I should create a soap client that should talk to wss4j service..
Expected soap message is like following:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="true">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-2BF68C14B752C6AF9D13976577086141">R9lpib3+Lv9g0Gorz/5XQ==
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-3">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="soap" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ZKmbm/i1rJBrORIQCA5eIu9mNAk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RkeIc2YhRTxMQ/Wwm4gNHypLx24=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>O6ume5TiYL1t1KZrv6I7rpSCcF82yAu4FzkvcqYvQ2X1qxy/A==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-2BF68C14B752C6AF9D13976577086302">
<wsse:SecurityTokenReference wsu:Id="STR-2BF68C14B752C6AF9D13976577086303">
<wsse:Reference URI="#X509-2BF68C14B752C6AF9D13976577086141"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2014-04-16T14:15:08.599Z</wsu:Created>
<wsu:Expires>2014-04-16T14:20:08.599Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</env:Header>
<soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-2">
<ns2:getBatchStatus xmlns:ns2="http://earsiv.vedop3.ggm.gov.org/">
<paketId>1</paketId>
</ns2:getBatchStatus>
</soap:Body>
</soap:Envelope>
I have the following contents:
the .config file is:
<customBinding>
<binding name="EArsivWsServiceSoapBinding">
<security includeTimestamp="true" authenticationMode="MutualCertificateDuplex" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" enableUnsecuredResponse="true" securityHeaderLayout="LaxTimestampLast" messageProtectionOrder="SignBeforeEncrypt" keyEntropyMode="ClientEntropy" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap12"></textMessageEncoding>
<httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" transferMode="Buffered" hostNameComparisonMode="StrongWildcard" />
</binding>
</customBinding>
and config has a certificate reference that is kept in Usb token and when signin , a pin code is asked:
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My" findValue="ddb10d5ef9ed14dada536ee144bd047ce42a1af8" x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
the service interface has:
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(ProtectionLevel = ProtectionLevel.Sign)]
public interface SampleWs
{
...
but the resulting soap is:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">..blah blah base64 content..</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Ng/QkiXSRDBasCcQjf35pp51ufw=</DigestValue>
</Reference>
<Reference URI="#uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>UdHyzU42q875NM1/W8pOW1QB+Pc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>.. blah blah a long base64 content..</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<u:Created>2015-09-15T22:17:11.416Z</u:Created>
<u:Expires>2015-09-15T22:22:11.416Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getBatchStatus>
<paketId xmlns="">1</paketId>
</getBatchStatus>
</s:Body>
</s:Envelope>
also it gives
InvalidSecurity An error was discovered processing the <wsse:Security> header.
So, the differences are;
My Questions are:
using .config, how can I get the target soap exactly?
does the error caused by those differences?
could you explain please what causes the error?
and get rid of the error??
Thanks for any help.
the solution achieved by using defaultAlgorithmSuite="Basic256Sha256" to get "w3.org/2001/04/xmldsig-more#rsa-sha256"; at target SOAP.. Thanks