1
.NET 2.0 클라이언트를 사용하여 AXIS 웹 서비스와 통신합니다. 웹 서비스가 제 제어 권한을 갖고 있지 않으므로 수정할 필요가 없습니다.AXIS Web svc., .NET 클라이언트 - WS 보안 문제
이제 보안 조각을 구현하기 위해 WSE 3.0을 사용하고 있지만 서로 이야기 할 수 있도록 몇 가지 문제가 있습니다. 나의 현재 문제는이 예외 것 같다 -.
Security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))
내가 정의 SecurityPolicyAssertion을 만든 클라이언트 측에서 사용자 지정 WSE 정책을 (구현했습니다, CreateClientOutputFilter(FilterCreationContext context)를 오버라이드하고 그것에서 사용자 정의 SendSecurityFilter라는 SendSecurityFilter, 나는 오버라이드
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
clientToken = GetClientToken();
serverToken = GetServerToken();
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);
security.Elements.Add(new MessageSignature(clientToken));
// Encrypt the SOAP message with the client's security token.
security.Elements.Add(new Microsoft.Web.Services3.Security.EncryptedData(serverToken));
// Store the client and server security tokens in the request state.
RequestState state = new RequestState(clientToken, serverToken);
// Store the request state in the proxy's operation state.
// This makes these tokens accessible when SOAP responses are
// verified to have sufficient security requirements.
envelope.Context.OperationState.Set(state);
}
이 다음과 같은 XML 출력을 생성 - -
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService" xmlns:types="http://b2bsys17-ssl.uhc.com/NASApp/phase2/services/SecureHIPAAService/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
</wsa:Action>
<wsa:MessageID>urn:uuid:e67780b6-dff4-4c41-8587-0a8980fa50ef</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>https://www.uhgdirectconnect.uhc.com/NASApp/phase2/services/SecureHIPAAService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-f6270878-1ad2-4635-9acc-6989f87f35e0">
<wsu:Created>2011-01-21T20:56:44Z</wsu:Created>
<wsu:Expires>2011-01-21T21:01:44Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f">MIICGjCCAYMCBEv9XCAwDQYJKoZIhvcNAQEEBQAwVDEaMBgGA1UEChMRcGF0aWVudHBvaW50a2lvc2sxGjAYBgNVBAsTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQDExFwYXRpZW50cG9pbnRraW9zazAeFw0xMDA1MjYxNzM2MzJaFw0yMDA1MjMxNzM2MzJaMFQxGjAYBgNVBAoTEXBhdGllbnRwb2ludGtpb3NrMRowGAYDVQQLExFwYXRpZW50cG9pbnRraW9zazEaMBgGA1UEAxMRcGF0aWVudHBvaW50a2lvc2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANEIOOGH+TbllK+Ayz7fEv9RkgrGtQHZNq0ibhwvkRU6Cv6on7pBIwj/jbha0H5U3gKiwyL1JGccHnhq4pWbOvFiR2zZDDXMCi5krwxfaIh7CYHDYOlaEymq+XbppblIefeScVTHoeghyMytESytQ9konB9DMK+rMNNZSLfebGs7AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAK9hC0wnujuAAILJNPEkfNOeZT6NFvKl2UByo62ejFlhskas4KYBU+D03FR45MJsaMCYa+rQJmAbQc7vrbowy+pN/1N7yap30KpGAhozuIOOI3TJtrMCT0elxzFZ2fktYO8ZnHTudDODODKOv/7kkiCfr+XvEs18OqLKDIA8lRpE=</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="SecurityToken-b29770db-3e56-46fe-8e73-030e1271568e" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YA3uSedFpwuFDpxOeGAudur3kJ0=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bZUxKs60Nrp5VzGGors9R5WZharm4uwSzLsFP6YvKCyHzXen2N/eARM+MVqXnXktncVIlK8wBahZhX6i1Vq6FkaOrOj8bjkXN4gdLrmFsXYD/v2sEFizMfEzhDo1tIItochTAr7ainJ8Hp6Nd/57lgaDzXDqO6Zxk1zK7tmJhaI=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" />
<xenc:DataReference URI="#Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="Enc-d07f984f-8a57-4bf5-80c2-ce5d18dfa509" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>9qU0pd9g9YSHarlMHmx8+h+QQJOKvAQYbaktoMpZ0RPjKghp3pLbjps7Sa3MAKwmX6CzXHG2PWM5NBjzlgEDr4/nT5PcSBiPk1xEVdBRSQEjHrP/FmMfFtfMGZUN/O+BhCakNZy3FM8rx6ypo0hzoTHevoCEelT1Qom/mOYyyxqmpSXmLTqEvIxKGuP2IzcU13GBDnastZR1gcu2s2W+/PfQxoguXbluLNr62Pil0nw7Z/DkdPwDht2/1CNwFFB2LTftR650xTc4a/SqSIe3fiFvD7FPa8wqedieh6LEILtGQzG9hf8mz1SKq23rU1UEaW8DyGgxm7i389WGYNPiAhMGyX58pZ0jH939Sdv0Oy6GyjsVQ4wl5cmslJ2A4WZB3yoy2psXQjz6Y/4LUpiuwXryLYSZmeG1v8l+MPo9ijtcsjTHKWSIxHVbC4jqvOxA7R629UtGhh2OB3wiUe7dvtA4c6yrbLJVwiLCkd4LQubbR13xHR41gCC53fhhZWw4kSwh2w0VnmfZAshbsvGsdmXfWVlrwpT6HETz/U2Ue1n79/1hCYYnh4fPlSPrrwXCaG/7STy+t7GIVP1pAwIVtb0TdgFAtgc1xcCfWZl/VfoS8wIHD7raP2UXk51CDk/OdDxQ9ehxOfzr/MCVwM2f3l0oKfVifYQSCFaeKdmPOqm0YQEmbl9SQ/eieNN9dpdZlkkT1bDmakmLY1GoOnN6URy3UjTpXXLsQXlsoDdkdXQCOUqlSkqM2Zw1UJSF+g/QbaDXGKahQy6LtEVP1ZTCLB1DXlm4yiO6gWQUlAsYH0zMaDm0MwAxP6tKfYMQouCBJHXVEe3CY1U3kMPh74uKYjOXZR7EYLUdac0ngwSYKhI7LT2JuCdOSFj1sqXQtRp2FPPZKjNK1WNTlX9lrXksmonDSTwzLmlW48pKRFO6lcFS8yjh0kMOSx7CAnnmatjaXnLb6yRD/TIMq0EShaRTWn4nK9WHXQRkIgexG11hEsTfwxzlnZGDZAFeUgAMU3YMOmaI77IrHr8kdZRaeut5VUa+3zmTlArvn0D0EvHLkCGL28epkZyb9LVgQ/PUrDLUEsFgycrMH9wF4NLwF8EiOfNmfpSB/Lsxcku2zZNHZ7/pvZBLyDMO2nl74BWnCo1wMNVPxcFoFGbA983ghdruiIyBtMvUWLuc886m5Im0Jdz7QK2/Qk0ALAn4A32tyhVjuqnlAjsxBV7g+ePxjGlUKbNieXVxrnG23JpKNH0HtuxpDBab3azcQQbjRTIS18OFQ/Oj6tp81R57oswY7rbqVK4/X5wSU50vTNQeFbeTmlYWZm5fHjdYZ5sKV275CH3IB4BQqADjytOsyKh2uFqFbCovG7i/rq66b8LR5/WQQRQ=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Sig-1f8972b5-c8ca-40cb-a3b9-73b77907a16f">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>BqLTeIy97kFa+tO+gxVqVycpoNo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>xR4sJyQV0D05l4LAlDhV3BITnogNS1MwTv+Y6RBE4viKqYEywikx0fjhxOK+URZNXVRHkvzwSD8VhEHkG7SOqkF1ja5uixgRlyYQ/bMPOQGqTKrypdVhvJOvniNXV5Rk9Kw9QfGwUoIrj80CMgT/i1CMJcTzv4bknKV+/pyGLdo=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-3f9b54ee-0048-440a-84ec-d1af150ba35f" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsu:Id="Id-ea44fad0-920a-4a3f-b4d0-39a7e7e510fa">
