WCF - Java Web服务互操作 - 不接受签名的传出消息

时间:2010-09-14 12:53:03

标签: wcf ws-security interop

我尝试使用证书和私钥来签署消息来调用java(JBoss)Web服务,但服务器拒绝接受我签名的消息。它只回显了我发送的同一条消息。

我已使用证书成功签署了外发邮件,当我将其与Web服务创建者提供的示例邮件进行比较时,邮件的结构看起来不错。

我使用如下所示声明的自定义绑定

<binding name="FSACustomServiceBinding"
             closeTimeout="00:01:00"
             openTimeout="00:01:00"
             receiveTimeout="00:10:00"
             sendTimeout="00:01:00">
      <textMessageEncoding
        messageVersion="Soap11" />
      <security
        authenticationMode="MutualCertificate"
        requireDerivedKeys="false"
        keyEntropyMode="ClientEntropy"
        includeTimestamp="false"
        securityHeaderLayout="Lax"
        messageProtectionOrder="SignBeforeEncrypt"
        messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
        <secureConversationBootstrap />
      </security>
      <httpTransport/>
    </binding>

,生成的消息如下所示

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[BINARYSECURITYTOKEN]</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <Reference URI="#_1">
 <Transforms>
  <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </Transforms>
 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>[DIGESTVALUE]</DigestValue>
 </Reference>
</SignedInfo>
<SignatureValue>[SIGNATUREVALUE]</SignatureValue>
<KeyInfo>
 <o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2"/></o:SecurityTokenReference>
</KeyInfo>
</Signature></o:Security></s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://etis.ford.com/services/fsa/1.0"><String_1 xmlns="">[VINNUMBER]</String_1></list></s:Body>
</s:Envelope>

适用于Web服务的示例消息:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"     xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://etis.ford.com/services/fsa/1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-26-1284446233382-10880960">[BINARYSECURITYTOKEN]</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference URI="#element-25-1284446233382-9656454">
 <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>[DIGESTVALUE]</ds:DigestValue>
 </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[SIGNATUREVALUE]</ds:SignatureValue>
<ds:KeyInfo>
 <wsse:SecurityTokenReference><wsse:Reference URI="#token-26-1284446233382-10880960"     ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="element-25-1284446233382-9656454"><ns0:list><String_1>[VINNUMBER]</String_1></ns0:list></env:Body>
</env:Envelope>

我已经没有想法了,而且网络服务创建者也没有提供任何有关为什么我的邮件不被接受的信息。

有没有人有想法?

此致 西蒙

1 个答案:

答案 0 :(得分:0)

一种可能性是您使用的是Jboss服务器不信任的自签名证书。