HTTPS error / X.509 ws

I'm very new to SOAP, and this is my first project. I am trying to connect to a HTTPS WSDL in order to pull some information on my webpage.

There is a certificate setup ready for both local server connect with the service provider server. There is a response when I try to connect the https webservice, so I believe there is no connection issue between both server :

Here is the SOAPUI sample given from the third party technical team :

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
     xmlns:soap="http://soap.ipr.tfp.com/">
    <soapenv:Header/>
    <soapenv:Body>
       <soap:create>
          <arg0>
            <attribute_1>abc</attribute_1>
            <attribute_2></attribute_2>
            <attribute_3>abc123</attribute_3>
            <attribute_4>abc234</attribute_4>
            <attribute_5></attribute_5>
          </arg0>
       </soap:create>
    </soapenv:Body>
</soapenv:Envelope>

Below is my cfm code used to connect the Webservice :

<cfscript>
    ws = CreateObject("webservice", [HTTPS URL]?wsdl);
    //show web service methods for debugging purposes
    writeDump(ws);

    // construct arguments
    args = {attribute_1="abc"
            , attribute_2=""
            , attribute_3="abc123"
            , attribute_4="abc234"
            , attribute_5=""
        };
    // call the method
    result  = ws.create(arg0=args);

    writeDump(result)
</cfscript>

Issue :

I'm getting below error message when execute my cfm script :

     Cannot perform web service invocation create.
The fault returned when invoking the web service operation is:
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server
 faultSubcode: 
 faultString: These policy alternatives can not be satisfied: 
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRY... 

Questions :

Is this error related to the SSL certificate setup in the ColdFusion keystore?

Anything wrong with my CFM script? Refer to the SOAPUI sample, the xml format is `[arg0] --> [attribute_1], [attribute_2] and so on. Can I pass the attributes this way?

result = ws.create(arg0=args);

The same service works from SoapUI tool. Am I missing anything here?

Thank you for your time. Your help is appreciated.

2016-05-30 - Update -

I tried to use the CFHTTP tag to submit the XML, but it seemed to return a differenct error:

<cfhttp
    url     = "[HTTPS URL]?wsdl"
    method  ="post"
    result  ="httpResponse" 
    charset ="utf-8">

    <cfhttpparam
        type="header"
        name="accept-encoding"
        value="no-compression"
    />
    <cfhttpparam
        type="xml"
        value="#trim( soapBody )#"
        />
</cfhttp>

Error:

Here is the error message in the file content :

    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <soap:Fault>
            <faultcode>soap:Server</faultcode>
            <faultstring>These policy alternatives can not be satisfied: 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            AsymmetricBinding: Received Timestamp does not match the requirements 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            X509Token: The received token does not match the token inclusion requirement 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            X509Token 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            InitiatorToken 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            RecipientToken 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            IncludeTimestamp: Received Timestamp does not match the requirements 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}
            Body not SIGNED 
            {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
            EncryptedParts: 
            {http://schemas.xmlsoap.org/soap/envelope/}
            Body not ENCRYPTED
            </faultstring>
        </soap:Fault>
    </soap:Body>
</soap:Envelope> 

The error message seems similar to cfobject tag. When I read closely in the error message, it seemed related with the X.509 ws-security encryption where the SOAP content needs to encrypted before send to the Web service request.

After did some research, the encryption flow seem work as below:

Save SOAP content into temp folder.

Used Java Class file to encrypt the SOAP content into X.509 ws-security format.

Sent new encrypted SOAP content to Webservice.

I have no idea how CF works with Java class files. Has anyone done the same encryption conversion before?

---

In your code to connect to web service, change

ws = CreateObject("webservice", [HTTPS URL]);

to

ws = CreateObject(
  "webservice", 
  "[HTTPS URL]",
  {wsversion="1"}
);

in case only Axis 1 works for you.

Also check at the other end, if your using ColdFusion to expose the web service make sure is set up for Axis 1.

链接地址: http://www.djcxy.com/p/31288.html

上一篇: Java s2s通过p12证书和基本授权连接到https

下一篇: HTTPS错误/ X.509 ws