2

我正在使用 WCF 连接到外部 java web 服务。我无法控制服务。支持的令牌是 2 个 x509 和一个用户名令牌,仅对正文进行签名和加密。我能够根据供应商肥皂请求样本生成 100% 合规的请求。

WCFClient 使用自定义绑定来生成传出请求。我在响应中遇到了摘要值的问题。我什至如何检查,验证这一点?服务器日志显示以下内容:签名者状态:“从具有 x509 格式的 BinarySecurityToken 中提取证书链”拒绝集:哈希值不匹配。哈希值不匹配:'l6kqP048t5INzJT3W8gxVSXplaE=',这是签名中的摘要值。

 <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
    <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <o:SecurityTokenReference>
        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-1" />
      </o:SecurityTokenReference>
    </KeyInfo>
    <e:CipherData>
      <e:CipherValue>REMOVED=</e:CipherValue>
    </e:CipherData>
    <e:ReferenceList>
      <e:DataReference URI="#_2" />
    </e:ReferenceList>
  </e:EncryptedKey>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="#_1">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>l6kqP048t5INzJT3W8gxVSXplaE=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>gCwFapZ3D/vUXsvAShTQwNWJoA23ad54NRmUWXR7IBFbsr75HBdZUG5lO1Af+ncShzwJA2a6jJXJmw/1gKswyAP9QuZsa9D+6fGh8jwcVqjm5v/Sh9rgQxWjL6U1kkovP0IAqEjafRu6YgmauFVCHUrJ2QfIN96WYTPnYm9Puvs=</SignatureValue>
    <KeyInfo>
      <o:SecurityTokenReference>
        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-2" />
      </o:SecurityTokenReference>
    </KeyInfo>
  </Signature>

据我所知,我没有做任何特殊的自定义绑定来完成所有这些

这会是信托商店的问题吗?工作肥皂 UI 示例有一个带有密码 changeit 的信任库 cacerts。我认为这是 javakeytool 附带的。我正在使用以下自定义绑定和链信任

      AsymmetricSecurityBindingElement secBE = AsymmetricSecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
                secBE.AllowSerializedSigningTokenOnReply = true;
                secBE.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDesRsa15;
                secBE.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
                X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters();
                x509ProtectionParameters.RequireDerivedKeys = false;
                secBE.InitiatorTokenParameters = x509ProtectionParameters;
                secBE.RecipientTokenParameters = x509ProtectionParameters;
                secBE.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
                secBE.RequireSignatureConfirmation = false;
                secBE.IncludeTimestamp = false;
                CustomTextMessageBindingElement enc = new CustomTextMessageBindingElement(Encoding.UTF8.ToString(), "text/xml", MessageVersion.Soap11);
                HttpsTransportBindingElement b = new HttpsTransportBindingElement();
                b.RequireClientCertificate = true;
                CustomBinding be = new CustomBinding();
                be.Elements.Add(secBE);
                be.Elements.Add(enc);
                be.Elements.Add(b);
                   -----------------------------
 proxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "Usercert");
            proxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ServerCert");
            proxy.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
            proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust;

