weblogic策略Wssp1.2-2007-Wss1.1-X509-Basic256.xml的soap ui配置

Posted 2023-04-13

【中文标题】weblogic策略Wssp1.2-2007-Wss1.1-X509-Basic256.xml的soap ui配置

【英文标题】：soap ui configuration for weblogic policy Wssp1.2-2007-Wss1.1-X509-Basic256.xml

【发布时间】：2015-02-19 06:29:09

【问题描述】：

我有一个已配置 Wssp1.2-2007-Wss1.1-X509-Basic256.xml weblogic 策略的 web 服务。

我已经配置了一个时间戳，一个密钥标识符类型为 BinarySecurityToken 的签名。但我无法理解如何为 sp:RequireThumbprintReference/ 配置soap ui。

我尝试将密钥标识符指定为 ThumbPrint SHA1 标识符的加密，但仍然无法正常工作。

m 从 weblogic 服务器粘贴日志..

---

<soapenv:Envelope xmlns:cus="http://customerinfo.org.ascent.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://do
cs.oasis-open.org/wss/2`enter code here`004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">


<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200
401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-8E9E164BA738DA391D1424325487026195">MIICSzCCAbSgAwIBAgIEVOH2WzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJJTjELMAkGA1UECBMCTUgxCzAJBgNVBAcTAlBOMRAwDgYDVQQKEwdHZW1hbHRvMQwwCgYDVQQLEwNTSEQxITAfBgNVBAMMGHdlYnNlcnZpY2VzZXNzaW9uX2
NsaWVudDAeFw0xNTAyMTYxMzUzMzFaFw0xNTA1MTcxMzUzMzFaMGoxCzAJBgNVBAYTAklOMQswCQYDVQQIEwJNSDELMAkGA1UEBxMCUE4xEDAOBgNVBAoTB0dlbWFsdG8xDDAKBgNVBAsTA1NIRDEhMB8GA1UEAwwYd2Vic2VydmljZXNlc3Npb25fY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC42vKAGMuWXwmc5s2cKKU/JSJ/5xUuz6pcv11q
n6oiWVuyIOr0j9+20mzqnxC4WA/hdudA1bOxXPALt71ITCsTMA+evHDnRS9cKCuWAtgkFiZ+sTtzN9rt2Ki10ptU3ubdY+3RsOl8DdoTM0QwpkElWGV9ejypGdSSvf6zH7H3BwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJkKIeSzranu1quuGj1ntP4K4YayHnkAEKaVCAwR4uuqEw+60GmzoNl0Fo24D8jZvEwHa0ZvQct6cozkwYpgYqvdj/4v7W7RjcZAhjpFaa
Jl1covLcb2yGiJ6Q4cGTuCiwjctWpD1HBjCDf53NgbKlqmF55SKngEGmiI51JaQtpE</wsse:BinarySecurityToken>


<ds:Signature Id="SIG-152" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="cus soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-151"><ds:Transforms><ds:Transform Algorithm="http://
www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="cus" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>qDpp2xQiu+9OLR0Uq9Ksy7u2eBc
=</ds:DigestValue></ds:Reference>
</ds:SignedInfo>

<ds:SignatureValue>iZ+ykpXm/z+HBgJpVcGuomQXUBefZ4adDodUNLJpKSOTRdhsXKfjnaNO65bTSkDZaVbWKl5NOad/
jym2b7oqT1ldOC+t5alEi5luuiegT9s8HlXMU9YP+yu4mPAN/CzlHnFW2rwo0FHAUxxrgqZHGfEc
2jfeDxYgsHpoM8VZRNk=</ds:SignatureValue>

<ds:KeyInfo Id="KI-8E9E164BA738DA391D1424325487026196">
<wsse:SecurityTokenReference wsu:Id="STR-8E9E164BA738DA391D1424325487026197">
<wsse:Reference URI="#X509-8E9E164BA738DA391D1424325487026195" ValueType="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>
</ds:KeyInfo>


</ds:Signature>

<wsu:Timestamp wsu:Id="TS-150"><wsu:Created>2015-02-19T05:58:06.992Z</wsu:Created><wsu:Expires>2015-02-19T05:59:06.992Z</wsu:Expires>
</wsu:Timestamp>

<xenc:EncryptedKey Id="EK-8E9E164BA738DA391D1424325486991194" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">INRAkRgCa9YCbonrDxyWpeqG0qg=

</wsse:KeyIdentifier>

</wsse:SecurityTokenReference></ds:KeyInfo>

<xenc:CipherData><xenc:CipherValue>Q/gNIHO7QyIpWzW30cdpAWcev/fJvMGpZBblZCfA/xpeloGJ/xbcvLsXUjxe2t0CVkrppR/3wQ5RueFvnL3Nd4R7MZpdpMYG1xGiUemJsb5DuEQaWSc7V3qectjI0i5xBqkRmyuLkkT6ixBL52RQi8Oe0ai9lNuIcYAHecIAooc=</xenc:Cipher
Value></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-149"/></xenc:ReferenceList></xenc:EncryptedKey>

