1. 首页
  2. 问答
  3. Spring saml:Key对于展开来说太长:invalidkeyexception

Spring saml:Key对于展开来说太长:invalidkeyexception

2014-10-07 32 views
1

我的机器上只安装了一个JDK,代码指向相同的JDK。我已经在这两个文件夹(C:\ Program Files \ Java \ jdk1.6.0_25 \ jre \ lib \ security和C:\ Program Files \ Java \ jre6 \ lib \ security)中安装了无限强度加密库。Spring saml:Key对于展开来说太长:invalidkeyexception

即使添加上面提到的无限强度库,我也会收到同样的异常。这是延续到其他售票link

例外:

Caused by: java.security.InvalidKeyException: Key is too long for unwrapping 
at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..) 
at javax.crypto.Cipher.unwrap(DashoA13*..) 
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477) 
... 46 more 
41 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved 
42 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver 
42 [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content

SAML加密断言

<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> 
    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_b789fe1577b7a52846f0de3a53504b54" Type="http://www.w3.org/2001/04/xmlenc#Element"> 
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> 
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <xenc:EncryptedKey Id="_a55df022fc577a2523dea6dde1bb2d78" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> 
      </xenc:EncryptionMethod> 
      <ds:KeyInfo> 
       <ds:X509Data> 
       <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE 
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM 
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy 
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E 
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13 
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K 
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON 
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg 
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL 
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A 
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu 
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW 
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE= </ds:X509Certificate> 
       </ds:X509Data> 
      </ds:KeyInfo> 
      <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
