IRS ACA 1095 B BulkRequest Transmitter：无效的 WS 安全标头 - SOAPUI答案

【问题标题】：IRS ACA 1095B BulkRequestTransmitter: Invalid WS Security Header - SOAP UIIRS ACA 1095 B BulkRequest Transmitter：无效的 WS 安全标头 - SOAPUI
【发布时间】：2016-06-04 07:21:10
【问题描述】：

我正在尝试通过 SOAP UI 调用 IRS ACA 1095 B Ws。我在 SOAP UI 中配置了 Keystore，导入时显示 OK。我已经签署了引用 IRS Doc、ACABusinessHeader、ACATransmitterManifestReqDtl 和 Timestamp 的 3 个元素。我已经尝试过使用和不使用 Gzip/Wsa Header/Attachment/MTOM 仍然是一个没有任何文件附件的简单 SOAP 请求：

消息中的 WS 安全标头无效。请查看位于https://www.irs.gov/for-Tax-Pros/Software-Developers/Information-Returns/Affordable-Care-Act-Information-Return-AIR-Program 的 AIR 提交组成和参考指南第 5 节中概述的传输说明，更正所有问题，然后重试。

错误代码：TPE 1122。

我已附上完整的 SOAP Ui 请求消息。

感谢任何形式的帮助。

--->

enter code here



 POST https://la.www4.irs.gov/airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
    Content-Encoding: gzip
    Accept-Encoding: gzip,deflate
    Content-Type: multipart/related; type="application/xop+xml"; start="<rootpart@soapui.org>"; start-info="text/xml"; boundary="----=_Part_0_1488514502.1456157000203"
    SOAPAction: "BulkRequestTransmitter"
    MIME-Version: 1.0
    Transfer-Encoding: chunked
    Host: la.www4.irs.gov
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)



    <soapenv:Envelope xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:us:gov:treasury:irs:msg:acabusinessheader" xmlns:urn1="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn2="urn:us:gov:treasury:irs:common" xmlns:urn3="urn:us:gov:treasury:irs:msg:acasecurityheader" xmlns:urn4="urn:us:gov:treasury:irs:msg:irsacabulkrequesttransmitter" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xd="http://www.w3.org/2000/09/xmldsig#">
       <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

