1. 技术文章
  2. A security error was encountered when verifying the message, Error reading XMLStreamReader

A security error was encountered when verifying the message, Error reading XMLStreamReader

Deadly 提交于 2021-01-29 14:23:56

问题


I am spinning trying to figure it out what is wrong in my case. I need to decrypt request from client. Keystore should be correct as I have tested with spring WS and there is works (but i can not use spring WS due to soapAction which clicent can not provide in header).

This is my WSS4JStaxInInterceptor:

   @Bean
   public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception {

   Properties properties;
   Crypto crypto = CryptoFactory.getInstance(wss4jInProperties());

   WSSSecurityProperties inProperties = new WSSSecurityProperties();

   inProperties.addAction(WSSConstants.SIGNATURE);
   inProperties.addAction(WSSConstants.TIMESTAMP);
   inProperties.setSoap12(true);
   inProperties.addAction(WSSConstants.ENCRYPTION);

   inProperties.setEncryptionUser("xxxx");

   Key privateKey = crypto.getPrivateKey(keystoreAlias, "xxx_passwordo");
   inProperties.setDecryptionKey(privateKey);

   inProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("softnet_keystore.jks"),"xxxt_keystore_passwordo".toCharArray());
   inProperties.setSignatureUser("cdb");
   Crypto crypto1 = CryptoFactory.getInstance(wss4jInProperties());
   crypto1.setDefaultX509Identifier("softnet");
   inProperties.setDecryptionCrypto(crypto1);

   inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("softnet_keystore.jks"),"xxx_keystore_passwordo".toCharArray());
 

   inProperties.setDecryptionCrypto(crypto);
   inProperties.setCallbackHandler(new ClientKeystorePasswordENCallback());

   WSS4JStaxInInterceptor wss4JStaxInInterceptor = new WSS4JStaxInInterceptor(inProperties);

   return  wss4JStaxInInterceptor;

}

and my callback:

public class ClientKeystorePasswordENCallback implements CallbackHandler {
private Map<String, String> passwords =
        new HashMap<String, String>();

public ClientKeystorePasswordENCallback() {
    passwords.put("softnet", "xxx_passwordo");
}

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    System.out.println("tessss");
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        String pass = passwords.get(pc.getIdentifier());
        if (pc.getUsage() == WSPasswordCallback.DECRYPT){
            System.out.println("DECRPYT");
            pc.setPassword("xxx_passwordo");

        }


        System.out.println("passowrd: " + pass);
        if (pass != null) {
            pc.setPassword(pass);
            return;
        }
    }
}

}

Also I am attaching my Endpoint:

@Bean public Endpoint endpoint(){

    EndpointImpl endpoint = new EndpointImpl(springBus(), new HelloImpl(),SOAPBinding.SOAP12HTTP_BINDING);

    SOAPBinding.SOAP12HTTP_BINDING);
    endpoint.publish("/PortingNotification_WS");

    Map<String, Object> properties = new HashMap<>();
    properties.put("faultStackTraceEnabled", Boolean.TRUE);
    properties.put("exceptionMessageCauseEnabled", Boolean.TRUE);
    endpoint.setProperties(properties);

    endpoint.getInInterceptors().add(abstractPhaseInterceptor());

    try{
    endpoint.getInInterceptors().add(wss4JStaxInInterceptor()); //wss4JStaxInInterceptor
    }catch (Exception e){
        System.out.print("Error getting interceptro: " + e);
    }

    return endpoint;
}

And here is my error:

020-11-04 10:20:05.431 INFO 17700 --- [ main] s.softnet.mk.softnet.SoftnetApplication : Started SoftnetApplication in 7.951 seconds (JVM running for 8.823) mustUnderstand 2020-11-04 10:20:06.988 INFO 17700 --- [nio-9010-exec-1] org.ehcache.core.EhcacheManager : Cache 'ws-security.timestamp.cache.instance-2067294935' created in EhcacheManager. 2020-11-04 10:20:07.222 INFO 17700 --- [nio-9010-exec-1] org.ehcache.core.EhcacheManager : Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-2067294935' created in EhcacheManager. tessss DECRPYT passowrd: softnet_passwordo 2020-11-04 10:20:07.437 WARN 17700 --- [nio-9010-exec-1] o.a.cxf.phase.PhaseInterceptorChain : Interceptor for {http://operator.services.np.aek.seavus.com/}HelloImplService has thrown exception, unwinding now

org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:67) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0] at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:38) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.4.0.jar:3.4.0] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core-3.4.0.jar:3.4.0] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:296) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:215) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:652) ~[tomcat-embed-core-9.0.38.jar:4.0.FR] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:271) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na] at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.38.jar:9.0.38] at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na] Caused by: javax.xml.stream.XMLStreamException: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message at org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:56) ~[wss4j-ws-security-stax-2.3.0.jar:2.3.0] at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:60) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0] ... 45 common frames omitted Caused by: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message ... 47 common frames omitted

来源:https://stackoverflow.com/questions/64677324/a-security-error-was-encountered-when-verifying-the-message-error-reading-xmlst

标签
Spring
spring-security
cxf
spring-ws
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!