java - 如何使用 .net 和 wcf 中的 java webservice

Question

我遇到了互操作性问题。我来自 .net，必须通过使用 x509 证书签署请求来使用 Java 安全服务。我在 .net wcf 客户端中有 WSDL 和生成的服务引用，并在 app.config 中添加了 x509 证书凭据，但客户端没有生成预期的 SOAP 负载(在 fiddler 中跟踪)并且 java 服务抛出错误。有没有一种方法可以让 WCF 客户端按照 java 的预期生成有效负载？

下面是 Java Guys 给出的工作请求负载。

<soapenv:Envelope xmlns:smok="http://www.javaServer.org/schemas/SmokeTest" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ds:Signature Id="SIG-53" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="smok soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-52">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="smok" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>dCnj2a+0wptrFSyWzEgwetSTHmM=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
          WgD3P8DWPG4eWXzXiD9+LZosn7ggRPpIC1OAmq9bn0s1HuGhM/fZozfDhEDn5sAF9RtVFiAZxC03
          4tW+cuxC5jAHH4GYQud6s5h5sGwvhLshQNVdI6HBBFQWr+J3mUEBbUCExJ6HEe1i2v0+dMQNWezo
          E1Ot7klNGxXedHzrlZw=
        </ds:SignatureValue>
        <ds:KeyInfo Id="KI-DE6BE13CF8D5419B66135109740345572">
          <wsse:SecurityTokenReference wsu:Id="STR-DE6BE13CF8D5419B66135109740345573">
            <ds:X509Data>
              <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
                <ds:X509SerialNumber>51921456535433584705342517836423530149</ds:X509SerialNumber>
              </ds:X509IssuerSerial>
            </ds:X509Data>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body wsu:Id="id-52" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <smok:HelloRequest>
      <smok:Name>Hello from Heruwala</smok:Name>
    </smok:HelloRequest>
  </soapenv:Body>
</soapenv:Envelope>

Answer 1

如解释的那样，将 customBinding 与 security.mode 的“mutualCertificate”结合使用 here .如果失败，请发布您的请求看起来如何(通过 Fiddler 或 Wcf 日志记录)，以便我们进行比较。一个预期的区别是证书将显示为二进制 token 而不是 X509Data。我不希望服务器因此而失败。如果确实如此，您可以通过从代码创建整个自定义绑定(bind)来解决这个问题。当您需要创建安全元素时，它将是这样的:

SecurityBindingElement sec =
                SecurityBindingElement.CreateMutualCertificateBindingElement(
                  MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, false);
X509SecurityTokenParameters x509Params = new X509SecurityTokenParameters();
x509Params.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
((AsymmetricSecurityBindingElement) sec).InitiatorTokenParameters = x509Params;

或通过在自定义编码器中对 X509Data 进行硬编码。