             <ds:Signature Id="SIG-F8EA5798DFE03264EF145615675816614" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                      <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn1 urn2 urn3 urn4 wsu xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:CanonicalizationMethod>
                   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635274">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn1 urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635275">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635276">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn1 urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>REDACTED</ds:SignatureValue>
                <ds:KeyInfo Id="RE-Dacted">
                   <wsse:SecurityTokenReference wsu:Id="STR-abcdefghijklmnopqredacted">
                      <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">REDACTED</wsse:KeyIdentifier>
                   </wsse:SecurityTokenReference>
                </ds:KeyInfo>
             </ds:Signature>
          </wsse:Security>
          <urn3:ACASecurityHeader/>
          <urn:ACABusinessHeader wsu:Id="id-E9877CA7A36541AA6A1455820267635274">
             <urn1:UniqueTransmissionId>abcd-efgh:1234</urn1:UniqueTransmissionId>
             <urn2:Timestamp>2016-02-17T15:17:47Z</urn2:Timestamp>
          </urn:ACABusinessHeader>
          <urn1:ACATransmitterManifestReqDtl wsu:Id="id-E9877CA7A36541AA6A1455820267635275">
             <urn1:PriorYearDataInd>0</urn1:PriorYearDataInd>
             <urn2:EIN>12-34567</urn2:EIN>
             <urn1:TestFileCd>T</urn1:TestFileCd>
             <urn1:TransmitterNameGrp>
                <urn1:BusinessNameLine1Txt>SOME VALUE</urn1:BusinessNameLine1Txt>
             </urn1:TransmitterNameGrp>
             <urn1:CompanyInformationGrp>
                <urn1:MailingAddressGrp>
                   <urn1:USAddressGrp>
                      <urn1:AddressLine1Txt>SOME ADRESS</urn1:AddressLine1Txt>
                      <urn2:CityNm>SOME CITY</urn2:CityNm>
                      <urn1:USStateCd>AB</urn1:USStateCd>
                      <urn2:USZIPCd>12345</urn2:USZIPCd>
                      <urn2:USZIPExtensionCd>6789</urn2:USZIPExtensionCd>
                   </urn1:USAddressGrp>
                </urn1:MailingAddressGrp>
                <urn1:ContactNameGrp>
                   <urn2:PersonFirstNm>First</urn2:PersonFirstNm>
                   <urn2:PersonLastNm>Last</urn2:PersonLastNm>
                </urn1:ContactNameGrp>
                <urn1:ContactPhoneNum>123-456-7890</urn1:ContactPhoneNum>
             </urn1:CompanyInformationGrp>
             <urn1:VendorInformationGrp>
                <urn1:VendorCd>Some Vendor</urn1:VendorCd>
                <urn1:ContactNameGrp>
                   <urn2:PersonFirstNm>First</urn2:PersonFirstNm>
                   <urn2:PersonLastNm>Last</urn2:PersonLastNm>
                </urn1:ContactNameGrp>
                <urn1:ContactPhoneNum>Phone</urn1:ContactPhoneNum>
             </urn1:VendorInformationGrp>
             <urn1:TotalPayeeRecordCnt>1</urn1:TotalPayeeRecordCnt>
             <urn1:TotalPayerRecordCnt>1</urn1:TotalPayerRecordCnt>
             <urn1:SoftwareId>A12345678</urn1:SoftwareId>
             <urn1:FormTypeCd>1094-1095B</urn1:FormTypeCd>
             <urn2:BinaryFormatCd>application/xml</urn2:BinaryFormatCd>
             <urn2:ChecksumAugmentationNum>garbage-value</urn2:ChecksumAugmentationNum>
             <urn2:AttachmentByteSizeNum>1234</urn2:AttachmentByteSizeNum>
             <urn1:DocumentSystemFileNm>some</urn1:DocumentSystemFileNm>
          </urn1:ACATransmitterManifestReqDtl>
          <wsu:Timestamp wsu:Id="id-E9877CA7A36541AA6A1455820267635276">
             <wsu:Created>2016-02-17T15:41:09.678Z</wsu:Created>
             <wsu:Expires>2016-02-20T10:21:09.678Z</wsu:Expires>
          </wsu:Timestamp>
          <wsa:Action>BulkRequestTransmitter</wsa:Action>
       </soapenv:Header>
       <soapenv:Body>
          <urn4:ACABulkRequestTransmitter>
             <urn2:BulkExchangeFile>
             </urn2:BulkExchangeFile>
          </urn4:ACABulkRequestTransmitter>
       </soapenv:Body>
    </soapenv:Envelope>

【问题讨论】：

标签： soap irs

【解决方案1】：

我看到 wsu:Timestamp 在 wsse:Security 之外，我已附加了我的工作 SOAP UI 的传出 WS-Security 配置，请与您的交叉检查。

应用传出标头后，按原样提交请求，不要格式化请求！

My outgoing WS-Security configuration of SOAP UI

My outgoing WS-Security configuration of SOAP UI-TimeStamp

【讨论】：

我配置了与您类似的设置。然后，当我右键单击请求并尝试应用出站标头时，它根本没有对元素进行签名。你能告诉我更多关于你是如何克服这个错误的步骤吗？
TimeStamp 的 Time to Live 属性中设置的值是多少？请参阅我附上的时间戳截图。
生存时间：7987987 将精度设置为毫秒：检查我的设置与您给出的完全相同。
1.我有 3 个证书文件：Root.pem、私钥、subCA1.pem。您曾经创建过哪些 Keystore 以在soapui 中使用？ 2. 你能发给我一个你在 SOAP UI 中使用的示例有效负载，包括 http 标头属性吗？
@SouravGanguli 我附上了我的密钥库文件截图和来自 SOAP UI 的有效负载。

【解决方案2】：

使用 pfx 文件的 SOAP UI KeyStore。 SOAP UI KeyStore

请求负载：

POST https://la.www4.irs.gov/airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
SOAPAction: BulkRequestTransmitter
Content-Type: multipart/related; type="application/xop+xml"; start="<rootpart@soapui.org>
  "; start-info="text/xml"; boundary="----=_Part_26_1277305220.1456248891536"
  Host: la.www4.irs.gov
  Content-Length: 17728
  Expect: 100-continue
  Connection: Keep-Alive

