1

我正在尝试使用用户名令牌、摘要密码和随机数调用 java 服务。但是,我成功地根据服务的要求生成了 usernametoken。我正在使用http://blogs.msdn.com/b/aszego/archive/2010/06/24/usernametoken-profile-vs-wcf.aspx这个项目。我现在得到的服务问题是抱怨在 SOAP 数据包签名后 usernametoken 已被修改。我曾尝试使用 Encoder 手动对令牌进行签名,但 java 服务不能接受 2 个签名令牌。服务期望使用 WS11、SOAP12。签名应该引用二进制安全令牌。我不知道如何克服 usernametoken 签名问题。对此的任何帮助将不胜感激。绑定代码的样子。

AsymmetricSecurityBindingElement messageSecurity =
new AsymmetricSecurityBindingElement(new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,                                                                                                                                                       SecurityTokenInclusionMode.AlwaysToInitiator),  new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient));
messageSecurity.IncludeTimestamp = true;
messageSecurity.LocalClientSettings.TimestampValidityDuration = TimeSpan.FromHours(2);
messageSecurity.MessageSecurityVersion =
MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
messageSecurity.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign;
messageSecurity.SetKeyDerivation(false);
messageSecurity.EndpointSupportingTokenParameters.Signed.Add(new UsernameTokenParameters());
CustomBinding binding = new CustomBinding();
binding.Elements.Add(messageSecurity);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, Encoding.UTF8));
binding.Elements.Add(new HttpTransportBindingElement());
EndpointAddress serviceAddress = new EndpointAddress(new Uri("http://xya.com"),                                                                          EndpointIdentity.CreateDnsIdentity("Test Location 027 :5657050091"), new AddressHeaderCollection());
ChannelFactory<DhsUserAuthUploadHposDvaStatementsPortTypeChannel> channelFactory = new ChannelFactory<DhsUserAuthUploadHposDvaStatementsPortTypeChannel>(binding, serviceAddress);
UsernameClientCredentials credentials = new UsernameClientCredentials(new UsernameInfo("user1", "user1"));
credentials.ServiceCertificate.SetDefaultCertificate(XXXXXXX);
channelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
channelFactory.Endpoint.Behaviors.Add(credentials);
channelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
var client = channelFactory.CreateChannel();
client.upload();

SOAP 请求应该看起来像

    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- utility-1.0.xsd">
 <s:Header>
<a:Action s:mustUnderstand="1" u:Id="_2"></a:Action>
<a:MessageID u:Id="_4">urn:uuid:5da819a8-aa8d-4275-96a6-bf442510dab5</a:MessageID>
<a:ReplyTo u:Id="_5">
  <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo7sBpVzzmo9HtC8qFKcxqwoAAAAAYq4+mfejvkWlHkVaHB/zovT/3WdxLOZLpXjc7SgJ+qkACQAA</VsDebuggerCausalityData>
<a:To s:mustUnderstand="1"
      u:Id="_6">http://xya.com/</a:To>
<o:Security s:mustUnderstand="1"
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-50a519be-99d1-499d-a456-bf81a5566077-1">
    <u:Created>2012-05-29T00:33:57.917Z</u:Created>
    <u:Expires>2012-05-29T00:38:57.917Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-6dd46443-6092-4bd3-9e5c-f455ccb6a6de-2"
                         ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIF1zCCBL+gAwIBAgIDBHONMA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAkFVMQwwCgYDVQQKEwN</o:BinarySecurityToken>
<wsse:UsernameToken wsu:Id="89a288a0-fb17-44b9-97d8-808ad5e318bd"
                      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>user1</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">So8DJF7O8fYdstMK/DAASuM+nLY=</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">DK6E6IT356SfZLWSMsY7mw==</wsse:Nonce>
    <wsu:Created>2012-05-29T00:33:57Z</wsu:Created>
  </wsse:UsernameToken>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="#_1">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>8Po0d4s3JJB1Xh4vdB6+7M/ivoA=</DigestValue>
      </Reference>
      <Reference URI="#_2">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>Azl0elmnUzxTSLUuwfWf6DLT8h8=</DigestValue>
      </Reference>
      <Reference URI="#_3">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>h1iD7HzEK+uslbPRHjwN2zt7zhc=</DigestValue>
      </Reference>
      <Reference URI="#_4">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>MYOf+GwjbcNnUP+EPkeVepuAkv8=</DigestValue>
      </Reference>
      <Reference URI="#_5">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue>
      </Reference>
      <Reference URI="#_6">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>TSr1cnqSoYmoEIURjA5OZB/iyS0=</DigestValue>
      </Reference>
      <Reference URI="#uuid-50a519be-99d1-499d-a456-bf81a5566077-1">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>V0OOCzGhK9mXCNZTxfzllEhQWwI=</DigestValue>
      </Reference>
      <Reference URI="#89a288a0-fb17-44b9-97d8-808ad5e318bd">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>s3bH9/JJJmeemMXlqjgKXSU/2xw=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>oPO8qJ3trY1r1UFB6OQ+fsa1zL18k6Qipd</SignatureValue>
    <KeyInfo>
      <o:SecurityTokenReference>
        <o:Reference URI="#uuid-6dd46443-6092-4bd3-9e5c-f455ccb6a6de-2"/>
      </o:SecurityTokenReference>
    </KeyInfo>
  </Signature>
</o:Security>
</s:Header>
<s:Body>....</s:Body>
</s:Envelope>

绑定生成的soap与上面的类似,但唯一的问题是签名无效。有没有办法延迟登录 WCF?谢谢

4

0 回答 0