主页 / coding / 问题 / 77609291
Accepted
geckels1
Asked: 2023-12-06 05:19:28 +0800 CST

有谁知道如何在 SOAP WSSE 标头的 BinarySecurityToken 中生成 X509PKIPathv1 的 ValueType ?

  • 772

在 SoapUI 中,我发送一个 SOAP 请求,其中使用 BinarySecurityToken 构建了 WSSE 标头,我将其理解为 base64 编码的客户端证书,采用 PKCS12 格式。但是,ValueType 属性表示它是#X509PKIPathv1,并且在我对它生成的令牌进行 Base64 解码后,我无法使用 OpenSSL 以除 之外的任何证书格式查看它openssl asn1parse。所以它似乎是证书的某种形式的公共版本,但我不知道它是什么格式。OASIS 文档只是说 X509PKIPathv1 是“打包在 PKIPath 中的 X.509 证书的有序列表”,这不是有帮助。有谁知道 X509PKIPathv1 是什么或如何使用它?

下面是我引用的 SOAP 请求中的标签。我正在尝试在 Python 中重新创建这个 SOAP 请求,这就是我问的原因。这个问题也与Why does `openssl asnparse` not Give an error but `openssl x509` does for a DER file? 有关

<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="X509-64A8138B2F6D8C69B617017819964911159">MIISMTCCBgAwggPooAMCAQICEFsqPhGc/rJKIj+PeHduzogwDQYJKoZIhvcNAQENBQAwgZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ8wDQYDVQQHEwZGb2xzb20xDjAMBgNVBAoTBUNBSVNPMRkwFwYKCZImiZPyLGQBGRYJY2Fpc28uY29tMQswCQYDVQQLEwJJVDEsMCoGA1UEAwwjQ049Q0FJU09fQ2VydGlmaWNhdGVfQXV0aG9yaXR5X1Jvb3QwHhcNMjIwNjIzMjIzOTI3WhcNNDIwNjE4MjIzOTI2WjCBmTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAcTBkZvbHNvbTEOMAwGA1UEChMFQ0FJU08xGTAXBgoJkiaJk/IsZAEZFgljYWlzby5jb20xCzAJBgNVBAsTAklUMSwwKgYDVQQDDCNDTj1DQUlTT19DZXJ0aWZpY2F0ZV9BdXRob3JpdHlfUm9vdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPjvAyH1hlZXIgUKtObCs8B0soLP6WrGmF9urIv8U4lrv1mvnTyePGcbvjIIQVI1fectP/Ah7vKXqbiRtPfL7PGkxM/g6qaXg7NqZdQXrBhNEwZJNnhf5HBJpO+QuAoYJ8Nc2f4Ot8ZDgdFcgzC42XC7MkdMhtsO648zT2OfcHsJLQ20zxW6mUbYTObmoxX0OX/x7pL7vqJV6Tueqe2o1l0i3EWO+m2dbqzl/A9xOJ+C1415H5cN0Vf2yUIe6KaJ0CVj0YBVQW/7ox3S/q4Q6FZ/8bI8wbpxW8GLMZop6wOxIbP9wq6cSDcXD0e9dMqUHXzIBwslE/1Yye+ZJLXaiDdohhyCLxfHJrzAonP7yQgWqkZldYf2lZhRyJSZNAijF/Saxis73EikXiKNYxCmPofS2Wq8jNM0Uv63mkQ1UESUcxgdSJAwUQPfkY1spJdGZodrho0M+Nq6qyYIpJurQurBDEs38DkCG9wyhv143Eb6VLS0e7Ohseom4xgKJqZiRGbZgZIg4dnH5Irzm6XgnBz6NOOQ4gJEQ5ak8j8PhFUkHRGav0KSf00WlW5VnpJYwDqZlm71e3SEWLDWw0koHz2ZdaytIf8wfpPu74VuYEggQXlq8Ep783fKbR8E2RLqV4kVnmu/4s4Cjmictx2jvJS3HFwMirsttwEw35L+pQxrAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJMrIQ0RoghhW4wTLHug/v4tpuXOMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQ0FAAOCAgEA1hebUHJNLuVzQfCZGmEk9elPUaf2tnpOcs1FaP/XLPYOHdYJRultSGRQL+aVmDsewicFj4CDDkvE4p759l+n3u9oZpJ9s9LcDP6lOIiFKgULW368iMNF/SVB6AJtaph8YlT1nP4STiJkFmPJnDCtDmQQ1Ay6nKnHz8AMvCIiYpsc/hWXuy8eYpQt41GkhbF0LXtV0l4f1l/nW0TEE2gP8Q6mB1k+EdOsZkAG23lOcxO0citQGRPaLR9TvqiSWAChrXs6qvqV38EpYHRfZ/Nb1tdIGObvWQn5mxH4koMY4LW9Lumiz2OInaNeTMkW1H8ie+3F891Y39ZSgz+H18XxP4fnciL+6Ab8kj62/YWAAWIUksiImXGHdyomO7K4dCp7Dd//s9aglx/6YbsGqXnbgW9FHMdcL1plSUCszvN5INc4Ux4+xSIwVAuP1643S7g4ZShhQI6HASqJFOIm5JgVfaTggS2WfeW5xF65HPWvTl3ssavE2X6bVHsP1l/hTap1GjMWsjQ75+oz7/H28LckWlSxFjjIOxrBuiwk4sG49TQW7T3eWmhtNBrFCLjTXEr/ZCTkOVpogLsdd0iz67R43Rg/N0cu1djZIe16Z7HK3VoOyFWTyIHVcbIeBMrbQhBA3n/xCFNttXBZnsVXn8dIXfmDq1SJZKDjNKs4r4pgg24wggaAMIIEaKADAgECAhByYqsKUQh17PXXTfFGQLo8MA0GCSqGSIb3DQEBDQUAMIGZMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEPMA0GA1UEBxMGRm9sc29tMQ4wDAYDVQQKEwVDQUlTTzEZMBcGCgmSJomT8ixkARkWCWNhaXNvLmNvbTELMAkGA1UECxMCSVQxLDAqBgNVBAMMI0NOPUNBSVNPX0NlcnRpZmljYXRlX0F1dGhvcml0eV9Sb290MB4XDTIyMDYyMzIyNTUyOFoXDTMyMDYyMDIyNTUyN1owgZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ8wDQYDVQQHEwZGb2xzb20xDjAMBgNVBAoTBUNBSVNPMRkwFwYKCZImiZPyLGQBGRYJY2Fpc28uY29tMQswCQYDVQQLEwJJVDEsMCoGA1UEAwwjQ0FJU09fQ2VydGlmaWNhdGVfQXV0aG9yaXR5X0lzc3VpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsJIDYjLut3q3QD8baXx3p5ruwK0DZzL7RmBGdpH2BPmP1OFYNzyvlGUHY29kG39PM6kencWxOl0UlIxrNpEhJ22URaEe8vLTpn+qUbBIKd05SK4Zd03IYilt9yaL+bWEk3n8tOeaWqobguMwJbTOSqmbAboK31E2DTFu1QFAiKLwZLi7KYGeh0V4tXcUc4f6PmNBX9oMxG5EJccWxZEUXGIDUVFw920HOfQSEtmOHp4sRupFGeBMbcLkBKoBbUO3vGL6zu8bM9i0X3bz0ZOArk2JqqdaJ72CiY4IeAcOz2EHpiKZKBcbq0kve2w+dFwnHloNwiYpcvgbGhLLzzC7nQx0ggY50bHd61xuYBOPgQhLCcQN6dASNpolbOW8UFnnR+fDJ4JsqshLU1U5pBSyfK4DHTKEujGKwhu4Ffw1NpZCddGc3tUdS0rLZK55w/1v0JTqSuMZMtC1oyR0jliwWOgYNWIENEHJxr+HVnADQgJhlJIenFBFUOUs9ShaPETPcHYul/b4/C3lh4cV0IOk6hvE4wSj8GoktFTZS/vQetSfLYn2UHxfqLkgnEGTwCmAGKvxciD0JTanC3pE7Pz1J8R+Pjf09tpWGzJSOYkTLRAU+T5J05b5EBPXW7HH5QudOvQvW59UhmalybBLWmDWcMrATBI6HjowfnX1EK3txLQIDAQABo4HBMIG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFF8FtvQdOIDvokiAT6kiqL5rwzieMB8GA1UdIwQYMBaAFJMrIQ0RoghhW4wTLHug/v4tpuXOMFgGA1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwucGtpYWFzLmVudHJ1c3QuY29tL2NybC9lY3N6ODg2cnFma3Zici84NzRoNmhpZHR4ZndtcC9jcmwuY3JsMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQ0FAAOCAgEA2jacfCbCeSMIJ/iZE3RpxP1o6u+e5kGbK0Lzd0KNz2/8i974mhaa9bk4+E8x3tkmK2W9IKujpe2mAxjDcVoIvTgGddKEDo5sM1PchvJkVa61szyj+QPHNS5gBaBPIwJ2xt8Y7FgDClu1zQP3eqfPo8cvYahjTSCO3OhzMDyWTE+4osU5J9VtgrS+YH6uWvfJOSBqHfl5zcNadvnjzSGD7rsiLGHQwisRcdr0GAZohaPk7LjuNXLbRWbGIdfE+LjmJdC2hUQjeQzqepYb6dSgf/HKYV/FvlncoaCtUYd/GPKbSV4Wuf/3TlG2i9RHO8nANstvDr9AZol7