<xenc:EncryptedData Id="Enc-07efb4f6-d5c4-4deb-b66e-f027b0f4cf00" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>uEvS6L3N0hNJJnKwXHfBhHqGhx9EjdKCtMmQ6afhvUmApaXvtNLjfQQMdD1QeFiLAtl5MIM4eL2zbabW9wkJL9LXal927uv/gDCoQTRy2wkDLtfpOD0KpueobvVDgUDNQ4T/80tdUbDrTAVU54Omk5G5V2Ib3jxhXe3gqLt3rBtwh7gQlRKiU+bz265bW2wl+jaI5E91QmNEpdnICp3kGwabXOmnO4RCu9571Qj+7h/Y9ZOd8kfV0dGDQ1uNva9uW7lnuZtweghQ1IAzKDfaGT83byagTYZxq9zUJ1kJXWJMrpGjSTSonv78BvQ+O6AAVXJmwALWoz+kNhob+SDJRMqefEk9GH++s7v10KKUA8mzcwz6J1/HfxGgSTJHWcAkctynos2hegwYP3cXNj6ODHwr6nsIcvVhZsDXo6CS5ffYBrBlA5PVabW2tPFlfm7AytpZsF67A8pkwSDXTPzMpjUOJL+BUDYln2kcgjJ+MQ7eiRzCfsMMZ54FHmLDlCjfpp1h6lkN3QWQjgp7oXsKo1dZKdo7o0V5YmZT+6LZYzpN5nySAu3mLo40paxb4+PsBXDlvUyUqnOKtuFmDFwwR+dp4Kf+MD6Jy1uHE8Z00z/x43jUKlxdNzcrlN/UJ6kXcOez6j+1JV13yWNGK3U9aDkp9urYUphl3oqtlvmi4pC9CJqC+EKs8a0vKLNKWzjRVt5RIbrRlOd6qH4XYgQp/qnQV8/pEHLQt8+S8u4pjrryDJ9JDjbixi5KPwFGjZlsHmMf1pvnex/bvribGdWF3v29zejI8kNerXe5H2BKSuBGrViVQ/1kcgwjejjrqX4junCLVbbjgBQmUAToxkpu/gzBi02O/CW4GbUzjhI8n4Et+nQiBSyhunlI1PNU3OfdooZ1aS0iPYmYoWpvSkiORazXwsn4nVhXYrm8gNEKvHCk3Ed3lI25i6vMnxBYSUJMDV5lvEgUaYsrwy32t/COpylKOzNL2pk15DGbfM+zzRgJmT2EYWkJbNX0nN9rV0il8MTjPOaQmw6Hwo4GU4AMBJXih1xwO+v1+sx9taGwlGBPzmxEO2dPJAlBu+OdpZsk2nMEwWo1dF3FSpEmKTEhnBm2t0e3miOno0bMBP3xBy3gllEKOTJ80wd65Fg5fgjKaCbz+CJY5EnoGz6CyWhjKErnYrq/jzkdBOuA/TV+ZAHg53+PTi31ZdYPtnX7fDAFl3SxUjc8h8cKtILNpC9kWSgmK6cfvojLFifphdZmbSXL1b6P40XMVftK1oHItmtH3a73Ud0SAm6Bunyz/x6DrX+0fwOIevBLNTPy7sfNXhmS+YgulSyPTHpH0ip4mGomJEjjaWCGj+5tH9AX3Sd9Omd0jqmjYeTvAsu3071neSMrsPzTpRVOcOe+tOyWK1kTxk7ZE6qnrFup36Cpahd3+pa+eA2aVYcKz0Z4PPj1orNtoL20dwfSVGCq5xaux+mGAX45gNgZemPEq7v8C4G58Lk/UxqIWIrwEiSHmw+drTQ9QEixaY1ZBPftIGVOOJJT5XhfNvXy3LzoCMBUa775K57nfUqrxVgorETyzXhCGmzpkkWeEjBKH3W/UVd+aHX5Umo+9xe+82kpQLv3HvHRcodNq+2QtoEwLUrTD+D9t5rboJT/X7u6faaZqYbePEpgEKfX9O0ErBnpBUYUcEiUg/QQ8vKXGpZk+K6kOdjOxR20JFDkcULXmya1FM6AwWS4DMfINVtADWE7xd7nLjlhtDzWOj0wbFRQ95qaqgHfAqlUNTcpVobibVJZ75XeZsWt+o+dkvgA3wAQTfEOa6iyvpUsv3JXY2DKe8Sr1DFY31g9uZdvqaRIX8ALLymebVnAKq0FL45R13Ffp1VSep+FXly4Gm9cHBIknQNfyegsd1mi4r5qEoeZLTIlybsG5qHLrWlOTp16qRZU+0XvdXj8QK8mOy9LiVnXVdP94ehYIj1sgWIKpfsUDHFj2Xm6xPll</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
SecureMessage 방법
와 AXIS 읽기 오류 메시지를 반환 -
Security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for decryption (KeyId))
오류 메시지가 특히 도움이되지 않는 것입니다, 나는 그것이 무엇을 의미하는지조차 확실하지 않다가, 그래서 여기에 대한 도움은 많이 감사합니다!
감사합니다.
Teja.
경영진이 WSE가 더 이상 사용되지 않으며 거의 지원되지 않는다는 것을 알고 있는지 확인하십시오. 모든 새로운 웹 서비스 클라이언트 개발에는 WCF를 사용해야합니다. –
나는이 프로젝트를 위해 노력했지만, 나는 이것에 집착하고있다. 나는 WCF에 대한 경험이 없기 때문에 그것은 어리 석다. –