更新以显示工作请求和故障请求都工作据我所知两者都是相同的。一个区别是工作的顺序有 BST、UST,BST 矿井有 BST、BST、UST。工作肥皂 UI 请求

      <soapenv:Envelope xmlns:mhs="http://org/emedny/mhs/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="6BB387229F4FD6E3FC13753868206455">MIIDFjCCAn+gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA2MQ8wDQYDVQQKEwZlTWVkTlkxIzAhBgNVBAsTGnJQcmQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDIxNjA1MDAwMFoXDTEzMDgyMDAzNTk1OVowYzEPMA0GA1UEChMGZU1lZE5ZMRQwEgYDVQQLEwtlTWVkTlktUFJPRDEPMA0GA1UECxMGZVBhY2VzMREwDwYDVQQLEwhlU2VydmVyczEWMBQGA1UEAxMNRFBNZWRzSGlzdG9yeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqdOQyIej9kENyppOOeOPF5olvolfZz2GUG4eYEkJtBH0WBDahM5Pm3N7U52Sm+YYPXkPMe+NTOWXUvGOdrp3mMJlN/+A5N4oEM9WwXzDhdsIXufzW5s1zJOW1xKrWgb2/hHXAyNIciCrtsFVBZ8S6c1iibZecrmdkQyiNZsXntMCAwEAAaOCAQUwggEBMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1UdHwSBhzCBhDBNoEugSaRHMEUxDzANBgNVBAoTBmVNZWROWTEjMCEGA1UECxMaclByZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwM6AxoC+GLWh0dHA6Ly93d3cuZW1lZG55Lm9yZy9lUGFjZXMvY2FjZXJ0cy9DUkwxLmNybDAdBgNVHQ4EFgQUs60iHpMc/Jz2F4lt/lHnLVtZco0wHwYDVR0jBBgwFoAUwbo3tXRFck0wN5g2DPS+/+xVHnQwDQYJKoZIhvcNAQEFBQADgYEAKzRgS2QNHW5f2R348N3+jRRbtlJdS/kM974rsnvoNHb2QatSLWxwa5dr7ASaDUXiED7jzB51HzbehyfE8afdq7OByuMN/J8yXK2B3Dv6y3F6uDHYP9H7JDGXoq2kdexpVD1oY4UEi5QOkdhtL8URJ355A3Fr/faIC8fGF4miq04=</wsse:BinarySecurityToken>
       <xenc:EncryptedKey Id="EK-6BB387229F4FD6E3FC13753868206454" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
       <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <wsse:SecurityTokenReference>
       <wsse:Reference URI="#6BB387229F4FD6E3FC13753868206455" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
       </wsse:SecurityTokenReference></ds:KeyInfo>
       <xenc:CipherData>
       <xenc:CipherValue>e5nL8OsjXRBtVrkV6eb4W5KhgOas2UL3C26BmcAArBZNk+yBVQoCIRTBMXYomvLeHFB/oNO3RqXEd8NTrSTnC8ydH/BEf9vKSGqsyQzaEkk4oV93fgWtMgE4DErUS/8oBS2DcgvtJle1tpoNR7FNp7iBif0idmGyL6L2lBT9HmM=</xenc:CipherValue></xenc:CipherData>
       <xenc:ReferenceList>
       <xenc:DataReference URI="#ED-4"/></xenc:ReferenceList></xenc:EncryptedKey>
       <wsse:UsernameToken wsu:Id="UsernameToken-3">
<wsse:Username>USERID</wsse:Username>
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PWD</wsse:Password>
       <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Vjjuy4+O3TwT7BmMACfLQA==</wsse:Nonce>
       <wsu:Created>2013-08-01T19:53:40.446Z</wsu:Created></wsse:UsernameToken>
