Axis Web SVC。,.NET客户端-WS安全问题
https://stackoverflow.com/questions/4764488
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我正在使用.NET 2.0客户端与Axis Web服务进行通信。 Web服务不在我的控制中,也无法对其要求进行任何修改。
现在,我正在使用WSE 3.0来实施安全部件,但是我有很多问题可以让他们互相交谈。我目前的问题似乎是这个例外 -
Security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))
我已经在客户端实施了自定义WSE策略(创建一个自定义 SecurityPolicyAssertion, ,叠加 CreateClientOutputFilter(FilterCreationContext context) 并称为自定义 SendSecurityFilter 从中。在里面 SendSecurityFilter, ,我覆盖了 SecureMessage 方法,我添加了以下内容 -
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
clientToken = GetClientToken();
serverToken = GetServerToken();
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);
security.Elements.Add(new MessageSignature(clientToken));
// Encrypt the SOAP message with the client's security token.
security.Elements.Add(new Microsoft.Web.Services3.Security.EncryptedData(serverToken));
// Store the client and server security tokens in the request state.
RequestState state = new RequestState(clientToken, serverToken);
// Store the request state in the proxy's operation state.
// This makes these tokens accessible when SOAP responses are
// verified to have sufficient security requirements.
envelope.Context.OperationState.Set(state);
}
这将生成以下XML输出 -
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService" xmlns:types="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
</wsa:Action>
<wsa:MessageID>urn:uuid:e67780b6-dff4-4c41-8587-0a8980fa50ef</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>https://www.uhgdirectconnect.uhc.com/NASApp/phase2/services/SecureHIPAAService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-f6270878-1ad2-4635-9acc-6989f87f35e0">
<wsu:Created>2011-01-21T20:56:44Z</wsu:Created>
<wsu:Expires>2011-01-21T21:01:44Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f">MIICGjCCAYMCBEv9XCAwDQYJKoZIhvcNAQEEBQAwVDEaMBgGA1UEChMRcGF0aWVudHBvaW50a2lvc2sxGjAYBgNVBAsTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQDExFwYXRpZW50cG9pbnRraW9zazAeFw0xMDA1MjYxNzM2MzJaFw0yMDA1MjMxNzM2MzJaMFQxGjAYBgNVBAoTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQLExFwYXRpZW50cG9pbnRraW9zazEaMBgGA1UEAxMRcGF0aWVudHBvaW50a2lvc2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANEIOOGH+TbllK+Ayz7fEv9RkgrGtQHZNq0ibhwvkRU6Cv6on7pBIwj/jbha0H5U3gKiwyL1JGccHnhq4pWbOvFiR2zZDDXMCi5krwxfaIh7CYHDYOlaEymq+XbppblIefeScVTHoeghyMytESytQ9konB9DMK+rMNNZSLfebGs7AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAK9hC0wnujuAAILJNPEkfNOeZT6NFvKl2UByo62ejFlhskas4KYBU+D03FR45MJsaMCYa+rQJmAbQc7vrbowy+pN/1N7yap30KpGAhozuIOOI3TJtrMCT0elxzFZ2fktYO8ZnHTudDODODKOv/7kkiCfr+XvEs18OqLKDIA8lRpE=</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="SecurityToken-b29770db-3e56-46fe-8e73-030e1271568e" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YA3uSedFpwuFDpxOeGAudur3kJ0=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bZUxKs60Nrp5VzGGors9R5WZharm4uwSzLsFP6YvKCyHzXen2N/eARM+MVqXnXktncVIlK8wBahZhX6i1Vq6FkaOrOj8bjkXN4gdLrmFsXYD/v2sEFizMfEzhDo1tIItochTAr7ainJ8Hp6Nd/57lgaDzXDqO6Zxk1zK7tmJhaI=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" />
<xenc:DataReference URI="#Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>9qU0pd9g9YSHarlMHmx8+h+QQJOKvAQYbaktoMpZ0RPjKghp3pLbjps7Sa3MAKwmX6CzXHG2PWM5NBjzlgEDr4/nT5PcSBiPk1xEVdBRSQEjHrP/FmMfFtfMGZUN/O+BhCakNZy3FM8rx6ypo0hzoTHevoCEelT1Qom/mOYyyxqmpSXmLTqEvIxKGuP2IzcU13GBDnastZR1gcu2s2W+/PfQxoguXbluLNr62Pil0nw7Z/DkdPwDht2/1CNwFFB2LTftR650xTc4a/SqSIe3fiFvD7FPa8wqedieh6LEILtGQzG9hf8mz1SKq23rU1UEaW8DyGgxm7i389WGYNPiAhMGyX58pZ0jH939Sdv0Oy6GyjsVQ4wl5cmslJ2A4WZB3yoy2psXQjz6Y/4LUpiuwXryLYSZmeG1v8l+MPo9ijtcsjTHKWSIxHVbC4jqvOxA7R629UtGhh2OB3wiUe7dvtA4c6yrbLJVwiLCkd4LQubbR13xHR41gCC53fhhZWw4kSwh2w0VnmfZAshbsvGsdmXfWVlrwpT6HETz/U2Ue1n79/1hCYYnh4fPlSPrrwXCaG/7STy+t7GIVP1pAwIVtb0TdgFAtgc1xcCfWZl/VfoS8wIHD7raP2UXk51CDk/OdDxQ9ehxOfzr/MCVwM2f3l0oKfVifYQSCFaeKdmPOqm0YQEmbl9SQ/eieNN9dpdZlkkT1bDmakmLY1GoOnN6URy3UjTpXXLsQXlsoDdkdXQCOUqlSkqM2Zw1UJSF+g/QbaDXGKahQy6LtEVP1ZTCLB1DXlm4yiO6gWQUlAsYH0zMaDm0MwAxP6tKfYMQouCBJHXVEe3CY1U3kMPh74uKYjOXZR7EYLUdac0ngwSYKhI7LT2JuCdOSFj1sqXQtRp2FPPZKjNK1WNTlX9lrXksmonDSTwzLmlW48pKRFO6lcFS8yjh0kMOSx7CAnnmatjaXnLb6yRD/TIMq0EShaRTWn4nK9WHXQRkIgexG11hEsTfwxzlnZGDZAFeUgAMU3YMOmaI77IrHr8kdZRaeut5VUa+3zmTlArvn0D0EvHLkCGL28epkZyb9LVgQ/PUrDLUEsFgycrMH9wF4NLwF8EiOfNmfpSB/Lsxcku2zZNHZ7/pvZBLyDMO2nl74BWnCo1wMNVPxcFoFGbA983ghdruiIyBtMvUWLuc886m5Im0Jdz7QK2/Qk0ALAn4A32tyhVjuqnlAjsxBV7g+ePxjGlUKbNieXVxrnG23JpKNH0HtuxpDBab3azcQQbjRTIS18OFQ/Oj6tp81R57oswY7rbqVK4/X5wSU50vTNQeFbeTmlYWZm5fHjdYZ5sKV275CH3IB4BQqADjytOsyKh2uFqFbCovG7i/rq66b8LR5/WQQRQ=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Sig-1f8972b5-c8ca-40cb-a3b9-73b77907a16f">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>BqLTeIy97kFa+tO+gxVqVycpoNo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>xR4sJyQV0D05l4LAlDhV3BITnogNS1MwTv+Y6RBE4viKqYEywikx0fjhxOK+URZNXVRHkvzwSD8VhEHkG7SOqkF1ja5uixgRlyYQ/bMPOQGqTKrypdVhvJOvniNXV5Rk9Kw9QfGwUoIrj80CMgT/i1CMJcTzv4bknKV+/pyGLdo=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsu:Id="Id-ea44fad0-920a-4a3f-b4d0-39a7e7e510fa">
<xenc:EncryptedData Id="Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>uEvS6L3N0hNJJnKwXHfBhHqGhx9EjdKCtMmQ6afhvUmApaXvtNLjfQQMdD1QeFiLAtl5MIM4eL2zbabW9wkJL9LXal927uv/gDCoQTRy2wkDLtfpOD0KpueobvVDgUDNQ4T/80tdUbDrTAVU54Omk5G5V2Ib3jxhXe3gqLt3rBtwh7gQlRKiU+bz265bW2wl+jaI5E91QmNEpdnICp3kGwabXOmnO4RCu9571Qj+7h/Y9ZOd8kfV0dGDQ1uNva9uW7lnuZtweghQ1IAzKDfaGT83byagTYZxq9zUJ1kJXWJMrpGjSTSonv78BvQ+O6AAVXJmwALWoz+kNhob+SDJRMqefEk9GH++s7v10KKUA8mzcwz6J1/HfxGgSTJHWcAkctynos2hegwYP3cXNj6ODHwr6nsIcvVhZsDXo6CS5ffYBrBlA5PVabW2tPFlfm7AytpZsF67A8pkwSDXTPzMpjUOJL+BUDYln2kcgjJ+MQ7eiRzCfsMMZ54FHmLDlCjfpp1h6lkN3QWQjgp7oXsKo1dZKdo7o0V5YmZT+6LZYzpN5nySAu3mLo40paxb4+PsBXDlvUyUqnOKtuFmDFwwR+dp4Kf+MD6Jy1uHE8Z00z/x43jUKlxdNzcrlN/UJ6kXcOez6j+1JV13yWNGK3U9aDkp9urYUphl3oqtlvmi4pC9CJqC+EKs8a0vKLNKWzjRVt5RIbrRlOd6qH4XYgQp/qnQV8/pEHLQt8+S8u4pjrryDJ9JDjbixi5KPwFGjZlsHmMf1pvnex/bvribGdWF3v29zejI8kNerXe5H2BKSuBGrViVQ/1kcgwjejjrqX4junCLVbbjgBQmUAToxkpu/gzBi02O/CW4GbUzjhI8n4Et+nQiBSyhunlI1PNU3OfdooZ1aS0iPYmYoWpvSkiORazXwsn4nVhXYrm8gNEKvHCk3Ed3lI25i6vMnxBYSUJMDV5lvEgUaYsrwy32t/COpylKOzNL2pk15DGbfM+zzRgJmT2EYWkJbNX0nN9rV0il8MTjPOaQmw6Hwo4GU4AMBJXih1xwO+v1+sx9taGwlGBPzmxEO2dPJAlBu+OdpZsk2nMEwWo1dF3FSpEmKTEhnBm2t0e3miOno0bMBP3xBy3gllEKOTJ80wd65Fg5fgjKaCbz+CJY5EnoGz6CyWhjKErnYrq/jzkdBOuA/TV+ZAHg53+PTi31ZdYPtnX7fDAFl3SxUjc8h8cKtILNpC9kWSgmK6cfvojLFifphdZmbSXL1b6P40XMVftK1oHItmtH3a73Ud0SAm6Bunyz/x6DrX+0fwOIevBLNTPy7sfNXhmS+YgulSyPTHpH0ip4mGomJEjjaWCGj+5tH9AX3Sd9Omd0jqmjYeTvAsu3071neSMrsPzTpRVOcOe+tOyWK1kTxk7ZE6qnrFup36Cpahd3+pa+eA2aVYcKz0Z4PPj1orNtoL20dwfSVGCq5xaux+mGAX45gNgZemPEq7v8C4G58Lk/UxqIWIrwEiSHmw+drTQ9QEixaY1ZBPftIGVOOJJT5XhfNvXy3LzoCMBUa775K57nfUqrxVgorETyzXhCGmzpkkWeEjBKH3W/UVd+aHX5Umo+9xe+82kpQLv3HvHRcodNq+2QtoEwLUrTD+D9t5rboJT/X7u6faaZqYbePEpgEKfX9O0ErBnpBUYUcEiUg/QQ8vKXGpZk+K6kOdjOxR20JFDkcULXmya1FM6AwWS4DMfINVtADWE7xd7nLjlhtDzWOj0wbFRQ95qaqgHfAqlUNTcpVobibVJZ75XeZsWt+o+dkvgA3wAQTfEOa6iyvpUsv3JXY2DKe8Sr1DFY31g9uZdvqaRIX8ALLymebVnAKq0FL45R13Ffp1VSep+FXly4Gm9cHBIknQNfyegsd1mi4r5qEoeZLTIlybsG5qHLrWlOTp16qRZU+0XvdXj8QK8mOy9LiVnXVdP94ehYIj1sgWIKpfsUDHFj2Xm6xPll</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
轴返回读取的错误消息 -
Security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))
错误消息特别无助,我什至不确定这是什么含义,因此对此有任何帮助!
谢谢,
Teja。
解决方案 2
一段时间后回答我的问题。事实证明 Unexpected Number of X509 Data 含义是 - 服务器正在接收您不喜欢的肥皂消息的某些部分。就我而言,事实证明是 wsa: 标签。我动态删除了服务器与制作Web服务的人员一起工作时不喜欢的各种标签,但这似乎并没有帮助。
最终在Java写了客户。
其他提示
我正在为此解释 爪哇 情况,但几乎是一样的。出于我的个人经验,错误:
Could not secure response: WSHandler: Signature: error during message
processingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature); ...
使用p12密钥库时,它被扔了 错误的别名.
<bean id="wssInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="securementActions" value="Signature Timestamp"/>
<property name="securementUsername" value="HERE_THE_ALIAS"/>
<property name="securementPassword" value="XXXXX"/>
<property name="securementSignatureCrypto" ref="crypto"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference"/>
<property name="securementSignatureParts">
<value>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://soap.iarxiu/headers}Context;</value>
</property>
</bean>
从p12中提取实际别名:
keytool -list -v -keystore path\YOUR_KEY.p12 -storepass YOUR_P12_PASSWORD -storetype
pkcs12
在我的情况下,别名并不明显,而不是“ cn = lalala,ou = lalala,o = yhrns”。这是“ {44D7967D-BB0C-4B59-98E1-D23CBADAF3A4}”
更改后,它正确签名了SAML标头。
不隶属于 StackOverflow