U6nTZlsHWiHO8bxuTcA9YGFjvcOy4j7fWwat9ASM5Ba5Yc7JJnPC55fipXfJqc4qMZadBnAFxZQKIq0PTw54utVMPJIyvJ1cXHgdP7gRtrC4ABi50dUWMZ3uC2TjTM727vMLktHxa0vuOVNyO1M+GT4y13u7fepKaXvgBI4Inq6L5OkZBjruZrvnJUfbGpiTQzNgcRBAonQRgOVadAWMIQ7pZ1r8NABxcwuYm9x6dDEUaSJeKXKdMrUZXFr5DIg5UbCSwePtwpA3OyCBZkn4s6Xls5Fg34XTidJlt3P2bn7metNiuw5TSGncYtITlHpMLpfyU1VUf4/HsKiolQwFTFbrN7xsDmMwggWlMIIDj6ADAgECAhBuO7BBuRIolS+o6m1uHaV3MAsGCSqGSIb3DQEBDTCBmTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAcTBkZvbHNvbTEOMAwGA1UEChMFQ0FJU08xGTAXBgoJkiaJk/IsZAEZFgljYWlzby5jb20xCzAJBgNVBAsTAklUMSwwKgYDVQQDDCNDQUlTT19DZXJ0aWZpY2F0ZV9BdXRob3JpdHlfSXNzdWluZzAeFw0yMzExMTUxNzM5MDBaFw0yNTAyMTUxNzM4NTlaMEcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQKEwVDQUlTTzEPMA0GA1UECxMGcGVvcGxlMRcwFQYDVQQDEw5BUEkgVVNFUngyMDkzNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbjzi4qPqT2H7zRzYeqW7WS9IwxB/7Q59HT+Ubcke6iLI51JkbsHTDZcr7Qk4vlE4NocdqUaZngnxMKON3EZw6EH2WzuVxIrGc+2QecMJtYUt2YHpNULkX0MDeMHBORqTGxdQQtdtKpKDGlfaZJZvuKddwJlLLX62mfJ5lElbOGJ7WvrQTmM8JpN8xHB+Uj5n2YAipXMvZtJPDvbWprS6dfDNHW3y0JQK5+4UEO9n9/MF5pKJKNZnNjhFhegHsa5y554AMAIqb/ujVA6B5m1R7JhhV+wQJ7/dMgJcueysvCdvgfjaPOKbIAIRk9W6yNXhP9IVv8GP+KaxChwV1n0UcCAwEAAaOCATwwggE4MAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIP6fwShdnBmv+ZuMG3resB9QHjREQyfzF2hm+sINW32JMB8GA1UdIwQYMBaAFF8FtvQdOIDvokiAT6kiqL5rwzieMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjBdBggrBgEFBQcBAQRRME8wTQYIKwYBBQUHMAGGQWh0dHA6Ly9vY3NwLnBraWFhcy5lbnRydXN0LmNvbS9vY3NwL2Vjc3o4ODZycWZrdmJyLzZ6a2U5aWRwYjBpYndoMFgGA1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwucGtpYWFzLmVudHJ1c3QuY29tL2NybC9lY3N6ODg2cnFma3Zici82emtlOWlkcGIwaWJ3aC9jcmwuY3JsMAsGCSqGSIb3DQEBDQOCAgEAQzQqIoew5ikOxzt1zENNoGe7F9IEcqTI0ndwXdJbYHvG9EhEQNoJmFhIf1A4Dx+6EDaZMeZZFm3NW8vJjWT+WBb4+xdRq0wd0H62WACdv4P6269gr+hkmzjX8APQrH0ME+v5fzoWevgbDM4TJSUy65zu503z/wcGvyOpKZ3yqYP4SlWyiybha0zuRZ2iiJi01bNSl2yOo16tZ9INdLBnVuS1xNzPr10foSwSeKtIoXLZwco0NhfeswMsFpDafseoCGoLDKikvWqTgc+OGA+bskylXggkCwL5kMo4eJul88HQfs+5i0h8ueKOumzPeizVCBoxCDx8VcxrBgNIgb+QlnHettbeQBoBAF4F9qhCnmCKL/rJGs9cRIfVYVLgAsrWD5cqyOQTUuT1azveVM0SIRjZAbJwKk/2US8272Xz9S4iYO1wmXETaS+4+vNWxOJFd/ypvEwINdE00DrNkrg6O/u4B0fOxvSomBgNAipEgV0gxNRkzXt4jEhW6Ll8LivGfUA7O/xk8YSUINKILTz4sptotzxHO6CxXnacEF/zjDpMrWr/iA1yruyklnQIarZpwIlJoyk/tuNfBPm54b3XF6UUYYLc9KsDdQ18RUPdgg3GGM2mbPlyYoip7gd9hXl2VKdCguE8u/ZFYf2J6V8WdqCgMf5bvUR62qm9EzsfQ90=</wsse:BinarySecurityToken>