       <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="X509-6BB387229F4FD6E3FC13753868202121">MIIE4zCCAmcwggHQoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwNjEPMA0GA1UEChMGZU1lZE5ZMSMwIQYDVQQLExpyUHJkIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wOTA1MTEwNDAwMDBaFw0yMTAyMTAwMzU5NTlaMDYxDzANBgNVBAoTBmVNZWROWTEjMCEGA1UECxMaclByZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMT0hW0sdDEmMBxg9Ye7TsHERFsAWzw7td+rAjTng0NRWiEGDDBzMiJGHnyWMdt3lUywLjKH2RNYep0D4rQkULtCsnaQ0I2M/+AgoDsR3+RGV3xGwU5TbvBQ56mzZzkfLWRKg0medA9q8Ia7rXAvVlm6Uhy1KW3xsrskEu9sLFOpAgMBAAGjgYQwgYEwPwYJYIZIAYb4QgENBDITMEdlbmVyYXRlZCBieSB0aGUgU2VjdXJpdHkgU2VydmVyIGZvciB6L09TIChSQUNGKTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwbo3tXRFck0wN5g2DPS+/+xVHnQwDQYJKoZIhvcNAQEFBQADgYEAET5poNE2QeZNUjQ4u9PzNBkY4AO+5pFxHHp4AnbU6XzTrClHcn2QJlUAo2b9ryVgC2L8R+h6tJA1/2EQIVmmsCSegulzcOScNyDL0sm67GRwmx28zQ22y/9F3nAKSSsQwWz89vnXKQQSrpWPHEuMNVt/9fRTdUcWDWMW6LX3B3IwggJ0MIIB3aADAgECAgIAoDANBgkqhkiG9w0BAQUFADA2MQ8wDQYDVQQKEwZlTWVkTlkxIzAhBgNVBAsTGnJQcmQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEzMDQyNTA0MDAwMFoXDTEzMTAyNzAzNTk1OVowYDEPMA0GA1UEChMGZU1lZE5ZMRQwEgYDVQQLEwtlTWVkTlktUFJPRDEPMA0GA1UECxMGZVBhY2VzMRUwEwYDVQQLEwxlUGFjZXMgQ2VydHMxDzANBgNVBAMTBkxNV0FSRDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkylE6EOuNVakw/ud2s3Rx/DH7JtlzHOK9BEpKRvzeorKAF3QkY2ck2oNe6+lru815uWjDavrd9xvXd3r/Yb87SSkKpYXmdaBzPRZmr/uDr8UkM9C3DkPE47ENqTjDQssLlpo3PZWDdvqsUObeURbKU+A8hhpiPOhza7DzytTsaUCAwEAAaNnMGUwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBQEpxRjV1ZWlWPEmCM9oEqO7wQLKDAfBgNVHSMEGDAWgBTBuje1dEVyTTA3mDYM9L7/7FUedDANBgkqhkiG9w0BAQUFAAOBgQBUzaHqesbXbqclwHq9cRZPc/7FJp5udrzQ6nQgbXaBcuBKUql/v7C1/ZwkV/Rxi9BqGTMBDoKBaUpvyQ30drpCON9nQGfrQhMshpUxx6S/mfuLDazCjvhtdCxJE9uET4Fwi1bhifjHKNO1NnB8JMnm4avMMRnbi8Kr5+eoRD9mzA==</wsse:BinarySecurityToken>
       <ds:Signature Id="SIG-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
       <ec:InclusiveNamespaces PrefixList="mhs soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod>
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-1">
       <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
       <ec:InclusiveNamespaces PrefixList="mhs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms>
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FchA3vEpfP7i3adziwVpYnrI/BQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>
