📄 wshelper.java
字号:
package com.koalii.sdxp.ws.WSAxis;
import java.io.FileInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.SecretKey;
import javax.crypto.KeyGenerator;
import java.security.cert.X509Certificate;
import org.w3c.dom.Document;
import com.verisign.xmlsig.SigningKey;
import com.verisign.xmlsig.SigningKeyFactory;
import com.verisign.xmlsig.KeyInfo;
import com.verisign.xmlenc.AlgorithmType;
import org.xmltrustcenter.verifier.TrustVerifier;
import org.xmltrustcenter.verifier.X509TrustVerifier;
import com.verisign.messaging.MessageValidity;
import com.verisign.domutil.DOMWriteCursor;
import com.verisign.domutil.DOMCursor;
import com.verisign.messaging.XmlMessageException;
import com.verisign.util.Namespaces;
public class WSHelper
{
static String PROVIDER = "ISNetworks";// JSSE安全提供者。
// 添加JSSE安全提供者,你也可以使用其它安全提供者。只要支持DESede算法。
static
{
java.security.Security.addProvider(new com.isnetworks.provider.jce.ISNetworksProvider());
}
/**
* 对XML文档进行数字签名。
*/
public static void sign(Document doc, String keystore, String storetype, String storepass, String alias, String keypass) throws Exception
{
FileInputStream fileInputStream = new FileInputStream(keystore);
java.security.KeyStore keyStore = java.security.KeyStore.getInstance(storetype);
keyStore.load(fileInputStream, storepass.toCharArray());
PrivateKey key = (PrivateKey) keyStore.getKey(alias, keypass.toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
SigningKey sk = SigningKeyFactory.makeSigningKey(key);
KeyInfo ki = new KeyInfo();
ki.setCertificate(cert);
WSSecurity wSSecurity = new WSSecurity();
wSSecurity.sign(doc, sk, ki);// 签名。
}
/**
* 对XML文档进行身份验证。
*/
public static boolean verify(Document doc, String keystore, String storetype, String storepass) throws Exception
{
FileInputStream fileInputStream = new FileInputStream(keystore);
java.security.KeyStore keyStore = java.security.KeyStore.getInstance(storetype);
keyStore.load(fileInputStream, storepass.toCharArray());
TrustVerifier verifier = new X509TrustVerifier(keyStore);
WSSecurity wSSecurity = new WSSecurity();
MessageValidity[] resa = wSSecurity.verify(doc, verifier, null, null);
if (resa.length > 0)
return resa[0].isValid();
return false;
}
/**
* 对XML文档进行加密。必须有JSSE提供者才能加密。
*/
public static void encrypt(Document doc, String keystore, String storetype, String storepass, String alias) throws Exception
{
try
{
FileInputStream fileInputStream = new FileInputStream(keystore);
java.security.KeyStore keyStore = java.security.KeyStore.getInstance(storetype);
keyStore.load(fileInputStream, storepass.toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
PublicKey pubk = cert.getPublicKey();
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede", PROVIDER);
keyGenerator.init(168, new SecureRandom());
SecretKey key = keyGenerator.generateKey();
KeyInfo ki = new KeyInfo();
ki.setCertificate(cert);
WSSecurity wSSecurity = new WSSecurity();
// 加密。
wSSecurity.encrypt(doc, key, AlgorithmType.TRIPLEDES, pubk, AlgorithmType.RSA1_5, ki);
}
catch (Exception e)
{
e.printStackTrace();
}
}
/**
* 对文档进行解密。
*/
public static void decrypt(Document doc, String keystore, String storetype, String storepass, String alias, String keypass) throws Exception
{
FileInputStream fileInputStream = new FileInputStream(keystore);
java.security.KeyStore keyStore = java.security.KeyStore.getInstance(storetype);
keyStore.load(fileInputStream, storepass.toCharArray());
PrivateKey prvk2 = (PrivateKey) keyStore.getKey(alias, keypass.toCharArray());
WSSecurity wSSecurity = new WSSecurity();
// 解密。
wSSecurity.decrypt(doc, prvk2, null);
WsUtils.removeEncryptedKey(doc);// 从 WS-Security Header中删除 EncryptedKey
// 元素
}
public static void removeWSSElements(Document doc) throws Exception
{
WsUtils.removeWSSElements(doc);// 删除WSS相关的元素。
}
}
class WsUtils
{
private static final String WSSE_URI = "http://schemas.xmlsoap.org/ws/2002/07/secext";
private static final String WSSE_PREFIX = "wsse";
private static final String WSU_URI = "http://schemas.xmlsoap.org/ws/2002/07/utility";
private static final String WSU_PREFIX = "wsu";
private static final String SOAP_URI = Namespaces.SOAPENV.getUri();
private static final String SOAP_PREFIX = Namespaces.SOAPENV.getPrefix();
private static final String XMLSIG_URI = Namespaces.XMLSIG.getUri();
private static final String XMLSIG_PREFIX = Namespaces.XMLSIG.getPrefix();
private static final String XMLENC_URI = Namespaces.XMLENC.getUri();
private static final String XMLENC_PREFIX = Namespaces.XMLENC.getPrefix();
private static final String SOAP_ENVELOPE = "Envelope";
private static final String SOAP_HEADER = "Header";
private static final String SOAP_BODY = "Body";
private static final String SOAP_FAULT = "Fault";
private static final boolean USE_WSU_FOR_SECURITY_TOKEN_ID = false;
public static void removeEncryptedKey(Document message) throws XmlMessageException
{
DOMWriteCursor domCursor = new DOMWriteCursor(message);
validate(domCursor);
// 从 WS-Security Header中删除 EncryptedKey 元素
if (domCursor.moveToChild(SOAP_URI, SOAP_HEADER))
{
if (domCursor.moveToChild(WSSE_URI, "Security"))
{
if (domCursor.moveToChild(XMLENC_URI, "EncryptedKey"))
{
domCursor.remove();
}
}
}
}
// 删除WSS相关的元素。
public static void removeWSSElements(Document message) throws XmlMessageException
{
DOMWriteCursor domWriteCursor = new DOMWriteCursor(message);
validate(domWriteCursor);
// 删除 WS-Security Header元素
if (domWriteCursor.moveToChild(SOAP_URI, SOAP_HEADER))
{
if (domWriteCursor.moveToChild(WSSE_URI, "Security"))
{
domWriteCursor.remove();
}
}
// 删除 Timestamp Header 元素
domWriteCursor.moveToTop();
if (domWriteCursor.moveToChild(SOAP_URI, SOAP_HEADER))
{
if (domWriteCursor.moveToChild(WSU_URI, "Timestamp"))
{
domWriteCursor.remove();
}
}
// 从body中删除 wsu:Id 属性
domWriteCursor.moveToTop();
if (domWriteCursor.moveToChild(SOAP_URI, SOAP_BODY))
{
domWriteCursor.setAttribute(WSU_URI, WSU_PREFIX, "Id", null);
}
}
// 检查是否有效
private static void validate(DOMCursor domCursor) throws XmlMessageException
{
domCursor.moveToTop();
if (!domCursor.atElement(SOAP_URI, SOAP_ENVELOPE))
{
throw new XmlMessageException("soap消息丢失或者不正确!");
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -