是一个关于ws-security的验证测试,服务器是was5.1,其实就是需要发送的消息和接受的消息的body签名,证书是自己签名的(X.509 自己签署的证书得到了服务的直接信任).
在客户端的配置文件的securityResponseReceiverBindingConfig部分指定了certStoreList( 证书信息)
在webservice提供端的配置文件securityRequestReceiverBindingConfig部分指定了证书信息
其他key信息什么的都指定了
结果发现调用失败,失败原因是:Unable to retreive valid X.509 data (should be embedded in BST) from Signature element.
trace的结果是发现服务器端接受到的soap消息中如下,请问可能是哪里出了问题,只要指出大概的方向或者可能性就行了,我自己弄了一天都没结果,多谢了.
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: IBM WebServices/1.0
Host: localhost:9080
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 5793
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext" soapenv:actor="myActorURI" soapenv:mustUnderstand="1">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier>/62wXObED7z6c1yX7QkvN1thQdY=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<CipherData>
<CipherValue>R7LBmE9XnGH5AN1dtoXTX9CRWKdDH6RrWgZCDtjn5gZjYNjnx6zU9/q8XJnIDqpRtAFlV/48hQbTu92tNpA9U8qKm/tbd5QlX7x7ctMW9kjRIrExmSjSVhM49Lqrb6NdrawVtLPCYA4QICn6QQ46JqrntFuo+i9p2NKJMaR6iLg=</CipherValue>
</CipherData>
<ReferenceList>
<DataReference URI="#wssecurity_encryption_id_8145190016787308504"></DataReference>
<DataReference URI="#wssecurity_encryption_id_1883010779863349350"></DataReference>
</ReferenceList>
</EncryptedKey>
<wsse:BinarySecurityToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" EncodingType="wsse:Base64Binary" ValueType="wsse509v3" wsud="wssecurity_binary_security_token_id_815574286422501813">
MIIDQTCCAqqgAwIBAgICAQQwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCSlAxETAP
BgNVBAgTCEthbmFnYXdhMQwwCgYDVQQKEwNJQk0xDDAKBgNVBAsTA1RSTDEQMA4GA1UE
AxMHSW50IENBMjAeFw0wMTEwMDEwOTU0MDZaFw0xMTEwMDEwOTU0MDZaMFQxCzAJBgNV
BAYTAkpQMREwDwYDVQQIEwhLYW5hZ2F3YTEMMAoGA1UEChMDSUJNMQwwCgYDVQQLEwNU
UkwxFjAUBgNVBAMTDVNPQVBSZXF1ZXN0ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMy3PfZ1mPhrEsBvYiOuIlPV3Uis5Yy6hmxo2YwYC2nNDBPzKslWUi/Q+fK+DNdY
6KEHmuDrcVcEma48J9X1a5avRlksQfKptKoVn4eBys2i/wkwyzQhDaFji79/MvnTRW8E
Vy99FNKw4PFnhOoe1tlDcNBuIH/fIuGOz9ElTV+fAgMBAAGjggEmMIIBIjAJBgNVHRME
AjAAMAsGA1UdDwQEAwIF4DAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFIW3FD1cXie4j4zw1gAp4cuOAZ4lMIG6BgNVHSME
gbIwga+AFL35INU4+WRy09vaf9zOsP7QvO9voYGSpIGPMIGMMQswCQYDVQQGEwJKUDER
MA8GA1UECBMIS2FuYWdhd2ExDzANBgNVBAcTBllhbWF0bzEMMAoGA1UEChMDSUJNMQww
CgYDVQQLEwNUUkwxGTAXBgNVBAMTEFNPQVAgMi4xIFRlc3QgQ0ExIjAgBgkqhkiG9w0B
CQEWE21hcnV5YW1hQGpwLmlibS5jb22CAgEBMA0GCSqGSIb3DQEBBQUAA4GBAHkthdGD
gCvdIL9/vXUo74xpfOQd/rr1owBmMdb1TWdOyzwbOHC7lkUlnKrkI7SofwSLSDUP571i
iMXUx3tRdmAVCoDMMFuDXh9V7212luXccx0s1S5KN0D3xW97LLNegQC0/b+aFD8XKw2U
5ZtwbnFTRgs097dmz09RosDKkLlM
</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#wssecurity_body_id_4101632261466011133">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ecnclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsi soapenc xsd #default wsu soapenv "></ecnclusiveNamespaces>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>mt52Bm37n3qm0x6vHf35XCNsOKw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
tYEraIBHh0IIm8hjh58OTNveVc5lOUUqx53dr3Q9oWyg2QhxvzkIxCDNw+th
dXdn8YwFhNosdLbRSMkcGgGQSX4DkRQ0YOblGVoPNh0pi01MdpZ5zbL3r2VP
kqZcMtjYH/g48r4SgaMn7dByOleiLna6J5Fs4JDBkYjjA6av2xY=
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#wssecurity_binary_security_token_id_815574286422501813"></wsse:Reference>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="wssecurity_encryption_id_1883010779863349350" Type="http://www.w3.org/2001/04/xmlenc#Element"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></EncryptionMethod><CipherData><CipherValue>Y3EyfOejJmzZ6tfZwF/Vw9y34ote9m7lyiQWtkFSuzYf0YK4Cw3mRYI2gGeSRM1uuUoURTHV/WxxUmONWx8JftOzO9S0k63T7kKLWUeSmO9WS+QR5M816s3lo2muyTaxFrlEi7v1FcZlNEDaya6nrPhnzmGbRGpRWdlfuybokDolo++/GICQOeOQjYg+SZMyCZ3/7roO0Rm6xsy6LOfi6i/iUCHQv9CzkblDSThsT9cUgN+TmxiQzUCfSNupPQHo8/nbkGOFf1EaQsbIiThMKfSHPFA+1+Vfx8xIjC6yvCS8ACplYrr4V3QGHCIIyoHaq1UO4J/Zyc4KLdoLelOPfadBaZr3oPwNcNu4UmVB8z3errMHmbJB/+oF0nldMUXnRewzgknpn0uG9SaEtTMEHs9Wj435V7CF</CipherValue></CipherData></EncryptedData></wsse:Security></soapenv:Header>
<soapenv:Body xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsud="wssecurity_body_id_4101632261466011133"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="wssecurity_encryption_id_8145190016787308504" Type="http://www.w3.org/2001/04/xmlenc#Content"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></EncryptionMethod><CipherData><CipherValue>nRQr1i6cTbAzepNZK7hl4yXLZi6eZkJ4V8C6SmcrK0XmaEx1bWpdyuJqhpVvPFg3K90Aor1iTISVW/uNsa96HaP+i3EfYqNakxd3WzR2gKg0jxa6YBVYJJKXJ83ZTHh1lxwfU6kkBeEP009NZ/K6iGEjxlWXW0pFk7DZQDqIFvknURtvIeBmqRow29+N5bMR2RWqr9iluvJzKagPmSJRLHz5XKukznnJ+YbUGpzVz2km7uDz0y8bVbeYNpCfeAGk</CipherValue></CipherData></EncryptedData></soapenv:Body>
</soapenv:Envelope>
--
FROM 221.216.173.*