对来自基于JAVA的服务的响应获取以下异常(使用我正在测试的SOAP UI设置的测试工具)。
在客户端,我正在使用具有CustomBinding的WCF服务,使用以下配置。我正在服务客户端上实现IClientMessageInspector和IEndpointBehavior,以便在出路时编辑SOAP标头。这被服务器接受并且正在发送正确的响应。 WCF服务似乎无法处理它
我无法访问该服务的源代码,只能访问SoapUI中的测试工具
//Load the certificate from a file
X509Certificate2 certificate =
new X509Certificate2(@"D:\certs.pfx",
"password");
//Specify the address to be used for the client.
EndpointAddress address = new EndpointAddress("https://servername:8089/site/ws");
BasicHttpBinding bTHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
BindingElementCollection bec = bTHttpBinding.CreateBindingElements();
TransportSecurityBindingElement tsp = bec.Find<TransportSecurityBindingElement>();
HttpsTransportBindingElement httpsBinding = bec.Find<HttpsTransportBindingElement>();
TextMessageEncodingBindingElement encoding = bec.Find<TextMessageEncodingBindingElement>();
httpsBinding.RequireClientCertificate = true;
CustomBinding binding = new CustomBinding(tsp, encoding, httpsBinding);
binding.CloseTimeout = TimeSpan.FromMinutes(15);
binding.OpenTimeout = TimeSpan.FromMinutes(15);
binding.ReceiveTimeout = TimeSpan.FromMinutes(15);
binding.SendTimeout = TimeSpan.FromMinutes(15);
// Create the message inspector
Saml20Extension extentionBehaviour = new Saml20Extension();
ClientService.enquiryRequestClient client = new enquiryRequestClient(binding, address);
回复例外:
Cannot resolve KeyInfo for unwrapping key: KeyInfo 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = X509IssuerSerialKeyIdentifierClause(Issuer = 'CN=test_facility', Serial = '12342342423')
)
', available tokens 'SecurityTokenResolver
(
TokenCount = 0,
)
'.
大道我探索过:
证书的序列号格式为8F 23 0c 81,而邮件响应的格式为12342342423 - 也许它无法在商店中找到证书?它是否使用问题名称AND serial或是否单独尝试找到匹配?
在app.config中的negotiateServiceCredential属性 - 我似乎无法将此设置为关闭代码中的CustomBinding设置 - 任何人都知道如何执行此操作?
我真的很喜欢这个,想着回到barre骨头并从头开始做整件事。
使用以下代码
在客户端忽略SSL证书错误ServicePointManager
.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
SOAP响应(加密)
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey Id="EncKeyId-882E1CD1112C4D3FD61335190122478230">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=test_vendor</ds:X509IssuerName>
<ds:X509SerialNumber>1328712805</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Fp63Batmb8JJL/+6l9atqi4hrWCshmhcOlqRFtblVkNIcJH1f1YV4Koh23uZ5OB2nPuq4px16LUQVTv5ZbSnYQfuO9MklSofFX/B1944bd7VBIcy+WyfYOoVSy7kKy80DY8wzUBNtOC0tWwM2vVPuIYRs16ijuF23KtBx1T89Kc=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-138"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-882E1CD1112C4D3FD61335190122465226" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2lsaXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNpbGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGjVTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTAhtsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-136" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-137">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fWmhVWpkcFWreSSpA4DaLWBc6kE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GmPo9AIJLCrmR7+FIlsYnSCJPZIw5ls3kdSG4/Zv9AwL0eono9XV6cdmXfoHEmhyd3zaF583g14aAtGpJbErKZZ96nNKnjiB0gchghZY7gBDabv94aUJw2q7BehADvFatdgYab/cOp9ONT6yOl4nZ1gzDaAxVh7NvMLoH1EYmiY=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-882E1CD1112C4D3FD61335190122465227">
<wsse:SecurityTokenReference wsu:Id="STRId-882E1CD1112C4D3FD61335190122465228" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-882E1CD1112C4D3FD61335190122465226" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<saml:Assertion ID="_54d0c8395de26c3e44730df2c9e8d3e9" IssueInstant="2012-02-17T10:40:36.806Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>CN=test_facility</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_54d0c8395de26c3e44730df2c9e8d3e9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>/nNfJuKr83umcry7vguJkSWyfKs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>pVBcgvqr1Ndms5sZXV5cupiC3ADd7kycuEaETuCLzpcJLmGaTsP5NkfCfyIuvYBZe3MjfnOQ81AquFYljw5SPYd8nItqss/9zOzJeZ0aL/bJxfovNBb4cv92nghncXA2MGTWWdH63+FkajlE7x/U81QkCdVBXJRVVXNsR0dMxAY=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2ls
aXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNp
bGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z
6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGj
VTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkq
hkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTA
htsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci
8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">joe.bloggs@facility.ie</saml:NameID>
</saml:Subject>
<saml:Conditions NotBefore="2012-02-17T10:40:21.806Z" NotOnOrAfter="2012-02-17T10:41:06.806Z"/>
</saml:Assertion>
<wsa:Action SOAP-ENV:mustUnderstand="1">http://www.xxx.xx/xxxxxxxx/xxxxxxx</wsa:Action>
<wsa:MessageID SOAP-ENV:mustUnderstand="1">uuid:7700f066-e7d7-4b1e-ab23-11171d9201bd</wsa:MessageID>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-137" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncDataId-138" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-882E1CD1112C4D3FD61335190122478230"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
ue42jSONk/kqp2MtxZbyn95RGTrwKd1jd61vo2O/IegbMZhIvWexQBnKthau0YE5Zwk/oKuJcOMM
FkK8I165NXhxHjQAKs08USF3U1nwB4ApkPIroNcEWRqKJ1gK7lNrS4OeTVyK1HUWsTRRYHp4UUgb
CJhOLa+ug74Fm5vj9/zL6Oqezr3TL9Oi5WdU9cweGmOfJ++zcqmcjTyewirVqT4VKZoGCvpRgGVR
I/7St77lG/2yYMjCboejJbT8Ip2XiLL6ItMA/p+iyePMg4JyvR8v8/0fxF2rkLe2vamEEAab0+l1
f9pANCCjvCj7giSUhIeLT0QVVa65Y9GzHOMTBxdQAMp6zlSWlpq7EaM1xQNq5cjKENQ3f6gKKBFu
tZxBqDnRl9+XrD0DcBsVAyqv5d1uLSWIi2Mm9DiF23efGuCYAR2EGu1g81rRdU5Tk4KUMa4QUla5
p+8jtGmtl2ktMr+3/8lwRqgMzqBKTiMFhHQhHQZe5FnKT/7JvycAKmx4LADOo1i2emc8s7NtsZlO
OQqRovS2VP1A4uUYMFgAIsT2rLauVxKCZFDjFxLKKhyJLdmSzOophaL9Vr+FAzC7rA0t6J8prNdu
mnwoYK9Hqly1RR7N9wgTN3TX2FHSlGgHcoJHZB2wBEoFHevQ+N9WNvcaE2w7Z02QdNRUBQBwn/2g
pLDXf+8+2hNdMMe0xclmvfH1CSaHLuH1HPWJPMsNzNzAC4fFIkqy2XEUcMlQY+AT+fa+r/kqQHog
L+B39IJtp7BZ811cwNZlbuw3LpE1IntArWjtxyvahJIeEsiKW9UGUIbLiNxtevpsKTlqV+kiY3qn
acNRQYDQZuNZUka1jyN2pel6/3cdAlHF86bXO0dDX4jL3FXqp5QsoZcMnFu/wsD0dxg4BblsrxbA
Cn4+LxXFzKR6sHbQXqUm7ROhvkIJRNPe1Bw49LARnTkdG8tMgQ9dYtMAvvZk8OPZnIaTyjwQu7DE
MARmOKt7Bj/YvTHCH91hc2BzYBEn5vJPcmL705B6Vc0Zn2O+jB+MK87gR7Z4iSNJgvanEZ4897pZ
YN5WYpf800y2GUYn2y46pwFF
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
答案 0 :(得分:1)
请发布完整的肥皂信封。
我猜WCF消息安全性会尝试解析响应。问题是我不确定你是否想要它 - 因为我知道你有自己的解析saml的机制。
在这种情况下,您不需要TransportSecurityBindingElement,https就足够了。
答案 1 :(得分:0)
您使用的是哪种证书?自签名?它是否部署在wcf主机操作系统上的可信CA repo中?