gpt4 book ai didi

c# - WCF CustomBinding 客户端使用的 JAVA Web 服务 - 响应时出现 SAML 证书错误 - 找不到证书?

转载 作者:行者123 更新时间:2023-12-01 15:25:00 25 4
gpt4 key购买 nike

在来自基于 JAVA 的服务的响应中出现以下异常(使用我正在测试的 SOAP UI 设置的测试工具)。

在客户端,我使用带有 CustomBinding 的 WCF 服务,并使用以下配置。我在服务客户端上实现 IClientMessageInspector 和 IEndpointBehavior 只是为了在退出时编辑 SOAP header 。服务器接受该信息并发送正确的响应。 WCF 服务似乎无法处理它

我无权访问该服务的源代码,只能访问 SoapUI 中的测试工具

//Load the certificate from a file
X509Certificate2 certificate =
new X509Certificate2(@"D:\certs.pfx",
"password");

//Specify the address to be used for the client.
EndpointAddress address = new EndpointAddress("https://servername:8089/site/ws");

BasicHttpBinding bTHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);

BindingElementCollection bec = bTHttpBinding.CreateBindingElements();
TransportSecurityBindingElement tsp = bec.Find<TransportSecurityBindingElement>();
HttpsTransportBindingElement httpsBinding = bec.Find<HttpsTransportBindingElement>();
TextMessageEncodingBindingElement encoding = bec.Find<TextMessageEncodingBindingElement>();
httpsBinding.RequireClientCertificate = true;

CustomBinding binding = new CustomBinding(tsp, encoding, httpsBinding);
binding.CloseTimeout = TimeSpan.FromMinutes(15);
binding.OpenTimeout = TimeSpan.FromMinutes(15);
binding.ReceiveTimeout = TimeSpan.FromMinutes(15);
binding.SendTimeout = TimeSpan.FromMinutes(15);

// Create the message inspector
Saml20Extension extentionBehaviour = new Saml20Extension();

ClientService.enquiryRequestClient client = new enquiryRequestClient(binding, address);

回复异常:

Cannot resolve KeyInfo for unwrapping key: KeyInfo 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = X509IssuerSerialKeyIdentifierClause(Issuer = 'CN=test_facility', Serial = '12342342423')
)
', available tokens 'SecurityTokenResolver
(
TokenCount = 0,
)
'.

我探索过的大道:

  • 证书的序列号格式为 8F 23 0c 81,而消息响应的格式为 12342342423 - 也许在商店中找不到证书?它使用问题名称和序列号还是单独尝试两者以尝试找到匹配项?

  • app.config 中的 negotiateServiceCredential 属性 - 我似乎无法在代码中设置 CustomBinding 将其设置为关闭 - 有人知道如何执行此操作吗?

我真的被这个问题难住了,想着回到骨头并从头开始做整个事情。

使用以下代码在客户端忽略 SSL 证书错误

ServicePointManager
.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;

