我正在使用下面的自定义绑定配置通过 HTTPS 使用证书对 SOAP 消息进行签名:
System.ServiceModel.Channels.AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement();
asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
asbe.InitiatorTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
asbe.RecipientTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
asbe.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
asbe.EnableUnsecuredResponse = true;
asbe.IncludeTimestamp = false;
asbe.SetKeyDerivation(false);
asbe.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
asbe.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
CustomBinding myBinding = new CustomBinding();
myBinding.Elements.Add(asbe);
myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
httpsBindingElement.RequireClientCertificate = true;
myBinding.Elements.Add(httpsBindingElement);
一切正常,直到应用程序开始发送汉字。发送此 SOAP 消息时,基于 Java 的 Web 服务返回错误“签名或解密无效” :
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-f9e416e6-c2bd-42b8-81db-895d878cf239-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIBnTCCAQagAwIBAgIEUWuajTANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhHcmVlbm92YTAeFw0xMzA0MTUwNjEzMzNaFw0yMzAyMjIwNjEzMzNaMBMxETAPBgNVBAMTCEdyZWVub3ZhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLgmJYyrXZ17SRwPjznmqwEZ+YV2WLvPx205FLIE2KG1Bitb02/7gFV+l1RqOntKYKNbuDuEWRakXAo/V5JcY965eblatrjtvmwsddh/ifxiR9hiAtxAnRzqQFYElNO1tMb/Sre0feFDCZq2spEbzXtf0y4ED90lNAEviVBu6ZjQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH//yf+emB7nAZdYfdnScfq8PNwmv8lEyxH5/PHM6R4NvPrYzuQxerX/yHKV5Dg4YwSet7RPjJ7Z1tZ3JPdfo5kvpIbYd+tKaT04Zfu51+xP9fMarmkF289N4nzrp8NZ7KQuDktIuW8vppDPT1C68UThIb/3JqiZSkZfLLHfF2ru</o:BinarySecurityToken>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>IIkd/cWfZP4MYUOmH5W5zlS1Q8I=</DigestValue>
</Reference>
<Reference URI="#uuid-f9e416e6-c2bd-42b8-81db-895d878cf239-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>iJckcMUNrgpBHY6xLLfdy9PJU84=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Iy0br43eNlnMXA3xMzMAfXE7TVBRoALuv4hcTBSUiW6ltXBP6a3w76ntXnO111UQae4k55YHpdKdzkqE2iQK5qRl1kvNnEHnLfsJIxiGCAb52OS2I0ogBfpHjyPoWq0pS6jp8fjZ2/LkGQy1lmPh7ATyA4uYWNbkk8SfVr+X+Bg=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=Greenova</X509IssuerName>
<X509SerialNumber>1366006413</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<createUser xmlns="http://webService.service.vim.logistics.teckwah.com/">
<userInfo xmlns="">
<city>台北市</city>
<companyName>個人使用</companyName>
<contactEmail>pprtest.account@yahoo.com.tw</contactEmail>
<contactName>黃先, 用先生</contactName>
<contactNo>+886333333333</contactNo>
<country>Taiwan</country>
<custType>PPR Member</custType>
<email>pprtest.account@yahoo.com.tw</email>
<fullName>黃, 先生</fullName>
<password>$3cr3t!h0y</password>
<pickupAddr>台市松德路888號</pickupAddr>
<rePassword>$3cr3t!h0y</rePassword>
<salutation>先生</salutation>
<tel>+886333333333</tel>
<username>pprtest.account@yahoo.com.tw</username>
</userInfo>
</createUser>
</s:Body>
但是如果没有中文字符,使用上述相同绑定配置的代码运行良好。
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-3dd89dfe-53aa-4f87-a07d-e33c1cb26bd2-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIBnTCCAQagAwIBAgIEUWuajTANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhHcmVlbm92YTAeFw0xMzA0MTUwNjEzMzNaFw0yMzAyMjIwNjEzMzNaMBMxETAPBgNVBAMTCEdyZWVub3ZhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLgmJYyrXZ17SRwPjznmqwEZ+YV2WLvPx205FLIE2KG1Bitb02/7gFV+l1RqOntKYKNbuDuEWRakXAo/V5JcY965eblatrjtvmwsddh/ifxiR9hiAtxAnRzqQFYElNO1tMb/Sre0feFDCZq2spEbzXtf0y4ED90lNAEviVBu6ZjQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH//yf+emB7nAZdYfdnScfq8PNwmv8lEyxH5/PHM6R4NvPrYzuQxerX/yHKV5Dg4YwSet7RPjJ7Z1tZ3JPdfo5kvpIbYd+tKaT04Zfu51+xP9fMarmkF289N4nzrp8NZ7KQuDktIuW8vppDPT1C68UThIb/3JqiZSkZfLLHfF2ru</o:BinarySecurityToken>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>PdgVXH62+JpiAb/KHZMR112gjWM=</DigestValue>
</Reference>
<Reference URI="#uuid-3dd89dfe-53aa-4f87-a07d-e33c1cb26bd2-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>P+4aoOUJtgXq55x6cRmKVa72YQc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ba1kjrHXSAfA41/rdiN11OPmz5UlebQ+UBxuI5SK0G8rP1wk4fqQMyOGe5jXZ4/eAZtFUllWY1WLjE7kScBlYl0pj3WcOTC8YgiyWf0UMOVvbpX4EVu0BrUTf6m02oY8Odc61465Tvp9iNDKSJwKQJzYpt5/K+UYysvsFOJ1Whw=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=Greenova</X509IssuerName>
<X509SerialNumber>1366006413</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<createUser xmlns="http://webService.service.vim.logistics.teckwah.com/">
<userInfo xmlns="">
<city>Taipei</city>
<companyName>Papa Rap Ltd.</companyName>
<contactEmail>test909.eizbopf@greenova.tw</contactEmail>
<contactName>Papa Rap</contactName>
<contactNo>+639999999999</contactNo>
<country>Taiwan</country>
<custType>PPR Member</custType>
<email>test909.eizbopf@greenova.tw</email>
<fullName>Papa Rap</fullName>
<password>by9qjX!)n1^stw</password>
<pickupAddr>Unit 210-A Orbit Street</pickupAddr>
<rePassword>by9qjX!)n1^stw</rePassword>
<salutation>Mr.</salutation>
<tel>+639999999999</tel>
<username>test909.eizbopf@greenova.tw</username>
</userInfo>
</createUser>
</s:Body>
这可能是配置问题吗?