2

首先,我不得不说我是一个关于网络服务的菜鸟,这就是我寻求帮助的原因。我需要使用 WS-Security 联系合作伙伴 Web 服务(用 Java 编码)。他们给了我来自 SoapUI 的有效 SOAP 请求(见下文)。他们告诉我生成证书以使用“颁发者名称”和“序列号”签署每个请求。

<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <ds:Signature Id="Signature-272" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-257">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>36iYibFfBPkl3txny4y0c+ekpII=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
        [SIGNATURE_HERE]
        </ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-47898F24E5D247647A1354811737556419">
            <wsse:SecurityTokenReference wsu:Id="STRId-47898F24E5D247647A1354811737556420" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:X509Data>
                <ds:X509IssuerSerial>
                    <ds:X509IssuerName>[ISSUER_NAME_HERE]</ds:X509IssuerName>
                    <ds:X509SerialNumber>[SERIAL_NUMBER_HERE]</ds:X509SerialNumber>
                </ds:X509IssuerSerial>
                </ds:X509Data>
            </wsse:SecurityTokenReference>
        </ds:KeyInfo>
    </ds:Signature>
</wsse:Security>

我已经制作了一个证书和一个客户端 WCF 来使用这个 Java 服务。我知道 WCF 使用具有正确绑定的 WS-Security,问题是我完全不知道如何设置我的自定义绑定以发送类似的 SOAP 请求。

谁可以帮我这个事 ?

我设法像这样签署了一个 SOAP 请求:

<s:Header>
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo8UTBBd8ndRApttX6H4RJEMBAAAAvgx/52oS4EulUaoW1htOkwnWJIGb+3hDh/wIKsKPzp8ACQAA</VsDebuggerCausalityData>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:BinarySecurityToken u:Id="uuid-02a3636d-6fcd-446c-9ded-5a9a8373e12c-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
                [TOKEN_HERE]
            </o:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#_1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>G6+dynIq7UBMD0R2ft0CcKfW0vA=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>
                    [SIGNATURE_HERE]
                </SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-02a3636d-6fcd-446c-9ded-5a9a8373e12c-2"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>

但是 SecurityTokenReference 标记不匹配。您知道如何将 IssuerName 和 SerialNumber 参数添加到请求中吗?

4

0 回答 0