2

我坚持为我的客户开发 WSDL 客户端。我是 PHP/WSO2 的新手,所以请耐心等待我的差距 :) 问题是什么:客户端可以连接到服务器,但接收

wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1073) [wsf_wsdl]Fault payload is <soap:Faulxmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the &lt;wsse:Security&gt; header</faultstring></soap:Fault>

我无法更改服务器配置,也无法获取有关如何配置服务器的信息(WSPolicy 等)。WSDL 服务提供商告诉我,服务器端使用了以下属性:签名、无加密、issuerSerial 就是这样。同样,客户端可以连接到服务器(证书正确),但响应时出现错误。

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
    <wsp:All>
        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:InitiatorToken>
                    <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                            <wsp:Policy>
                                <sp:WssX509V3Token10/>
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:InitiatorToken>
                <sp:RecipientToken>
                    <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                            <wsp:Policy>
                                <sp:WssX509V3Token10/>
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:RecipientToken>
                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:Basic256Rsa15/>
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Strict/>
                    </wsp:Policy>
                </sp:Layout>
            </wsp:Policy>
        </sp:AsymmetricBinding>
        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:MustSupportRefIssuerSerial/>
            </wsp:Policy>
        </sp:Wss10>
        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <sp:Body/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
        </sp:SignedParts>
    </wsp:All>
</wsp:ExactlyOne>

还有来自客户的一些代码:

private function getWSPolicy() {
    $policyXML = file_get_contents("signp.xml");
    $policy = new WSPolicy(array("security"=>$policyXML));
    return $policy;
} 

private function getWSSecurityToken() {
    $clientPrivateKeyPath = 'ssl/key.pem';
    $clientCertificate = 'ssl/cert-only.pem';
    $serverPem = 'ssl/server.pem';

    $pvt_key = ws_get_key_from_file($clientPrivateKeyPath);
    $pvt_cert = ws_get_cert_from_file($clientCertificate);
    $rec_cert =  ws_get_cert_from_file($serverPem);

    $sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,
                    "certificate" => $pvt_cert,
                                            "receiverCertificate" => $rec_cert
                                     ));
    return $sec_token;
}

public function getClient() {
    if ($this->webpay_client == null) {
    $serverPem = 'ssl/newcert.pem';
    $wsdl_xml = "service.wsdl";
        $this->webpay_client = new WSClient
                (
                    array ("wsdl" => $wsdl_xml,
                        "classmap" => $this->getClassMap(),
            "policy" => $this->getWSPolicy(),
                        "securityToken" => $this->getWSSecurityToken(),
            "HTTPMethod" => "post",
            "useSOAP" => 1.1,
            "CACert" => $serverPem,
                        )
                );
    }
    return $this->webpay_client;
}

也许有人可以帮助/指出我如何解决这个问题?或者如何调试以设置其他一些选项?(Tcpdump 显示消息并提到响应)。

编辑:我在 wsf 日志中发现 WSPolicy 中的其他策略已发送到服务器:

wso2-wsf-php-src-2.1.0/src/wsf_policy.c(221) [WSF/PHP] creating rampart client outgoing policy node 
     <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10></sp:WssX509V3Token10></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10></sp:WssX509V3Token10></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256Rsa15></sp:Basic256Rsa15></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict></sp:Strict></wsp:Policy></sp:Layout></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:MustSupportRefKeyIdentifier></sp:MustSupportRefKeyIdentifier><sp:MustSupportRefIssuerSerial></sp:MustSupportRefIssuerSerial><sp:MustSupportRefEmbeddedToken></sp:MustSupportRefEmbeddedToken></wsp:Policy></sp:Wss10></wsp:All></wsp:ExactlyOne></wsp:Policy>

这会产生这样的错误吗?

4

0 回答 0