AXIS Web svc, client .NET -. WS problème de sécurité

StackOverflow https://stackoverflow.com/questions/4764488

Question

J'utilise un client .NET 2.0 pour communiquer avec un service Web AXIS. Le service web est pas dans mon contrôle et je ne peux pas demander toute modification non plus.

Maintenant, j'utilise WSE 3.0 pour mettre en œuvre la pièce de sécurité, mais je vais avoir assez peu de questions pour les amener à se parler. Mon problème actuel semble être cette exception - 

Security processing failed; nested exception is: 
    org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))

J'ai mis en place une politique de WSE personnalisé sur le côté client (créé un SecurityPolicyAssertion personnalisé, l'emportait sur CreateClientOutputFilter(FilterCreationContext context) et a appelé un SendSecurityFilter personnalisé de lui dans le SendSecurityFilter, je l'emportaient sur la méthode SecureMessage et je l'ai ajouté ce qui suit -. 

   public override void SecureMessage(SoapEnvelope envelope, Security security)
    {
        clientToken = GetClientToken();
        serverToken = GetServerToken();
        // Sign the SOAP message with the client's security token.
        security.Tokens.Add(clientToken);
        security.Elements.Add(new MessageSignature(clientToken));

        // Encrypt the SOAP message with the client's security token.
        security.Elements.Add(new Microsoft.Web.Services3.Security.EncryptedData(serverToken));

        // Store the client and server security tokens in the request state.
        RequestState state = new RequestState(clientToken, serverToken);


        // Store the request state in the proxy's operation state. 
        // This makes these tokens accessible when SOAP responses are 
        // verified to have sufficient security requirements.
        envelope.Context.OperationState.Set(state);
    }

