对WCF服务的SoapUI请求失败而没有解密

时间:2010-02-26 21:50:38

标签: java wcf ws-security soapui

我正在尝试使用消息安全性(无传输安全性)配置WCF服务,以便它可以与Java客户端通信。我一直在使用SoapUI进行测试,并克服了许多障碍。现在,WCF似乎正在验证消息,但是它将它路由到操作而不解密它。我收到以下内部异常:

System.Runtime.Serialization.SerializationException

OperationFormatter遇到无效的Message正文。预计会找到名为“SaySomething”和名称空间“http://ecollege.com/securityspike/”的节点类型“Element”。找到名为'xenc:EncryptedData'的节点类型'Element'和名称空间'http://www.w3.org/2001/04/xmlenc#'

我已经尝试了所有内容,并且尽可能地阅读了所有内容,但我没有发现任何类似内容,也没有找到任何解我希望有人知道这笔交易是什么,并能够帮助我。下面是我的WCF服务配置和SoapUI消息:

WCF服务自定义绑定配置

<customBinding>
  <binding name="custom">
    <security
      defaultAlgorithmSuite="Basic128Rsa15"
      authenticationMode="MutualCertificate"
      securityHeaderLayout="Lax"
      includeTimestamp="false"
      keyEntropyMode="ClientEntropy"
      messageProtectionOrder="EncryptBeforeSign"
      messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
      requireSignatureConfirmation="false"
      requireSecurityContextCancellation="false"
      allowSerializedSigningTokenOnReply="true">
      <localServiceSettings detectReplays="false" />
    </security>
    <textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" />
    <httpTransport />
  </binding>
</customBinding>

SoapUI原始消息

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sec="http://ecollege.com/securityspike/">
   <soapenv:Header/>
   <soapenv:Body>
      <sec:SaySomething>
         <sec:message>
            <sec:Message>Hello from SoapUI!</sec:Message>
         </sec:message>
      </sec:SaySomething>
   </soapenv:Body>
</soapenv:Envelope>