       <ds:SignatureValue>ZnEgibHIj1B+Gk+m8THvgNownzH8eCfymugLIHM+EyZsPz+xyOAd+IR43LAo/LcuAVZK8lBrtFKc
    DJO2zETYXv9gXnQP4Z8kAirkOtWuE6nPPwooSBlGXRr/j2zOp6ekdCoyqI7Hlhljh0NVaIbwzAsS
    yfrsYGw0I0zJzfI3Hkc=</ds:SignatureValue><ds:KeyInfo Id="KI-6BB387229F4FD6E3FC13753868203372">
    <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="STR-6BB387229F4FD6E3FC13753868203413" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
    <wsse:Reference URI="#X509-6BB387229F4FD6E3FC13753868202121" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security>
    </soapenv:Header>
       <soapenv:Body wsu:Id="id-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <xenc:EncryptedData Id="ED-4" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
       <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
       <wsse:Reference URI="#EK-6BB387229F4FD6E3FC13753868206454"/></wsse:SecurityTokenReference></ds:KeyInfo>
      <xenc:CipherData><xenc:CipherValue>IMyfgrFU0VZZV+buomWUGAmPr2TXGlNETpECX7jF5xrQcJAk6Ql/eGv70ttFaFulwyuNmtM8u+KT7CM0/xhmwyrB6X5iUYCjZp+aL7XAs+hOPHcd/lSZmAOyV2DBH7B/PopiDuE7hgmQQn0zhV4WommQbe3ss77mmdQQlQv8RhqvIg2xs4k70eB8QaYUdQ6sa6BxYPnc3SkxFXb24/3s7CZVPj8vecfLwiAVLhIk55rVR9eyYeGD97haM3YeuBRMA2xNNgItvsqK8m0ePxKNT/KrQlAeivRRLwfSY8+sIisdk9Q3ioXgkZ0quM+fjlHrH816swbeY9IVFBvoDA+jWqkjbriOezMHa5SJB/ubjxpS+UMld6EOP/71Btts6FGwUoJjygzbwCVYUIS9/rMCOvJf+q1gK8SbjTwTmiozoo3mIxb7cfGmN4/Y7B2zeFilKfDbPBPESIR7QW+c08Uyyr6P4C0rAJ6+NL5Lr8g+eEsVjCpFUtbzmupk2hfqsySnmWjPx3CfOBnaRrtlTYI3J3yK7Il4lQ4P3qvBT9vGNr8nnQ7ziS4OhTD6PTzmB1FDpv3Nb416xD5tIBVtAkhC3yDRqF9TAAmb8V+8ynxrkjgZOpmTp//PgrIMZmzLh2udttBSzAHTc4Waq1+baSimoRRwL/SxOOmRgjji2lp/yoSeMBIDDLoXRE67HSD1dtUdTab9kEu4Rqr1D/g1PXNZZA7qIXu1Gdg5zIN0kxRWWDERz/D8FtEFxCDb6VOlSkthBT3y/HD3EO67dtabqnKdSSCItcr9UuqrEs+B+SHujZv9DnsGFL6UAm2WMfqnGuvNk2tXYZAvtJCbcExmWm5olb2WdRiEyP0G6Tpnja+/VmMaJg1qVUwwuOcQRq0U1mZujkIX1Z1Rpbk3j/7g0Ck4Qn4jnAqaMqeLDu1WUBUZa41RuS55V9xhoVz7/zKXP9pqsf0Fv7bQ1LPspsV7pb5sWup+GzPvMJDG/LUDhEvFXGy7cEXvPypE+n88IY2i815xxNXKZgW3hoht3sESH8eqjCPoBJJ4CciDvzb9STjKBO3Cj6TcibLZU60LDDvMaJNXH2fN/VOOc4LY42tdgrvyZi9sipjOisp+r6qYg1uW5v+tAqA8hoY0UH8dD66sD6FHS02eAsMkwudAK7m9qmHfzU0BML1H9/rCF9hgUjsJet2wZgWs6ROulo2lT7qnFncOv+uRyN3yStRqsbSIk3WZAOAX8LKMpX8sgFvXWyqUDdSyJ4YJuB2G65G5Ijq75PbuQZZUaJMsWSQBDsbp+E4a7rZHigBEWc5WroktfptCuBwZvCbXC7v3VyzvlCswk5kBUCGfl0AgUjQ=</xenc:CipherValue></xenc:CipherData>
      </xenc:EncryptedData>
      </soapenv:Body>
    </soapenv:Envelope

