2

我陷入了互操作性问题。我来自 .net,必须通过使用 x509 证书签署请求来使用 Java 安全服务。我在 .net wcf 客户端中有 WSDL 和生成的服务引用,并在 app.config 中添加了 x509 证书凭据,但客户端没有生成预期的 SOAP Payload(在 fiddler 中跟踪)并且 java 服务抛出错误。WCF 客户端是否可以按照 java 的预期生成有效负载?

下面是 Java Guys 给出的 Working Request Payload。

<soapenv:Envelope xmlns:smok="http://www.javaServer.org/schemas/SmokeTest" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ds:Signature Id="SIG-53" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="smok soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-52">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="smok" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>dCnj2a+0wptrFSyWzEgwetSTHmM=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
          WgD3P8DWPG4eWXzXiD9+LZosn7ggRPpIC1OAmq9bn0s1HuGhM/fZozfDhEDn5sAF9RtVFiAZxC03
          4tW+cuxC5jAHH4GYQud6s5h5sGwvhLshQNVdI6HBBFQWr+J3mUEBbUCExJ6HEe1i2v0+dMQNWezo
          E1Ot7klNGxXedHzrlZw=
        </ds:SignatureValue>
        <ds:KeyInfo Id="KI-DE6BE13CF8D5419B66135109740345572">
          <wsse:SecurityTokenReference wsu:Id="STR-DE6BE13CF8D5419B66135109740345573">
            <ds:X509Data>
              <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
                <ds:X509SerialNumber>51921456535433584705342517836423530149</ds:X509SerialNumber>
              </ds:X509IssuerSerial>
            </ds:X509Data>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body wsu:Id="id-52" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <smok:HelloRequest>
      <smok:Name>Hello from Heruwala</smok:Name>
    </smok:HelloRequest>
  </soapenv:Body>
</soapenv:Envelope>
4

1 回答 1

1

按照此处的说明,使用带有“mutualCertificate”的 security.mode 的 customBinding 。如果失败,请发布您的请求看起来如何(通过 Fiddler 或 Wcf 日志记录),以便我们进行比较。一个预期的区别是证书将显示为二进制令牌而不是 X509Data。我不希望服务器因此而失败。如果确实如此,您可以通过从代码创建整个自定义绑定来解决此问题。当您需要创建安全元素时,它将是这样的:

SecurityBindingElement sec =
                SecurityBindingElement.CreateMutualCertificateBindingElement(
                  MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, false);
X509SecurityTokenParameters x509Params = new X509SecurityTokenParameters();
x509Params.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
((AsymmetricSecurityBindingElement) sec).InitiatorTokenParameters = x509Params;

或通过在自定义编码器中对 X509Data 进行硬编码。

于 2012-10-26T21:17:48.050 回答