soap

1 个回答

  1. Best Answer

    这真的是编程还是开发?

    PKIPath在RFC6066 第 10.1 节中定义为SEQUENCE OF Certificate(从锚点向下)——它断言与 X.509 兼容,尽管我没有确认这一点。你所拥有的显然符合这一点。

    OpenSSL 不直接支持这一点,但在大多数 Unix shell 上(这至少有点切题)你可以用类似的东西来伪造它

    { head -c4 >/dev/null; # or dd of=/dev/null bs=4 count=1 2>/dev/null
  while openssl x509 -inform der -text -noout # or other options as desired
  do :; done } <bin_file

    或更手动地使用脚本(更切题),例如

    # assumes chain doesn't exceed 65535 but each cert does exceed 255 
off=4; eof=$(stat -c%s $1)
while [[ off -lt eof ]]; do
  len=$(( 0x$(dd if=$1 bs=1 skip=$((off+2)) count=2 2>/dev/null \
    | od -An -tx1 | tr -d ' ') + 4))
  printf -- "-----cert at %d,%d-----\n" $off $len
  dd if=$1 bs=1 skip=$off count=$len 2>/dev/null \
    | openssl x509 -inform d -noout -text
  (( off+=len ))
done

    PS:这与 PKCS12 格式一点也不相似,PKCS12 格式除了通常包含一个或多个 X.509/PKIX 证书(通常带有私钥或其他数据)之外,完全不同。

    • 0

相关问题