'WSM-00081 : The X.509 certificate is not signed' 使用 jmeter 网络安全插件签名时
'WSM-00081 : The X.509 certificate is not signed' while signing with jmeter web security plugins
我有负载测试服务,它使用 WS 安全性来验证请求。我已按照此处提到的步骤进行操作 - https://www.blazemeter.com/blog/running-soap-ws-security-load-tests-in-jmeter 但我的测试服务器因以下错误而失败。
Jmeter版本:3.2 r1790749
我的配置:
要求:
<soapenv:Header xmlns:wsa05="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60">MIIEkDCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBtDEcMBoGA1UEChMTTWluaXN0cnkgT2YgSnVzdGljZTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEmNhQGp1c3RpY2UuZ292dC5uejETMBEGA1UEBxMKV2VsbGluZ3RvbjETMBEGA1UECBMKV2VsbGluZ3RvbjELMAkGA1UEBhMCTloxGDAWBgNVBAMTD2p1c3RpY2Uucm9vdC5jYTAeFw0xODA5MTgyMDA4NDVaFw0yMDA5MTcyMDA4NDVaMGkxCzAJBgNVBAYTAk5aMRMwEQYDVQQIEwpXZWxsaW5ndG9uMRwwGgYDVQQKExNNaW5pc3RyeSBPZiBKdXN0aWNlMQwwCgYDVQQLEwNlc2IxGTAXBgNVBAMTEHBvbGljZS5jZXJ0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz5pr26tmQRVbXOQxkfrDbZKMcmbHhqKVnktVCoL40trNiLYM6SdytVS0wQDJOsa9NdZe8Ce/Rw69aQoSnbrL03fvuKNlde/eb/PYaNrHBHqIKwxNuG4+19tBnDjqYuH/NOmdRlhUKxeSOfLJ/e7PhM3lJIPvINVIEGoNPFqSvdAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRvQzQCT/NTmAYVZk1zPzsxfohTPTAfBgNVHSMEGDAWgBQM79E9i5D6jlawyd11tMYGl9JMvTANBgkqhkiG9w0BAQUFAAOCAgEAUYvCGT8yzWS+Jx+zCS8r5XBa3n+u/+b5aoacQHgRkF19mc7TCaxJux1qfoY02QqEQfixXSZMdTLmXhumoqt0A8nvgUI9d2OElKzVv5l6m+lmzB+eZKzLTi4v9TjXKjAaCvofF7OInZ/yeoc12EU8tVLmSdgrGShOwnraOWHkaWkg5J7FaqDmRrVg1wNKcfzV5f1EUIEmnY/J71n9JpuYCBYaKyPGuxmmSDmeO/GAyE8UGlmhtf1L7URkCSrDU2NMQA3Kq7xqsUbs5gsPd/sQe03RDehu+Va/8stIGP9uu+ek1VM3P1x1x70n64RPdP3tQg0zAaFWc5aOi1a5xO6YsUOzQT2HOf6K7syg1YOyDfuCUK6BWL1aOoV2snHYqienuAJnDKDcYSrcyjt0Cp8qP0pmWMNV5ZjWGoU6CPOuY0VCnoKwffnER4I7Vx4DV+DUp2jQc5e4rMo6vucW4hzhdS3jKyiOi3on6vQU978Rw+enrYItFAvOL7KAJVQoTZ7ZWZqsswstdqvNtg75Hljb+guYkr1+jpZcjwWII5RyqWbyIvZgYHTw2CpAgtm9OS4vW+Cbtgus3154qYp9UNZSXXzO+K2gqS0mPSNeJ7W794tbGbzQ2yCDqQ9VUZE4mHEivs9cn6oE3KPTEwHH8J9mByxbgSbK82hFdxoVGvTujr4=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-91db268d-ad9c-4279-b2b7-5b2a2f274c81"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-128"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8c1zFU59JNzfJ3AbXTxn+jC46ZU=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-129"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>6WpWJAk7NdlgtPH6LzKvcHV2S1s=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-130"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>BVLT6+H8s/VW+D1olbM3yQrRI+Q=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-131"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>vc7yU0o3VGsjI8iIJIQTH5vA1A4=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-d6f07fd3-1b3a-4c55-a668-f8d2464c6dd8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lBydSuIFHgWDOLds34mVNmHC//4=</ds:DigestValue></ds:Reference><ds:Reference URI="#TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>nFiaKa8fMrSxHLhKL8B2BV2ujjU=</ds:DigestValue></ds:Reference><ds:Reference