我在 .NET 中开发了一个测试客户端来连接到 SOAP web 服务(我无权访问服务器代码):
使用提琴手,我得到了成功的响应,并且能够看到响应消息,但我总是收到带有此消息的“System.ServiceModel.Security.MessageSecurityException”:
Cannot resolve signature URI '#MsgBody' to calculate implicit value.这是我的代码:
//Setup custom binding with HTTPS + Body Signing + Soap1.1
CustomBinding bindings = new CustomBinding();
//HTTPS Transport
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
//Body signing
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.EnableUnsecuredResponse = true;
asec.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampLast;
asec.IncludeTimestamp = true;
asec.InitiatorTokenParameters = new
System.ServiceModel.Security.Tokens.X509SecurityTokenParameters
{ InclusionMode = SecurityTokenInclusionMode.Never };
asec.RecipientTokenParameters = new
System.ServiceModel.Security.Tokens.X509SecurityTokenParameters
{ InclusionMode = SecurityTokenInclusionMode.Never };
asec.MessageProtectionOrder =
System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
asec.DefaultAlgorithmSuite =
System.ServiceModel.Security.SecurityAlgorithmSuite.TripleDesRsa15;
asec.EndpointSupportingTokenParameters.Signed.Add(
new X509SecurityTokenParameters());
//Setup for SOAP 11 and UTF8 Encoding
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
//Bind in order (Security layer, message layer, transport layer)
bindings.Elements.Add(asec);
bindings.Elements.Add(textMessageEncoding);
bindings.Elements.Add(transport);
// Configure identity and endpoint address
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("w43sc Plataforma de Integracion");
AddressHeader[] addressHeaders = new AddressHeader[0];
AddressHeaderCollection headers = new AddressHeaderCollection(addressHeaders);
EndpointAddress url = new EndpointAddress(new Uri(@"https://svc.integracion.test.example.net/ctxweb/secured_ssl/x53jiGetIntermediacionWS"), identity, headers);
ClientServiceReference.IntermediacionPortTypeClient client = new ClientServiceReference.IntermediacionPortTypeClient(bindings, url);
client.ClientCredentials.ClientCertificate.Certificate = Config.x509clientCertificate;
// Specify a default certificate for the service.
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, "118b", false);
X509Certificate2 serviceCertificate = null;
if (certs.Count > 0)
{
serviceCertificate = certs[0];
}
client.ClientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
var vs = client.Endpoint.EndpointBehaviors.FirstOrDefault((i) => i.GetType().Namespace == "Microsoft.VisualStudio.Diagnostics.ServiceModelSink");
if (vs != null)
{
client.Endpoint.Behaviors.Remove(vs);
}
client.Open();
ClientServiceReference.Respuesta response = null;
//=====================================================================================
try
{
response = client.peticionSincrona(peticion);
Console.WriteLine("Response received");
}catch(System.ServiceModel.Security.MessageSecurityException messageSecurityException)
{
Console.WriteLine(messageSecurityException.Message);
if (messageSecurityException.InnerException != null)
{
Console.WriteLine(messageSecurityException.InnerException.Message);
}
}
//=====================================================================================
if (client != null)
{
if (client.State == System.ServiceModel.CommunicationState.Faulted)
client.Abort();
else
client.Close();
}
回复(我已经从正文中删除了机密数据):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#MsgBody">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>EWrV+35DziZc5ed5KKtEL97C5SY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
SVvwXWHB/Td9L/h0PuOKhIe2CmbZGd+ONfKVJ0Be6zOVKlnmF2rFmuTHK49vQObN0S1OHrNc9Dat
N2K0X0BcxxvsLQdl+jQeyswDzGORMsj9QVaZNNiATuQi9q9CDtbUFLCBP2KFt5lr2/BASr0GzoMo
ZBKEaQnbacT+9yMciwnyuMxlspQ/48dhFLfcZo84MkCtFJ5MF76dnHflnkT3fQArGfH688fUYSDS
y85l1UHKcyG4cUqOz8l1rPgek7yBZ0//EXEQU+v8ir7CxiOfBm/xvjcOkpD8rmflk9kmagU1CrC9
VtkZORQNyxsG8jmzapmxo0caoKWcFWnWg2FbtA==
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
<server_certificate>
</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>
<content_deleted>
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
<wsse:Security S:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken wsu:Id="bst_uk59PITZwfeJZtBp"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<server certificate here>
</wsse:BinarySecurityToken>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#Timestamp_dYk8YhwKY7fXMHZL">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>geHmvIvEvHEzwTdO6KqtIQr1Ao8=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#MsgBody">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>EWrV+35DziZc5ed5KKtEL97C5SY=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#bst_uk59PITZwfeJZtBp">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>BXwbmhjLVljiH/JzEjd+CxSGvw8=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
E4XsM14JlQaTw8xtRGAkOZkFrwTCt+dH4xsnb0Jt+/MW709ST7E+Onc+IUtxEF2rT6QoVxVxPsNNvcdmpxS9fY7j4KyJYuYuLtXNFeVoCa4JfAgfYnSTB79pn7iM//UrWzabCCfFpA9mmP/XyavKFwXynCh78v5IAy4y+XlcqSJCzKVO6lkxLy7jGOWtnJMIE7wtNSUFPD5sEr0EF7HR3m2+cf3/1nMrT3gffK5OF3PIcZULglW1PQELtr3tmSYs5LzedPsnxSWYv9lwwshu60VHG9mZpa0XFLBAxjgekuVxQGGJ+cR1SqNYgrVl8NupR9DzTl27pTxxOViKoilzhg==
</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="str_I3heBxrEjmLrXAP3"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#bst_uk59PITZwfeJZtBp"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsu:Timestamp wsu:Id="Timestamp_dYk8YhwKY7fXMHZL"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2023-03-18T17:53:58Z</wsu:Created>
<wsu:Expires>2023-03-18T17:54:58Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body Id="MsgBody" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<ns2:Respuesta xmlns="..."
xmlns:ns2="...">
Content of response here
</ns2:Respuesta>
</S:Body>
</soapenv:Envelope>
如您所见,响应中存在“MsgBody”URI。我试过很多配置,但我无法让它工作。我将响应与 SOAP UI 进行了比较,结果是一样的。 SOAP webservice,我认为它是使用Java开发的。
拜托,任何帮助将不胜感激。