SoapUI安全消息

<soapenv:Envelope xmlns:sec="http://ecollege.com/securityspike/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
   <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E4A1994D222819B9E91267220999421261" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIB9DCCAWGgAwIBAgIQCdc8f7wHY5NIPPv+42iHmzAJBgUrDgMCHQUAMBUxEzARBgNVBAMTClJvb3RDQVRlc3QwHhcNMTAwMjI1MTcyMzM1WhcNMzkxMjMxMjM1OTU5WjAYMRYwFAYDVQQDEw13Y2ZDbGllbnRDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw8RJdTARFL+1bbFptcYkIsuBCiJam9rBR14CBKxlvsAVI70F63aDUctYxGKhJgpTOGZyqtVtgawoFf/oPVGSm7yRDR5XcuhqwoQ7IMHxAVKLyNaiE/ZtYb3RTcIC7y1JS2n/DHKu+KK4T2FVhBEZYVhOYP/u4SOvGK6X6uahy4wIDAQABo0owSDBGBgNVHQEEPzA9gBDhcQFxXO88N5H8wWmVu2LGoRcwFTETMBEGA1UEAxMKUm9vdENBVGVzdIIQSgymJZg5k5xJ3Qs97Rs+fTAJBgUrDgMCHQUAA4GBAFumlUh7/DKBwWHvqgcGUFIMx/VtbvlEfyKMIIrdce1I7dPON4+TRf+kho1nf7zbxrioN0s3RfNapiFPkiBndGbyQjoojfq2PRttcbBXgyyaDg3s6Yg95r4ytMn4G9wDICdiW42RKReCZA1PJA55DWtFqWNrUgnDq/uTttHQdOB+</wsse:BinarySecurityToken>
         <ds:Signature Id="Signature-125" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#id-126">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>TY3WWW+3MjAXCj70Ao8g4owVfwc=</ds:DigestValue>
               </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>sJS23J31T+EiH9ZcpOBWm9VZDgINsBLWncC9q+Qzhqab/KIY3/hs+Xn2oD6JKPo3/mOIqZ/ZMDMj
KSUKRghYbsGYrUl4Z/37hbmg5ZLaA/XxLMy8cmfXi2FhgebTwFX2Zm3nptCELFaMqcufEV9KBDtv
98/2H4K63ZJa39YW9Tk=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-E4A1994D222819B9E91267220999421262">
               <wsse:SecurityTokenReference wsu:Id="STRId-E4A1994D222819B9E91267220999422263" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                  <wsse:Reference URI="#CertId-E4A1994D222819B9E91267220999421261" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
         </ds:Signature>
         <xenc:EncryptedKey Id="EncKeyId-E4A1994D222819B9E91267220999410260">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
               <wsse:SecurityTokenReference>
                  <ds:X509Data>
                     <ds:X509IssuerSerial>
                        <ds:X509IssuerName>CN=RootCATest</ds:X509IssuerName>
                        <ds:X509SerialNumber>-146698624100943020459804947660733868602</ds:X509SerialNumber>
                     </ds:X509IssuerSerial>
                  </ds:X509Data>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
               <xenc:CipherValue>og/+4qWGOAZ8jlk2VZeTGP5++lF0aAyaqFSeuIGrGyblklIWf+lkmHydFK2j4ade7tpeiBKHxtcxPR87OpK3pCyStpN36pdqHOdDsy/pozrc7b6zn9IrwXC/WjhIXVQiPZZfpHk0B75ByJq+2laIVbqpeYmGQLaj3ocl/AooGdQ=</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:ReferenceList>
               <xenc:DataReference URI="#EncDataId-124"/>
            </xenc:ReferenceList>
         </xenc:EncryptedKey>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body wsu:Id="id-126" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <xenc:EncryptedData Id="EncDataId-124" Type="http://www.w3.org/2001/04/xmlenc#Content">
         <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
               <wsse:Reference URI="#EncKeyId-E4A1994D222819B9E91267220999410260"/>
            </wsse:SecurityTokenReference>
         </ds:KeyInfo>
         <xenc:CipherData>
            <xenc:CipherValue>2v9lbteE7Vh5zbw0yZHxX9srTRh6N/uOxsCnjY1/ShDQvExCDcuVCfgfpXxdbCWRHcH1QTIJ9Wv1
vG17WA1c7AdnVZfyAmGsXYNn2ZhIq3dQeUKbgDnhfT16NOPeXUtdd+EUb5p+Iw1JrktXmKK+jpX6
7Kp/Wv1vaxN9xfZfygqBrdgrjJYyihlQoKI0UEpc3QoKW6Zwp3hJcf52gLJwBb2Sxcc8Nnnr83GM
15SGv9rEIpYzJKvebwiha1/bby+mULEvlNrtsER7GyjG94Eu+0BjsPPYMwt4E6iV0umMuZF8Su8o
MWYXby+aaUs4QOGsWJSAJWrICIWfZDM/VjOj76OAzc3vKL/lLNJskQ5XYdOWzjYz5v6qZ5C4mTV7
ZNWM3cnLe40CtguuzYHooPyjpcE9MEsP5oVm4ns2dVZvsaF/lYxQZHsRDRNxkEC19pkK</xenc:CipherValue>
         </xenc:CipherData>
      </xenc:EncryptedData>
   </soapenv:Body>
</soapenv:Envelope>

