如何让我的WCF发送特定的WS-Security(Apache CXF 2.6)

时间:2016-08-25 10:35:23

标签: web-services wcf soap

我必须使用Web服务Axis 1.4和Apache CXF 2.6来使我的WCF客户端使用Web服务并签署/加密请求。

到目前为止,我已经创建了一个自定义绑定,并在合同中添加了ProtectionLevel=Net.Security.ProtectionLevel.Sign并且“认为”我正在按照正确的方向工作。

这是我的.config:

<system.serviceModel>
    <behaviors>
      <endpointBehaviors>
        <behavior name="ComportamientoCertificadosREA">
          <clientCredentials>
            <clientCertificate findValue="XXXXXXXX"
              x509FindType="FindByThumbprint" />
            <serviceCertificate>
              <defaultCertificate findValue="XXXXXX"
                storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
              <authentication certificateValidationMode="ChainTrust" trustedStoreLocation="LocalMachine" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <customBinding>
        <binding name="reaCXFWSSoapBinding">
          <security authenticationMode="MutualCertificate" requireDerivedKeys="false"
            includeTimestamp="false" messageProtectionOrder="EncryptBeforeSign"
            messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            requireSecurityContextCancellation="false">
            <secureConversationBootstrap authenticationMode="MutualCertificate"
              messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
          </security>
          <textMessageEncoding messageVersion="Soap11" />
          <httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
            maxBufferSize="2147483647" requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>
    <client>
      <endpoint address="https://..."
        behaviorConfiguration="ComportamientoCertificadosREA" binding="customBinding"
        bindingConfiguration="reaCXFWSSoapBinding" contract="ServiceReference1.WSREACXFService"
        name="REAEndpoint">
        <identity>
          <dns value="..." />
          <certificateReference storeLocation="CurrentUser" findValue=""
            isChainIncluded="false" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>

产生以下请求(使用fiddler捕获和解密)

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:BinarySecurityToken u:Id="uuid-5a68af48-0f16-46b4-b45f-e83851841104-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">...</o:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#_1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>...</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue></SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-5a68af48-0f16-46b4-b45f-e83851841104-2"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        ...
    </s:Body>
</s:Envelope>

这是该服务的有效示例:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <soap:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
            <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
            wsu:Id="CertId-E554529BAA924FFE9C14373971009923"></wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#id-3">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>...</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>...</ds:SignatureValue>
                <ds:KeyInfo Id="KeyId-E554529BAA924FFE9C14373971009924">
                    <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                    wsu:Id="STRId-E554529BAA924FFE9C14373971009925">
                        <wsse:Reference URI="#CertId-E554529BAA924FFE9C14373971009923" 
                        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
            <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
            wsu:Id="E554529BAA924FFE9C14373971009141">...</wsse:BinarySecurityToken>
            <xenc:EncryptedKey Id="EncKeyId-E554529BAA924FFE9C14373971009302">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <wsse:Reference URI="#E554529BAA924FFE9C14373971009141"
                        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>...</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#EncDataId-1" />
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
        </wsse:Security>
    </soap:Header>
    <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3">
        ...
    </soap:Body>
</soap:Envelope>

那么,如何设置我的.config(和我的代码)以生成有效示例之类的请求?

0 个答案:

没有答案
相关问题
最新问题