       <xenc:CipherValue>CPKpuy59EbLdJxoWtOEXlVG7nJkn2B4wk7seQ0VVK4+DbMZWqW9F+GLPtqQPMbVS99nPON9YCiNbpLpUlqE8JvZOQ2tyf5H5d7+kAF/QqaTPJjYC9SzI6dbLkB6O+EJZY6981iUkJtuUvs+B0649BwnKf9ByNoHePEKZeN6Ws9YNB15xrc5aTGqLVzW/bUTgOGPpZDPyeHYoqWRhDg6/2uYfvglMnN5t/mlGzLxsGJbF8WMdfIf2tYbGoDUfs5SgXtsvZPEm81WEenPJz/iE4PR0ih//in/h9+RmpfEfLw3A==</xenc:CipherValue> 
      </xenc:CipherData> 
     </xenc:EncryptedKey> 
    </ds:KeyInfo> 
    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
     <xenc:CipherValue>5MRv+ee2XjfYNJeLOiuBi+quq9Vz7fE60JRzvXODQ9w4Y/czcWM/vYVoyX8/+n/27UIw4IyP0+en7H8ylOpJwNJC62Ur4GM3pAWde6Q9t4ZrjCu0yN3oX9v+0TVCJ8NKBGoyoIIbW5WljQob2NArvJc6z53gKzNYwYdYwMz7pcdJ0d0qpb11cphpNzWOONmmV6OZxnUOrGVceY+KvIOqHWmkvhPLW0d5J2C2nua/EWIq7+MWCAIHBnCGacTF+gaz6zO10lSHpFIm6dXfhIivSf9ZYye+I3dDOIMDeFN2UtXCRpG1OjGc4QqZ3HiDQ1ownjNE6L6HRQYgyarLc4Jrb3ftXzPl6Q47/T4QYgeM+tuk7nTJV5sCDji4WzZ7fG5syAXOCI49GdAhlTpanqBE3pzl8eRaLQEfrgMtQngvJDk03DcgGYjtdsflZZpHVqo++uHmOjjB/vC7hBwpOZEARA8m0o+EmHVU2QRUjWEFMmu1flKr+tl1+AMcnAR8prNGjEYttwBJ06G/1Ad25xqE8N0NMFabJGgOn/MP3T0+ZvzuzFXR+m3peKvlwdlsRTBBQeUpmEFcBN6Ls1UlP576VN1XYWPYblZ3qjqO2Qkfrxx79TaN69X8gkcJ/WJ3Wzj3UTToSgd7oXF2kOMdKwg66aijs5ToqZQOJCCazS9YyZrIV8/TvVQSd5S01H660BsZMvJvKUM0GNWqD7QHjDrU0GLAYKQDE+QouMJkf1E1STXq8rkgD9A8o9bNaWZoM2TQnJ7AmOXw1Nms9+Old3HRhnXurC2+MgiRFy70iA50F/OtiWE08aQYGiHeGDyVEXGvrroVWmPYBKvEjycVGkVADe0ICVD41wZEw7F/FmaBkx/wHKYXu9DoN3SFdMSo7fouFBZMCqMNY2Sodo70ALad/uC72AVx20urKXIoXpPlzzXYtWYm9nG7pLHWnrPMxbDZPcJPLGBzOeqmqcbPU/MQ765soVHQ6TR3sZe5Go5Smaauump4PAP1bLeewh1RKKDN5jKjD01R9Wzl34ithvgToi5pUpSNBTsbFpdN4fsg1c78yxXC3qr051/VngWK4SdxqDjdvAMWMSNvIOOsKBYqHN0sabQD/zD0XclH2MarDe3udBULr+eCrU5qkGXClg+e7fvpAYV6yUXCnrn5Uq1WrpUMWffyzWwJnlgiWtIlCy8wV/YDXFQ0QR3hET02H4JiHRKABrHTx9/MTQJPqHdv7eNxmTQj8bEjZcTygMxec5RQLr06/ontMtktgZCjQopBs5Sg10N0Rc0foMxo42X2ceCdkxHGMTndMEEBsJEfTLSLX86InW2S+omXZkiUrmdQsgUzF04waiuYyYPufkgaFdH1n7lTGjpH6nZsbKYILQJemEdfSFqHoCIZqtVrLdiTP+b1doZjKGZ/Dha7syL3ctvrj1ingjpjYYXEfEQIod6+fr7DP/fN5GF/qYWoYDXW+tBDMatcEBy7v52f8vcKrnl6j3qqD9MoejOarS/LABdqVq7r0X8R3ApbDrK/UQFijAEgZi467CMk4pLjpsVTljehGEcyo55cRpyz6G7Nak1c35pNK4vFtC3QeIgjWs4JwCRWo8QFIBUqe5yiNlRhnh7uZ9fx9UNSeJ4zle0Ixtby/Az2TUJoBsbIN+Gj9eeQIhAIR7st6fLboRptE6zX/ZDWzii2z99rWLts5F0aatQsbToD7QQgDGKJIybt5bAKQh8cWQ2DaCDPKhxHCYlHn4p5xPHjU0MaXhpwcbWZlPJJed2ZrFY0klUoYSdse3vw0BmFv0xm3Z4IfGQ3M5ZbKpUEbGKugqgD9PSviQdRtj9tIQVylA+MVOimxnTcmr2j5k8RfEA1hN7I5oo5M/kmXttebED36mzpHaW7opGY7fgjLMdR3aebMX5eBI2TmtvAYbFM3ZLjHgFEtikl8ETzRwWZQAq/1wpYHyIJSf1KAZXnauo72allx+QhoYOSZ1W1dt2Y9ldr5DC9o+8BPrxWMUOtP1EE4J0d3lZ6Dxj0a1ae8NNpSOy1ARu78GE2uU0RKmUYo45VsxEJN91gNe53zVrlpjNPx2vlGDJi5YtFk3I/wXNHpz/rxml9mMjcy7gEC+KLX36LO0BuL1+lM1S2nWCEl1XYUQHKGX5pnBuFr5F9thZRmXFKcQbdA1o5tX1Pn6R4ffI27uxQSS5VHCcLl02EMDpafReouXDK6lk8k0GlUJHJPEqku0x3v1ijIuQpWb2tZ/LFgTD36WRhjK+Q1kxs0JyrpHSX+SRwEVbMZ6EDur6ijQBimvTMHkZo1jzfyfPqBJW41R5QomWxk5RPyfnY5Ew4+qgVRIb4bx+Oe9T9Z9DmlqEoBn/jb9GNDY3RnLxKpHD9k/0XEV71kzXye8LumiBFKsH7PIBBeNmt3QmvBPkTIf52s7giivaE77jw/I/lVdvay8BewHYALZnxtda+VcoVKVML+NAosdhLSFjbQY8I6vFK8YzcYRRw+fejPBOoSgE2OXnGQyD8VfHTSPUVKLqG91Ekn77D1rG5TUfHGY2RKAEqsxHeFIt4akXf1nSmItaRcMLGZbTN+PMVA7IlHCekgAoRhlCcemgFEQEc5zP5+mWuunLQM9qbw3U5aHiyuigdUqpZqYe/9Se6MIN1VHcR2Wrayz8Ut1j4sZKVYTgNpvfYaU63+HXYqSzKDLiBKm0dCmDTUwrUY3IGhX27jDUZj9BaNV3vCNZqXawDZky7ZAugRM5Be6lSOBaCDf2cgJPcL1E30FoCqER8Oi22ScXSFurzWf3rwC5V9nC++B163qQTZqKb5eurGYxPuo6CFps481DdxNfhpYAkHC4akoXpnJevuIXNF95EiZBIzzQ4KGZTgdVH97UrBNA9gmcJBu8jGSXl5bFRYPqIx9bpC8bHtMrU586TTl8sQbP95X76ZKcKb9YRaKsr3MMkxD4L45KJ+vqsYnLYBOUMj2dbp8c//rsSHP2WfWC+s/K58hLab7TqH/LE8vaJeg3PC8CMPbv1r2onUlWfG8fs7a5FRX67I5vbXrKn2ZYjGFrLLx8wWPhs1mQPqDzHn+CnOYqApW0ZhSFyAi7yEkyt+7AKS+0L0W2mYiEqq+iLuw6Vp3JuQ23Gx+jCbtBUq+VY7z7uGIrl+hmfYPRBj2HcTud0kfScOT6I4rmHxBvoCc5vHm+5cOzgzR6fpbN+PZzT3G2D35dSzAeDlrLaxSXiTDUAivR7i6ufxv7ma+IitCVxImbqSW0zI/RJrA6VcvOWG9CNq2jV65/mc4qmGcreihUeqHgpa9wcVrsGndA0C5EIS7F5LxOjZyrOCmyXG8MukF1KavD+y4RUKu8HMbPP1DO/10ZRmXARJKTdfG3npjnpy4QZc72tsfoY1XBZkceclVuNpQJrWfX3WPg5x9iEUSoRVg+hgGuQ2UQYeOVOvXgyMysz34du6HdDCl9n4gL3h57fkakZ1lIIVvrl6ZVGkfZEjp8vy2RY6cSNOIPUasDPoMuzsLG5yuw6yAPd7Xs3X15ezpncAk3fMphTFZ0WeL7sW66QVjvSMZa94DoeiqLjzFbr9upglWVOv8DA2hfkbpaLGVF8foAcLtvDsWFjpy5FoJrvZYEHOSLcY4KLU0YC7UFP/DkyxM9aBSa8A3NgONUvEm2jP02YhsCv1V1o/WJvQyJ9KZQUO+BrEA6h4MHZ+kWed8RoJ7NNIwIXQIYKtXC3c2UjpKBpWkRKhSukxOYfRvNonhV/LPT8xQuzBuoiybLCy5vfX/d8U24/it8vPZmnyoITWs5ask+K1ahOgChe2WFs0xuPmEXIAuu3FOsfEsFO8rqPe2pfUMCzU3ysN8lbznPWbN97RUOr8zXs4bmNbUB1nHiA0toP9VO/4h+XrZOF48c5mSYJ7+dATrHVOn3kOgD4cE7Z9qkJ86NzT5gLrpdjSTrHcJuOTwO/o7n9VLtohHMndAxlHuRHtF5g+pOXV2sMczfnPEpJydl1ehGWBoXXsccpeva6vRMiJH/vjECaY6Dou4UvF7yP7zc8X1k+F78LDfHkSnx6BBbdYmA47VhKDget+6xq3wcrWipnzZ5zQgbPD4FLU6ZWPotuQGIUE03SQ8LYmzvqXLPV48HGQKzjL3uJ6cpfYkw51VF4tQ9jDetTuYiwgQt8Qd3xycL8WmylgDR8fld9UQehfUZYx8hyVLLykBrsu0Z/c6il5QIqVORNk98bJiAvNGnQm8eL1yOBPtwa3mCHbiJ01HuhhSbc+pcWhSgJ1REwbWqerUGFuv4x/V4dJOLldXdCzFKjDIQO2Cc57le5WFjljeh8zPV40RIR4Y0JKPtTW70n3DRVH0JcxEk6cpjy/oF+oE1DaZYUODbwpXmQX4h80RkNrVumixEdaEerRrQ9Go80lNU/kXQ8oV86w86Xu0Ov9lLLuSwVVoB5nS3Py4cCGHfUTtLcZL/uNt9VGEIoM3UVOF7rdMZEbHpXh7HlQ2LFztZ1Z15xNQjIV/adpquS6HSduCXVo8VlRQIa3lXDB2w7/+tkCyBHrwFn2ZTLzxFLv9jTwJjg9sXWxs6zLg52zU9cYiRvPE/yCawOeE6wbihRPgjw7cnbmtZ/R95i13DRcxxWLWgpw4Y0xqNlHP830p/w/GivsPJ5QQ8nULbfKRjTBu8i6wFRuy/pfpZ3wkCUOk5iFtHqBZV/AaRZXIpw0MYbvmtbZwcIet6TOE/7xFnycwhh06sxMtpvAaEKghamCdLsiPnXnSJGGqAW1qd6u54TTrIdQdVzQ6TRLIfTOVcEe051971V41xZQQg8ROMhZCOn3di/FDHeYcTExzEAi04pQ9BmE6wGQHUkExDpxp4gveQLRKMTW3CQdE7kwFB6qAU2XOy+2n4CkHj8K8zVtnMWUHRuXYNGR9whN8lEyQgEAY0evcD0xlSjeEA7KcexkDWyYtWWRbYsPEQHmOj97926scdd+6HP3voPJeS6XAwnPbhNO9N3L77kLPmwo05W2dyfg9zdL1INblETfksDuCQ/P2RWU1BaLH9h18oi23g8n05K4XPdycle2UQcYf156AKBVVkhG++4TTD/xWqoHzffb8XtARGC7cdZphiSE58d/UfkrAqek7+Sd6Dqgu2JXlxR159xlULb92KLnKHMIPGJG9mYIzlk/H4BRSj/hAoIxPDMXfcM8r96iC/AKKaQmGx+FZ4HDj9O0xiBNlOBIorPrGhL+6WwSZW4LCQ3GOvxYOwYPd4gecThadR5+h7EF99O75X+HHyTLdzUveHOe5F9vKW9TYFRMtwA4lj7WTKFpEJf7FOeV3zG+U4juingOHxqK1RgqGDMnHaHLgKzm17iauw2deA1GL/bLiB5PR1BzPMJtgoOdBYHhv0fBioxrskwF6r6E+9rQ1jC35YIKNfPUehM6IVgobSqMFC47Q9+0j7NXlt6XYQ9Ys9gWr9g9G23WLzCKO97mTGmGXP2IOtfTfQx9NYGuYj1vtlcC+PY3KF9WVhxq1mtdx2e60obnzF5jqMx1GnZFyTM79AbJwpGCfMBbOkWopr3YynLdTBpm72kmg6biXWbb5KFckSSGKWqkHWn4LgwCoWjXr8TwcoMhLNpNlirXWZYyxFwR/n0MvT7Du44Rak+eNw+f7uATRInHoOp9gMukfzYoiMPcEeadlq+3cEYg/EGmiIbASEx/A3guJPI1Zh9mlXeDXr1W5UqyIAsMjwGoktd5LKJK56RNFCZeyOLurvd5/lHofxsM+7sxhkgBjng6+221BxsXDsjNe7b7xymRqGZmxnIBYl2DqDJx+gA+y51kfJvoz6z22hcfPEL6V7LOPu3V0JC04TbdnV71YVAbnmU2qWY8+YFoBYUX18R2qC8GESzXL01/CDM6owVFxJ6nKObZ/dwt93s2EYoMMquW2nc1cfqd6t1LvOzoPAo2FftTerCZmYOx4nAf6mEDsbarURsspmmGiN9WToPR5ee9YVOhpO7YZP7Wj11ZbfiFrsCEUPLqlS0FHz8oDgRGp8KEnFd6+H+saeMWSSZ8yJ/Klwaz1ATrIVAd2Bb0Hd3vq4ExaJ+RCfB+BfIJr+OwGJPOB5nNmcv/WQkZWKPnWOeMBoBvg8NMpsUDiglTCNy/kHKe7Ln9hHVdjH/ID0E4K7bDh5KG2GJcNP1P4Vb33Ed8db9vGy1lDRKZvtkABxjEsia2mpLAWcg4fMkS41QBzGffFf9qtljLUKoGa1EKJCl8+BclJp6JAe97dTNNg9LXfHsxQFSM7z9TsBD7Vmrjwv0QbQaEd/TdWntavFEeC1y7PLuJYg2fsYOkpRXXUW/YV9EDKgE5nQtRXywTEcyrKLQGlhecaGnRlUkKG0g7ORCb/vABeJRItazaXi2LVacRKMrzDHPWzElmok+dkPg6gDg8KTMOQiWZhLAXdMbc1M2iBjBl5uKsHBDFX86orZlRELSaXEbGKBUi2k8lnBW3WpLKdgY2+TUpDd+OxUK7v1zhOYw1zZtDdIgje84vJ2wQGHpNu7UNE2KcLKi7uG/0TKS9lkkGr9W1DHqvZ9irQmJ403ld+r5lrnSUbq6Yv+xYdi/aLsm+lagyt4XW6vaez7bGSaK3ESPBgmK47OiEUPHQbRlILCydalaWoZyU2fzI87ZAJ36fpRPWtBwe2tqJ4AE+koz3PBulsGlU7KUsR2ndGuzPc0gK1DSL5n+BW0Fs=</xenc:CipherValue> 
    </xenc:CipherData> 
    </xenc:EncryptedData>

