我正在尝试使用python签署带有证书的SOAP请求.我Signature用py-wsse 尝试了python-zeep及其方法和suds .两者都没有给我预期的结果.
Zeep给了我:
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap-env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#id-2790286f-721f-4f62-88bf-7e6b1f160e09">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue> DATA </DigestValue>
</Reference>
<Reference URI="#id-597e9b96-07e2-4ee8-9ba8-071d97851456">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue> DATA </DigestValue>
</Reference>
</SignedInfo>
<SignatureValue> DATA </SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference><X509Data>
<X509IssuerSerial>
<X509IssuerName> DATA </X509IssuerName>
<X509SerialNumber> DATA </X509SerialNumber>
</X509IssuerSerial>
<X509Certificate> DATA </X509Certificate>
</X509Data>
</wsse:SecurityTokenReference></KeyInfo>
</Signature>
<wsu:Timestamp wsu:Id="id-597e9b96-07e2-4ee8-9ba8-071d97851456">
<wsu:Created>2017-10-27T09:41:01+00:00</wsu:Created>
<wsu:Expires>2017-10-27T10:41:01+00:00</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap-env:Header>
<soap-env:Body wsu:Id="id-2790286f-721f-4f62-88bf-7e6b1f160e09">
<wst:RequestSecurityToken>
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
</wst:RequestSecurityToken>
</soap-env:Body>
</soap-env:Envelope>
虽然suds …
我有一个简单的命令行Java JAX-WS应用程序来测试SOAP请求,但是服务器期望密码类型是PasswordText,我对如何设置它感到难过......
代码如下:
@WebServiceRef
private static final HelloService helloService = new HelloService(url, new QName(
URL, "HelloService"));
public static void main(final String... args) {
try {
final HelloPort helloPort = helloService.getHelloPort();
final BindingProvider hB = ((BindingProvider) helloPort);
hB.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
END_POINT_ADDRESS);
hB.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
USERNAME);
hB.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
PASSWORD);
...
我已经使用SOAP-UI测试了请求,所以我知道它正在运行.任何有关设置密码类型的帮助将不胜感激.
谢谢.
标题对象
[Serializable]
[DataContract(Namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")] // This object serialize specific namespace
public class Security
{
[DataMember] // This object serialize without namespace
public UsernameToken UsernameToken;
}
public class UsernameToken : IXmlSerializable
{
public string Username { get; set; }
public string Password { get; set; }
public XmlSchema GetSchema() { return null; }
public void ReadXml(System.Xml.XmlReader reader)
{
reader.MoveToContent();
Username = reader.ReadElementString("Username");
reader.ReadStartElement();
Password = reader.ReadElementString("Password");
reader.ReadEndElement();
}
public void WriteXml(XmlWriter writer)
{
writer.WriteElementString("Username", Username);
writer.WriteElementString("Password", Password);
}
}
设置端点标头 …
我想在php中实现的soap服务器上验证soap请求的签名.
服务器代码:
$Server = new SoapServer();
$d = new DOMDocument();
$d->load('php://input');
$s = new WSSESoapServer($d);
try {
if($s->process()) {
// Valid signature
$Server->handle($s->saveXML());
} else {
throw new Exception('Invalid signature');
}
} catch (Exception $e) {
echo "server exception: " . $e;
}
错误:
exception 'Exception' with message 'Error loading key to handle Signature' in /<path>/wse/src/WSSESoapServer.php:146
我已使用此库实现了一个客户端来签署SOAP请求:https://github.com/robrichards/wse-php.没有如何实现服务器的例子......
如何加载公钥来检查签名?
[编辑]我现在可以使用加载提供的密钥了
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
$key->loadKey(CERT, true);
验证签名时,我不再收到错误消息:
$x = new XMLSecurityDSig();
$d = $x->locateSignature($soapDoc); …我想对使用SoapUI的WS-Security的Web服务进行调用.到目前为止,SoapUI教程没有运气.会喜欢任何建议.