URI="#Timestamp-69"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>cJD//Tj+XcnZfn0tG1NMRISS45M=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-dd30423a-5490-498f-b2de-2dbe34c1d1e8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>obSOseNPR/F9wWfpxucQ+oHyXKc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NdtPrzlN/aExQhiklnPWR2ZmfgokKQ5e46Xor2LhYNB/o4vs5GfBb2zM87IsincbWYlbu8ggGSiZ1cMRz+Sj2ssovB5cKO+FzLkF0TaCIYqtbf434n+xlrDowhfh21vDICY0dl8uLGqU6MoznZDpLYQ10q6gM0grDbTmMbl++TE=</ds:SignatureValue><ds:KeyInfo Id="KI-7684c7f7-1cba-4f7a-b684-21459c4b937a"><wsse:SecurityTokenReference wsu:Id="STR-34ab6a5b-28dc-4cfc-9773-bc4e94a0bffe" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp wsu:Id="TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><wsu:Created>2019-02-21T03:54:08.894Z</wsu:Created><wsu:Expires>2019-02-21T20:34:08.894Z</wsu:Expires></wsu:Timestamp>
<wsu:Timestamp wsu:Id="Timestamp-69" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2019-02-21T03:02:11.297Z</wsu:Created>
<wsu:Expires>2019-02-25T19:42:11.297Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa05:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-129">REMOVED</wsa05:To>
<wsa05:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-131">REMOVED</wsa05:Action>
<wsa05:From xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-128">
<wsa05:Address>PoliceNIA</wsa05:Address>
</wsa05:From>
<wsa:ReplyTo xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="id-dd30423a-5490-498f-b2de-2dbe34c1d1e8">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa05:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-130">001</wsa05:MessageID>
Jmeter Message Signer configurations Screenshot:
Update Jmeter Message Signer with Binary Security Token to sign
服务器错误:
--- Error message:
oracle.wsm.security.SecurityException: WSM-00081 : The X.509 certificate is not signed.
at oracle.wsm.security.policy.scenario.processor.Wss10X509TokenProcessor.verify(Wss10X509TokenProcessor.java:415)
at oracle.wsm.security.policy.scenario.executor.Wss10MutualAuthWithCertsScenarioExecutor.receiveRequest(Wss10MutualAuthWithCertsScenarioExecutor.java:147)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:662)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:44)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:526)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:438)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)
很可能你配置错误 SOAP Message Signer 因为我在你的 SOAP 负载中看不到相关条目,请仔细检查预处理器的配置(密钥库类型和位置、密码等)
这些行看起来也很可疑,因为现在是 2019 年:
<wsu:Created>2015-02-25T03:02:11.297Z</wsu:Created>
<wsu:Expires>2015-02-25T19:42:11.297Z</wsu:Expires>
最后但并非最不重要的一点是,根据 9 Easy Solutions for a JMeter Load Test “Out of Memory” Failure article you should always be using the latest JMeter version so consider updating your JMeter 3.2 (which is 2 years old) to the latest version available at JMeter Downloads 页面。
插件版本 1.6 存在限制。 Snapshot 1.7 版本已发布以解决此问题。感谢作者及时修复此问题。
可以从那里下载更新的快照 - https://github.com/tilln/jmeter-wssecurity/releases/tag/1.7-SNAPSHOT
