wsse反对wss4j,另一个肥皂签署

时间:2015-09-15 22:52:20

标签: wcf security soap wss4j wsse

我应该创建一个与wss4j服务对话的肥皂客户端..

预期的肥皂信息如下:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
    <env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope">
        <wsse:Security
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            soap:mustUnderstand="true">
            <wsse:BinarySecurityToken
                EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                wsu:Id="X509-2BF68C14B752C6AF9D13976577086141">R9lpib3+Lv9g0Gorz/5XQ==
            </wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                Id="SIG-3">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod
                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                            PrefixList="soap" />
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod
                        Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                    <ds:Reference URI="#TS-1">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces
                                    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap" />
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>ZKmbm/i1rJBrORIQCA5eIu9mNAk=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#id-2">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces
                                    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>RkeIc2YhRTxMQ/Wwm4gNHypLx24=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>O6ume5TiYL1t1KZrv6I7rpSCcF82yAu4FzkvcqYvQ2X1qxy/A==
                </ds:SignatureValue>
                <ds:KeyInfo Id="KI-2BF68C14B752C6AF9D13976577086302">
                    <wsse:SecurityTokenReference wsu:Id="STR-2BF68C14B752C6AF9D13976577086303">
                        <wsse:Reference URI="#X509-2BF68C14B752C6AF9D13976577086141"
                            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
            <wsu:Timestamp wsu:Id="TS-1">
                <wsu:Created>2014-04-16T14:15:08.599Z</wsu:Created>
                <wsu:Expires>2014-04-16T14:20:08.599Z</wsu:Expires>
            </wsu:Timestamp>
        </wsse:Security>
    </env:Header>
    <soap:Body
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        wsu:Id="id-2">
        <ns2:getBatchStatus xmlns:ns2="http://earsiv.vedop3.ggm.gov.org/">
            <paketId>1</paketId>
        </ns2:getBatchStatus>
    </soap:Body>
</soap:Envelope>

我有以下内容:

<。> .config文件是:

<customBinding>
    <binding name="EArsivWsServiceSoapBinding">
      <security includeTimestamp="true" authenticationMode="MutualCertificateDuplex" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" enableUnsecuredResponse="true" securityHeaderLayout="LaxTimestampLast" messageProtectionOrder="SignBeforeEncrypt" keyEntropyMode="ClientEntropy" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
      </security>
      <textMessageEncoding messageVersion="Soap12"></textMessageEncoding>
      <httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" transferMode="Buffered" hostNameComparisonMode="StrongWildcard" />
    </binding>
</customBinding>

和config有一个保存在Usb令牌中的证书引用,当签名时,会询问密码:

<behaviors>
      <endpointBehaviors>
        <behavior name="ClientBehavior">
          <clientCredentials>
            <clientCertificate storeLocation="CurrentUser" storeName="My" findValue="ddb10d5ef9ed14dada536ee144bd047ce42a1af8" x509FindType="FindByThumbprint" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>

服务界面有:

[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
    [System.ServiceModel.ServiceContractAttribute(ProtectionLevel = ProtectionLevel.Sign)]
    public interface SampleWs
    {
       ...

但最终的肥皂是:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <o:BinarySecurityToken u:Id="uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">..blah blah base64 content..</o:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#_1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>Ng/QkiXSRDBasCcQjf35pp51ufw=</DigestValue>
          </Reference>
          <Reference URI="#uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>UdHyzU42q875NM1/W8pOW1QB+Pc=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>.. blah blah a long base64 content..</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference>
            <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2"/>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
      <u:Timestamp u:Id="uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
        <u:Created>2015-09-15T22:17:11.416Z</u:Created>
        <u:Expires>2015-09-15T22:22:11.416Z</u:Expires>
      </u:Timestamp>
    </o:Security>
  </s:Header>
  <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <getBatchStatus>
      <paketId xmlns="">1</paketId>
    </getBatchStatus>
  </s:Body>
</s:Envelope>

也给出了

  

InvalidSecurity在处理时发现错误   &LT;的wsse:安全和GT;报头中。

所以,差异是;

我的问题是:

  • 使用.config,如何准确获取目标肥皂?

  • 这些差异造成的错误是什么?

  • 你能解释一下导致错误的原因吗?

  • 并摆脱错误??

感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

通过使用defaultAlgorithmSuite =“Basic256Sha256”获得“w3.org/2001/04/xmldsig-more#rsa-sha256”获得的解决方案;在目标SOAP ..谢谢