Question

我正在开发WCF webservices以供客户端调用。他们使用Java，他们让我用它后面的证书开发额外的安全性。我开发了一个带有自定义证书验证的服务，它可以工作。提供适当的证书时，它会检查它是否是正确的证书，并根据验证结果允许/拒绝访问服务器。

但是，在调用服务时会生成以下SOAP请求：

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">MyCompanyName/IMyCompanyNameDSWCF/HelloWorld</a:Action>
        <h:OutOfBandData xmlns:h="http://www.examples.com">MyCompanyName</h:OutOfBandData>
        <a:MessageID>urn:uuid:11111111-1111-1111-1111-111111111111</a:MessageID>
        <ActivityId CorrelationId="22222222-2222-2222-2222-222222222222" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">33333333-3333-3333-3333-333333333333</ActivityId>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1" u:Id="_1">https://MyURL.com/MyCompanyName/MyCompanyNameDSWCF.svc?wsdl</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2015-05-25T16:16:49.530Z</u:Created>
                <u:Expires>2015-05-25T16:21:49.530Z</u:Expires>
            </u:Timestamp>
            <o:BinarySecurityToken u:Id="uuid-44444444-4444-4444-4444-444444444444-44" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">value</o:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#_0">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>value</DigestValue>
                    </Reference>
                    <Reference URI="#_1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>value</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>value</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-44444444-4444-4444-4444-444444444444-44"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body>
        <HelloRequestMessage xmlns="MyCompanyName">
            <RequestToGreet xmlns="http://www.examples.com">MyCompanyName123</RequestToGreet>
        </HelloRequestMessage>
    </s:Body>
</s:Envelope>

不幸的是，客户端无法生成相同的请求。他们提供了他们能够提供的请求的样本，他们称之为“数字签名”＃34;或者你有什么。这是他们的请求样本：

<?xml version="1.0"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Id-1111111111111111-1111111111111111-2">
            <dsig:SignedInfo>
                <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <dsig:Reference URI="#Id-1111111111111111-1111111111111111-1">
                    <dsig:Transforms>
                        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </dsig:Transforms>
                    <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <dsig:DigestValue />
                </dsig:Reference>
            </dsig:SignedInfo>
            <dsig:SignatureValue />
            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Id-1111111111111111-1111111111111111-3">
                <dsig:X509Data>
                    <dsig:X509Certificate>
                        value
                    </dsig:X509Certificate>
                </dsig:X509Data>
            </dsig:KeyInfo>
        </dsig:Signature>
    </s:Header>
    <s:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1111111111111111-1111111111111111-1">
        <HelloRequestMessage xmlns="MyCompanyName">
            <RequestToGreet xmlns="http://www.examples.com">MyCompanyName123</RequestToGreet>
        </HelloRequestMessage>
    </s:Body>
</s:Envelope>

我已经研究了几天没有运气： - 我不知道如何在客户端签署请求（我的测试应用程序调用我的WCF WS）; - 我不知道如何配置WCF以接受和验证经过数字签名的请求;

PS：我的WCF只有3个星期左右，所以请尝试解释，好像我对此一无所知。

WCF数字签名

0 个答案: