如何驗證SOAP調用的數字簽名？

我在Apache CXF中編寫了一個攔截器並獲得了一個SoapMessage。如何在不更改數據的情況下從SOAP消息中獲取原始XML以傷害數字簽名的驗證？如何驗證SOAP調用的數字簽名？

我指的是org.apache.cxf.binding.soap.SoapMessage：

import org.apache.cxf.binding.soap.SoapMessage; 
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; 
import org.apache.cxf.binding.soap.interceptor.EndpointSelectionInterceptor; 
import org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor; 
import org.apache.cxf.interceptor.Fault; 
import org.apache.cxf.phase.Phase; 
import org.apache.logging.log4j.LogManager; 
import org.apache.logging.log4j.Logger; 
public class XmlSignatureVerifyInInterceptor extends AbstractSoapInterceptor { 

    private static final Logger log = LogManager.getLogger(XmlSignatureVerifyInInterceptor.class); 

    public XmlSignatureVerifyInInterceptor() { 
     super(Phase.READ); 
     log.entry(); 
     addAfter(ReadHeadersInterceptor.class.getName()); 
     addAfter(EndpointSelectionInterceptor.class.getName()); 
    } 

    @Override 
    public void handleMessage(SoapMessage soapMessage) throws Fault { 
     log.entry(soapMessage); 
    } 

}

歡呼和預先感謝您！

火球

來源

2015-07-13 fireball29

如果你是闖民宅一個javax.xml.soap.SOAPMessage，和你想的XML字符串結果，使用ByteArrayOutputStream：

SOAPMessage message; 
ByteArrayOutputStream out = new ByteArrayOutputStream(); 
String msg = ""; 
try { 
    message.writeTo(out); 
    msg = out.toString("UTF-8"); 
} catch (Exception e) { 
    e.printStackTrace(); 
}

我用UTF-8編碼爲你可以將其更改爲任何其他人。

來源

2015-07-13 13:50:44 Qianlong

如何驗證SOAP調用的數字簽名？

回答

相關問題