通过HTTPS使用签名邮件时,WCF和Java EE之间可能存在unicode互操作问题?

时间:2013-05-20 12:36:01

标签: wcf web-services java-ee ws-security

我正在使用下面的自定义绑定配置通过HTTPS签署SOAP消息:

        System.ServiceModel.Channels.AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement();
        asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;

        asbe.InitiatorTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
        asbe.RecipientTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
        asbe.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;

        asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
        asbe.EnableUnsecuredResponse = true;
        asbe.IncludeTimestamp = false;
        asbe.SetKeyDerivation(false);
        asbe.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;            
        asbe.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());

        CustomBinding myBinding = new CustomBinding();
        myBinding.Elements.Add(asbe);
        myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));

        HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
        httpsBindingElement.RequireClientCertificate = true;
        myBinding.Elements.Add(httpsBindingElement);

一切正常,直到应用程序开始发送中文字符。发送此SOAP消息时,基于Java的Web服务返回错误“签名或解密无效”

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:BinarySecurityToken u:Id="uuid-f9e416e6-c2bd-42b8-81db-895d878cf239-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIBnTCCAQagAwIBAgIEUWuajTANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhHcmVlbm92YTAeFw0xMzA0MTUwNjEzMzNaFw0yMzAyMjIwNjEzMzNaMBMxETAPBgNVBAMTCEdyZWVub3ZhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLgmJYyrXZ17SRwPjznmqwEZ+YV2WLvPx205FLIE2KG1Bitb02/7gFV+l1RqOntKYKNbuDuEWRakXAo/V5JcY965eblatrjtvmwsddh/ifxiR9hiAtxAnRzqQFYElNO1tMb/Sre0feFDCZq2spEbzXtf0y4ED90lNAEviVBu6ZjQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH//yf+emB7nAZdYfdnScfq8PNwmv8lEyxH5/PHM6R4NvPrYzuQxerX/yHKV5Dg4YwSet7RPjJ7Z1tZ3JPdfo5kvpIbYd+tKaT04Zfu51+xP9fMarmkF289N4nzrp8NZ7KQuDktIuW8vppDPT1C68UThIb/3JqiZSkZfLLHfF2ru</o:BinarySecurityToken>
        <Signature
        xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="#_1">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue>IIkd/cWfZP4MYUOmH5W5zlS1Q8I=</DigestValue>
                </Reference>
                <Reference URI="#uuid-f9e416e6-c2bd-42b8-81db-895d878cf239-1">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue>iJckcMUNrgpBHY6xLLfdy9PJU84=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>Iy0br43eNlnMXA3xMzMAfXE7TVBRoALuv4hcTBSUiW6ltXBP6a3w76ntXnO111UQae4k55YHpdKdzkqE2iQK5qRl1kvNnEHnLfsJIxiGCAb52OS2I0ogBfpHjyPoWq0pS6jp8fjZ2/LkGQy1lmPh7ATyA4uYWNbkk8SfVr+X+Bg=</SignatureValue>
            <KeyInfo>
                <o:SecurityTokenReference>
                    <X509Data>
                        <X509IssuerSerial>
                            <X509IssuerName>CN=Greenova</X509IssuerName>
                            <X509SerialNumber>1366006413</X509SerialNumber>
                        </X509IssuerSerial>
                    </X509Data>
                </o:SecurityTokenReference>
            </KeyInfo>
            </Signature>
    </o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <createUser xmlns="http://webService.service.vim.logistics.teckwah.com/">
        <userInfo xmlns="">
            <city>台北市</city>
            <companyName>個人使用</companyName>
            <contactEmail>pprtest.account@yahoo.com.tw</contactEmail>
            <contactName>黃先, 用先生</contactName>
            <contactNo>+886333333333</contactNo>
            <country>Taiwan</country>
            <custType>PPR Member</custType>
            <email>pprtest.account@yahoo.com.tw</email>
            <fullName>黃, 先生</fullName>
            <password>$3cr3t!h0y</password>
            <pickupAddr>台市松德路888號</pickupAddr>
            <rePassword>$3cr3t!h0y</rePassword>
            <salutation>先生</salutation>
            <tel>+886333333333</tel>
            <username>pprtest.account@yahoo.com.tw</username>
        </userInfo>
    </createUser>
</s:Body>

