我試圖連接到具有一些特殊安全要求的Java服務 它應該通過https,使用用戶名身份驗證,並應使用數字證書對身體進行簽名。使用UserNameOverTransport證書的WCF簽名證書
的消息應該是這樣的:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.pines.colpatria.com/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">CleartextPassword</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">47uxAPDBQ9+08VQwMKpwBw==</wsse:Nonce>
<wsu:Created>2012-04-02T16:44:56.652Z</wsu:Created>
</wsse:UsernameToken>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-5B113CBB86C1CDE6BA133338509660810" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIGRzCCBS+gAwIBAgIQEKUzpntcNVROheEPzOI11zANBgkqhkiG9w0BAQUFADCCAU8xcjBwBgNVBAkTaUNSIDcgTiAyNi0yMCBQIDE4IC0gaHR0cDovL3d3dy5jZXJ0aWNhbWFyYS5jb20gLSBURUxTIDU3LTEtNzQ0MjcyNyA1Ny0wMTgwMDAxODE1MzEgLSBpbmZvQGNlcnRpY2FtYXJhLmNvbTEPMA0GA1UEBxMGQk9HT1RBMRkwFwYDVQQIExBESVNUUklUTyBDQVBJVEFMMQswCQYDVQQGEwJDTzErMCkGA1UECxMiQ0VSVElDQU1BUkEgUy5BLiAtIE5JVCA4MzAwODQ0MzMgNzFFMEMGA1UEChM8Q0VSVElDQU1BUkEgUy5BLiAtIFNPQ0lFREFEIENBTUVSQUwgREUgQ0VSVElGSUNBQ0lPTiBESUdJVEFMMSwwKgYDVQQDEyNBQyBJTlRFUk1FRElBIERFTU8gQ0VSVElDQU1BUkEgUy5BLjAeFw0xMTA5MzAxNTMyMzFaFw0xMjA5MzAxNTMyMzFaMIHDMQswCQYDVQQGEwJDTzEPMA0GA1UEBxMGQk9HT1RBMSAwHgYDVQQKExdPTElNUElBIE1BTkFHRU1FTlQgUy5BLjEgMB4GA1UEAxMXT0xJTVBJQSBNQU5BR0VNRU5UIFMuQS4xLDAqBgkqhkiG9w0BCQEWHXNvcG9ydGVAb2xpbXBpYW1hbmFnZW1lbnQuY29tMRowGAYKKwYBBAGBtWMCAxMKOTAwMDMyNzc0NDEVMBMGA1UECBMMQ1VORElOQU1BUkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOZhKSdfp1rVBXoahaTyXcOlUfRy6aYYuX4YNhkt0vYWxXFfsLTYSZOVTKZnUvklNEGBV70nzyqN8ZSXy3/jJ1yp965wRjcLHEFHwR42ABe1PK3fQMwsdqlpWkWWz0Pg02VwpHbLwcmDR41YTlnHCmPXzokVrT5YeteKViaWsrhUS4OvSajD7Y9aQ17uHoQusxjtBapA2wF551wMViICfYWqCamcYZRwGb1AlnuAF7vbRNveThy8mgvhHKiLaK13PxvaoOFusc8/429Dxdj1HMwt00g9MY1Nr24YtwHtJn+kVY8ocnghe4kVsAlnJ2Y0evHAPozRaFLFxY2E2dy6dwIDAQABo4IBpjCCAaIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA/gwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFGVAMg3XiBrJPcjeOgXcA+6cGHHZMB8GA1UdIwQYMBaAFEM61wg0nEqdr0ZKhe9fFWthjbtoMIGQBgNVHSAEgYgwgYUwgYIGCysGAQQBgbVjMgFQMHMwKwYIKwYBBQUHAgEWH2h0dHA6Ly93d3cuY2VydGljYW1hcmEuY29tL2RwYy8wRAYIKwYBBQUHAgIwOBo2Q2VydGlmaWNhZG8gZW1pdGlkbyBwb3IgbGEgQ0EgRGVtbyBkZSBDZXJ0aWNhbWFyYSBTLkEuMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3BkZW1vLmNlcnRpY2FtYXJhLmNvbTA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vd3d3LmNlcnRpY2FtYXJhLmNvbS9jYWRlbW8uY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCVcPRROZHgjjMzY1rM/gTK0cjN0CcO4KLht/nNPFUGIlVXDy21zhy2qOe2xF/IFnvU1vdVIaBzKdamILamfHrpYgsIZS5qqUJayI0E9Y+6cKHVTBgKOS1Yj0u7v2BP5wx+43d4wr2EuAsiQgClSQjrG3HP4rx7vnl8e6vn7uiEGzDJD1H0wQXHpYIWJGaLgn6B1xnFNZEbH4PxlpIsTU+/0Y+Y/GHab8tVDGv18AxtGXTkasuRuoYa/oA8mJI/BpfHYTpoS07euKYqhj1ujbTc6Y5dCGxiYEub4xhRMjJBxTEfsDYqJKsYYGyrWMXcncpNwQHWNDj6OOwKvspC3jg2</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-10" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-11">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>UQDWhRGwU6vhHsggA7k3IGEpShM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
lDfT2Rol8AEjTq654f36HK7TwlEYJFMw/Q8PXRvoW12aLHdZkB9mndVTJvdsTdoW4C51qyjjsD0I
xHaCtHgpbpnEe9vihLJuQs4tDkS1t/IjPeMdsgi2P3VxcKyeEJRc37TX+IX5jR42GrAXZGZ5GwSa
rEpbpuWQSFhbJBQWRAInDbIpIkKV4jmiSbHHpeiI9Uvv8u6ZNXEx5vuoeia5AYtnCFtxkTcg0ukJ
EZabIPiNIybYFnqBwFcPiIajfnAGl2QSm6Mdz9aiD4tVHXKGaySjY6/IoIomQ0lVMZzW/F3ZA8GA
yvkZq4223hxCGcffvsAPePecFwun+QwcA9MR1Q==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-5B113CBB86C1CDE6BA133338509660911">
<wsse:SecurityTokenReference wsu:Id="STRId-5B113CBB86C1CDE6BA133338509660912" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-5B113CBB86C1CDE6BA133338509660810" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>http://myserveraddress/service/execCommandRequest</wsa:Action>
<wsa:MessageID>uuid:948a7f98-42f2-422a-9b0f-07e74c6a7ce7</wsa:MessageID>
<wsa:To>https://myserveraddress/service</wsa:To>
</soapenv:Header>
<soapenv:Body wsu:Id="id-11" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<web:execCommand>
<arg0>1</arg0>
<!--Optional:-->
<arg1>1</arg1>
</web:execCommand>
</soapenv:Body>
</soapenv:Envelope>
我已經使用了SoapUI測試成功地服務,但我需要使用WCF .NET客戶端,但我不知道如何做到這一點。
我一直在使用以下綁定嘗試,但它正確地創建用戶名令牌(雖然它不創建隨機數或創建的元素,但是這不是一個問題),但它不簽字身體
<basicHttpBinding>
<binding name="PinesPortBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
我怎樣才能使用證書編程簽名身體,並驗證響應的簽名?
有沒有其他辦法可以做到這一點?
Chekck這個......或許它可以幫助... http://stackoverflow.com/questions/4666970/signing-soap-messages-using-x-509-certificate-from-wcf-service-to -java-webservic – DkAngelito 2012-04-03 04:18:33