=</ds:SignatureValue>
            <ds:KeyInfo Id="KI-3883121d-1f56-46aa-98f2-e6c4be09b4f7">
               <wsse:SecurityTokenReference wsu:Id="STR-0b7f8424-870e-4c49-8b32-6c7748a08537">
                  <wsse:Reference URI="#X509-68055fd0-3aa4-4947-a7b6-a6ed2966a464" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
         </ds:Signature>
      </wsse:Security>
      <wsa:To SOAP-ENV:mustUnderstand="1" wsu:Id="id-ec181695-d50a-4579-94a4-410e8fd4e422" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">none</wsa:To>
      <wsa:From>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
      </wsa:From>
      <wsa:ReplyTo wsu:Id="id-3fefc90b-632a-426f-b8f7-74a99ec4f82a" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
      </wsa:ReplyTo>
      <wsa:FaultTo>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
      </wsa:FaultTo>
       <wsa:FromSoap>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
      </wsa:FromSoap>

      <wsa:Action wsu:Id="id-20cca316-6e2e-4434-a3a4-b855da57bb6e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://www.xxxx.com/xxx/definitions/service/RequestTestAgreement</wsa:Action>
      <wsa:MessageID wsu:Id="id-26419ab7-c125-4c16-a41e-c8e1051577ef" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">urn:uuid:97d1f396-3f51-41db-ad62-2633f13fed32</wsa:MessageID>
   </SOAP-ENV:Header>
    <SOAP-ENV:Body wsu:Id="id-ba05ffcc-9962-4b41-a1da-e813d9bc93d0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <clic:getTestAgreementRequest>true</clic:getTestAgreementRequest>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我使用apache wss4j 1.6.8通过soap消息生成,输出如下

