我正在与服务器通信,该服务器在SOAP响应头中插入其X.509证书作为二进制安全令牌。如何相应地配置WSS4JInInterceptor?
这是我的代码,希望证书在JKS keystone中
// for incoming messages: Signature and Timestamp validation. Response is Encrypted
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT);
inProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientKeystorePasswordCallbackHandler.class.getName());
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "server_sec.properties");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "client_sec.properties");
wss4JInInterceptor = new WSS4JInInterceptor(inProps);
server_sec.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=ver2
org.apache.ws.security.crypto.merlin.file=certs/kontaktinfo-server-test.jks
如何重新配置它以从二进制安全令牌中提取证书?
答案 0 :(得分:1)
如果响应引用安全标头中的证书,则WSS4J将处理它而无需任何配置更改。但是,您仍需要至少配置信任存储,以验证证书中的信任。所以你的签约"密钥库配置必须至少具有用于验证签名的证书的颁发证书。