但如果中文字符不存在,使用上述相同绑定配置的代码效果很好。

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:BinarySecurityToken u:Id="uuid-3dd89dfe-53aa-4f87-a07d-e33c1cb26bd2-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIBnTCCAQagAwIBAgIEUWuajTANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhHcmVlbm92YTAeFw0xMzA0MTUwNjEzMzNaFw0yMzAyMjIwNjEzMzNaMBMxETAPBgNVBAMTCEdyZWVub3ZhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLgmJYyrXZ17SRwPjznmqwEZ+YV2WLvPx205FLIE2KG1Bitb02/7gFV+l1RqOntKYKNbuDuEWRakXAo/V5JcY965eblatrjtvmwsddh/ifxiR9hiAtxAnRzqQFYElNO1tMb/Sre0feFDCZq2spEbzXtf0y4ED90lNAEviVBu6ZjQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH//yf+emB7nAZdYfdnScfq8PNwmv8lEyxH5/PHM6R4NvPrYzuQxerX/yHKV5Dg4YwSet7RPjJ7Z1tZ3JPdfo5kvpIbYd+tKaT04Zfu51+xP9fMarmkF289N4nzrp8NZ7KQuDktIuW8vppDPT1C68UThIb/3JqiZSkZfLLHfF2ru</o:BinarySecurityToken>
        <Signature
        xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="#_1">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue>PdgVXH62+JpiAb/KHZMR112gjWM=</DigestValue>
                </Reference>
                <Reference URI="#uuid-3dd89dfe-53aa-4f87-a07d-e33c1cb26bd2-1">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue>P+4aoOUJtgXq55x6cRmKVa72YQc=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>ba1kjrHXSAfA41/rdiN11OPmz5UlebQ+UBxuI5SK0G8rP1wk4fqQMyOGe5jXZ4/eAZtFUllWY1WLjE7kScBlYl0pj3WcOTC8YgiyWf0UMOVvbpX4EVu0BrUTf6m02oY8Odc61465Tvp9iNDKSJwKQJzYpt5/K+UYysvsFOJ1Whw=</SignatureValue>
            <KeyInfo>
                <o:SecurityTokenReference>
                    <X509Data>
                        <X509IssuerSerial>
                            <X509IssuerName>CN=Greenova</X509IssuerName>
                            <X509SerialNumber>1366006413</X509SerialNumber>
                        </X509IssuerSerial>
                    </X509Data>
                </o:SecurityTokenReference>
            </KeyInfo>
            </Signature>
    </o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <createUser xmlns="http://webService.service.vim.logistics.teckwah.com/">
        <userInfo xmlns="">
            <city>Taipei</city>
            <companyName>Papa Rap Ltd.</companyName>
            <contactEmail>test909.eizbopf@greenova.tw</contactEmail>
            <contactName>Papa Rap</contactName>
            <contactNo>+639999999999</contactNo>
            <country>Taiwan</country>
            <custType>PPR Member</custType>
            <email>test909.eizbopf@greenova.tw</email>
            <fullName>Papa Rap</fullName>
            <password>by9qjX!)n1^stw</password>
            <pickupAddr>Unit 210-A Orbit Street</pickupAddr>
            <rePassword>by9qjX!)n1^stw</rePassword>
            <salutation>Mr.</salutation>
            <tel>+639999999999</tel>
            <username>test909.eizbopf@greenova.tw</username>
        </userInfo>
    </createUser>
</s:Body>

这可能是配置问题吗?

1 个答案:

答案 0 :(得分:0)

Nop ..没有互操作问题。服务器根本无法识别unicode字符。