1

日志输出 

25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#uuid-26810b23-330b-49c0-af30-59c2a8211341-1] is valid: true
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: Created transform for algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: ApacheData = true
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: q9/MlLVrhvl21tGGmxuBVh1V4Mc=
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: bFCOsfjajqOmn3mWNcMw+HRtyPM=
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
**FINE: Reference[#e23c17af-c76f-4aaf-bc28-33c5261a253d] is valid: false
25/05/2012 2:08:57 PM org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Couldn't validate the References**
org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:393)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:188)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:304)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:203)
at au.gov.mca.uhi.security.dsig.XWSSDigitalSignatureProcessorTest.testVerifyWithWSS4J(XWSSDigitalSignatureProcessorTest.java:355)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:44)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:41)
at org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at org.junit.runners.ParentRunner.run(ParentRunner.java:220)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:45)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)

SOAP 安全令牌

 <o:Security s:mustUnderstand="1"
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <u:Timestamp u:Id="uuid-26810b23-330b-49c0-af30-59c2a8211341-1">
    <u:Created>2012-05-25T03:58:21.289Z</u:Created>
    <u:Expires>2012-05-25T04:03:21.289Z</u:Expires>
  </u:Timestamp>
  <o:BinarySecurityToken u:Id="uuid-bf155ac7-0ca3-459f-acb5-d8acf3a882d4-2"
                         ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIF1zCCBL+gAwIBAgIDBHONMA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAkFVMQwwCgYDVQQKEwNHT1YxGzAZBgNVBAsTEk1lZGljYXJlIEF1c3RyYWxpYTFFMEMGA1UEAxM8VGVzdCBNZWRpY2FyZSBBdXN0cmFsaWEgT3JnYW5pc2F0aW9uIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDkyMDA2MzkwMFoXDTE2MDgxNDA1NDMwOFowgZExCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNBQ1QxFDASBgNVBAcTC1RVR0dFUkFOT05HMRowGAYDVQQKExFUZXN0IExvY2F0aW9uIDAyNzEaMBgGA1UECxMRVGVzdCBMb2NhdGlvbiAwMjcxJjAkBgNVBAMTHVRlc3QgTG9jYXRpb24gMDI3IDo1NjU3MDUwMDkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEdwMFSGslbPo9jTWar8g1pEf+Y3/ppErJUyr92JYqWlIxIU2iHpsx/xKi8wiPgn6ZDrWmULqXaI7xTwjBlaYvBuz7CJ3rfXXk74Fx4VnoGBqxnMiE4ineaxEcOsaL6C/BJnrSEwVJ8PWt1nMguQcmfJhsOV9FWCcGz7FpL4tGkXIa4TG1IEOxgyYPYUH0glcUzAaBd+PGOw9PRts/cW7NugQ7BRP7Q3tNO/T9c2E+2TDaDGUAAhtBHZp1YNTGHSUaBk9LtRWBFt7l/V5amd992tyNci4sy0woyYqcHSbdNBYJGEjs5ZoQUtnLqR37hjHxvp+FBAvh/VKSg36RzQ/wIDAQABo4ICRzCCAkMwDAYDVR0TAQH/BAIwADAwBgNVHREEKTAngSV0ZXN0LmxvY2F0aW9uMDI3QGh1bWFuc2VydmljZXMuZ292LmF1ME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AuY2VydGlmaWNhdGVzLWF1c3RyYWxpYS5jb20uYXUvbWFvY2EucGt4MIIBIQYDVR0gBIIBGDCCARQwggEQBgoqJNL+gHcBBgECMIIBADCBywYIKwYBBQUHAgIwgb4agbtDZXJ0aWZpY2F0ZXMgaXNzdWVkIHVuZGVyIHRoaXMgQ1AgbXVzdCBvbmx5IGJlIHJlbGllZCBvbiBieSBlbnRpdGllcyB3aXRoaW4gdGhlIENvbW11bml0eSBvZiBJbnRlcmVzdCwgdW5sZXNzIG90aGVyd2lzZSBhZ3JlZWQsIGFuZCBub3QgZm9yIHB1cnBvc2VzIG90aGVyIHRoYW4gdGhvc2UgcGVybWl0dGVkIGJ5IHRoaXMgQ1AuMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3Lm1lZGljYXJlYXVzdHJhbGlhLmdvdi5hdS8wGQYJKiSjkJUXAc4ZBAwWCjU2NTcwNTAwOTEwDgYDVR0PAQH/BAQDAgeAMBMGA1UdIwQMMAqACEB3qFEIQ4yzMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9tYS10ZXN0LXBraS9NQU9DQUNSTHMvbGF0ZXN0LmNybDARBgNVHQ4ECgQIQ8IlQG3+PcIwDQYJKoZIhvcNAQEFBQADggEBAJW0OQRaUmXt0hiov8xHLFrlwOWdkWHFL/9/zmZlFuBNhpZPgYcXpLjC1S3cA5btWAFwMYMBa8igWsvjhFyjjKYhxMlYgnJzKQx2sc6pUXuId2qhGhikWmgzT+Wdy6soP8FKJPLSwBlkTUVq8ep+yIfBx3tYfnK79n/+FX1bz52/nFZmnpZwkEhTB8f9y/GuyzO/pt0F9bel4txZPj36XIHF0k/9SuzpLzwkmAy+89tWu0L4+0J8CLkgfiGprPKW6HByJZWmZyAqs9UIOy2FXnL/CdozZKXnxmEIgTCkcPgSs0olm/A/Wfv4wdsPrNWMmqGL73AoSfM2wgHmQ9k4mPU=</o:BinarySecurityToken>
  <wsse:UsernameToken wsu:Id="e23c17af-c76f-4aaf-bc28-33c5261a253d"
                      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>user1</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">icnriCyW09WOpQABOeQqFEiqxwY=</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">wbwf0IRtQBA6fsrmpQd8fA==</wsse:Nonce>
    <wsu:Created>2012-05-25T13:58:21Z</wsu:Created>
  </wsse:UsernameToken>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="#_1">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>8Po0d4s3JJB1Xh4vdB6+7M/ivoA=</DigestValue>
      </Reference>
      <Reference URI="#_2">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>Azl0elmnUzxTSLUuwfWf6DLT8h8=</DigestValue>
      </Reference>
      <Reference URI="#_3">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>h1iD7HzEK+uslbPRHjwN2zt7zhc=</DigestValue>
      </Reference>
      <Reference URI="#_4">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>WZ3YS9m3NBoROTnEKUEJ/bNmMDw=</DigestValue>
      </Reference>
      <Reference URI="#_5">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue>
      </Reference>
      <Reference URI="#_6">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>TSr1cnqSoYmoEIURjA5OZB/iyS0=</DigestValue>
      </Reference>
      <Reference URI="#uuid-26810b23-330b-49c0-af30-59c2a8211341-1">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>wSsjhUgRFAN3by438s7ZvGSSgCw=</DigestValue>
      </Reference>
      <Reference URI="#e23c17af-c76f-4aaf-bc28-33c5261a253d">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>q9/MlLVrhvl21tGGmxuBVh1V4Mc=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>t/piYSnEwCIzqMxC0LQs9fxUla2BKA0GkMI4oLLqZdkthCo9LNvxJP8Luf1d91CEETZ5B4FsQI7QtcA+qHya78K5s+mzn8/2zhEGzAYxkaLeDCUvrad10Mlqssh5AhLbxonZ4/7mDs1v5+s7EVqM0tjpc0tHK0vmroNz0qnAxjCZqEEYpK3/uJ4iwO86khk5pQwqArrwUAqV26/8sXi6c5CfoZcGaVzjIKSAuc+ybV0O42c5OECMe+9G5ZJAkRkw+korLSKgeslLZa18+g/x7WMeUmbo9wiPLuT5kdvIkGRpPN22CQYeSblTFly26J5LIaPdZFSBIAOT3bYs6G4bxA==</SignatureValue>
    <KeyInfo>
      <o:SecurityTokenReference>
        <o:Reference URI="#uuid-bf155ac7-0ca3-459f-acb5-d8acf3a882d4-2"/>
      </o:SecurityTokenReference>
    </KeyInfo>
  </Signature>
</o:Security>
    <SignatureValue>t/piYSnEwCIzqMxC0LQs9fxUla2BKA0GkMI4oLLqZdkthCo9LNvxJP8Luf1d91CEETZ5B4FsQI7QtcA+qHya78K5s+mzn8/2zhEGzAYxkaLeDCUvrad10Mlqssh5AhLbxonZ4/7mDs1v5+s7EVqM0tjpc0tHK0vmroNz0qnAxjCZqEEYpK3/uJ4iwO86khk5pQwqArrwUAqV26/8sXi6c5CfoZcGaVzjIKSAuc+ybV0O42c5OECMe+9G5ZJAkRkw+korLSKgeslLZa18+g/x7WMeUmbo9wiPLuT5kdvIkGRpPN22CQYeSblTFly26J5LIaPdZFSBIAOT3bYs6G4bxA==</SignatureValue>
    <KeyInfo>
      <o:SecurityTokenReference>
        <o:Reference URI="#uuid-bf155ac7-0ca3-459f-acb5-d8acf3a882d4-2"/>
      </o:SecurityTokenReference>
    </KeyInfo>
  </Signature>
</o:Security>

