WCF - Java web服务互操作 - 不接受签名传出消息

Question

我尝试使用证书和私钥来调用Java（JBoss）Web服务来签署消息，但服务器拒绝接受我签名的消息。它只回应我发送的相同信息。

我已经使用证书成功地签署了传出消息，并且当我将其与Web服务创建者提供的检查消息进行比较时，消息的结构看起来没问题。

我使用自定义绑定声明如下图所示

<binding name="FSACustomServiceBinding" 
      closeTimeout="00:01:00" 
      openTimeout="00:01:00" 
      receiveTimeout="00:10:00" 
      sendTimeout="00:01:00"> 
     <textMessageEncoding 
     messageVersion="Soap11" /> 
     <security 
     authenticationMode="MutualCertificate" 
     requireDerivedKeys="false" 
     keyEntropyMode="ClientEntropy" 
     includeTimestamp="false" 
     securityHeaderLayout="Lax" 
     messageProtectionOrder="SignBeforeEncrypt" 
     messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
     <secureConversationBootstrap /> 
     </security> 
     <httpTransport/> 
    </binding> 

并将得到的消息是这样的

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:BinarySecurityToken u:Id="uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[BINARYSECURITYTOKEN]</o:BinarySecurityToken> 
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
<Reference URI="#_1"> 
<Transforms> 
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>[DIGESTVALUE]</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue>[SIGNATUREVALUE]</SignatureValue> 
<KeyInfo> 
<o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-0794e8c9-f354-42de-acf2-3d2caf80ff9c-2"/></o:SecurityTokenReference> 
</KeyInfo> 
</Signature></o:Security></s:Header> 
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://etis.ford.com/services/fsa/1.0"><String_1 xmlns="">[VINNUMBER]</String_1></list></s:Body> 
</s:Envelope> 

与Web服务工作的exampel消息：

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://etis.ford.com/services/fsa/1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<env:Header> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="1"> 
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-26-1284446233382-10880960">[BINARYSECURITYTOKEN]</wsse:BinarySecurityToken> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
<ds:Reference URI="#element-25-1284446233382-9656454"> 
<ds:Transforms> 
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
<ds:DigestValue>[DIGESTVALUE]</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue>[SIGNATUREVALUE]</ds:SignatureValue> 
<ds:KeyInfo> 
<wsse:SecurityTokenReference><wsse:Reference URI="#token-26-1284446233382-10880960"  ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature></wsse:Security></env:Header> 
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="element-25-1284446233382-9656454"><ns0:list><String_1>[VINNUMBER]</String_1></ns0:list></env:Body> 
</env:Envelope> 

我用完了想法，Web服务创建者不提供任何信息永远不会接受我的信息。

有没有人有想法？

问候， 西蒙

Answer 1

一种可能性是，您使用的是自签名证书的JBoss服务器不信任。