下面是我的自定义绑定生成的请求。它在签名摘要值处失败

  <s:Envelope xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Header>
        <ActivityId CorrelationId="2297e645-5077-443d-a7d2-d9af74ddb07e" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">00000000-0000-0000-2400-0080020000f7</ActivityId>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <o:BinarySecurityToken u:Id="uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-5" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIICdDCCAd2gAwIBAgICAKAwDQYJKoZIhvcNAQEFBQAwNjEPMA0GA1UEChMGZU1lZE5ZMSMwIQYDVQQLExpyUHJkIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA0MjUwNDAwMDBaFw0xMzEwMjcwMzU5NTlaMGAxDzANBgNVBAoTBmVNZWROWTEUMBIGA1UECxMLZU1lZE5ZLVBST0QxDzANBgNVBAsTBmVQYWNlczEVMBMGA1UECxMMZVBhY2VzIENlcnRzMQ8wDQYDVQQDEwZMTVdBUkQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMpROhDrjVWpMP7ndrN0cfwx+ybZcxzivQRKSkb83qKygBd0JGNnJNqDXuvpa7vNeblow2r63fcb13d6/2G/O0kpCqWF5nWgcz0WZq/7g6/FJDPQtw5DxOOxDak4w0LLC5aaNz2Vg3b6rFDm3lEWylPgPIYaYjzoc2uw88rU7GlAgMBAAGjZzBlMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKcUY1dWVpVjxJgjPaBKju8ECygwHwYDVR0jBBgwFoAUwbo3tXRFck0wN5g2DPS+/+xVHnQwDQYJKoZIhvcNAQEFBQADgYEAVM2h6nrG126nJcB6vXEWT3P+xSaebna80Op0IG12gXLgSlKpf7+wtf2cJFf0cYvQahkzAQ6CgWlKb8kN9Ha6QjjfZ0Bn60ITLIaVMcekv5n7iw2swo74bXQsSRPbhE+BcItW4Yn4xyjTtTZwfCTJ5uGrzDEZ24vCq+fnqEQ/Zsw=</o:BinarySecurityToken>
          <o:BinarySecurityToken u:Id="uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-4" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDFjCCAn+gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA2MQ8wDQYDVQQKEwZlTWVkTlkxIzAhBgNVBAsTGnJQcmQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDIxNjA1MDAwMFoXDTEzMDgyMDAzNTk1OVowYzEPMA0GA1UEChMGZU1lZE5ZMRQwEgYDVQQLEwtlTWVkTlktUFJPRDEPMA0GA1UECxMGZVBhY2VzMREwDwYDVQQLEwhlU2VydmVyczEWMBQGA1UEAxMNRFBNZWRzSGlzdG9yeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqdOQyIej9kENyppOOeOPF5olvolfZz2GUG4eYEkJtBH0WBDahM5Pm3N7U52Sm+YYPXkPMe+NTOWXUvGOdrp3mMJlN/+A5N4oEM9WwXzDhdsIXufzW5s1zJOW1xKrWgb2/hHXAyNIciCrtsFVBZ8S6c1iibZecrmdkQyiNZsXntMCAwEAAaOCAQUwggEBMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1UdHwSBhzCBhDBNoEugSaRHMEUxDzANBgNVBAoTBmVNZWROWTEjMCEGA1UECxMaclByZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwM6AxoC+GLWh0dHA6Ly93d3cuZW1lZG55Lm9yZy9lUGFjZXMvY2FjZXJ0cy9DUkwxLmNybDAdBgNVHQ4EFgQUs60iHpMc/Jz2F4lt/lHnLVtZco0wHwYDVR0jBBgwFoAUwbo3tXRFck0wN5g2DPS+/+xVHnQwDQYJKoZIhvcNAQEFBQADgYEAKzRgS2QNHW5f2R348N3+jRRbtlJdS/kM974rsnvoNHb2QatSLWxwa5dr7ASaDUXiED7jzB51HzbehyfE8afdq7OByuMN/J8yXK2B3Dv6y3F6uDHYP9H7JDGXoq2kdexpVD1oY4UEi5QOkdhtL8URJ355A3Fr/faIC8fGF4miq04=</o:BinarySecurityToken>
          <o:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <o:Username>USERID</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PWD</o:Password>
            <o:Nonce>19sRmzQElHKqxL6ICMzpJf7NOU8=</o:Nonce>
            <o:Created>2013-07-31T09:24:00.933Z</o:Created>
          </o:UsernameToken>
          <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
              <o:SecurityTokenReference>
                <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-4" />
              </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