</wsse:Security>
</soapenv:Header>



<soapenv:Body wsu:Id="id-151" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1
.0.xsd">

<xenc:EncryptedData Id="ED-149" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss
/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#EK-8E9E164BA738DA391D1424325486991194"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>+R8VzgZ1+q7w7Ne1Z308v4JXBOSos8q5Brq872k8gnZk4sUUVjRzceDfNBbmD5VmNOyqWLv94ZWqnFfs+rkOC3pPPQvp
oQYXrIkYvbIYYjMekj5dQLdqRTJYaRw7xa7SFeljOLN1y6dC42EkWg0kelS22HC2Fe+VlP8cwkcbtlhxDl8cShiQtG/EnovmWgWnnMCHhnvzhd0J7SUMv1V2XAEBp7CQ3VEZlom9ypDlXBQ=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>


</soapenv:Envelope>


<WSEE:12>Created<SoapMessageContext.<init>:48>
** E N D  I N P U T S T R E A M **



<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>Parsed header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdSecurity: <name=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdSecurity> <role=null> <mustUnderstand=false><SoapMsgHeaders.parse
Headers:202>
<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>Parsed header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdSecurity: <name=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdSecurity> <role=null> <mustUnderstand=false><SoapMsgHeaders.parse
Headers:202>
<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>isCompatMSFT set to false<SecurityPolicyBlueprintPlotter.drawPolicyCompatibilityPreference:110>
<WSEE:12>policyNamespaceUri is http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702<SecurityPolicyBlueprintPlotter.drawPolicyCompatibilityPreference:111>
<WSEE:12>Inspecting message age ...<SecurityMessageInspector.checkMessage:167>
<WSEE:12> timestamp(maxAgesSecs=60) verified<SecurityMessageInspector.doMessageAge:755>
<WSEE:12>Inspecting message authentication identity ...<SecurityMessageInspector.checkMessage:175>
<WSEE:12>Identity is not required.<SecurityMessageInspector.inspectIdentity:803>
<WSEE:12>Inspecting signature ...<SecurityMessageInspector.checkMessage:268>
SignInfo mismatch  Refs: Msg size =1#id-151, Policy size =3 #TS-150, #id-151, #X509-8E9E164BA738DA391D1424325487026195,
STR type mismatch Actual KeyInfo:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdReference|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3,  StrTypes size=1 :http://docs.oasis-open.org/wss/2004/01
/oasis-200401-wss-wssecurity-secext-1.0.xsdKeyIdentifier||http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1,
<WSEE:12>set Message called: weblogic.xml.saaj.SOAPMessageImpl@16d10b7<SoapMessageContext.setMessage:65>
<WSEE:12>set Message called: weblogic.xml.saaj.SOAPMessageImpl@16478c1<SoapMessageContext.setMessage:65>
<WSEE:12>WSEE[MONITORING[Invocation[DispatchTime=412121007][ExecutionTime=0][ResponseTime=412121007]]]<WseeBaseOperationRuntimeData.reportInvocation:185>
** S T A R T   R E S P O N S E  O U T P U T S T R E A M **

<?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode><faul
tstring>Error on verifying message against security policy Error code:3000</faultstring></env:Fault></env:Body></env:Envelope>
     ** E N D  R E S P O N S E  O U T P U T S T R E A M **
<WSEE:12>HTTP RESPONSE
  ContentType= text/xml;charset="utf-8"
  CharacterEncoding= utf-8
<ServletDebugUtil.printResponse:42>
<WSEE:12>*** JAXWS post finish ***<VerboseHttpProcessor.post:45>

StoreCleaner for weblogic.wsee.server.WsStorage@11192bd timer popped
<WSEE:12>Now checking persistent state objects<StoreCleaner$TimerListenerImpl.doClean:166>
StoreCleaner(weblogic.wsee.server.WsStorage@11192bd) - persistent store empty.

---

请有人指导如何使其工作....或者提供对文档的任何参考，我可以从任何策略中理解特定内容并可以相应地配置soap ui。

M 已经为此苦苦挣扎了 2 天，请帮忙。

提前非常感谢..

【问题讨论】：

有人可以帮忙吗？

我这里有东西 .***.com/questions/22915487/… .仍然需要检查 ..soap ui 5.0.0 是否有帮助。

【参考方案1】：

最后我设法在soap ui 5.0.0 中设置了策略Wssp1.2-2007-Wss1.1-X509-Basic256.xml 的配置..

对于 sp:RequireThumbprintReference 策略断言。将密钥标识符配置为“Thumbprint SHA1 identifier”的签名，这在soap ui 版本 4.5.1 中不可用，但在 5.0.0 中。

干杯！！