任何人都可以研究这个问题,我现在面临和提供解决方案?

来源

2014-10-07 SM KUMAR

+0

你重新创建新的SP的元数据,并在IDP侧更新它,每当你生成一个新的SP专用密钥? – 2014-10-08 10:46:44

+0

@vschafer我对此很陌生,我很抱歉地说我不明白你在说什么?我使用了IDP提供的具有独特URN的SP元数据。此元数据xml仅包含509证书。我下载了这个xml并创建了一个在securityContext.xml中引用的本地副本。一旦完成,我创建了一个包含公钥和私钥的密钥对。我也不确定在生成新的私钥时更新IDP是什么意思?对不起,现在和当时麻烦你。 – 2014-10-08 11:17:17

+0

@vschafer除了上面的注释,当我将我的java环境从1.6更改为1.7(无限强度安装)时,我得到了一个不同的异常,它是javax.crypto.BadPaddingException:解密错误 \t at sun.security.rsa。 RSAPadding.unpadOAEP(未知源)InvalidKeyException:解包失败 – 2014-10-08 11:29:55

回答

2

你很可能试图用错误的密钥解密加密的内容。换句话说,IDP可能使用与您的SP中的私钥不对应的公钥来加密数据。你可以在public key cryptography wikipedia article找到这些概念的细节。

为您的服务提供者实例(= Spring SAML安装)生成私钥+公钥+证书后,您必须将生成的公钥提供给您的IDP。这通常通过创建描述您的SP的元数据文档(默认自动生成,从scheme://host:port/appcontext/saml/metadata下载,例如http://localhost:8080/spring_saml/saml/metadata)并将其提供给IDP完成。元数据文档包含X509证书,其中包含您的SP的公钥,IDP将使用它来加密发送给您的SP的数据。

来源

2014-10-08 11:57:11

+0

@vschafer我正在使用你提到的配置相同。生成的公钥提供给IDP。我怎么知道我是否使用了错误的键?我真的很困惑的东西。在上面的SAML加密断言中提到的公钥()是SP的公钥。所以它对应于SP的私钥。如果通过使用JDK的keytool.exe生成公钥和私钥的过程是否正确,您可以更正这些过程吗? – 2014-10-08 14:39:40

+0

@vschafer现在正在工作。我使用了错误的JKS文件。我知道这是一个愚蠢的错误。非常感谢您的帮助。 – 2014-10-10 10:45:12

+0

我真的很高兴它现在正在工作。 – 2014-10-10 12:14:41

0

@vschafer 您可以请验证,并让我知道,如果以下步骤是正确的?

