问题
我正在使用Apache CXF 3.0.7,并读到,在new features中,您可以在Crypto属性文件中存储(BASE-64编码)密钥库密码的加密版本,但我不知道如何添加它,我没有找到这个实现的例子.
在apache网站上说:
A typical example of the contents of a Crypto properties file (for
Signature creation) is as follows:
org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
org.apache.wss4j.crypto.merlin.keystore.type=jks
org.apache.wss4j.crypto.merlin.keystore.password=security
org.apache.wss4j.crypto.merlin.keystore.alias=wss40
org.apache.wss4j.crypto.merlin.keystore.file=keys/wss40.jks
Note that the password used to load the keystore is in cleartext. One of the new
features of Apache WSS4J 2.0.0 is the ability to instead store a
(BASE-64 encoded) encrypted version of the keystore password in the
Crypto properties file. A new PasswordEncryptor interface is defined
to allow for the encryption/decryption of passwords. A default
implementation is now provided based on Jasypt called
JasyptPasswordEncryptor, which uses “PBEWithMD5AndTripleDES”.The WSPasswordCallback class has an additional “usage” called
WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD, which is used to
return the master password for use with the PasswordEncryptor
implementation. When WSS4J is loading a Crypto implementation via a
properties file, and it encounters a password encrypted in the format
“ENC(encoded encrypted password)”, it queries a CallbackHandler for a
password via this WSPasswordCallback usage tag. It is possible to pass
a custom PasswordEncryptor implementation to WSS4J via the new
configuration tag ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE
(“passwordEncryptorInstance”).It is possible to pass a custom PasswordEncryptor implementation to
WSS4J via the new configuration tag
ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE
(“passwordEncryptorInstance”).
我想我必须在我的属性文件中声明类似的东西:
org.apache.wss4j.crypto.merlin.keystore.password=ENC(?????)
但我不知道如何使用默认的JasyptPasswordEncryptor加密我的密码.
另外,我猜想在我的CallbackHandler中我会有类似的东西:
if (usage==WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD){
????
}
解
好的,在测试运行的情况下,我测试了我的解决方案,现在正在运行.
>下载jasypt-1.9.2-dist.zip
>使用此命令获取编码密码
encrypt input = real_keystore_password password = master_password algorithm = PBEWithMD5AndTripeDES
>复制OUTPUT(例如:0laAaRahTQJzlsDu771tYi)
>当您使用此算法时,您需要Java密码术扩展(JCE)无限强度.放入你的JDK.
>将编码输出放在属性中
org.apache.wss4j.crypto.provider = org.apache.wss4j.common.crypto.Merlin
org.apache.wss4j.crypto.merlin.keystore.type = JKS
org.apache.wss4j.crypto.merlin.keystore.password = ENC(0laAaRahTQJzlsDu771tYi)
org.apache.wss4j.crypto.merlin.keystore.alias = my_alias
org.apache.wss4j.crypto.merlin.keystore.file =的/ etc / CERT / my_keystore.jks
>在CallbackHandler中,放置用于生成编码的master_password:
公共类WsPasswordHandler实现CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (Callback callback: callbacks){
WSPasswordCallback pwdCallback= (WSPasswordCallback) callback;
final int usage =pwdCallback.getUsage();
if (usage==WSPasswordCallback.SIGNATURE||usage==WSPasswordCallback.DECRYPT){
pwdCallback.setPassword("parKeyPassword");
}
if (usage==WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD){
pwdCallback.setPassword("master_password");
}
}
}
}
这就是它……现在我要弄清楚如何在外部local.property中使用Spring,等等……但这是另一个历史……谢谢!
解决方法:
您可以通过使用主密码实例化JasyptPasswordEncryptor来获取加密密码,如测试中所示,并加密密钥库密码.然后将其复制到您的加密属性中:
科尔姆.