问题记录在 Github - https://github.com/tilln/jmeter-wssecurity/issues/21
我有负载测试服务,它使用 WS 安全性来验证请求。我已按照此处提到的步骤进行操作 - https://www.blazemeter.com/blog/running-soap-ws-security-load-tests-in-jmeter 但我的测试服务器因以下错误而失败。
Jmeter版本:3.2 r1790749
我的配置:
要求:
<soapenv:Header xmlns:wsa05="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60">MIIEkDCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBtDEcMBoGA1UEChMTTWluaXN0cnkgT2YgSnVzdGljZTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEmNhQGp1c3RpY2UuZ292dC5uejETMBEGA1UEBxMKV2VsbGluZ3RvbjETMBEGA1UECBMKV2VsbGluZ3RvbjELMAkGA1UEBhMCTloxGDAWBgNVBAMTD2p1c3RpY2Uucm9vdC5jYTAeFw0xODA5MTgyMDA4NDVaFw0yMDA5MTcyMDA4NDVaMGkxCzAJBgNVBAYTAk5aMRMwEQYDVQQIEwpXZWxsaW5ndG9uMRwwGgYDVQQKExNNaW5pc3RyeSBPZiBKdXN0aWNlMQwwCgYDVQQLEwNlc2IxGTAXBgNVBAMTEHBvbGljZS5jZXJ0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz5pr26tmQRVbXOQxkfrDbZKMcmbHhqKVnktVCoL40trNiLYM6SdytVS0wQDJOsa9NdZe8Ce/Rw69aQoSnbrL03fvuKNlde/eb/PYaNrHBHqIKwxNuG4+19tBnDjqYuH/NOmdRlhUKxeSOfLJ/e7PhM3lJIPvINVIEGoNPFqSvdAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRvQzQCT/NTmAYVZk1zPzsxfohTPTAfBgNVHSMEGDAWgBQM79E9i5D6jlawyd11tMYGl9JMvTANBgkqhkiG9w0BAQUFAAOCAgEAUYvCGT8yzWS+Jx+zCS8r5XBa3n+u/+b5aoacQHgRkF19mc7TCaxJux1qfoY02QqEQfixXSZMdTLmXhumoqt0A8nvgUI9d2OElKzVv5l6m+lmzB+eZKzLTi4v9TjXKjAaCvofF7OInZ/yeoc12EU8tVLmSdgrGShOwnraOWHkaWkg5J7FaqDmRrVg1wNKcfzV5f1EUIEmnY/J71n9JpuYCBYaKyPGuxmmSDmeO/GAyE8UGlmhtf1L7URkCSrDU2NMQA3Kq7xqsUbs5gsPd/sQe03RDehu+Va/8stIGP9uu+ek1VM3P1x1x70n64RPdP3tQg0zAaFWc5aOi1a5xO6YsUOzQT2HOf6K7syg1YOyDfuCUK6BWL1aOoV2snHYqienuAJnDKDcYSrcyjt0Cp8qP0pmWMNV5ZjWGoU6CPOuY0VCnoKwffnER4I7Vx4DV+DUp2jQc5e4rMo6vucW4hzhdS3jKyiOi3on6vQU978Rw+enrYItFAvOL7KAJVQoTZ7ZWZqsswstdqvNtg75Hljb+guYkr1+jpZcjwWII5RyqWbyIvZgYHTw2CpAgtm9OS4vW+Cbtgus3154qYp9UNZSXXzO+K2gqS0mPSNeJ7W794tbGbzQ2yCDqQ9VUZE4mHEivs9cn6oE3KPTEwHH8J9mByxbgSbK82hFdxoVGvTujr4=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-91db268d-ad9c-4279-b2b7-5b2a2f274c81"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-128"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8c1zFU59JNzfJ3AbXTxn+jC46ZU=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-129"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>6WpWJAk7NdlgtPH6LzKvcHV2S1s=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-130"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>BVLT6+H8s/VW+D1olbM3yQrRI+Q=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-131"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>vc7yU0o3VGsjI8iIJIQTH5vA1A4=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-d6f07fd3-1b3a-4c55-a668-f8d2464c6dd8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lBydSuIFHgWDOLds34mVNmHC//4=</ds:DigestValue></ds:Reference><ds:Reference URI="#TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>nFiaKa8fMrSxHLhKL8B2BV2ujjU=</ds:DigestValue></ds:Reference><ds:Reference URI="#Timestamp-69"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>cJD//Tj+XcnZfn0tG1NMRISS45M=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-dd30423a-5490-498f-b2de-2dbe34c1d1e8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>obSOseNPR/F9wWfpxucQ+oHyXKc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NdtPrzlN/aExQhiklnPWR2ZmfgokKQ5e46Xor2LhYNB/o4vs5GfBb2zM87IsincbWYlbu8ggGSiZ1cMRz+Sj2ssovB5cKO+FzLkF0TaCIYqtbf434n+xlrDowhfh21vDICY0dl8uLGqU6MoznZDpLYQ10q6gM0grDbTmMbl++TE=</ds:SignatureValue><ds:KeyInfo Id="KI-7684c7f7-1cba-4f7a-b684-21459c4b937a"><wsse:SecurityTokenReference wsu:Id="STR-34ab6a5b-28dc-4cfc-9773-bc4e94a0bffe" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp wsu:Id="TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><wsu:Created>2019-02-21T03:54:08.894Z</wsu:Created><wsu:Expires>2019-02-21T20:34:08.894Z</wsu:Expires></wsu:Timestamp>
<wsu:Timestamp wsu:Id="Timestamp-69" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2019-02-21T03:02:11.297Z</wsu:Created>
<wsu:Expires>2019-02-25T19:42:11.297Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa05:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-129">REMOVED</wsa05:To>
<wsa05:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-131">REMOVED</wsa05:Action>
<wsa05:From xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-128">
<wsa05:Address>PoliceNIA</wsa05:Address>
</wsa05:From>
<wsa:ReplyTo xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="id-dd30423a-5490-498f-b2de-2dbe34c1d1e8">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa05:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-130">001</wsa05:MessageID>
Jmeter Message Signer configurations Screenshot:
Update Jmeter Message Signer with Binary Security Token to sign
服务器错误:
--- Error message: oracle.wsm.security.SecurityException: WSM-00081 : The X.509 certificate is not signed. at oracle.wsm.security.policy.scenario.processor.Wss10X509TokenProcessor.verify(Wss10X509TokenProcessor.java:415) at oracle.wsm.security.policy.scenario.executor.Wss10MutualAuthWithCertsScenarioExecutor.receiveRequest(Wss10MutualAuthWithCertsScenarioExecutor.java:147) at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:662) at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:44) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:526) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:438) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)
很可能你配置错误 SOAP Message Signer 因为我在你的 SOAP 负载中看不到相关条目,请仔细检查预处理器的配置(密钥库类型和位置、密码等)
这些行看起来也很可疑,因为现在是 2019 年:
<wsu:Created>2015-02-25T03:02:11.297Z</wsu:Created>
<wsu:Expires>2015-02-25T19:42:11.297Z</wsu:Expires>
最后但并非最不重要的一点是,根据 9 Easy Solutions for a JMeter Load Test “Out of Memory” Failure article you should always be using the latest JMeter version so consider updating your JMeter 3.2 (which is 2 years old) to the latest version available at JMeter Downloads 页面。
插件版本 1.6 存在限制。 Snapshot 1.7 版本已发布以解决此问题。感谢作者及时修复此问题。
可以从那里下载更新的快照 - https://github.com/tilln/jmeter-wssecurity/releases/tag/1.7-SNAPSHOT
问题记录在 Github - https://github.com/tilln/jmeter-wssecurity/issues/21