从 EncryptedKey 获取 SecretKey 时出错（JRE7 到 JRE8 升级）

Question

我已将 Spring 应用程序从 Java 7 升级到 Java 8，其中包含加密的 Web 服务。如果我通过测试运行soap-call，我会得到以下响应：

<SOAP-ENV:Fault>
    <faultcode>SOAP-ENV:Client</faultcode>
    <faultstring xml:lang="en">com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey</faultstring>
</SOAP-ENV:Fault>

当我查看 catalina.out 时，请参阅以下堆栈跟踪：

16-Nov-2017 15:54:48.109 SEVERE [tomcat-http--4] com.sun.xml.wss.impl.misc.KeyResolver.getKey WSS0284: SOAP Fault Exception Occured
 com.sun.xml.wss.XWSSecurityException: Error while getting SecretKey from EncryptedKey
        at com.sun.xml.wss.core.EncryptedKeyToken.getSecretKey(EncryptedKeyToken.java:78)
        at com.sun.xml.wss.impl.misc.KeyResolver.processSecurityTokenReference(KeyResolver.java:719)
        at com.sun.xml.wss.impl.misc.KeyResolver.getKey(KeyResolver.java:135)
        at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:494)
        at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:339)
        at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:143)
        at com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:421)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:81)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:252)
        at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:849)
        at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:801)
        at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:242)
        at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:134)
        at org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.validateMessage(XwsSecurityInterceptor.java:163)
        at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:124)
        at org.springframework.ws.server.endpoint.interceptor.DelegatingSmartEndpointInterceptor.handleRequest(DelegatingSmartEndpointInterceptor.java:80)
        at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:227)
        at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:176)
        at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:89)
        at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:61)
        at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:293)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

我尝试更新或排除一些 wss 库，但没有效果。

有什么想法吗？

非常感谢！

Answer 1

我终于解决了这个问题。

JRE 8 中有一些与 xws-security 不兼容的更改。 我不得不将 EncryptedKeyToken 和 EncryptionProcessor 类修补到 JRE 8 更改，它似乎工作正常。

变化很小：

com.sun.xml.wss.core.EncryptedKeyToken

// Starting line 69
xmlc = XMLCipher.getInstance(algorithm);
xmlc.init(XMLCipher.UNWRAP_MODE, null); // First, init with opMode UNWRAP
// leave the next lines

com.sun.xml.wss.impl.apachecrypto.EncryptionProcessor

// changingline 1053
// _dataEncryptor = XMLCipher.getInstance(dataEncAlgo, _dataCipher);
_dataEncryptor = XMLCipher.getInstance(dataEncAlgo);

用maven打补丁可以看这里：

How do you replace the class of a Maven dependency?

为了替换，我使用了以下 pom： https://pastebin.com/iYcAkpmH