  ------=_Part_26_1277305220.1456248891536
  Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
  Content-Transfer-Encoding: 8bit
  Content-ID: <rootpart@soapui.org>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ds:Signature Id="SIG-3ED4996B507C9FE4891456248845324120" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#TS-3ED4996B507C9FE4891456248845320116">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="wsse s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>....</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-D4CA0E52B9727D4C0A14551257302705">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>....</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-1781945826">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>.....</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>.....</ds:SignatureValue>
        <ds:KeyInfo Id="KI-3ED4996B507C9FE4891456248845324118">
          <wsse:SecurityTokenReference wsu:Id="STR-3ED4996B507C9FE4891456248845324119">
            <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">....</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsu:Timestamp wsu:Id="TS-3ED4996B507C9FE4891456248845320116">
        <wsu:Created>2016-02-23T17:34:05.320Z</wsu:Created>
        <wsu:Expires>2016-05-26T04:27:12.320Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
    <ns0:ACABusinessHeader ns1:Id="id-1781945826" ns2:anyAttr="anyAttrContents" xmlns:ns0="urn:us:gov:treasury:irs:msg:acabusinessheader" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="urn:us:gov:treasury:irs:msg:acabusinessheaderanyAttr">
      <ns3:UniqueTransmissionId xmlns:ns3="urn:us:gov:treasury:irs:ext:aca:air:7.0">5a79b747-f622-4fe0-b5a7-4ab52226bc70:SYS12:xxxxx::T</ns3:UniqueTransmissionId>
      <ns4:Timestamp xmlns:ns4="urn:us:gov:treasury:irs:common">2016-02-09T12:34:33Z</ns4:Timestamp>
    </ns0:ACABusinessHeader>
    <ACATransmitterManifestReqDtl d1p1:Id="id-D4CA0E52B9727D4C0A14551257302705" xsi:schemaLocation="urn:us:gov:treasury:irs:msg:form1094-1095BCtransmitterreqmessage IRS-Form1094-1095BCTransmitterReqMessage.xsd" xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:d1p1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:irs="urn:us:gov:treasury:irs:common" xmlns:n1="urn:us:gov:treasury:irs:msg:form1094-1095BCtransmitterreqmessage" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">         
    </ACATransmitterManifestReqDtl>
  </s:Header>
  <s:Body>
    <ns0:ACABulkRequestTransmitter version="1.0" xmlns:ns0="urn:us:gov:treasury:irs:msg:irsacabulkrequesttransmitter">
      <ns1:BulkExchangeFile xmlns:ns1="urn:us:gov:treasury:irs:common">
        <inc:Include href="cid:1094B_Request_xxxxx_20160211T170145000Z.xml" xmlns:inc="http://www.w3.org/2004/08/xop/include"/>
      </ns1:BulkExchangeFile>
    </ns0:ACABulkRequestTransmitter>
  </s:Body>
</s:Envelope>
------=_Part_26_1277305220.1456248891536
Content-Type: text/xml; charset=Cp1252;
name=1094B_Request_xxxxx_20160211T170145000Z.xml
Content-Transfer-Encoding: quoted-printable
Content-ID: <1094B_Request_xxxxx_20160211T170145000Z.xml>
Content-Disposition: attachment;name="1094B_Request_xxxxx_20160211T170145000Z.xml"; 

filename="1094B_Request_xxxxx_20160211T170145000Z.xml"
< 1094 Bulk file removed>
          ------=_Part_26_1277305220.1456248891536--

【讨论】：

他们接受了吗？它缺少 MIME-Version 标头。认为这是必需的。
而且您的 Content-Transfer-Encoding 不是 7bit，因为他们的文档也说是必需的。考虑到他们在文档中明确表示这是必需的，我真的很惊讶他们接受了这一点！
嘿@Bon，是的，它正在工作，我已经尝试了所有这些组合。他们只关心附件部分的内容类型是 application/xml 或 text/xml
疯了！在整个过程中，松懈和严格的要求如此奇怪地结合在一起......非常感谢你让我知道。
没问题！顺便说一句，你是如何签署消息的？您是否能够通过您的应用程序成功并克服 TPE1122 错误？