我已经尝试了几乎所有我可以使用检查器和编码器来做到这一点但到目前为止没有运气,任何帮助将不胜感激。请

当前代码:

        AsymmetricSecurityBindingElement securityBindingElement = new AsymmetricSecurityBindingElement();
        securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UsernameTokenParameters());
        X509SecurityTokenParameters initiator
                = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,
                                                                                    SecurityTokenInclusionMode.AlwaysToRecipient);
        initiator.RequireDerivedKeys = false;
        initiator.ReferenceStyle = SecurityTokenReferenceStyle.Internal;

        securityBindingElement.InitiatorTokenParameters = initiator;
        X509SecurityTokenParameters recipient
                = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,
                                                                                    SecurityTokenInclusionMode.AlwaysToInitiator);
        recipient.RequireDerivedKeys = false;
        securityBindingElement.RecipientTokenParameters = initiator;
        securityBindingElement.SetKeyDerivation(false);
        securityBindingElement.IncludeTimestamp = true;
        securityBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;
        securityBindingElement.MessageSecurityVersion = MessageSecurityVersion
                                .WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
        X509SecurityTokenParameters tokenParameters = new X509SecurityTokenParameters();
        tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
        tokenParameters.RequireDerivedKeys = false;
        securityBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

        HttpTransportBindingElement httpBindingElement = new HttpTransportBindingElement();

        CustomBinding binding = new CustomBinding();
        binding.Elements.Add(securityBindingElement);
        binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, Encoding.UTF8));
        //binding.Elements.Add(new CustomEncoderBindingElement());
        binding.Elements.Add(httpBindingElement);
        EndpointAddress serviceAddress = new EndpointAddress(new Uri("http://xya.com"),
                                                                                                                 EndpointIdentity.CreateDnsIdentity(
                                                                                                                    "Test Location 027 :5657050091"),
                                                                                                                 new AddressHeaderCollection());
        ChannelFactory<DhsUserAuthUploadHposDvaStatementsPortTypeChannel> channelFactory =
            new ChannelFactory<DhsUserAuthUploadHposDvaStatementsPortTypeChannel>(binding, serviceAddress);
        UsernameClientCredentials credentials = new UsernameClientCredentials(new UsernameInfo("user1", "user1"));
        credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
        credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint,
                                                                                                 "6c1a76f952028e092cea367d40d6cf5833d9d3a3");
        credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople,
                                                                                                                 X509FindType.FindByThumbprint,
                                                                                                                 "6c1a76f952028e092cea367d40d6cf5833d9d3a3");
        channelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
        channelFactory.Endpoint.Behaviors.Add(credentials);
        var client = channelFactory.CreateChannel();
        client.upload();

我已经尝试了几乎所有我可以使用检查器和编码器来做到这一点但到目前为止没有运气,任何帮助将不胜感激。

4

1 回答 1

1

这里的挑战是您需要一个带有消息摘要 + 已创建 + 随机数的用户名令牌,并且您需要它签名。如果您有任何方法可以取消其中一项要求,那将会更容易。否则这是一个方向,它将需要一些工作。

  1. 看看这个项目。您的朋友可以帮助您以请求的格式创建用户名令牌。

  2. 为了创建安全绑定元素使用

    SecurityBindingElement.CreateMutualCertificateBindingElement()

    然后像上面那样添加用户名令牌(一个表单项#1)。

    请注意,您将需要 sepcify 服务证书。您可能没有或不需要一个,因此只需在服务凭证属性中提供任何虚拟证书,它甚至可以与客户端证书相同。

  3. 如果您还没有这样做,请使用以下命令装饰您的合同(reference.cs?):

    [ServiceContract(ProtectionLevel = ProtectionLevel.Sign)]

    因为(从部分肥皂信封看来)你只使用签名而不是加密。

于 2012-05-19T12:16:37.267 回答