4

我尝试使用证书和私钥对消息进行签名以调用 java (JBoss) Web 服务,但服务器拒绝接受我的签名消息。它只会回显我发送的相同消息。

我已使用证书成功签署了传出消息,当我将其与 Web 服务创建者提供的示例消息进行比较时,消息的结构看起来还不错。

我使用如下所示声明的自定义绑定

<binding name="FSACustomServiceBinding"
             closeTimeout="00:01:00"
             openTimeout="00:01:00"
             receiveTimeout="00:10:00"
             sendTimeout="00:01:00">
      <textMessageEncoding
        messageVersion="Soap11" />
      <security
        authenticationMode="MutualCertificate"
        requireDerivedKeys="false"
        keyEntropyMode="ClientEntropy"
        includeTimestamp="false"
        securityHeaderLayout="Lax"
        messageProtectionOrder="SignBeforeEncrypt"
        messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
        <secureConversationBootstrap />
      </security>
      <httpTransport/>
    </binding>

结果消息如下所示

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[BINARYSECURITYTOKEN]</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <Reference URI="#_1">
 <Transforms>
  <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </Transforms>
 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>[DIGESTVALUE]</DigestValue>
 </Reference>
</SignedInfo>
<SignatureValue>[SIGNATUREVALUE]</SignatureValue>
<KeyInfo>
 <o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2"/></o:SecurityTokenReference>
</KeyInfo>
</Signature></o:Security></s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://etis.ford.com/services/fsa/1.0"><String_1 xmlns="">[VINNUMBER]</String_1></list></s:Body>
</s:Envelope>

与 Web 服务一起使用的示例消息:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"     xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://etis.ford.com/services/fsa/1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-26-1284446233382-10880960">[BINARYSECURITYTOKEN]</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference URI="#element-25-1284446233382-9656454">
 <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>[DIGESTVALUE]</ds:DigestValue>
 </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[SIGNATUREVALUE]</ds:SignatureValue>
<ds:KeyInfo>
 <wsse:SecurityTokenReference><wsse:Reference URI="#token-26-1284446233382-10880960"     ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="element-25-1284446233382-9656454"><ns0:list><String_1>[VINNUMBER]</String_1></ns0:list></env:Body>
</env:Envelope>

我的想法已经用完了,Web 服务创建者也没有提供任何信息来说明为什么我的消息不被接受。

有人有想法吗?

问候,西蒙

4

1 回答 1

0

一种可能性是您正在使用 Jboss 服务器不信任的自签名证书。

于 2011-09-17T15:26:21.967 回答