1. 技术文章
  2. SoapUI request to WCF service fails using certificates

SoapUI request to WCF service fails using certificates

落花浮王杯 提交于 2019-12-23 03:00:16

问题


I have a custom binding like following for my WCF service which I am trying to call from the soapUI 4.5.1

  <customBinding>
    <binding name="NewBinding0">
      <transactionFlow />
      <security authenticationMode="MutualCertificate"
          defaultAlgorithmSuite="Basic128"
          securityHeaderLayout="Lax"
          includeTimestamp="false"
          messageProtectionOrder="SignBeforeEncrypt"
          allowInsecureTransport="true"
          requireSignatureConfirmation="false"
          requireDerivedKeys="false"
          keyEntropyMode="ClientEntropy"
          requireSecurityContextCancellation="false"
          allowSerializedSigningTokenOnReply="true" 
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
        >
      </security>
      <textMessageEncoding />
      <httpTransport />
    </binding>
  </customBinding>

When calling from soapUI, the WCF is throwing the following exception:

The algorithm 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' is not accepted for operation 'AsymmetricKeyWrap' by algorithm suite Basic128.

Below Is how the WSS section is configured, with the Keystores and Trueststores already configured

This is what the raw outgoing request look like:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tem="http://tempuri.org/">
    <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <xenc:EncryptedKey Id="EK-37BB785632FD23967C136977675208948" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <ds:X509Data>
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=MyRootCA</ds:X509IssuerName>
                                <ds:X509SerialNumber>32788490101032957713662863797677002373</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>byVbBr2KbCGtit5qxukBt4kJncBRhSAlhwzQbEOJMB53nvSa2KyVEvOzqhW7cPPaSYQ9lusM/sUi6IIkPqYq6MK4PlAUDzCdRLDfi8czCIRd60lzzIoZDsgrP5Wb6KCueUfJqQa3KlMhixG5SVy24JnwFiga1OXFFMhVzQogAxU=</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#ED-36"/>
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <ds:Signature Id="SIG-35" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-34">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <InclusiveNamespaces PrefixList="tem" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>235Fv28ZEcq/dSboJJff39GP4qw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>pVCiebPEEhjFnNUyMqTzaTdi3+gAb3kvEmaNGeM16aq7gRoXqC6swMd8lc3wVJbYu99vey6/P/tG
h3DWNApSPdG2GepGU61v1tMvhQUoO50RMwPOCqcNh7sm2Ednd9+e/iz2swgXpW2snAjRtlXQLwG7
4hGH8/kRZVhkjw66fps=</ds:SignatureValue>
                <ds:KeyInfo Id="KI-37BB785632FD23967C136977675207146">
                    <wsse:SecurityTokenReference wsu:Id="STR-37BB785632FD23967C136977675207147">
                        <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIB+zCCAWigAwIBAgIQGKrVX7X9U4RCiiMNRKUOhTAJBgUrDgMCHQUAMBMxETAPBgNVBAMTCE15Um9vdENBMB4XDTEzMDUxNTE3MzMyMFoXDTM5MTIzMTIzNTk1OVowIzEhMB8GA1UEAxMYY2EtbC05d2Z2cm0xLmNlcmlkaWFuLmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL9eCKbDpBRXhNSHKAynHtGcbKV0ex6GINUmEsT7MVdfiV3Uo6uhPsSFkTXP94A1NjAoAPbnwqAngSNSy0pVp+tOJEMrAUVylr7ZTyWuuLeS0VjNr5uPa0g7DU0ql2lplX7YoUHvkukOWZZxXaW357xaRK8CaOhgOL46L5R01K7wIDAQABo0gwRjBEBgNVHQEEPTA7gBBCVjzLsGaGduGc3BI9ivDUoRUwEzERMA8GA1UEAxMITXlSb290Q0GCEG8TS3oSQretQKuGdksAAKkwCQYFKw4DAh0FAAOBgQAHy35qBBHWwLunZwIjpx/C4rCXINVbns0Bmb8GCAXqPRd9iFc/mHDgaYP9v8UC7arcAzRO4ZAVR6rHn61rOOk6MZf5xxiCcBwuFApcTg9jGlO+i4Y46k+qCbkHfVgayL//5zRe44bZOb1n4T770Qk2bANYmbkvEBIOx7N42frMPw==</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:Action>http://tempuri.org/IMyService/GetData</wsa:Action>
    </soap:Header>
    <soap:Body wsu:Id="id-34" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <xenc:EncryptedData Id="ED-36" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                    <wsse:Reference URI="#EK-37BB785632FD23967C136977675208948"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>9ez6pmcUrPH2Riimre1Lbcz0UvFsun2uEMgxmwko7fzqEv+iOzjG5G4Iw4yH8RL5tapABcmGfykgqi7L/r4dLkEqulsjgGm8Zu6D0DcYj11Ft+2sM9C6kBaFd+gEX64gy6MXJSSmoCWnw8PaG8D/uwdZRtMJuDRUWlLU8tVv93vA0XtUwqZdaVa93bYX6xKwGI+JRUBkMadbXTGTswFT2Hc+zO9Tpo7eHIPmWwEBWfHegEy5/4TMy99lzzm30LQFDw/lpqqfdOeuCM9KL93Hg6eOyeKYx2d6/4bSIK1LP1uI0yhYbV+TEXP5iMjrwj6lcZjDBenKn1ayJ6QzW5k0yHiyfQeXHFYLPZNCWHnTD10FYoqCs0n8OXDvlmwaf7suZkbyAC6xblwV5Tqt/Mm8dQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

If I change the algorithm that is used to sign and encrypt messages in WCF to defaultAlgorithmSuite="Basic128Rsa15", then I get a different exception in WCF traces:

<Message>Message security verification failed.</Message> ..InnerException> <ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType> <Message>A mismatch occurred on the algorithm for the transform.</Message>

Anyone know what setting will work? Any help is greatly appreciated. I have been following @Yaron Naveh blogs and other suggestions on SO, but nothing has worked so far.

来源:https://stackoverflow.com/questions/16802084/soapui-request-to-wcf-service-fails-using-certificates

标签
java
wcf
interop
soapui
ws-security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!