我遇到了互操作性问题。我来自.net,必须通过使用x509证书签署请求来使用Java安全服务。我在.net wcf客户端中有WSDL和生成的服务引用,并在app.config中添加了x509证书凭据,但是客户端没有生成预期的SOAP Payload(在fiddler中跟踪)并且java服务抛出错误。是否有一种方式WCF客户端生成java所期望的有效负载?
以下是Java Guys提供的工作请求有效负载。
<soapenv:Envelope xmlns:smok="http://www.javaServer.org/schemas/SmokeTest" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-53" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="smok soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="smok" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>dCnj2a+0wptrFSyWzEgwetSTHmM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
WgD3P8DWPG4eWXzXiD9+LZosn7ggRPpIC1OAmq9bn0s1HuGhM/fZozfDhEDn5sAF9RtVFiAZxC03
4tW+cuxC5jAHH4GYQud6s5h5sGwvhLshQNVdI6HBBFQWr+J3mUEBbUCExJ6HEe1i2v0+dMQNWezo
E1Ot7klNGxXedHzrlZw=
</ds:SignatureValue>
<ds:KeyInfo Id="KI-DE6BE13CF8D5419B66135109740345572">
<wsse:SecurityTokenReference wsu:Id="STR-DE6BE13CF8D5419B66135109740345573">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
<ds:X509SerialNumber>51921456535433584705342517836423530149</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-52" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<smok:HelloRequest>
<smok:Name>Hello from Heruwala</smok:Name>
</smok:HelloRequest>
</soapenv:Body>
</soapenv:Envelope>
答案 0 :(得分:1)
使用customBinding,其security.mode为“mutualCertificate”,如here所述。如果失败,请发布您的请求看起来如何(通过Fiddler或Wcf日志记录),以便我们可以比较它。一个预期的区别是证书将显示为二进制令牌而不是X509Data。我不希望服务器因此而失败。万一它可以通过从代码创建整个自定义绑定来解决这个问题。当您需要创建安全元素时,它将是这样的:
SecurityBindingElement sec =
SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, false);
X509SecurityTokenParameters x509Params = new X509SecurityTokenParameters();
x509Params.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
((AsymmetricSecurityBindingElement) sec).InitiatorTokenParameters = x509Params;
或通过在自定义编码器中对X509Data进行硬编码。