使用WSF / PHP使用metro java Web服务时遇到问题。该场景是具有对称密钥的示例用户名验证。 Java客户端工作正常,但WSF / PHP发送错误的序列号2147483647。
php客户端的框架:错误的序列号(32位整数限制?)
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyID-91d4e3a6-11e7-1e21-30a3">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
</xenc:EncryptionMethod>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>
C=FR, ST=Some-State, O=kasstore/emailAddress=admin@kasstore.
</ds:X509IssuerName>
<ds:X509SerialNumber>
2147483647
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
框架:良好的序列号
<xenc:EncryptedKey
xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
Id="_5002">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>
EMAILADDRESS=admin@kasstore.com, O=kasstore, ST=Some-State,
</ds:X509IssuerName>
<ds:X509SerialNumber>
18002984546126232115
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
上下文:wsf / php客户端:wso2 wsf php2.1.0 / Debian 32bits
上下文:wsf / php客户端:Policy.xml
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
上下文:wsf / php客户端:client.php
private function callWebService()
{
// create ssecurity context
$kasstoreServerFidelityCertificate = ws_get_cert_from_file("ksfidelity.pem");
$kasstoreClientFidelityCertificate = ws_get_cert_from_file("ksfidelity.pem");
if (is_null($kasstoreServerFidelityCertificate) or strlen($kasstoreServerFidelityCertificate)<1)
{
error_log("Unknown certificate");
return;
}
$fidelityPolicyXml = file_get_contents("policy.xml", true);
$fidelityPolicy = new WSPolicy($fidelityPolicyXml);
$fidelitySecurityToken = new WSSecurityToken(array(
"certificate" => $kasstoreClientFidelityCertificate,
"receiverCertificate" => $kasstoreServerFidelityCertificate,
"user" => "dummyuser@Anonymous",
"password" => "dummypassword",
"passwordType" => "Digest"
));
try
{
$reqPayloadString = <<<XML
<ns1:computeActions xmlns:ns1="http://ws.kasstore.com"><MyActionparams></MyActionpartams></ns1:computeActions>
XML;
$reqMessage = new WSMessage($reqPayloadString,
array("to" => "http://ws.kasstore.com/PosnFidelityWS/FidelityManagerPHPService",
"action" => "http://ws.kasstore.com/FidelityManagerPHPService/computeActionsRequest"));
$client = new WSClient(array (
"policy" => $fidelityPolicy,
"securityToken" => $fidelitySecurityToken,
"useSOAP" => "1.1",
"CACert" => "./ksfidelity.pem",
"useWSA" => TRUE
));
$resMessage = $client->request($reqMessage);
证书:证书:
Data:
Version: 3 (0x2)
Serial Number:
f9:d7:73:0f:90:b3:7a:36
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST=Some-State, O=kasstore/emailAddress=admin@kasstore.com
Validity
Not Before: Oct 8 08:48:05 2012 GMT
Not After : Sep 21 08:48:05 2023 GMT
Subject: C=FR, ST=Some-State, O=KasStore, OU=Kas'Fidelity, CN=KasStore Fidelity Service Certificate/emailAddress=admin@kasstore.com
Subject Public Key Info: