Richiesta SoapUI al servizio WCF non riesce senza decrittografare
https://stackoverflow.com/questions/2345076
-
23-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
Sto cercando di ottenere un servizio WCF configurato con la sicurezza dei messaggi (senza sicurezza dei trasporti) in modo che possa comunicare con i client Java. Sono stato utilizzando SoapUI alla prova, e ho vinto numerosi ostacoli. Ora, WCF sembra essere l'autenticazione del messaggio, ma è trasferirlo al funzionamento senza decrittografare esso. Sto ottenendo il seguente eccezione interna:
System.Runtime.Serialization.SerializationException
OperationFormatter rilevato un corpo del messaggio non valido. Previsto per trovare tipo di nodo 'Element' con il nome 'SaySomething' e dello spazio dei nomi ' http://ecollege.com/securityspike/ '. Trovato tipo di nodo 'Element' con il nome 'xenc: EncryptedData' e dello spazio dei nomi ' http: // www .w3.org / 2001/04 / xmlenc # '
Ho provato di tutto e leggere tutto ciò che posso, e non ho trovato nulla di simile, né trovato alcuna soluzione. Sto sperando che qualcuno potrebbe sapere che cosa l'affare è ed essere in grado di darmi una mano. Qui di seguito è la mia configurazione del servizio WCF e un messaggio SoapUI:
servizio WCF personalizzato Binding Configuration
<customBinding>
<binding name="custom">
<security
defaultAlgorithmSuite="Basic128Rsa15"
authenticationMode="MutualCertificate"
securityHeaderLayout="Lax"
includeTimestamp="false"
keyEntropyMode="ClientEntropy"
messageProtectionOrder="EncryptBeforeSign"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSignatureConfirmation="false"
requireSecurityContextCancellation="false"
allowSerializedSigningTokenOnReply="true">
<localServiceSettings detectReplays="false" />
</security>
<textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" />
<httpTransport />
</binding>
</customBinding>
SoapUI Original Message
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sec="http://ecollege.com/securityspike/">
<soapenv:Header/>
<soapenv:Body>
<sec:SaySomething>
<sec:message>
<sec:Message>Hello from SoapUI!</sec:Message>
</sec:message>
</sec:SaySomething>
</soapenv:Body>
</soapenv:Envelope>
SoapUI Messaggio Secured
<soapenv:Envelope xmlns:sec="http://ecollege.com/securityspike/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E4A1994D222819B9E91267220999421261" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIB9DCCAWGgAwIBAgIQCdc8f7wHY5NIPPv+42iHmzAJBgUrDgMCHQUAMBUxEzARBgNVBAMTClJvb3RDQVRlc3QwHhcNMTAwMjI1MTcyMzM1WhcNMzkxMjMxMjM1OTU5WjAYMRYwFAYDVQQDEw13Y2ZDbGllbnRDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw8RJdTARFL+1bbFptcYkIsuBCiJam9rBR14CBKxlvsAVI70F63aDUctYxGKhJgpTOGZyqtVtgawoFf/oPVGSm7yRDR5XcuhqwoQ7IMHxAVKLyNaiE/ZtYb3RTcIC7y1JS2n/DHKu+KK4T2FVhBEZYVhOYP/u4SOvGK6X6uahy4wIDAQABo0owSDBGBgNVHQEEPzA9gBDhcQFxXO88N5H8wWmVu2LGoRcwFTETMBEGA1UEAxMKUm9vdENBVGVzdIIQSgymJZg5k5xJ3Qs97Rs+fTAJBgUrDgMCHQUAA4GBAFumlUh7/DKBwWHvqgcGUFIMx/VtbvlEfyKMIIrdce1I7dPON4+TRf+kho1nf7zbxrioN0s3RfNapiFPkiBndGbyQjoojfq2PRttcbBXgyyaDg3s6Yg95r4ytMn4G9wDICdiW42RKReCZA1PJA55DWtFqWNrUgnDq/uTttHQdOB+</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-125" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-126">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>TY3WWW+3MjAXCj70Ao8g4owVfwc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sJS23J31T+EiH9ZcpOBWm9VZDgINsBLWncC9q+Qzhqab/KIY3/hs+Xn2oD6JKPo3/mOIqZ/ZMDMj
KSUKRghYbsGYrUl4Z/37hbmg5ZLaA/XxLMy8cmfXi2FhgebTwFX2Zm3nptCELFaMqcufEV9KBDtv
98/2H4K63ZJa39YW9Tk=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-E4A1994D222819B9E91267220999421262">
<wsse:SecurityTokenReference wsu:Id="STRId-E4A1994D222819B9E91267220999422263" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-E4A1994D222819B9E91267220999421261" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<xenc:EncryptedKey Id="EncKeyId-E4A1994D222819B9E91267220999410260">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=RootCATest</ds:X509IssuerName>
