0

从基于 JAVA 的服务(使用我正在测试的 SOAP UI 设置的测试工具)的响应中获取以下异常。

在客户端,我使用 WCF 服务和 CustomBinding 使用以下配置。我在服务客户端上实现 IClientMessageInspector 和 IEndpointBehavior 只是为了在退出时编辑 SOAP 标头。这被服务器接受并且正在发送正确的响应。WCF 服务似乎无法处理它

我无权访问该服务的源代码,只有 SoapUI 中的测试工具

//Load the certificate from a file
        X509Certificate2 certificate =
            new X509Certificate2(@"D:\certs.pfx",
                                 "password");

        //Specify the address to be used for the client.
        EndpointAddress address = new EndpointAddress("https://servername:8089/site/ws");

        BasicHttpBinding bTHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);                        

        BindingElementCollection bec = bTHttpBinding.CreateBindingElements();
        TransportSecurityBindingElement tsp = bec.Find<TransportSecurityBindingElement>();                        
        HttpsTransportBindingElement httpsBinding = bec.Find<HttpsTransportBindingElement>();            
        TextMessageEncodingBindingElement encoding = bec.Find<TextMessageEncodingBindingElement>();            
        httpsBinding.RequireClientCertificate = true;

        CustomBinding binding = new CustomBinding(tsp, encoding, httpsBinding);                  
        binding.CloseTimeout = TimeSpan.FromMinutes(15);
        binding.OpenTimeout = TimeSpan.FromMinutes(15);
        binding.ReceiveTimeout = TimeSpan.FromMinutes(15);
        binding.SendTimeout = TimeSpan.FromMinutes(15);

        // Create the message inspector
        Saml20Extension extentionBehaviour = new Saml20Extension();

        ClientService.enquiryRequestClient client = new enquiryRequestClient(binding, address);

回复异常:

Cannot resolve KeyInfo for unwrapping key: KeyInfo 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = X509IssuerSerialKeyIdentifierClause(Issuer = 'CN=test_facility', Serial =        '12342342423')
)
', available tokens 'SecurityTokenResolver
(
TokenCount = 0,
)
'.

我探索过的大道:

  • 证书的序列号格式为 8F 23 0c 81 而消息响应格式为 12342342423 - 也许它在商店中找不到证书?它是使用问题名称和序列号还是分别尝试两者以尝试找到匹配项?

  • app.config 中的协商服务凭据属性 - 我似乎无法为代码中的 CustomBinding 设置将其设置为关闭 - 有人知道该怎么做吗?

我真的被这件事难住了,想着回到原点,从头开始做整件事。

使用以下代码在客户端忽略 SSL 证书错误

ServicePointManager
.ServerCertificateValidationCallback += 
(sender, cert, chain, sslPolicyErrors) => true;