我正在尝试使用使用密码摘要模式的 Web 服务,并且我的 Java 应用程序中具有这些函数来生成随机数、创建日期和密码摘要。我无法克服身份验证失败错误,并且文档对于他们是否需要 SHA-1 还是 MD5 并不太清楚,因为它顺便提到了两者。我尝试使用 MD5 而不是 SHA-1,得到了相同的结果。我设法通过 SoapUI 上的测试让请求正常工作,但我不知道该应用程序如何生成摘要/随机数。任何帮助表示赞赏。
这是我用来生成随机数和密码摘要的代码:
private static SOAPMessage createSOAPRequest() throws Exception
{
String password = "FakePassword";
String nonce = generateNonce();
System.out.println("Nonce = " + nonce);
DateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
dateFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
Date today = Calendar.getInstance().getTime();
String created = dateFormatter.format(today);
System.out.println("Created = " + created);
String passwordDigest = buildPasswordDigest(nonce, created, password);
System.out.println("Password Digest = " + passwordDigest);
}
private static String buildPasswordDigest(String nonce, String created, String password) throws NoSuchAlgorithmException, UnsupportedEncodingException
{ …我正在尝试使用 Node 使用 SOAP WS-Security 服务,并且请求必须具有如下摘要结构:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://ws.hc2.dc.com/v1">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-F9932E49C67837D88415342820380929"><!--DATA--></wsse:BinarySecurityToken>
<ds:Signature Id="SIG-F9932E49C67837D884153428203810212" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
</ds:Signature>
<wsse:UsernameToken wsu:Id="UsernameToken-F9932E49C67837D88415342820380868">
<wsse:Username><!--DATA--></wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><!--DATA--></wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"><!--DATA--></wsse:Nonce>
<wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-F9932E49C67837D88415342820380867">
<wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
<wsu:Expires>2018-08-14T21:28:18.086Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-E40CE4DF6628FFDAE615320042127276" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<!--BODY-->
</soapenv:Body>
</soapenv:Envelope>
请注意,标题仅包含security包含 4 个元素的标签:
BinarySecurityTokenSignatureUsernameTokenTimestamp使用 node soap模块,我只能生成一个标题:
UsernameToken 和 TimestampBinarySecurityToken, Signature, Timestamp(我不确定这些是否正确)但是我无法生成带有 4 个安全元素的标头。
那么,如何在 Node 中使用具有这四个限制的 SOAP WS-Security 服务?或者也许在 PHP 中?
我读过 Java 和 C# …
当我做python -mzeep https://testingapi.ercot.com/2007-08/Nodal/eEDS/EWS/?WSDL
操作是空白的。当我在浏览器中拉出它时,我可以在<operation>标签下找到很多东西。我缺少什么?
我不确定这是否相关,但如果是的话,我不想排除此信息。该网站有一个包含 XSD 和 WSDL 文件的 zip 文件,我不知道如何处理它们。
我在解析SOAP Web服务时遇到了一些问题.如何从WSDL中识别NAMESPACE,METHOD_NAME,URL和SOAP_ACTION以及如何使用SoapObject进行处理.
我想在android中调用soap.
下面是WSDL和SOAP REQUEST XML.
WSDL:
https://e1jas01.domain.cssus.com:8091/DV910/RI_AddressBookManager?WSDL
谢谢,Gowtham.