Cela génère la sortie XML suivant - 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService" xmlns:types="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soap:Header>
        <wsa:Action>
        </wsa:Action>
        <wsa:MessageID>urn:uuid:e67780b6-dff4-4c41-8587-0a8980fa50ef</wsa:MessageID>
        <wsa:ReplyTo>
            <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
        </wsa:ReplyTo>
        <wsa:To>https://www.uhgdirectconnect.uhc.com/NASApp/phase2/services/SecureHIPAAService</wsa:To>
        <wsse:Security soap:mustUnderstand="1">
            <wsu:Timestamp wsu:Id="Timestamp-f6270878-1ad2-4635-9acc-6989f87f35e0">
                <wsu:Created>2011-01-21T20:56:44Z</wsu:Created>
                <wsu:Expires>2011-01-21T21:01:44Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f">MIICGjCCAYMCBEv9XCAwDQYJKoZIhvcNAQEEBQAwVDEaMBgGA1UEChMRcGF0aWVudHBvaW50a2lvc2sxGjAYBgNVBAsTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQDExFwYXRpZW50cG9pbnRraW9zazAeFw0xMDA1MjYxNzM2MzJaFw0yMDA1MjMxNzM2MzJaMFQxGjAYBgNVBAoTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQLExFwYXRpZW50cG9pbnRraW9zazEaMBgGA1UEAxMRcGF0aWVudHBvaW50a2lvc2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANEIOOGH+TbllK+Ayz7fEv9RkgrGtQHZNq0ibhwvkRU6Cv6on7pBIwj/jbha0H5U3gKiwyL1JGccHnhq4pWbOvFiR2zZDDXMCi5krwxfaIh7CYHDYOlaEymq+XbppblIefeScVTHoeghyMytESytQ9konB9DMK+rMNNZSLfebGs7AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAK9hC0wnujuAAILJNPEkfNOeZT6NFvKl2UByo62ejFlhskas4KYBU+D03FR45MJsaMCYa+rQJmAbQc7vrbowy+pN/1N7yap30KpGAhozuIOOI3TJtrMCT0elxzFZ2fktYO8ZnHTudDODODKOv/7kkiCfr+XvEs18OqLKDIA8lRpE=</wsse:BinarySecurityToken>
            <xenc:EncryptedKey Id="SecurityToken-b29770db-3e56-46fe-8e73-030e1271568e" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                </xenc:EncryptionMethod>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YA3uSedFpwuFDpxOeGAudur3kJ0=</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>bZUxKs60Nrp5VzGGors9R5WZharm4uwSzLsFP6YvKCyHzXen2N/eARM+MVqXnXktncVIlK8wBahZhX6i1Vq6FkaOrOj8bjkXN4gdLrmFsXYD/v2sEFizMfEzhDo1tIItochTAr7ainJ8Hp6Nd/57lgaDzXDqO6Zxk1zK7tmJhaI=</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" />
                    <xenc:DataReference URI="#Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" />
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <xenc:EncryptedData Id="Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
                <xenc:CipherData>
                    <xenc:CipherValue>9qU0pd9g9YSHarlMHmx8+h+QQJOKvAQYbaktoMpZ0RPjKghp3pLbjps7Sa3MAKwmX6CzXHG2PWM5NBjzlgEDr4/nT5PcSBiPk1xEVdBRSQEjHrP/FmMfFtfMGZUN/O+BhCakNZy3FM8rx6ypo0hzoTHevoCEelT1Qom/mOYyyxqmpSXmLTqEvIxKGuP2IzcU13GBDnastZR1gcu2s2W+/PfQxoguXbluLNr62Pil0nw7Z/DkdPwDht2/1CNwFFB2LTftR650xTc4a/SqSIe3fiFvD7FPa8wqedieh6LEILtGQzG9hf8mz1SKq23rU1UEaW8DyGgxm7i389WGYNPiAhMGyX58pZ0jH939Sdv0Oy6GyjsVQ4wl5cmslJ2A4WZB3yoy2psXQjz6Y/4LUpiuwXryLYSZmeG1v8l+MPo9ijtcsjTHKWSIxHVbC4jqvOxA7R629UtGhh2OB3wiUe7dvtA4c6yrbLJVwiLCkd4LQubbR13xHR41gCC53fhhZWw4kSwh2w0VnmfZAshbsvGsdmXfWVlrwpT6HETz/U2Ue1n79/1hCYYnh4fPlSPrrwXCaG/7STy+t7GIVP1pAwIVtb0TdgFAtgc1xcCfWZl/VfoS8wIHD7raP2UXk51CDk/OdDxQ9ehxOfzr/MCVwM2f3l0oKfVifYQSCFaeKdmPOqm0YQEmbl9SQ/eieNN9dpdZlkkT1bDmakmLY1GoOnN6URy3UjTpXXLsQXlsoDdkdXQCOUqlSkqM2Zw1UJSF+g/QbaDXGKahQy6LtEVP1ZTCLB1DXlm4yiO6gWQUlAsYH0zMaDm0MwAxP6tKfYMQouCBJHXVEe3CY1U3kMPh74uKYjOXZR7EYLUdac0ngwSYKhI7LT2JuCdOSFj1sqXQtRp2FPPZKjNK1WNTlX9lrXksmonDSTwzLmlW48pKRFO6lcFS8yjh0kMOSx7CAnnmatjaXnLb6yRD/TIMq0EShaRTWn4nK9WHXQRkIgexG11hEsTfwxzlnZGDZAFeUgAMU3YMOmaI77IrHr8kdZRaeut5VUa+3zmTlArvn0D0EvHLkCGL28epkZyb9LVgQ/PUrDLUEsFgycrMH9wF4NLwF8EiOfNmfpSB/Lsxcku2zZNHZ7/pvZBLyDMO2nl74BWnCo1wMNVPxcFoFGbA983ghdruiIyBtMvUWLuc886m5Im0Jdz7QK2/Qk0ALAn4A32tyhVjuqnlAjsxBV7g+ePxjGlUKbNieXVxrnG23JpKNH0HtuxpDBab3azcQQbjRTIS18OFQ/Oj6tp81R57oswY7rbqVK4/X5wSU50vTNQeFbeTmlYWZm5fHjdYZ5sKV275CH3IB4BQqADjytOsyKh2uFqFbCovG7i/rq66b8LR5/WQQRQ=</xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <Reference