<ds:X509SerialNumber>-146698624100943020459804947660733868602</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>og/+4qWGOAZ8jlk2VZeTGP5++lF0aAyaqFSeuIGrGyblklIWf+lkmHydFK2j4ade7tpeiBKHxtcxPR87OpK3pCyStpN36pdqHOdDsy/pozrc7b6zn9IrwXC/WjhIXVQiPZZfpHk0B75ByJq+2laIVbqpeYmGQLaj3ocl/AooGdQ=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-124"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-126" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncDataId-124" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-E4A1994D222819B9E91267220999410260"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>2v9lbteE7Vh5zbw0yZHxX9srTRh6N/uOxsCnjY1/ShDQvExCDcuVCfgfpXxdbCWRHcH1QTIJ9Wv1
vG17WA1c7AdnVZfyAmGsXYNn2ZhIq3dQeUKbgDnhfT16NOPeXUtdd+EUb5p+Iw1JrktXmKK+jpX6
7Kp/Wv1vaxN9xfZfygqBrdgrjJYyihlQoKI0UEpc3QoKW6Zwp3hJcf52gLJwBb2Sxcc8Nnnr83GM
15SGv9rEIpYzJKvebwiha1/bby+mULEvlNrtsER7GyjG94Eu+0BjsPPYMwt4E6iV0umMuZF8Su8o
MWYXby+aaUs4QOGsWJSAJWrICIWfZDM/VjOj76OAzc3vKL/lLNJskQ5XYdOWzjYz5v6qZ5C4mTV7
ZNWM3cnLe40CtguuzYHooPyjpcE9MEsP5oVm4ns2dVZvsaF/lYxQZHsRDRNxkEC19pkK</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
WCF Secured Messaggio
<s:Envelope
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security
s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken
u:Id="uuid-1aa5b3d3-f82a-4de3-a8cf-3c36d2042a9a-5"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>MIIB9DCCAWGgAwIBAgIQCdc8f7wHY5NIPPv+42iHmzAJBgUrDgMCHQUAMBUxEzARBgNVBAMTClJv
b3RDQVRlc3QwHhcNMTAwMjI1MTcyMzM1WhcNMzkxMjMxMjM1OTU5WjAYMRYwFAYDVQQDEw13Y2ZD
bGllbnRDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw8RJdTARFL+1bbFptcYkIsuBC
iJam9rBR14CBKxlvsAVI70F63aDUctYxGKhJgpTOGZyqtVtgawoFf/oPVGSm7yRDR5XcuhqwoQ7I
MHxAVKLyNaiE/ZtYb3RTcIC7y1JS2n/DHKu+KK4T2FVhBEZYVhOYP/u4SOvGK6X6uahy4wIDAQAB
o0owSDBGBgNVHQEEPzA9gBDhcQFxXO88N5H8wWmVu2LGoRcwFTETMBEGA1UEAxMKUm9vdENBVGVz
dIIQSgymJZg5k5xJ3Qs97Rs+fTAJBgUrDgMCHQUAA4GBAFumlUh7/DKBwWHvqgcGUFIMx/VtbvlE
fyKMIIrdce1I7dPON4+TRf+kho1nf7zbxrioN0s3RfNapiFPkiBndGbyQjoojfq2PRttcbBXgyya
Dg3s6Yg95r4ytMn4G9wDICdiW42RKReCZA1PJA55DWtFqWNrUgnDq/uTttHQdOB+</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=RootCATest</X509IssuerName>
<X509SerialNumber>-146698624100943020459804947660733868602</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>EX2mPLI7VpedG2WVzmBiYje+z/WppWsYO6Pg4/WwlQRv2rLaFmgF4cg8yn55dVyFStr9Me6jjq4s
+VS5s0t+IGVjCm17gCREC4r07FUTPFKtB5JR8lfcRFKriCMCkwnr4DLxzVKa/h9Mw+4DK4+mMkX+
lAO985cluGKhbmuWYhM=</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>r01NIZbDYv/a/od4dKmN2VF54NY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>h/uzND4eoH5WOguIzwO9YurD2fEF0NBH9Bl5ipFjZaffyi+z2m2fYngujtcoxh8a6YPyMW3Us0Q0
//i79GEnkxCq0mBPbLJvLvtXFAuJpFZ9oOEKRqJ5Uqh8je6um0KJCiSFn74xy23OEG6fRbUJZkJP
IH8KnGhzqR1UGXkI49E=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
URI="#uuid-1aa5b3d3-f82a-4de3-a8cf-3c36d2042a9a-5"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<e:CipherData>
<e:CipherValue>2VwP5Qcdyff6awcskzwtLktVQOB2UKFOFmFExNUJa0kJbT1gH1MzoIthuNx7bUHmAqGpnmrs6b2t
f4zpkZv8mZ8L41WBkrg2LGLCeBpXtmudpOdQ9KaEIXqXlRHUI6OutrsCKRWDTRlMD+Y2m0fM8sxF
5mp7lsGJUVzbpLcb4hduKI2RVkylxRMpqIgcDR4vj72ew52QMtrNdH5QZsouyBDeE2fc+imGKK9K
UcLlQbZRzLkv9oYzHicewaWnOeGr4dhkdn6eBropbK0gqxoxng==</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
Soluzione 2
Per fornire una risposta per questa domanda. Come si è scoperto, ho avuto l'impostazione messageProtectionOrder configurato in modo errato. L'obiettivo finale era quello di firmare il contenuto del messaggio, quindi crittografare. SoapUI, così come il nostro partner commerciale, sono state firmando poi cifrare il messaggio, ma dal momento che WCF è stato configurato per cifrare (e decifrare) prima poi firmare, è stato in grado di elaborare correttamente i messaggi protetti con SignBeforeEncrypt.
corrispondenza della configurazione WCF alla configurazione SoapUI / Business Partner risolto questo problema.
Altri suggerimenti
Il modo migliore per eseguire il debug di questo è la creazione di un client WCF lavorando a questo servizio e confrontandolo sapone per SoapUI.
Di punto in bianco, vorrei cercare di alterare messageProtectionOrder e verificare l'attributo ProtectionLevel sul contratto (se esiste).
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