  1. 我已经创建了下面的公钥和私钥

一个一个JKS文件。使用由IDP共享在CRT文件IDP 509证书的公钥来验证他们的元数据XML

密钥工具-importcert -alias adfssigningIDP -keystore samlKeystore.jks -file IDP-元数据签名者-2012.crt (samplePrivateKeyPass是作为密钥库密码给出)

b。这是由我们与IDP

密钥工具-importcert -alias adfssigning -keystore samlKeystore.jks -file SP-Metadata.crt

Ç注册SP 509证书的公钥。与RSA SP的专用密钥作为签名算法

密钥工具-genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore C:\用户\用户\桌面\ samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA

(SP- Metadata.crt从服务提供商注册的IDP网站中检索。)

IMPORTED CREATED JKS文件中使用的密钥管理器CONFIGURATION

<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager"> 
    <constructor-arg value="classpath:security/samlKeystore.jks"/> 
    <constructor-arg type="java.lang.String" value="samplePrivateKeyPass"/> 
    <constructor-arg> 
     <map> 
      <entry key="privatekeyalias" value="samplePrivateKeyPass"/> 
     </map> 
    </constructor-arg> 
    <constructor-arg type="java.lang.String" value="privatekeyalias"/> 
</bean>

SP METADATA CONFIGURATION

<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
    <property name="local" value="true"/> 
    <property name="securityProfile" value="metaiop"/> 
    <property name="sslSecurityProfile" value="pkix"/> 
    <property name="sslHostnameVerification" value="default"/> 
    <property name="signMetadata" value="true"/> 
    <property name="signingKey" value="privatekeyalias"/> 
    <property name="encryptionKey" value="privatekeyalias"/> 
    <property name="requireArtifactResolveSigned" value="false"/> 
    <property name="requireLogoutRequestSigned" value="false"/> 
    <property name="requireLogoutResponseSigned" value="false"/> 
    <property name="idpDiscoveryEnabled" value="true"/> 
    <property name="idpDiscoveryURL" value="http://localhost:8080/app/saml/discovery"/> 
    <property name="idpDiscoveryResponseURL" value="http://localhost:8080/app/saml/login?disco=true"/> 
</bean>

除了上面提到的步骤,我已经连装无限强度的加密功能JRE7也是如此。

Inspite,我不断收到以下异常

org.apache.xml.security.encryption.XMLEncryptionException: Unwrapping failed 
Original Exception was java.security.InvalidKeyException: Unwrapping failed 
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479) 
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697) 
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628) 
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783) 
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524) 
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) 
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) 
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) 
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) 
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:199) 
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82) 
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) 
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84) 
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.springframework.mobile.device.DeviceResolverRequestFilter.doFilterInternal(DeviceResolverRequestFilter.java:60) 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602) 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) 
at java.lang.Thread.run(Unknown Source) 

Caused by: java.security.InvalidKeyException: Unwrapping failed 
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:431) 
at javax.crypto.Cipher.unwrap(Cipher.java:2466) 
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477) 
... 46 more 

Caused by: javax.crypto.BadPaddingException: Decryption error 
at sun.security.rsa.RSAPadding.unpadOAEP(Unknown Source) 
at sun.security.rsa.RSAPadding.unpad(Unknown Source) 
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356) 
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:427)

来源

2014-10-08 14:25:49

+0

不应该有任何需要导入SP-Metadata.crt。 SP-Metadata.crt密钥必须与您使用“keytool -genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore C:\ Users \ user \ Desktop \ samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA”生成的密钥相同。但它不应该由IDP提供给您,它必须由您提供给IDP。 – 2014-10-08 14:48:11

+0

@vschafer我使用URL http:// localhost:8080/spring_saml/saml/metadata生成SP元数据,并将其提供给IDP。他们使用配置为entityID的唯一URN进行注册。希望这是正确的?你的意思是说,步骤b不是必需的,步骤a,c足以生成JKS密钥库?如果两者的答案都是YES,那么我仍然处于同样的位置,我得到相同的BadPaddingException – 2014-10-08 16:00:31

+0

答案对两者都是肯定的。而你的配置和密钥生成似乎没问题。对不起,但我不认为我可以帮助你进一步访问环境。 – 2014-10-08 16:13:17

相关问题

 相关问题