WCF安全消息

<s:Envelope 
  xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <o:Security 
      s:mustUnderstand="1" 
      xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <o:BinarySecurityToken 
        u:Id="uuid-1aa5b3d3-f82a-4de3-a8cf-3c36d2042a9a-5" 
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        >MIIB9DCCAWGgAwIBAgIQCdc8f7wHY5NIPPv+42iHmzAJBgUrDgMCHQUAMBUxEzARBgNVBAMTClJv
        b3RDQVRlc3QwHhcNMTAwMjI1MTcyMzM1WhcNMzkxMjMxMjM1OTU5WjAYMRYwFAYDVQQDEw13Y2ZD
        bGllbnRDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw8RJdTARFL+1bbFptcYkIsuBC
        iJam9rBR14CBKxlvsAVI70F63aDUctYxGKhJgpTOGZyqtVtgawoFf/oPVGSm7yRDR5XcuhqwoQ7I
        MHxAVKLyNaiE/ZtYb3RTcIC7y1JS2n/DHKu+KK4T2FVhBEZYVhOYP/u4SOvGK6X6uahy4wIDAQAB
        o0owSDBGBgNVHQEEPzA9gBDhcQFxXO88N5H8wWmVu2LGoRcwFTETMBEGA1UEAxMKUm9vdENBVGVz
        dIIQSgymJZg5k5xJ3Qs97Rs+fTAJBgUrDgMCHQUAA4GBAFumlUh7/DKBwWHvqgcGUFIMx/VtbvlE
        fyKMIIrdce1I7dPON4+TRf+kho1nf7zbxrioN0s3RfNapiFPkiBndGbyQjoojfq2PRttcbBXgyya
        Dg3s6Yg95r4ytMn4G9wDICdiW42RKReCZA1PJA55DWtFqWNrUgnDq/uTttHQdOB+</o:BinarySecurityToken>
      <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <o:SecurityTokenReference>
            <X509Data>
              <X509IssuerSerial>
                <X509IssuerName>CN=RootCATest</X509IssuerName>
                <X509SerialNumber>-146698624100943020459804947660733868602</X509SerialNumber>
              </X509IssuerSerial>
            </X509Data>
          </o:SecurityTokenReference>
        </KeyInfo>
        <e:CipherData>
          <e:CipherValue>EX2mPLI7VpedG2WVzmBiYje+z/WppWsYO6Pg4/WwlQRv2rLaFmgF4cg8yn55dVyFStr9Me6jjq4s
          +VS5s0t+IGVjCm17gCREC4r07FUTPFKtB5JR8lfcRFKriCMCkwnr4DLxzVKa/h9Mw+4DK4+mMkX+
          lAO985cluGKhbmuWYhM=</e:CipherValue>
        </e:CipherData>
        <e:ReferenceList>
          <e:DataReference URI="#_2"/>
        </e:ReferenceList>
      </e:EncryptedKey>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#_1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>r01NIZbDYv/a/od4dKmN2VF54NY=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>h/uzND4eoH5WOguIzwO9YurD2fEF0NBH9Bl5ipFjZaffyi+z2m2fYngujtcoxh8a6YPyMW3Us0Q0
        //i79GEnkxCq0mBPbLJvLvtXFAuJpFZ9oOEKRqJ5Uqh8je6um0KJCiSFn74xy23OEG6fRbUJZkJP
        IH8KnGhzqR1UGXkI49E=</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference>
            <o:Reference 
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
              URI="#uuid-1aa5b3d3-f82a-4de3-a8cf-3c36d2042a9a-5"/>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header>
  <s:Body u:Id="_1">
    <e:EncryptedData Id="_2" 
       Type="http://www.w3.org/2001/04/xmlenc#Content" 
       xmlns:e="http://www.w3.org/2001/04/xmlenc#">
      <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <e:CipherData>
        <e:CipherValue>2VwP5Qcdyff6awcskzwtLktVQOB2UKFOFmFExNUJa0kJbT1gH1MzoIthuNx7bUHmAqGpnmrs6b2t
          f4zpkZv8mZ8L41WBkrg2LGLCeBpXtmudpOdQ9KaEIXqXlRHUI6OutrsCKRWDTRlMD+Y2m0fM8sxF
          5mp7lsGJUVzbpLcb4hduKI2RVkylxRMpqIgcDR4vj72ew52QMtrNdH5QZsouyBDeE2fc+imGKK9K
          UcLlQbZRzLkv9oYzHicewaWnOeGr4dhkdn6eBropbK0gqxoxng==</e:CipherValue>
      </e:CipherData>
    </e:EncryptedData>
  </s:Body>
</s:Envelope>

2 个答案:

答案 0 :(得分:1)

调试此方法的最佳方法是为此服务设置一个有效的WCF客户端,并将其与肥皂与SoapUI进行比较。

出乎意料的是,我会尝试更改messageProtectionOrder并检查合同上的ProtectionLevel属性(如果存在)。

答案 1 :(得分:1)

为这个问题提供答案。事实证明,我的messageProtectionOrder设置配置不正确。最终目标是签署消息内容,然后加密。 SoapUI以及我们的业务合作伙伴正在签名然后加密消息,但由于WCF被配置为先加密(或解密)然后签名,因此无法使用SignBeforeEncrypt正确处理安全消息。

将WCF配置与SoapUI /业务合作伙伴配置相匹配解决了此问题。