wcf - WCF 服务器和 TIBCO 客户端 - 解密数字签名 Web 服务 Soap 消息

Question

我创建了 WCF Web 服务，它使用 messageprotectionorder 作为“SignBeforeEncryptAndEncryptSignature”。我还开发了 .net 客户端来使用此 Web 服务。我能够成功地连接并接收来自我的 WCF Web 服务的响应。但是，我的客户正在尝试从 TIBCO Java 客户端使用 WCF Web 服务，其中 TIBCO 没有“MessageProtectionOrder”的概念。示例签名的肥皂请求如下

<MessageLogTraceRecord> <HttpRequest xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace"> <Method>POST</Method> <QueryString></QueryString> <WebHeaders> <Connection>Keep-Alive</Connection> <Content-Length>7895</Content-Length> <Content-Type>text/xml; charset=utf-8</Content-Type> <Expect>100-continue</Expect> <Host>comp118</Host> <SOAPAction>"https://XXX.XXX.XX.XX/APISIGN/IAPI/EnquireTransaction"</SOAPAction> </WebHeaders> </HttpRequest> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPowY5/i7l8ZdOl4B6x1uzACIAAAAA1re1c/La5kK2h1tnd2ijrMveD45HGZtHvanrpR7sXroACQAA</VsDebuggerCausalityData> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="uuid-34291a98-4feb-43eb-8f91-f182297d086b-21"> <u:Created>2013-06-17T07:16:53.671Z</u:Created> <u:Expires>2013-06-17T07:21:53.671Z</u:Expires> </u:Timestamp> <o:BinarySecurityToken> <!-- Removed--> </o:BinarySecurityToken> <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"></DigestMethod> </e:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">wc18MSP1B9qEKFLe8ji4H5tlIHQ=</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>aQ4FENLuKcZvQGhiNPINr0c8BmTbCaLmXACs3ZFcsnRFVmGRMWUEIXCWCivJCxOIc9kYeftMxGADr6EbAJ6A3Bi/EcgLYnAulxZUcwMQrYwBTsbjFIOzJJBo9Ru5cz3RX+E/MgsroN9VFcOCzFfxlGiOi0ZmEqgfedzDlWBrRtUddA/mE9t6ZZBxsRDq1zzYu0bhY3oRtGe/RI0iYhZuAeS/UAk7g1PnIbr39lLI1XcYZG2gLGFlaxYGT76n+Zmph2tYW1usBnvHVXOpLc3Q8DN9CJ7lZJ8f+euTqIuDSApRLCHciauonQ6rPguPpSQQhLYf1CroqIeMr/nyStR0jQ==</e:CipherValue> </e:CipherData> <e:ReferenceList> <e:DataReference URI="#_2"></e:DataReference> <e:DataReference URI="#_3"></e:DataReference> </e:ReferenceList> </e:EncryptedKey> <e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod> <e:CipherData> <e:CipherValue>+VJi2EwCmK4ovTULaBd+.....</e:CipherValue> </e:CipherData> </e:EncryptedData> </o:Security> <To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://comp118/API_WCF_UAT/API.svc</To> <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://XXX.XXX.XX.XX/APISIGN/IAPI/EnquireTransaction</Action> </s:Header> <s:Body u:Id="_1"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod> <e:CipherData> <e:CipherValue>r0ktDG7sauaw7R2PEowODZFaC7Y5Gj3WWuctwOwiewZ.....</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body> </s:Envelope> </MessageLogTraceRecord>

我想了解以下标签中对哪些值进行了签名和加密

1. EncryptedKey tag -> CipherData -> CipherValue 这里加密了什么值。
2. 对于签名加密，使用 AES256/CBC 算法。
3. AES 算法的 Key 和 IV 值是多少？3）请求消息中的“rsa-oaep加密方法”可以用算法“rsa-1_5”代替吗？如果是，在哪里指定？

请有人尽快回复。

感谢您，

巴文沙阿。