我从像这样的XML开始:
myXML="""<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://www.ercot.com/schema/2007-06/nodal/ews/message">
<soapenv:Header> </soapenv:Header>
<soapenv:Body>
<RequestMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.ercot.com/schema/2007-06/nodal/ews/message">
<Header>
<Verb>get</Verb>
<Noun>BidSet</Noun>
<ReplayDetection>
<Nonce>177766768</Nonce>
<Created>2018-10-22T09:03:33.169-05:00</Created>
</ReplayDetection>
<Revision>1</Revision>
<Source>QSAMP</Source>
<UserID>USER1</UserID>
<MessageID>test</MessageID>
<Comment>test</Comment>
</Header>
<Request>
<ID>QSAMP.20181020.EB.AB_C.BID123</ID>
</Request>
</RequestMessage>
</soapenv:Body>
</soapenv:Envelope>"""
我需要签名才能看起来像这样
<soapenv:Envelope xmlns:mes="http://www.ercot.com/schema/2007-06/nodal/ews/message" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-411BAD9927582E29B715402172715641">MIIEHTCCAwWgAwIBAgIBdDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQKEwhFUkNPVERFVjAeFw0xNTA1MDYxODA4MjJaFw0yNTA1MDMxODA4MjJaMIIBHDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZUYXlsb3IxETAPBgNVBAoTCEVSQ09UREVWMRswGQYDVQQLExJFbXBsb3llZUlEIC0gVVNFUjExFzAVBgNVBAsTDk1QIC0gMDQzMjI2ODg1MSQwIgYDVQQLExtEVU5TIE51bWJlciAtIDA0MzIyNjg4NTIwMDAxGjAYBgNVBAsTEUVSQ09UIERldmVsb3BtZW50MQ4wDAYDVQQLEwVVU0VSMTEWMBQGA1UECxMNMDQzMjI2ODg1MjAwMDEcMBoGA1UEAxMTMDQzMjI2ODg1MjAwMCBVU0VSMTEeMBwGCSqGSIb3DQEJARYPdXNlcjFAZXJjb3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBBaWstqWoqqJb+xAU6KGEMt+OkQY6ubbEEQml5SxkqDQRppo8U1kMHqKn4XhP3llZQGsMIBBMelb3nE9R3cDRmVcm3gJrj+pdeRh0ZGgPNwkASI/ev6SGGwWvDgAPNr8l+/UrrzgAMaYe9DrDEiFFZt+8Si3bbF4TEPM8F+6lJ2sNPU/5QBSv99v3QtZrqZvctSs9HCEfuoU9f2jHFCW46PWhH1dJUiyH24GPjaw+ZbVhrz1ccJH+JwZKybXgUdL5/fzcOfWveMXkTd6ai0/pSHiJRrT8oOXuaBsprDi0dKYbZTNx9d+8/HOugmP1J235Zg/mogP9h5lmjbw6lm7wIDAQABo3EwbzAdBgNVHQ4EFgQUCYkq9iXtxcS2GnQWwzBVQrefV3UwQwYDVR0jBDwwOoAUxY2QrudEPe3ldnlEenhuy/ehYUShF6QVMBMxETAPBgNVBAoTCEVSQ09UREVWggkA4jYWHOuW0D4wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAqVrVOfUbYotkL9Qmq5C8VYae+msJt4aG5SfXeWtND58DhDhx32PbWsFcQHPvJhHR+jV9dBg5yHkYMt712DJUsm2Fec+Cgc7yiJIFq1Pbs0cpe2NQqVJEaSzPyd6KB/nbJonIRtPFE+F4w4EHM+mbhdWecx7Tk8MH9235suZX50+uWPnnlYp9uJnqtJ13Mb6KObaCw/b8wXtFD1lu4B5p2W1vfgwhRR3Zh/f5AhuqaS+ZuMrwY7eM5LM278L5mzC+uYMT4fzzszDA3koXNTEqcCYCytj/sTO/UVqIO57/kU1l/ea+yj5E+Ak9yGBBu0sjua66bC5XwNFEOVrQLBkiUg==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-411BAD9927582E29B715402172716115">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="mes soapenv"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-411BAD9927582E29B715402172716114">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="mes"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Vd6yUSv013P7ov8AzF2IbYv7yS4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SnC9RHluvHxfg3zvfmoGHrfh6zfXSGUmGv9V351uhWgTn546tTU0/5LiaPsFEcfVxyWsoouVsBV9 VwCbw++6FmtehSCPH6CAO+1NngiE+miK6QThSqKJXj/5CbHwwfeQHqWRmf45AlCwvQiWhVqGi/tq
YViFi5t0aIMrdhLJDRNUv17UNPKVjcowyIbKLKQxSqNxB/PED8tF0oHC7rRmsEr3x7NqO/VZBWZd OgCQggWiAdXiBy+SwoooAufMs6t+2+YOFQtWLOHuIx79X+hFi3Gqff1I5vfiHust7/rZdSzx1wB/
T+aeNGIeIzQDNQoC55lhomgV0xp/3tZPHSzrqA==</ds:SignatureValue>
<ds:KeyInfo Id="KI-411BAD9927582E29B715402172716112">
<wsse:SecurityTokenReference wsu:Id="STR-411BAD9927582E29B715402172716113"> …