我正在尝试使用PKCS11 keystone(智能卡)和WSS4J。我有用于从智能卡创建keystone的代码,以及使用来自文件的keystone用WSS4J演唱SOAP消息的另一个代码。问题是如何“合并”它们。WSS4J和PCKS11密钥库
PKCS11密钥库:
String pin = "1111";
char[] pin_arr = pin.toCharArray();
String pkcs11config = "name = SmartCard\n" + "library = c:/windows/system32/aetpkss1.dll";
byte[] pkcs11configBytes = pkcs11config.getBytes();
ByteArrayInputStream configStream = new ByteArrayInputStream(pkcs11configBytes);
Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(configStream);
Security.addProvider(pkcs11Provider);
KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
smartCardKeyStore.load(null, pin_arr);
WSS4J签署代码:
public Document signSOAPMessage(SOAPMessage soapEnvelope)
throws SOAPException, TransformerException, WSSecurityException {
Source src = soapEnvelope.getSOAPPart().getContent();
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
DOMResult result = new DOMResult();
transformer.transform(src, result);
Document doc = (Document) result.getNode();
final RequestData reqData = new RequestData();
java.util.Map msgContext = new java.util.TreeMap();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
msgContext.put(WSHandlerConstants.MUST_UNDERSTAND, "false");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "sender.properties");
String bodyPart = "{Content}{}Body";
String thumbprintPart = "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken";
msgContext.put(WSHandlerConstants.SIGNATURE_PARTS, bodyPart + ";" + thumbprintPart);
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
// Set this property if you want client public key (X509 certificate) sent along with document
// server will check signature using this public key
msgContext.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
msgContext.put("password", "keystore");
reqData.setMsgContext(msgContext);
reqData.setUsername("clientca3");
final java.util.List actions = new java.util.ArrayList();
actions.add(new Integer(WSConstants.SIGN));
CustomHandler handler = new CustomHandler();
// sign document
handler.send(WSConstants.SIGN, doc, reqData, actions, true);
return doc;
}
终于sender.properties文件:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystore
org.apache.ws.security.crypto.merlin.keystore.alias=clientca3
org.apache.ws.security.crypto.merlin.keystore.file=C:/temp/keystore.jks