我有一个自定义绑定,如下所示,用于我试图从soapUI 4.5.1 调用的 WCF 服务
<customBinding>
<binding name="NewBinding0">
<transactionFlow />
<security authenticationMode="MutualCertificate"
defaultAlgorithmSuite="Basic128"
securityHeaderLayout="Lax"
includeTimestamp="false"
messageProtectionOrder="SignBeforeEncrypt"
allowInsecureTransport="true"
requireSignatureConfirmation="false"
requireDerivedKeys="false"
keyEntropyMode="ClientEntropy"
requireSecurityContextCancellation="false"
allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
>
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
从soapUI 调用时,WCF 抛出以下异常:
算法套件 Basic128 不接受算法“ http://www.w3.org/2001/04/xmlenc#rsa-1_5 ”操作“AsymmetricKeyWrap”。
下面是 WSS 部分的配置方式,已经配置了 Keystores 和 Trueststores
这是原始传出请求的样子:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tem="http://tempuri.org/">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedKey Id="EK-37BB785632FD23967C136977675208948" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=MyRootCA</ds:X509IssuerName>
<ds:X509SerialNumber>32788490101032957713662863797677002373</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>byVbBr2KbCGtit5qxukBt4kJncBRhSAlhwzQbEOJMB53nvSa2KyVEvOzqhW7cPPaSYQ9lusM/sUi6IIkPqYq6MK4PlAUDzCdRLDfi8czCIRd60lzzIoZDsgrP5Wb6KCueUfJqQa3KlMhixG5SVy24JnwFiga1OXFFMhVzQogAxU=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-36"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<ds:Signature Id="SIG-35" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-34">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="tem" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>235Fv28ZEcq/dSboJJff39GP4qw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>pVCiebPEEhjFnNUyMqTzaTdi3+gAb3kvEmaNGeM16aq7gRoXqC6swMd8lc3wVJbYu99vey6/P/tG
h3DWNApSPdG2GepGU61v1tMvhQUoO50RMwPOCqcNh7sm2Ednd9+e/iz2swgXpW2snAjRtlXQLwG7
4hGH8/kRZVhkjw66fps=</ds:SignatureValue>
<ds:KeyInfo Id="KI-37BB785632FD23967C136977675207146">
<wsse:SecurityTokenReference wsu:Id="STR-37BB785632FD23967C136977675207147">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIB+zCCAWigAwIBAgIQGKrVX7X9U4RCiiMNRKUOhTAJBgUrDgMCHQUAMBMxETAPBgNVBAMTCE15Um9vdENBMB4XDTEzMDUxNTE3MzMyMFoXDTM5MTIzMTIzNTk1OVowIzEhMB8GA1UEAxMYY2EtbC05d2Z2cm0xLmNlcmlkaWFuLmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL9eCKbDpBRXhNSHKAynHtGcbKV0ex6GINUmEsT7MVdfiV3Uo6uhPsSFkTXP94A1NjAoAPbnwqAngSNSy0pVp+tOJEMrAUVylr7ZTyWuuLeS0VjNr5uPa0g7DU0ql2lplX7YoUHvkukOWZZxXaW357xaRK8CaOhgOL46L5R01K7wIDAQABo0gwRjBEBgNVHQEEPTA7gBBCVjzLsGaGduGc3BI9ivDUoRUwEzERMA8GA1UEAxMITXlSb290Q0GCEG8TS3oSQretQKuGdksAAKkwCQYFKw4DAh0FAAOBgQAHy35qBBHWwLunZwIjpx/C4rCXINVbns0Bmb8GCAXqPRd9iFc/mHDgaYP9v8UC7arcAzRO4ZAVR6rHn61rOOk6MZf5xxiCcBwuFApcTg9jGlO+i4Y46k+qCbkHfVgayL//5zRe44bZOb1n4T770Qk2bANYmbkvEBIOx7N42frMPw==</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>http://tempuri.org/IMyService/GetData</wsa:Action>
</soap:Header>
<soap:Body wsu:Id="id-34" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="ED-36" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#EK-37BB785632FD23967C136977675208948"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>9ez6pmcUrPH2Riimre1Lbcz0UvFsun2uEMgxmwko7fzqEv+iOzjG5G4Iw4yH8RL5tapABcmGfykgqi7L/r4dLkEqulsjgGm8Zu6D0DcYj11Ft+2sM9C6kBaFd+gEX64gy6MXJSSmoCWnw8PaG8D/uwdZRtMJuDRUWlLU8tVv93vA0XtUwqZdaVa93bYX6xKwGI+JRUBkMadbXTGTswFT2Hc+zO9Tpo7eHIPmWwEBWfHegEy5/4TMy99lzzm30LQFDw/lpqqfdOeuCM9KL93Hg6eOyeKYx2d6/4bSIK1LP1uI0yhYbV+TEXP5iMjrwj6lcZjDBenKn1ayJ6QzW5k0yHiyfQeXHFYLPZNCWHnTD10FYoqCs0n8OXDvlmwaf7suZkbyAC6xblwV5Tqt/Mm8dQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
如果我将用于在 WCF 中签名和加密消息的算法更改为defaultAlgorithmSuite="Basic128Rsa15",那么我会在 WCF 跟踪中得到一个不同的异常:
<Message>Message security verification failed.</Message>
..InnerException>
<ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>A mismatch occurred on the algorithm for the transform.</Message>
有人知道什么设置会起作用吗?任何帮助是极大的赞赏。我一直在关注@Yaron Naveh 博客和其他关于 SO 的建议,但到目前为止没有任何效果。