SOAP 响应(加密)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey Id="EncKeyId-882E1CD1112C4D3FD61335190122478230">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=test_vendor</ds:X509IssuerName>
<ds:X509SerialNumber>1328712805</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Fp63Batmb8JJL/+6l9atqi4hrWCshmhcOlqRFtblVkNIcJH1f1YV4Koh23uZ5OB2nPuq4px16LUQVTv5ZbSnYQfuO9MklSofFX/B1944bd7VBIcy+WyfYOoVSy7kKy80DY8wzUBNtOC0tWwM2vVPuIYRs16ijuF23KtBx1T89Kc=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-138"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-882E1CD1112C4D3FD61335190122465226" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2lsaXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNpbGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGjVTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTAhtsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-136" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-137">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fWmhVWpkcFWreSSpA4DaLWBc6kE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GmPo9AIJLCrmR7+FIlsYnSCJPZIw5ls3kdSG4/Zv9AwL0eono9XV6cdmXfoHEmhyd3zaF583g14aAtGpJbErKZZ96nNKnjiB0gchghZY7gBDabv94aUJw2q7BehADvFatdgYab/cOp9ONT6yOl4nZ1gzDaAxVh7NvMLoH1EYmiY=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-882E1CD1112C4D3FD61335190122465227">
<wsse:SecurityTokenReference wsu:Id="STRId-882E1CD1112C4D3FD61335190122465228" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-882E1CD1112C4D3FD61335190122465226" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<saml:Assertion ID="_54d0c8395de26c3e44730df2c9e8d3e9" IssueInstant="2012-02-17T10:40:36.806Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>CN=test_facility</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_54d0c8395de26c3e44730df2c9e8d3e9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>/nNfJuKr83umcry7vguJkSWyfKs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>pVBcgvqr1Ndms5sZXV5cupiC3ADd7kycuEaETuCLzpcJLmGaTsP5NkfCfyIuvYBZe3MjfnOQ81AquFYljw5SPYd8nItqss/9zOzJeZ0aL/bJxfovNBb4cv92nghncXA2MGTWWdH63+FkajlE7x/U81QkCdVBXJRVVXNsR0dMxAY=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2ls
aXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNp
bGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z
6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGj
VTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkq
hkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTA
htsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci
8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">joe.bloggs@facility.ie</saml:NameID>
</saml:Subject>
<saml:Conditions NotBefore="2012-02-17T10:40:21.806Z" NotOnOrAfter="2012-02-17T10:41:06.806Z"/>
</saml:Assertion>
<wsa:Action SOAP-ENV:mustUnderstand="1">http://www.xxx.xx/xxxxxxxx/xxxxxxx</wsa:Action>
<wsa:MessageID SOAP-ENV:mustUnderstand="1">uuid:7700f066-e7d7-4b1e-ab23-11171d9201bd</wsa:MessageID>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-137" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncDataId-138" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-882E1CD1112C4D3FD61335190122478230"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
ue42jSONk/kqp2MtxZbyn95RGTrwKd1jd61vo2O/IegbMZhIvWexQBnKthau0YE5Zwk/oKuJcOMM
FkK8I165NXhxHjQAKs08USF3U1nwB4ApkPIroNcEWRqKJ1gK7lNrS4OeTVyK1HUWsTRRYHp4UUgb
CJhOLa+ug74Fm5vj9/zL6Oqezr3TL9Oi5WdU9cweGmOfJ++zcqmcjTyewirVqT4VKZoGCvpRgGVR
I/7St77lG/2yYMjCboejJbT8Ip2XiLL6ItMA/p+iyePMg4JyvR8v8/0fxF2rkLe2vamEEAab0+l1
f9pANCCjvCj7giSUhIeLT0QVVa65Y9GzHOMTBxdQAMp6zlSWlpq7EaM1xQNq5cjKENQ3f6gKKBFu
tZxBqDnRl9+XrD0DcBsVAyqv5d1uLSWIi2Mm9DiF23efGuCYAR2EGu1g81rRdU5Tk4KUMa4QUla5
p+8jtGmtl2ktMr+3/8lwRqgMzqBKTiMFhHQhHQZe5FnKT/7JvycAKmx4LADOo1i2emc8s7NtsZlO
OQqRovS2VP1A4uUYMFgAIsT2rLauVxKCZFDjFxLKKhyJLdmSzOophaL9Vr+FAzC7rA0t6J8prNdu
mnwoYK9Hqly1RR7N9wgTN3TX2FHSlGgHcoJHZB2wBEoFHevQ+N9WNvcaE2w7Z02QdNRUBQBwn/2g
pLDXf+8+2hNdMMe0xclmvfH1CSaHLuH1HPWJPMsNzNzAC4fFIkqy2XEUcMlQY+AT+fa+r/kqQHog
L+B39IJtp7BZ811cwNZlbuw3LpE1IntArWjtxyvahJIeEsiKW9UGUIbLiNxtevpsKTlqV+kiY3qn
acNRQYDQZuNZUka1jyN2pel6/3cdAlHF86bXO0dDX4jL3FXqp5QsoZcMnFu/wsD0dxg4BblsrxbA
Cn4+LxXFzKR6sHbQXqUm7ROhvkIJRNPe1Bw49LARnTkdG8tMgQ9dYtMAvvZk8OPZnIaTyjwQu7DE
MARmOKt7Bj/YvTHCH91hc2BzYBEn5vJPcmL705B6Vc0Zn2O+jB+MK87gR7Z4iSNJgvanEZ4897pZ
YN5WYpf800y2GUYn2y46pwFF
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

最佳答案

请发布完整的肥皂信封。

我猜测 WCF 消息安全性会尝试解析响应。问题是我不确定你想要它 - 据我了解你有自己的机制来解析 saml。

在这种情况下,您不需要 TransportSecurityBindingElement,https 就足够了。

关于c# - WCF CustomBinding 客户端使用的 JAVA Web 服务 - 响应时出现 SAML 证书错误 - 找不到证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10285152/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com