SoapUI request to WCF service fails using certific

2019-06-07 19:29发布

站内问答 / Java
550 0 5

I have a custom binding like following for my WCF service which I am trying to call from the soapUI 4.5.1

  <customBinding>
    <binding name="NewBinding0">
      <transactionFlow />
      <security authenticationMode="MutualCertificate"
          defaultAlgorithmSuite="Basic128"
          securityHeaderLayout="Lax"
          includeTimestamp="false"
          messageProtectionOrder="SignBeforeEncrypt"
          allowInsecureTransport="true"
          requireSignatureConfirmation="false"
          requireDerivedKeys="false"
          keyEntropyMode="ClientEntropy"
          requireSecurityContextCancellation="false"
          allowSerializedSigningTokenOnReply="true" 
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
        >
      </security>
      <textMessageEncoding />
      <httpTransport />
    </binding>
  </customBinding>

When calling from soapUI, the WCF is throwing the following exception:

The algorithm 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' is not accepted for operation 'AsymmetricKeyWrap' by algorithm suite Basic128.

Below Is how the WSS section is configured, with the Keystores and Trueststores already configured enter image description here enter image description here

This is what the raw outgoing request look like:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tem="http://tempuri.org/">
    <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <xenc:EncryptedKey Id="EK-37BB785632FD23967C136977675208948" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <ds:X509Data>
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=MyRootCA</ds:X509IssuerName>
                                <ds:X509SerialNumber>32788490101032957713662863797677002373</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>byVbBr2KbCGtit5qxukBt4kJncBRhSAlhwzQbEOJMB53nvSa2KyVEvOzqhW7cPPaSYQ9lusM/sUi6IIkPqYq6MK4PlAUDzCdRLDfi8czCIRd60lzzIoZDsgrP5Wb6KCueUfJqQa3KlMhixG5SVy24JnwFiga1OXFFMhVzQogAxU=</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#ED-36"/>
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <ds:Signature Id="SIG-35" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-34">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <InclusiveNamespaces PrefixList="tem" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>235Fv28ZEcq/dSboJJff39GP4qw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>pVCiebPEEhjFnNUyMqTzaTdi3+gAb3kvEmaNGeM16aq7gRoXqC6swMd8lc3wVJbYu99vey6/P/tG
h3DWNApSPdG2GepGU61v1tMvhQUoO50RMwPOCqcNh7sm2Ednd9+e/iz2swgXpW2snAjRtlXQLwG7
4hGH8/kRZVhkjw66fps=</ds:SignatureValue>
                <ds:KeyInfo Id="KI-37BB785632FD23967C136977675207146">
                    <wsse:SecurityTokenReference wsu:Id="STR-37BB785632FD23967C136977675207147">
                        <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIB+zCCAWigAwIBAgIQGKrVX7X9U4RCiiMNRKUOhTAJBgUrDgMCHQUAMBMxETAPBgNVBAMTCE15Um9vdENBMB4XDTEzMDUxNTE3MzMyMFoXDTM5MTIzMTIzNTk1OVowIzEhMB8GA1UEAxMYY2EtbC05d2Z2cm0xLmNlcmlkaWFuLmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL9eCKbDpBRXhNSHKAynHtGcbKV0ex6GINUmEsT7MVdfiV3Uo6uhPsSFkTXP94A1NjAoAPbnwqAngSNSy0pVp+tOJEMrAUVylr7ZTyWuuLeS0VjNr5uPa0g7DU0ql2lplX7YoUHvkukOWZZxXaW357xaRK8CaOhgOL46L5R01K7wIDAQABo0gwRjBEBgNVHQEEPTA7gBBCVjzLsGaGduGc3BI9ivDUoRUwEzERMA8GA1UEAxMITXlSb290Q0GCEG8TS3oSQretQKuGdksAAKkwCQYFKw4DAh0FAAOBgQAHy35qBBHWwLunZwIjpx/C4rCXINVbns0Bmb8GCAXqPRd9iFc/mHDgaYP9v8UC7arcAzRO4ZAVR6rHn61rOOk6MZf5xxiCcBwuFApcTg9jGlO+i4Y46k+qCbkHfVgayL//5zRe44bZOb1n4T770Qk2bANYmbkvEBIOx7N42frMPw==</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:Action>http://tempuri.org/IMyService/GetData</wsa:Action>
    </soap:Header>
    <soap:Body wsu:Id="id-34" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <xenc:EncryptedData Id="ED-36" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                    <wsse:Reference URI="#EK-37BB785632FD23967C136977675208948"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>9ez6pmcUrPH2Riimre1Lbcz0UvFsun2uEMgxmwko7fzqEv+iOzjG5G4Iw4yH8RL5tapABcmGfykgqi7L/r4dLkEqulsjgGm8Zu6D0DcYj11Ft+2sM9C6kBaFd+gEX64gy6MXJSSmoCWnw8PaG8D/uwdZRtMJuDRUWlLU8tVv93vA0XtUwqZdaVa93bYX6xKwGI+JRUBkMadbXTGTswFT2Hc+zO9Tpo7eHIPmWwEBWfHegEy5/4TMy99lzzm30LQFDw/lpqqfdOeuCM9KL93Hg6eOyeKYx2d6/4bSIK1LP1uI0yhYbV+TEXP5iMjrwj6lcZjDBenKn1ayJ6QzW5k0yHiyfQeXHFYLPZNCWHnTD10FYoqCs0n8OXDvlmwaf7suZkbyAC6xblwV5Tqt/Mm8dQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

If I change the algorithm that is used to sign and encrypt messages in WCF to defaultAlgorithmSuite="Basic128Rsa15", then I get a different exception in WCF traces:

<Message>Message security verification failed.</Message> ..InnerException> <ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType> <Message>A mismatch occurred on the algorithm for the transform.</Message>

Anyone know what setting will work? Any help is greatly appreciated. I have been following @Yaron Naveh blogs and other suggestions on SO, but nothing has worked so far.

0条回答
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)