URI="#Sig-1f8972b5-c8ca-40cb-a3b9-73b77907a16f">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>BqLTeIy97kFa+tO+gxVqVycpoNo=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>xR4sJyQV0D05l4LAlDhV3BITnogNS1MwTv+Y6RBE4viKqYEywikx0fjhxOK+URZNXVRHkvzwSD8VhEHkG7SOqkF1ja5uixgRlyYQ/bMPOQGqTKrypdVhvJOvniNXV5Rk9Kw9QfGwUoIrj80CMgT/i1CMJcTzv4bknKV+/pyGLdo=</SignatureValue>
                <KeyInfo>
                    <wsse:SecurityTokenReference>
                        <wsse:Reference URI="#SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                    </wsse:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </wsse:Security>
    </soap:Header>
    <soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsu:Id="Id-ea44fad0-920a-4a3f-b4d0-39a7e7e510fa">
        <xenc:EncryptedData Id="Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xenc:CipherData>
                <xenc:CipherValue>uEvS6L3N0hNJJnKwXHfBhHqGhx9EjdKCtMmQ6afhvUmApaXvtNLjfQQMdD1QeFiLAtl5MIM4eL2zbabW9wkJL9LXal927uv/gDCoQTRy2wkDLtfpOD0KpueobvVDgUDNQ4T/80tdUbDrTAVU54Omk5G5V2Ib3jxhXe3gqLt3rBtwh7gQlRKiU+bz265bW2wl+jaI5E91QmNEpdnICp3kGwabXOmnO4RCu9571Qj+7h/Y9ZOd8kfV0dGDQ1uNva9uW7lnuZtweghQ1IAzKDfaGT83byagTYZxq9zUJ1kJXWJMrpGjSTSonv78BvQ+O6AAVXJmwALWoz+kNhob+SDJRMqefEk9GH++s7v10KKUA8mzcwz6J1/HfxGgSTJHWcAkctynos2hegwYP3cXNj6ODHwr6nsIcvVhZsDXo6CS5ffYBrBlA5PVabW2tPFlfm7AytpZsF67A8pkwSDXTPzMpjUOJL+BUDYln2kcgjJ+MQ7eiRzCfsMMZ54FHmLDlCjfpp1h6lkN3QWQjgp7oXsKo1dZKdo7o0V5YmZT+6LZYzpN5nySAu3mLo40paxb4+PsBXDlvUyUqnOKtuFmDFwwR+dp4Kf+MD6Jy1uHE8Z00z/x43jUKlxdNzcrlN/UJ6kXcOez6j+1JV13yWNGK3U9aDkp9urYUphl3oqtlvmi4pC9CJqC+EKs8a0vKLNKWzjRVt5RIbrRlOd6qH4XYgQp/qnQV8/pEHLQt8+S8u4pjrryDJ9JDjbixi5KPwFGjZlsHmMf1pvnex/bvribGdWF3v29zejI8kNerXe5H2BKSuBGrViVQ/1kcgwjejjrqX4junCLVbbjgBQmUAToxkpu/gzBi02O/CW4GbUzjhI8n4Et+nQiBSyhunlI1PNU3OfdooZ1aS0iPYmYoWpvSkiORazXwsn4nVhXYrm8gNEKvHCk3Ed3lI25i6vMnxBYSUJMDV5lvEgUaYsrwy32t/COpylKOzNL2pk15DGbfM+zzRgJmT2EYWkJbNX0nN9rV0il8MTjPOaQmw6Hwo4GU4AMBJXih1xwO+v1+sx9taGwlGBPzmxEO2dPJAlBu+OdpZsk2nMEwWo1dF3FSpEmKTEhnBm2t0e3miOno0bMBP3xBy3gllEKOTJ80wd65Fg5fgjKaCbz+CJY5EnoGz6CyWhjKErnYrq/jzkdBOuA/TV+ZAHg53+PTi31ZdYPtnX7fDAFl3SxUjc8h8cKtILNpC9kWSgmK6cfvojLFifphdZmbSXL1b6P40XMVftK1oHItmtH3a73Ud0SAm6Bunyz/x6DrX+0fwOIevBLNTPy7sfNXhmS+YgulSyPTHpH0ip4mGomJEjjaWCGj+5tH9AX3Sd9Omd0jqmjYeTvAsu3071neSMrsPzTpRVOcOe+tOyWK1kTxk7ZE6qnrFup36Cpahd3+pa+eA2aVYcKz0Z4PPj1orNtoL20dwfSVGCq5xaux+mGAX45gNgZemPEq7v8C4G58Lk/UxqIWIrwEiSHmw+drTQ9QEixaY1ZBPftIGVOOJJT5XhfNvXy3LzoCMBUa775K57nfUqrxVgorETyzXhCGmzpkkWeEjBKH3W/UVd+aHX5Umo+9xe+82kpQLv3HvHRcodNq+2QtoEwLUrTD+D9t5rboJT/X7u6faaZqYbePEpgEKfX9O0ErBnpBUYUcEiUg/QQ8vKXGpZk+K6kOdjOxR20JFDkcULXmya1FM6AwWS4DMfINVtADWE7xd7nLjlhtDzWOj0wbFRQ95qaqgHfAqlUNTcpVobibVJZ75XeZsWt+o+dkvgA3wAQTfEOa6iyvpUsv3JXY2DKe8Sr1DFY31g9uZdvqaRIX8ALLymebVnAKq0FL45R13Ffp1VSep+FXly4Gm9cHBIknQNfyegsd1mi4r5qEoeZLTIlybsG5qHLrWlOTp16qRZU+0XvdXj8QK8mOy9LiVnXVdP94ehYIj1sgWIKpfsUDHFj2Xm6xPll</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

