73.4.6. 动态提供密钥。

当使用 Recipient 列表或类似的 EIP 时，交换的收件人可能会动态变化。在所有收件人中使用相同密钥可能并不可行。能够逐个交换动态指定签名密钥会很有用。然后，在签名前，可以使用其目标收件人的密钥动态增强交换。为便于这种签名机制，可以通过下面的消息标题动态提供密钥

Exchange.SIGNATURE_PRIVATE_KEY, "CamelSignaturePrivateKey"
Exchange.SIGNATURE_PUBLIC_KEY_OR_CERT, "CamelSignaturePublicKeyOrCert"

或者

更最好是动态提供密钥存储别名。再次在消息标头中提供别名

exchange.KEYSTORE_ALIAS,"CamelSignatureKeyStoreAlias"

或者

标头设置如下

Exchange unsigned = getMandatoryEndpoint("direct:alias-sign").createExchange();
unsigned.getIn().setBody(payload);
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_ALIAS, "bob");
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_PASSWORD, "letmein".toCharArray());
template.send("direct:alias-sign", unsigned);
Exchange signed = getMandatoryEndpoint("direct:alias-sign").createExchange();
signed.getIn().copyFrom(unsigned.getOut());
signed.getIn().setHeader(KEYSTORE_ALIAS, "bob");
template.send("direct:alias-verify", signed);

Exchange unsigned = getMandatoryEndpoint("direct:alias-sign").createExchange();
unsigned.getIn().setBody(payload);
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_ALIAS, "bob");
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_PASSWORD, "letmein".toCharArray());
template.send("direct:alias-sign", unsigned);
Exchange signed = getMandatoryEndpoint("direct:alias-sign").createExchange();
signed.getIn().copyFrom(unsigned.getOut());
signed.getIn().setHeader(KEYSTORE_ALIAS, "bob");
template.send("direct:alias-verify", signed);

Copy to Clipboard

Toggle word wrap

返回顶部

73.4.6. 动态提供密钥。

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links