Статус: Новичок
Группы: Участники
Зарегистрирован: 11.12.2012(UTC)
Сообщений: 6
Откуда: Санкт-Петербург
|
Здравствуйте, Для отправки сообщения использую Axis2, для подписи использую Handler, который обращается к eToken. Функциональность работы с eToken проверена на других модулях, и там все в порядке, но там нет работы со СМЭВ. Но что бы я не делал система утверждает, что подпись не валидна. Кто бы помог, сказал, что делаю не так? Для пояснения, дайджест считаю по body, предварительно каноникализирую. Для подписи беру элемент SignedInfo, каноникализирую, считаю дайджест, подписываю, затем кодирую Base64 Код: Код:
public InvocationResponse invoke(MessageContext context) throws AxisFault {
SOAPEnvelope env = context.getEnvelope();
SOAPFactory factory = (SOAPFactory) env.getOMFactory();
SOAPHeader header = env.getHeader();
Canonicalizer canon;
try {
canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
} catch (InvalidCanonicalizerException e1) {
throw new AxisFault("Cannot find canonicalizer method");
}
OMNamespace envNamespace = env.getNamespace();
OMNamespace wsse = factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
OMNamespace wsu = factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
OMNamespace ds = factory.createOMNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
env.declareNamespace(wsse);
env.declareNamespace(wsu);
env.getBody().addAttribute("Id", "body", wsu);
OMElement security = factory.createOMElement("Security", wsse);
security.declareNamespace(wsse);
security.addAttribute("actor", "http://smev.gosuslugi.ru/actors/smev", envNamespace);
header.addChild(security);
byte[] certificate = cryptoProAdapter.getCertificate(CSPUtils.defineContainerName(), null);
String codedCertificate = Base64.encodeBase64String(certificate);
X509Certificate cert;
String sertificateId;
try {
cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate));
sertificateId = "CertId-" + cert.getSerialNumber().toString(16);
} catch (CertificateException e) {
throw new AxisFault("Cannot build certificate", e);
}
byte[] canonicalizedBodyBytes;
byte[] bodyDigest;
String digestValue;
try {
byte[] bodyBytes = env.getBody().toString().getBytes("UTF-8");
canonicalizedBodyBytes = canon.canonicalize(bodyBytes);
bodyDigest = cryptoProAdapter.digest(canonicalizedBodyBytes);
digestValue = Base64.encodeBase64String(bodyDigest);
} catch (Exception e) {
throw new AxisFault("Cannot get body digest", e);
}
OMElement binarySecurityToken = factory.createOMElement("BinarySecurityToken", wsse);
binarySecurityToken.declareNamespace(wsse);
binarySecurityToken.declareNamespace(wsu);
binarySecurityToken.addAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary", null);
binarySecurityToken.addAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", null);
binarySecurityToken.addAttribute("Id", sertificateId, wsu);
binarySecurityToken.setText(codedCertificate);
security.addChild(binarySecurityToken);
OMElement signatureElement = factory.createOMElement("Signature", ds);
signatureElement.addAttribute("Id", "Signature-14", null);
security.addChild(signatureElement);
OMElement signedInfoElement = factory.createOMElement("SignedInfo", ds);
OMElement canonicalizationMethodElement = factory.createOMElement("CanonicalizationMethod", ds);
canonicalizationMethodElement.addAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#", null);
signedInfoElement.addChild(canonicalizationMethodElement);
OMElement signatureMethodElement = factory.createOMElement("SignatureMethod", ds);
signatureMethodElement.addAttribute("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411", null);
signedInfoElement.addChild(signatureMethodElement);
OMElement referenceElement = factory.createOMElement("Reference", ds);
referenceElement.addAttribute("URI", "#body", null);
signedInfoElement.addChild(referenceElement);
OMElement transformsElement = factory.createOMElement("Transforms", ds);
referenceElement.addChild(transformsElement);
OMElement transform = factory.createOMElement("Transform", ds);
transform.addAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#", null);
transformsElement.addChild(transform);
OMElement digestMethodElement = factory.createOMElement("DigestMethod", ds);
digestMethodElement.addAttribute("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#gostr3411", null);
referenceElement.addChild(digestMethodElement);
OMElement digestValueElement = factory.createOMElement("DigestValue", ds);
digestValueElement.setText(digestValue);
referenceElement.addChild(digestValueElement);
String signatureValue;
try {
byte[] canonicalizedSignedInfoBytes = canon.canonicalize(signedInfoElement.toString().getBytes("UTF-8"));
byte[] signedInfoDigest = cryptoProAdapter.digest(canonicalizedSignedInfoBytes);
byte[] sign = cryptoProAdapter.sign("GOST3411withGOST3410-2001", signedInfoDigest, CSPUtils.defineContainerName(), null);
signatureValue = Base64.encodeBase64String(sign);
} catch (Exception e) {
throw new AxisFault("Cannot get signedInfo digest", e);
}
signatureElement.addChild(signedInfoElement);
OMElement signatureValueElement = factory.createOMElement("SignatureValue", ds);
signatureValueElement.setText(signatureValue);
signatureElement.addChild(signatureValueElement);
OMElement keyInfo = factory.createOMElement("KeyInfo", ds);
keyInfo.addAttribute("Id", "KeyId-A4D1E33B93C07FA9E2134207713484332", null);
signatureElement.addChild(keyInfo);
OMElement securityTokenReference = factory.createOMElement("SecurityTokenReference", wsse);
securityTokenReference.addAttribute("Id", "STRId-A4D1E33B93C07FA9E2134207713484333", wsu);
securityTokenReference.declareNamespace(wsu);
securityTokenReference.declareNamespace(wsse);
keyInfo.addChild(securityTokenReference);
OMElement reference2 = factory.createOMElement("Reference", wsse);
reference2.addAttribute("URI", "#" + sertificateId, null);
reference2.addAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", null);
reference2.declareNamespace(wsse);
securityTokenReference.addChild(reference2);
System.out.println("===>" + env);
return InvocationResponse.CONTINUE;
}
Вложение(я):  request.xml (7kb) загружен 7 раз(а).У Вас нет прав для просмотра или загрузки вложений. Попробуйте зарегистрироваться.
|