et les retourne AXIS le message d'erreur qui se lit - 

Security processing failed; nested exception is: 
    org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))

Le message d'erreur est particulièrement inutile, je ne suis même pas sûr de ce que cela signifie, de sorte que toute aide à ce sujet est très apprécié!

Merci,
Teja.

Était-ce utile?

La solution 2

répondre à ma question après un certain temps. Il se trouve ce moyen de Unexpected Number of X509 Data est -Que le serveur reçoit une partie de votre message de savon qu'il ne aime pas. Dans mon cas, il est avéré être des balises wsa:. Je dynamiquement supprimé différentes balises que le serveur n'a pas comme tout en travaillant avec les gens qui ont fait le service Web, mais cela ne semble pas aider.

a fini par écrire le client en Java.

Autres conseils

J'explique cela pour Java les cas, mais il est presque le même. Pour mon expérience personnelle, l'erreur: 

Could not secure response: WSHandler: Signature: error during message 
processingorg.apache.ws.security.WSSecurityException: 
General security error (Unexpected number of X509Data: for Signature); ...

Il est jeté lors de l'utilisation d'un keystore p12 mais avec le mauvais alias . 

<bean id="wssInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="securementActions" value="Signature Timestamp"/>        
    <property name="securementUsername" value="HERE_THE_ALIAS"/>
    <property name="securementPassword" value="XXXXX"/>
    <property name="securementSignatureCrypto" ref="crypto"/>
    <property name="securementSignatureKeyIdentifier" value="DirectReference"/>
    <property name="securementSignatureParts">
        <value>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://soap.iarxiu/headers}Context;</value>
    </property>
</bean>

Pour extraire de l'alias réel de p12: 

keytool -list -v -keystore path\YOUR_KEY.p12 -storepass YOUR_P12_PASSWORD -storetype 
pkcs12

Dans mon cas, l'alias était pas évident, pas le format tipical "CN = lalala, OU = lalala, O = Yhrns". Il était quelque chose comme "{44d7967d-bb0c-4b59-98e1-d23cbadaf3a4}"

Il a signé correctement les en-têtes SAML après cela changé.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top