0
我有一個WebService部署到服務器中,一個客戶端正在執行請求。我有建立SSL連接的客戶端和服務器證書,並在服務器端建立簽名,然後客戶端嘗試驗證它。 問題是當服務器簽署它看起來像這樣一個SOAP消息:Java SOAP標題標記和名稱空間僅出現在響應中
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope">
<S:Body>
<ns2:ResponseMessage xmlns="urn:iec62325.504:messages:1:0" xmlns:ns2="http://iec.ch/TC57/2011/schema/message">
<ns2:Header>
<ns2:Verb>reply</ns2:Verb>
<ns2:Noun>QueryData</ns2:Noun>
<ns2:Timestamp>2016-11-17T15:44:51Z</ns2:Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>yLDpd7Nck0LUBDjoKHM/uh/iCad2v5GhFR+7GTWBNh0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>iovrYXAs+UttPJmu+5kZvnQ6P7XqhfrFd6nEgtArCRT/BwsIZlo6QYH5nCK/M67jCVTHcRso0KDa
o/1YUeZLi6btLu0I9rNKrlXEp7x08ZRrG0sCqaGV//8AK4jnQDJ7TR4At0lfJg/JMniNAxmTCb3M
Py6iP5t4LVlvRPVEb1G44uCzMTjtcseTEPJ+/k+CIsOqQ5zA4Srk05bMdkkse62bGqMPMoqBpU0K
5r29Wl0ZXre/tIt5LJ/7el27MtaIqpo+9CgroFJZUIu6p8Em5p5/s4c5VknWCK2VZVGe7vhjHuiN
vUlbVWV0DiXHC92jQ2Ty4BTMGABALY40h2V7Bg==</SignatureValue>
<KeyInfo>
<X509Data>
...
當郵件由客戶端的手柄逮住,它看起來像這樣:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header/>
<S:Body>
<ns2:ResponseMessage xmlns="urn:iec62325.504:messages:1:0" xmlns:ns2="http://iec.ch/TC57/2011/schema/message">
<ns2:Header>
<ns2:Verb>reply</ns2:Verb>
<ns2:Noun>QueryData</ns2:Noun>
<ns2:Timestamp>2016-11-17T15:44:51Z</ns2:Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
...
之間的事情發送和接收的insertting這個命名空間:
的xmlns:ENV = 「http://www.w3.org/2003/05/soap-envelope」
和這個空標記:
< ENV:頁眉/>
而對於這一點,客戶端無法驗證
web服務由Netbeans的嚮導生成通過量這簽名wsdl with JAX-WS:
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:cmsg="urn:iec62325.504:messages:1:0" xmlns:wss="urn:iec62325.504:wss:1:0"
xmlns:msg="http://iec.ch/TC57/2011/schema/message" targetNamespace="urn:iec62325.504:wss:1:0">
<types>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import namespace="urn:iec62325.504:messages:1:0"
schemaLocation="../xsd/urn-iec62325-504-messages-1-0.xsd"/>
<xs:import namespace="http://iec.ch/TC57/2011/schema/message"
schemaLocation="../xsd/http-iec-ch-TC57-2011-schema-message.xsd"/>
</xs:schema>
</types>
<message name="msgRequestMessage">
<part name="parameter" element="msg:RequestMessage"/>
</message>
<message name="msgResponseMessage">
<part name="parameter" element="msg:ResponseMessage"/>
</message>
<message name="msgFaultMsg">
<part name="msgFaultMessage" element="msg:FaultMessage"/>
</message>
<portType name="port_TFEDI_type">
<operation name="request">
<input message="wss:msgRequestMessage"/>
<output message="wss:msgResponseMessage"/>
<fault name="msgFaultMessage" message="wss:msgFaultMsg"/>
</operation>
</portType>
<binding name="binding_TFEDI" type="wss:port_TFEDI_type">
<soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="request">
<soap12:operation soapActionRequired="false" style="document"/>
<input>
<soap12:body use="literal"/>
</input>
<output>
<soap12:body use="literal"/>
</output>
<fault name="msgFaultMessage">
<soap12:fault name="msgFaultMessage" use="literal"/>
</fault>
</operation>
</binding>
<service name="ServiceEME">
<port name="Service_EME_Port" binding="wss:binding_TFEDI">
<soap12:address location="http://example.com/WebService_EME/Service_EME"/>
</port>
</service>
</definitions>
服務是完美的工作,但我不知道如何避免這個標籤。
謝謝
這是不正確的。標題元素是可選的。 –