问题描述
我已经访问了几乎所有与我的问题相关的 StackOverflow 问题,但无法从中得到任何想法。这就是我决定询问的原因。
我必须在 c# 中使用基于 Java 的 SOAP 服务。
SoapUI 请求配置是
我需要的安全标头
<soapenv:Envelope
xmlns:ns="name space url"
xmlns:ns1="name space url"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-1B2DC25F2B168EC1EE1592912049599140">
<!--Binary Security token value-->
</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-1B2DC25F2B168EC1EE1592912049601144" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ns ns1 soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1B2DC25F2B168EC1EE1592912049599143">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ns ns1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>bYJZ+gUSBWzYvN9BU85AIrG+Khc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-1B2DC25F2B168EC1EE1592912049592139">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse ns ns1 soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>WqrmT1JqYzIVay3Tiso9oZxEki8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
<!--signature value-->
</ds:SignatureValue>
<ds:KeyInfo Id="KI-1B2DC25F2B168EC1EE1592912049599141">
<wsse:SecurityTokenReference wsu:Id="STR-1B2DC25F2B168EC1EE1592912049599142">
<wsse:Reference URI="#X509-1B2DC25F2B168EC1EE1592912049599140"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1B2DC25F2B168EC1EE1592912049592139">
<wsu:Created>2020-06-23T11:34:09.592Z</wsu:Created>
<wsu:Expires>2020-06-23T11:35:09.592Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-1B2DC25F2B168EC1EE1592912049599143" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
</soapenv:Body>
</soapenv:Envelope>
我创建的安全标头
<s:Envelope
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns="name space url"
xmlns:ns1="name space url" >
<s:Header>
<ActivityId CorrelationId="8c460bf2-547b-4acb-b1b3-37b8aeb3e1e9" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">00000000-0000-0000-0000-000000000000</ActivityId>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken
u:Id="uuid-ef870490-184f-4686-b72a-15f15915831a-1"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<!--Binary Security token value-->
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>f+P5i1Ny3wV/6BkLIPsXIhW98oY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<!--signature value-->
</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-ef870490-184f-4686-b72a-15f15915831a-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="_0" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<u:Created>2021-01-03T09:37:57.203Z</u:Created>
<u:Expires>2021-01-03T10:37:57.203Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body></s:Body>
</s:Envelope>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="_Port">
<!-- WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'url':-->
<!-- <wsdl:binding name='Binding'> -->
<!-- <wssp:Integrity xmlns:wssp="http://www.bea.com/wls90/security/policy">..</wssp:Integrity> -->
<!-- <wssp:MessageAge xmlns:wssp="http://www.bea.com/wls90/security/policy">..</wssp:MessageAge> -->
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
<binding name="Binding">
<textMessageEncoding messageVersion="Soap11" />
<httpTransport />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="service address"
binding="customBinding" bindingConfiguration="_Port"
contract="__ServiceType"
name="Port" >
</endpoint>
</client>
</system.serviceModel>
private Binding GetCustomBinding3()
{
var element = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
element.AllowInsecureTransport = true;
element.IncludeTimestamp = true;
element.EnableunsecuredResponse = true;
//element.RequireSignatureConfirmation = false;
//messageSecurity.RequireSignatureConfirmation = true;
element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
//element.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
element.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
element.LocalClientSettings.TimestampValidityDuration = TimeSpan.FromHours(1);
//element.MessageProtectionorder = MessageProtectionorder.SignBeforeEncrypt;
element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
element.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampLast;
element.SetKeyDerivation(false);
//element.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
var httpsTransport = new HttpsTransportBindingElement { RequireClientCertificate = true };
var textMessage = new TextMessageEncodingBindingElement(MessageVersion.soap11,Encoding.UTF8);
var binding = new CustomBinding();
binding.Elements.Add(element);
binding.Elements.Add(textMessage);
binding.Elements.Add(httpsTransport);
return binding;
}
我正在调用这样的服务
var identity = EndpointIdentity.CreateX509CertificateIdentity(GetCertificate());
//var identity = EndpointIdentity.CreatednsIdentity(Common.serviceEndPoint);
var address = new EndpointAddress(new Uri(Common.clientEndpointAddress),identity);
var client = new USSekundaereErhvervsmaessigeBrugereServiceTypeClient("Port",address);
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.TrustedPeople,X509FindType.FindByThumbprint,Common.clientCertificateFindValue);
client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication{CertificateValidationMode = X509CertificateValidationMode.None};
client.Endpoint.Binding = GetCustomBinding3();
client.open();
var response = client.getUSKoeretoejRegistreringSekundaerErhvervListeHent(GetRequest(vehicleInfo));
System.ServiceModel.FaultException: Could not validate signature using any of the supported token types\r\n\r\n
如果有人提供一些我做错的建议,这对我会很有帮助。 提前致谢。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)