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:clic="http://www.xxxx.com/xxx/schema/foundation/service/TestSchema">
   <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="TS-3">
            <wsu:Created>2019-02-06T18:50:11.074Z</wsu:Created>
            <wsu:Expires>2019-02-06T19:06:51.074Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="6593263F499877B4A415494790109675">MIIDeDCCAuGgAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAttYWhhcmFzaHRyYTEPMA0GA1UEBwwGbXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEYWRtczENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA4MzEwOTEyNTZaFw0xOTA4MzEwOTEyNTZaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGZAOvKwIffsVhKQ4sGasgUcgP1Vp+KZsNsuCjKCIkfZ5w0S7m5jUpzzIYjmWYa3b+aU3jCpvtfSFB5xQ6iHGcPJ6w3Dso+Clp4XuXgfS9ECblJjJ1gk6e91/uhywbt+e1zAE7dl7+S1dkxsw3H/1E3bVVWmeK31tqexwUVgVtyWJuX77w31yx0zJ2KI7CEfPq7OMEVRMq4jRkn9s0bHUjQ9PqMtOnglo9isg1lhm3TpWfy9wkB99pdDkAG5QqPlp/m+l5mBUTvoZIoOpVNHsI0r15bqC/Nzkm/g4p9qbG02rlv3P9JqDFCkgYWg/zIe5HUzTFaDFZwBKxO2Mexe7DAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2GHKfXofss3GtyDO9Y/CihdWrIDAfBgNVHSMEGDAWgBRGhczI58cP0v9DFA2z1jVz6w2ksDANBgkqhkiG9w0BAQUFAAOBgQAZSuRlgWHwoeUBKwI4c2vvfaSjntw2T73JcDL2L+ZsqRQz3TPWGs5T/UtnPiKP5SDrCR0syz1ejLXo0DgBlehlwBDYbizznyK2a8sG5URA5VGDCV69JInihZft0IbplDzaGr+RYdRlk6sL9Xn9/faKF6EJbG90WtqnRjBz+9Lvsg==</wsse:BinarySecurityToken>
         <xenc:EncryptedKey Id="EK-6593263F499877B4A415494790109674" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
               <wsse:SecurityTokenReference>
                  <wsse:Reference URI="#6593263F499877B4A415494790109675" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
               <xenc:CipherValue>ChwYvMF05oQtM1pCPwhsH2SUnb/D1ilvjff+1yPb8HPUyLv4AcbcQzROnujUdDBxdNNC5gWGP9YqSvEFTV1WF4+qXzVAOt6RdSERx0JGmh7FaeHiO0JDuVKmfJsb+sRgUh2u3LBgxEqs2mqB4PEW8rat3rY2V4d7pl3MiS4mJO7QTeo3OvoxXKeN4ya009DrKkr+Is7OUhWYqU6Ffw6sZSeZltbz0ZcrtLlZa/dIZo4gSgvFcePgBuW43Lm3KwtzCqOV1Zgul2bRpsQnfD3EVXp75i5zPYU/KvWJqBkpKM3h8c8h6nNA+aibvq9WCos1nZvs8XaKg6Ymd3dcwgePHQ==</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedKey>
         <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-6593263F499877B4A415494790103071">MIIDcjCCAtugAwIBAgICASAwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAttYWhhcmFzaHRyYTEPMA0GA1UEBwwGbXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEYWRtczENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA5MjEwNzI1MTNaFw0xOTA5MjEwNzI1MTNaMGYxCzAJBgNVBAYTAmluMQswCQYDVQQIEwJtaDEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczEUMBIGA1UEAxMLc2F0aWFjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHoAKC/vd19vb/OUlSjCmJc30RNiyvzorBjNAqyR9oBRALtwxMdnzLboCxawzTnjborgP1LBgmFD1c42LW83Yja/vmwNEGCNp7+S2moLbN4xe4lFB6ixNDcWgrbkFz4rGotvSGs8mxhLAdye69g5UUV14h/brzJY8pOmABG6Gz30bxogq+SWtZ1TlymAxNgx/Tw80gzgy1aOfUhJQaKIF6m+59O4HpxxFH00Z/f3ZXbyIfDfgRXDP+sxt1vOUKoLmgn3bypM9EqN2sGr721HKqJujMqtl1YNMs3fIGaT6lA4+obIg3/JYsz9xj7M6ym8IJm/OyDkRzRuB3BxVvW1GHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT0ZtrJGWC5jLIFvXHbSw/KV+M++DAfBgNVHSMEGDAWgBRGhczI58cP0v9DFA2z1jVz6w2ksDANBgkqhkiG9w0BAQUFAAOBgQC78s3HaYM1sqBXoPyUFitSZf9zyQipOWpvrrYdYwKMEmT84ZDJeJPLens/7URyyla9s/ygXbFpHbzre2nXZLEfXEC5ZSjt+/zDz0TTDPCoi/PBPAZP0f1gnAihSzi04YB2MKKKgRKCEPnc43WbiNWq9+e8rnKN3p82fgc03Mrc1w==</wsse:BinarySecurityToken>
         <ds:Signature Id="SIG-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="wsa SOAP-ENV clic" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </ds:CanonicalizationMethod>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#id-1">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="clic" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>xb52CEoxKdEcSo8q8eLMOURnTnI=</ds:DigestValue>
               </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>wQlP4hzCvKMVtolq6nnVnfH7Zz/0ktTrgHqb467RgoOB6W7jrDpNprofp7gMbdxjC2D4X7yj/APYD9ADmmGZf0EzMbF/o0G1RYPQzl2J/1tagWM5H3M3Ztnxbwj7cA7ToYTci9D6BASLef9Jl9I5diiBP/1eXsqjVkzeuocvozrRPVZLXhdLFIUT2Yk2V6s7RH0q6FNDZEk10Z6AWstneh/ixq7BkYUhObZmEu1P5/IO99lX68n+EGexbBOmTFBraszkjBeSSH+8/ShLDfhm24O52LlFktKXmyuMN8eQu8vmQW21vtW+7GxXD/TIdwTwtwjyH2awJtNCCRf8pLTJIQ==</ds:SignatureValue>
            <ds:KeyInfo Id="KI-6593263F499877B4A415494790103382">
               <wsse:SecurityTokenReference wsu:Id="STR-6593263F499877B4A415494790103413">
                  <wsse:Reference URI="#X509-6593263F499877B4A415494790103071" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
         </ds:Signature>
      </wsse:Security>
      <wsa:Action wsu:Id="id-1ea06b17-3ceb-4a69-8d2c-2ea8c9f88a9e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://www.xxxx.com/xxx/definitions/service/RequestTestAgreement</wsa:Action>
   </SOAP-ENV:Header>
   <SOAP-ENV:Body wsu:Id="id-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <clic:getTestAgreementRequest>true</clic:getTestAgreementRequest>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

当我在soap UI上使用我生成的soap消息调用我的web服务时,我得到以下响应

<faultstring xml:lang="en">The signature or decryption was invalid; nested exception is org.apache.ws.security.WSSecurityException: The signature or decryption was invalid</faultstring>

我的肥皂消息可能有什么问题?我可以看到我的soap消息中的CipherValue和SignatureValue比给定的示例soap消息中的CipherValue和SignatureValue长。我需要使用哪种加密和签名算法来使它们具有相同的字符长度?

ws-security wss4j
1个回答
0
投票

签名的消息被更改,然后签名不知道如何解密签名的消息,或者您的密钥库可能有问题。

您可以尝试使用soapui https://www.soapui.org/soapui-projects/ws-security.html中的密钥库生成消息,然后尝试再次验证它,我有同样的问题,我设法解决

© www.soinside.com 2019 - 2024. All rights reserved.