1

我需要使用 .net 应用程序调用由证书签名的 java web 服务。

我使用以下代码签署客户端:

private void SignWebService()
{
    X509SecurityToken token = GetSecurityToken();
    if (token == null)
        return;
    SoapContext requestContext = service.RequestSoapContext;
    requestContext.Security.Timestamp.TtlInSeconds = 60;
    requestContext.Security.Tokens.Add(token);
    requestContext.Security.Elements.Add(new MessageSignature(token));  
}

private X509SecurityToken GetSecurityToken()
{
    X509CertificateStore store = null;
    try
    {
        ServicePointManager.ServerCertificateValidationCallback = delegate(object s, System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; };
        store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
        bool open = store.OpenRead();
        string subjectName = "CN=Subj";
        foreach (X509Certificate cert in store.Certificates)
        {
            if (cert.Subject == subjectName)
            {
                return new X509SecurityToken(cert);
            }
        }
        return null;
    }
    catch (Exception ex)
    {
        return null;
    }
    finally
    {
        if (store != null) { store.Close(); }
    }
}

此代码来自http://msdn.microsoft.com/en-us/library/ms819963.aspx 这些方法已成功执行,但之后我的 SOAP 请求根本不包含标头(包括安全部分)

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
...

但 SOAP 请求应该是

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-1291D6734F69DFCCEA135605219106422">
...

我可以做些什么来添加带有安全部分的标题?

谢谢你的帮助。

4

0 回答 0