我们有一个基于SOAP 1.1的java Web服务,需要客户端证书进行身份验证。在内部,它使用Apache WSS4J库进行证书验证。我们还有一个可用的Java客户端,客户端证书的请求可以从中成功发布到Web服务。 Web服务无法升级到SOAP 1.2,因为它是遗留系统。
但是,用于连接到同一java webservice的C#.net代码不起作用。我们尝试过基本绑定和自定义绑定。
以下是适用的java客户端的代码:
public static void main(String[] args) throws Exception {
//create a web service client
ImportWsImplService srv = new ImportWsImplService(
new URL("https://example.com/ws/import?wsdl"));
ImportWs wsClient = srv.getWsImplPort();
Client client = ClientProxy.getClient(wsClient);
Endpoint cxfEndpoint = client.getEndpoint();
//change the endpoint url in the wsdl is with http we need to call on https.
String endpointURL = "https://example.com/ws/import";
BindingProvider bp = (BindingProvider)wsClient;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.SIGNATURE_USER, "<<key store alias>>");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, App.class.getName());
/* client_sign.properties contains
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=kpassowrd
org.apache.ws.security.crypto.merlin.keystore.alias=myalias
org.apache.ws.security.crypto.merlin.keystore.file=keystorefile.jks
*/
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
Response result = wsClient.import();
System.out.println("result=" + result);
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("<<password for key store>>");
}
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, "<<myclientcertthumbprint>>", true);
var request = new importRequest();
ImportWSClient client = new ImportWSClient();
client.ClientCredentials.ClientCertificate.Certificate= certs[0];
var response = client.import(request);
<customBinding>
<binding name="AcknowledgeExportCustomersWSImplServiceSoapBinding">
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<security messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
authenticationMode="MutualCertificateDuplex" >
</security>
<httpsTransport maxReceivedMessageSize="2000000000" ></httpsTransport>
</binding>
</customBinding>
有人可以帮我这个吗?