2010-09-14 42 views
4

我嘗試使用證書和私鑰來調用Java(JBoss)Web服務來簽署消息,但服務器拒絕接受我簽名的消息。它只回應我發送的相同信息。WCF - Java web服務互操作 - 不接受簽名傳出消息

我已經使用證書成功地簽署了傳出消息,並且當我將其與Web服務創建者提供的檢查消息進行比較時,消息的結構看起來沒問題。

我使用自定義綁定聲明如下圖所示

<binding name="FSACustomServiceBinding" 
      closeTimeout="00:01:00" 
      openTimeout="00:01:00" 
      receiveTimeout="00:10:00" 
      sendTimeout="00:01:00"> 
     <textMessageEncoding 
     messageVersion="Soap11" /> 
     <security 
     authenticationMode="MutualCertificate" 
     requireDerivedKeys="false" 
     keyEntropyMode="ClientEntropy" 
     includeTimestamp="false" 
     securityHeaderLayout="Lax" 
     messageProtectionOrder="SignBeforeEncrypt" 
     messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
     <secureConversationBootstrap /> 
     </security> 
     <httpTransport/> 
    </binding> 

並將得到的消息是這樣的

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:BinarySecurityToken u:Id="uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[BINARYSECURITYTOKEN]</o:BinarySecurityToken> 
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
<Reference URI="#_1"> 
<Transforms> 
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>[DIGESTVALUE]</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue>[SIGNATUREVALUE]</SignatureValue> 
<KeyInfo> 
<o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2"/></o:SecurityTokenReference> 
</KeyInfo> 
</Signature></o:Security></s:Header> 
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://etis.ford.com/services/fsa/1.0"><String_1 xmlns="">[VINNUMBER]</String_1></list></s:Body> 
</s:Envelope> 

與Web服務工作的exampel消息:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://etis.ford.com/services/fsa/1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<env:Header> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="1"> 
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-26-1284446233382-10880960">[BINARYSECURITYTOKEN]</wsse:BinarySecurityToken> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
<ds:Reference URI="#element-25-1284446233382-9656454"> 
<ds:Transforms> 
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
<ds:DigestValue>[DIGESTVALUE]</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue>[SIGNATUREVALUE]</ds:SignatureValue> 
<ds:KeyInfo> 
<wsse:SecurityTokenReference><wsse:Reference URI="#token-26-1284446233382-10880960"  ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature></wsse:Security></env:Header> 
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="element-25-1284446233382-9656454"><ns0:list><String_1>[VINNUMBER]</String_1></ns0:list></env:Body> 
</env:Envelope> 

我用完了想法,Web服務創建者不提供任何信息永遠不會接受我的信息。

有沒有人有想法?

問候, 西蒙

+0

嘿西蒙,你有沒有得到這個地方? – 2012-02-06 11:37:08

回答

0

一種可能性是,您使用的是自簽名證書的JBoss服務器不信任。