SOAP 响应(加密)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
  <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <xenc:EncryptedKey Id="EncKeyId-882E1CD1112C4D3FD61335190122478230">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference>
            <ds:X509Data>
              <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=test_vendor</ds:X509IssuerName>
                <ds:X509SerialNumber>1328712805</ds:X509SerialNumber>
              </ds:X509IssuerSerial>
            </ds:X509Data>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>Fp63Batmb8JJL/+6l9atqi4hrWCshmhcOlqRFtblVkNIcJH1f1YV4Koh23uZ5OB2nPuq4px16LUQVTv5ZbSnYQfuO9MklSofFX/B1944bd7VBIcy+WyfYOoVSy7kKy80DY8wzUBNtOC0tWwM2vVPuIYRs16ijuF23KtBx1T89Kc=</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList>
          <xenc:DataReference URI="#EncDataId-138"/>
        </xenc:ReferenceList>
      </xenc:EncryptedKey>
      <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-882E1CD1112C4D3FD61335190122465226" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2lsaXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNpbGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGjVTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTAhtsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==</wsse:BinarySecurityToken>
      <ds:Signature Id="Signature-136" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-137">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>fWmhVWpkcFWreSSpA4DaLWBc6kE=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GmPo9AIJLCrmR7+FIlsYnSCJPZIw5ls3kdSG4/Zv9AwL0eono9XV6cdmXfoHEmhyd3zaF583g14aAtGpJbErKZZ96nNKnjiB0gchghZY7gBDabv94aUJw2q7BehADvFatdgYab/cOp9ONT6yOl4nZ1gzDaAxVh7NvMLoH1EYmiY=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-882E1CD1112C4D3FD61335190122465227">
          <wsse:SecurityTokenReference wsu:Id="STRId-882E1CD1112C4D3FD61335190122465228" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Reference URI="#CertId-882E1CD1112C4D3FD61335190122465226" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
    <saml:Assertion ID="_54d0c8395de26c3e44730df2c9e8d3e9" IssueInstant="2012-02-17T10:40:36.806Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml:Issuer>CN=test_facility</saml:Issuer>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#_54d0c8395de26c3e44730df2c9e8d3e9">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>/nNfJuKr83umcry7vguJkSWyfKs=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>pVBcgvqr1Ndms5sZXV5cupiC3ADd7kycuEaETuCLzpcJLmGaTsP5NkfCfyIuvYBZe3MjfnOQ81AquFYljw5SPYd8nItqss/9zOzJeZ0aL/bJxfovNBb4cv92nghncXA2MGTWWdH63+FkajlE7x/U81QkCdVBXJRVVXNsR0dMxAY=</SignatureValue>
        <KeyInfo>
          <X509Data>
            <X509Certificate>
              MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2ls
              aXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNp
              bGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z
              6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGj
              VTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkq
              hkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTA
              htsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci
              8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==
            </X509Certificate>
          </X509Data>
        </KeyInfo>
      </Signature>
      <saml:Subject>
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">joe.bloggs@facility.ie</saml:NameID>
      </saml:Subject>
      <saml:Conditions NotBefore="2012-02-17T10:40:21.806Z" NotOnOrAfter="2012-02-17T10:41:06.806Z"/>
    </saml:Assertion>
    <wsa:Action SOAP-ENV:mustUnderstand="1">http://www.xxx.xx/xxxxxxxx/xxxxxxx</wsa:Action>
    <wsa:MessageID SOAP-ENV:mustUnderstand="1">uuid:7700f066-e7d7-4b1e-ab23-11171d9201bd</wsa:MessageID>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body wsu:Id="id-137" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <xenc:EncryptedData Id="EncDataId-138" Type="http://www.w3.org/2001/04/xmlenc#Content">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <wsse:Reference URI="#EncKeyId-882E1CD1112C4D3FD61335190122478230"/>
        </wsse:SecurityTokenReference>
      </ds:KeyInfo>
      <xenc:CipherData>
        <xenc:CipherValue>
          ue42jSONk/kqp2MtxZbyn95RGTrwKd1jd61vo2O/IegbMZhIvWexQBnKthau0YE5Zwk/oKuJcOMM
          FkK8I165NXhxHjQAKs08USF3U1nwB4ApkPIroNcEWRqKJ1gK7lNrS4OeTVyK1HUWsTRRYHp4UUgb
          CJhOLa+ug74Fm5vj9/zL6Oqezr3TL9Oi5WdU9cweGmOfJ++zcqmcjTyewirVqT4VKZoGCvpRgGVR
          I/7St77lG/2yYMjCboejJbT8Ip2XiLL6ItMA/p+iyePMg4JyvR8v8/0fxF2rkLe2vamEEAab0+l1
          f9pANCCjvCj7giSUhIeLT0QVVa65Y9GzHOMTBxdQAMp6zlSWlpq7EaM1xQNq5cjKENQ3f6gKKBFu
          tZxBqDnRl9+XrD0DcBsVAyqv5d1uLSWIi2Mm9DiF23efGuCYAR2EGu1g81rRdU5Tk4KUMa4QUla5
          p+8jtGmtl2ktMr+3/8lwRqgMzqBKTiMFhHQhHQZe5FnKT/7JvycAKmx4LADOo1i2emc8s7NtsZlO
          OQqRovS2VP1A4uUYMFgAIsT2rLauVxKCZFDjFxLKKhyJLdmSzOophaL9Vr+FAzC7rA0t6J8prNdu
          mnwoYK9Hqly1RR7N9wgTN3TX2FHSlGgHcoJHZB2wBEoFHevQ+N9WNvcaE2w7Z02QdNRUBQBwn/2g
          pLDXf+8+2hNdMMe0xclmvfH1CSaHLuH1HPWJPMsNzNzAC4fFIkqy2XEUcMlQY+AT+fa+r/kqQHog
          L+B39IJtp7BZ811cwNZlbuw3LpE1IntArWjtxyvahJIeEsiKW9UGUIbLiNxtevpsKTlqV+kiY3qn
          acNRQYDQZuNZUka1jyN2pel6/3cdAlHF86bXO0dDX4jL3FXqp5QsoZcMnFu/wsD0dxg4BblsrxbA
          Cn4+LxXFzKR6sHbQXqUm7ROhvkIJRNPe1Bw49LARnTkdG8tMgQ9dYtMAvvZk8OPZnIaTyjwQu7DE
          MARmOKt7Bj/YvTHCH91hc2BzYBEn5vJPcmL705B6Vc0Zn2O+jB+MK87gR7Z4iSNJgvanEZ4897pZ
          YN5WYpf800y2GUYn2y46pwFF
        </xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
4

2 回答 2

1

请公布完整的肥皂信封。

我猜想 WCF 消息安全尝试解析响应。问题是我不确定你是否想要它——据我所知,你有自己的机制来解析 saml。

在这种情况下,您不需要 TransportSecurityBindingElement,https 就足够了。

于 2012-04-23T20:55:15.923 回答
0

您使用的是哪种证书?自签?它是否部署在 wcf 主机操作系统上的受信任 CA 存储库中?

于 2012-04-23T20:39:12.870 回答