0

我的外向肥皂没有签名。这是即将离任的肥皂应该是什么样子

        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <wsse:SecurityTokenReference>
        <wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
        </wsse:SecurityTokenReference>
        </KeyInfo>
        <xenc:CipherData>
        <xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList>
        <xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
        </xenc:ReferenceList>
        </xenc:EncryptedKey>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
        <Transforms>
        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>wRUq.........</DigestValue>
        </Reference>
        </SignedInfo>
        <SignatureValue>tBSsaZi........</SignatureValue>
        <KeyInfo>
        <wsse:SecurityTokenReference>
        <wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
        </wsse:SecurityTokenReference>
        </KeyInfo>
        </Signature>
        </wsse:Security>
        </soapenv:Header>
        <soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
        <xenc:CipherData>
        <xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
        </xenc:CipherData>
        </xenc:EncryptedData>
        </soapenv:Body>
        </soapenv:Envelope>

This request uses the public key to encrypt 
1) Signature reference URI <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
This Reference URI is referenced in the Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b

2)   <xenc:CipherData>
        <xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList>
        <xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
        </xenc:ReferenceList>
This Enc is also referenced in the Body <xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794"

这是我的自定义绑定

 private CustomBinding PeerCustomBinding()
        {
            AsymmetricSecurityBindingElement secBE = AsymmetricSecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
            secBE.AllowSerializedSigningTokenOnReply = false;
            secBE.RequireSignatureConfirmation = false;
            secBE.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDesRsa15;
           secBE.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
           X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters();
           x509ProtectionParameters.RequireDerivedKeys = false;
           x509ProtectionParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.SubjectKeyIdentifier;
           x509ProtectionParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
           x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
           secBE.InitiatorTokenParameters = x509ProtectionParameters;
           secBE.RecipientTokenParameters = x509ProtectionParameters;
         //  secBE.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
           CustomTextMessageBindingElement enc = new CustomTextMessageBindingElement();
           //TextMessageEncodingBindingElement enc = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
            HttpsTransportBindingElement b = new HttpsTransportBindingElement();
            CustomBinding be = new CustomBinding();
            be.Elements.Add(secBE);
            be.Elements.Add(enc);
            be.Elements.Add(b);
            return be;


        }

这是生成的肥皂。显然我没有看到签名节点。此外,正文中引用的 Id 没有引用。

  <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <o:SecurityTokenReference>
            <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-711565ff-cd32-4e10-af6d-f84d34b6cb5f-1" />
          </o:SecurityTokenReference>
        </KeyInfo>
        <e:CipherData>
          <e:CipherValue>V+tlheG3BuP8JVPXmz98T0O9dnT5z57U0TqTuPQmb82WiKKDFFDKsGQv/5+lyD5ISRUEr0zlEPRUFCS5ggtSnDWCtOvTcrPMwLNRuz6g7qS/Yx3VFu+h2rfvy2a/LinC7lhmDW0TO6xVoxQCZdLx/rZMh9K5si8JPCelXloZmaA=</e:CipherValue>
        </e:CipherData>
        <e:ReferenceList>
          <e:DataReference URI="#_2" />
          <e:DataReference URI="#_7" />
        </e:ReferenceList>
      </e:EncryptedKey>
      <e:EncryptedData Id="_7" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
        <e:CipherData>
          <e:CipherValue>4=</e:CipherValue>
        </e:CipherData>
      </e:EncryptedData>
    </o:Security>
  </s:Header>
  <s:Body u:Id="_1" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
      <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <e:CipherData>
        <e:CipherValue>Removed</e:CipherValue>
      </e:CipherData>
    </e:EncryptedData>
  </s:Body>
</s:Envelope>

请推荐 谢谢

4

1 回答 1

0

消息已签名,但随后签名已加密,因此您在此处看不到签名。

放:

secBE.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign

当然,客户端和服务器都需要在这个值上保持一致。

于 2013-06-25T14:53:13.507 回答