              <e:CipherValue>XQQjLvSY5VJ4BYkDxdsIUYYFRz+eleKaiU5bSFpUMblIm7ssKXOLJJsLBbNHREycIV8u5LR9ZixI7nI5BeacKYT+nlEikPREgUwEbvsGMb6LxkquUsIDhicpY5lKMhijbYtrE8O0Ee1TX3kT6hRb6QnvWZSGjnDhfLZvu3SO9cY=</e:CipherValue>
            </e:CipherData>
            <e:ReferenceList>
              <e:DataReference URI="#_2" />
            </e:ReferenceList>
          </e:EncryptedKey>
          <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
              <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
              <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
              <Reference URI="#_1">
                <Transforms>
                  <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>l6kqP048t5INzJT3W8gxVSXplaE=</DigestValue>
              </Reference>
            </SignedInfo>
            <SignatureValue>gCwFapZ3D/vUXsvAShTQwNWJoA23ad54NRmUWXR7IBFbsr75HBdZUG5lO1Af+ncShzwJA2a6jJXJmw/1gKswyAP9QuZsa9D+6fGh8jwcVqjm5v/Sh9rgQxWjL6U1kkovP0IAqEjafRu6YgmauFVCHUrJ2QfIN96WYTPnYm9Puvs=</SignatureValue>
            <KeyInfo>
              <o:SecurityTokenReference>
                <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-63c0b13f-8368-4bc9-a493-b362c67ac14b-5" />
              </o:SecurityTokenReference>
            </KeyInfo>
          </Signature>
        </o:Security>
      </s:Header>
      <s:Body u:Id="_1" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
          <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
          <e:CipherData>
            <e:CipherValue>pkVTvAXkNSAw49UQaR8xjz3N9BLM3fS2k9j9JKUwLfg1hynpnDZMme5P4xwfDjnhYtx/ftIc3lnN9fDnECeMG+V8dPPD/nRqCsaExYbIgyY9KBmCBRx0OgrbJQEYX6Jq5n24sWDZb9yk7JEKmh3sZOnzWm6k/GaTv8UYzY0/rEBmS4m1W7kP/asCw11QzM2daolIerQ0OOYSecnk/NjmiEmK21dq4yIBVbUGn5UPllD5fIHtL5PQk8kcp9S8snfaAkKQhSQqokv8s0R9uLIKBYlmX4r+uFJLKXFIKdDZLb39U2MOWacOmQQ/KlEuBWZibhxvRfUnBote74dI7rfYjKCHpJZ9LoQN+/3R5CNfsJmlyEKGvp7pCZfPABtkjTQgKBJkL0zj8xA0149g1m0mSPN1AfUeRlFHw/T90qknYwQ5JTX4vVP1HKStieFf7raMocT4poNkm3Anqik+IDFPNNsH85TnVJgCOeemnM8ZoWRTsnAIhmTSEiRaDE+bAi2+vNJHBxIwpoR65rgk1N8DcEPfQkWAPgiy76lyXyTk/kPqZgepnZdghcdZ6u7tl1eLv0IscJVXJpQtFHgWur/AIBaUEUyfiMSPVIWfJdd/W4E3/BCFEdqfJwOqmxULS+w2GQMvUHrQJ9S3+8o2ajBBCUqxjYBKgcoDrdvopDaPzaBALQJUqECUz3grCCTiqiEzGyWiGjqwHVl9JQTNJesfxOATlEDjRu8lPdeM/c0OlM8JOdG8CiTx1x0TuUTGGsGXmfr25tanwoA5iEEms6oP0sUhB2o65BvuGPUSdJRmlfM2p9kEohShUDYR/hHnvFhKPd/dnPHP/q1kIiAybgWUaXQ9BsQajKEt1ZsW+zJ2T0vqiSrZkJOJSirSFOOsz4vFzOtEM/lMy80n6ltF4GHPxJHNK9zv14CHoTGUCK18+uvFCcA2DKgaPnJBXmBwpPjAW2jAVIFE7RgA3kGJomPygyV88A8TkkPs+7h2v+mLpj2B+9ev62g9Lws+At74b0DFU5D70SFazVNnRHGXPHHSr0L2XRDlHg6A9ZW884cGmRftGyPuWZotCfaBfCI4gWjak0W2Zu3TSdU1HHxWKW8jOvsSr8pdMjnzMAsPRAyjlPfE69eODRh1J+FAcJg+jVpAvpwWfpo81GRn9F7RcpkfySh7hKufNMsKOTZg5ciXl+N4dBCJ186Q5eqCAItEqwkxwGiXWB3W/QQGdinCdwz8gA==</e:CipherValue>
          </e:CipherData>
        </e:EncryptedData>
      </s:Body>
    </s:Envelope>
4

1 回答 1

0

消息看起来非常相似,有点令人失望的是服务器拒绝了 WCF。您应该做好准备,这可能需要一些时间来排除故障。我会尝试使用以下不同的方法进行调试:

  1. 根据错误消息,我认为挑战在于摘要计算。看看soap UI 如何拥有这个元素“”。此元素是对签名签名者/验证者的指令。也许服务器以某种方式将此值硬编码到其签名者中,因此 WCF 没有它的事实会影响摘要。WCF 无法配置为拥有它(通常不拥有它不是问题)。看看 SOAPUI 中是否有任何配置,您也不能使用它,看看它是否仍然有效。

  2. 将 SignBeforeEncrypt 替换为 EncryptBeforeSign

  3. 为同一个 WCF 客户端设置一个 WCF 服务并查看它是否有效(尽管它可能会,所以这是一个很长的镜头)。

  4. 尝试从其他平台的客户端联系服务,看看服务器如何反应。

  5. 尝试从服务中移除复杂性——例如移除加密并仅使用签名。看看这是否有效。这可以帮助查明问题。

  6. 蛮力的方法是找到计算 xml 规范化和摘要的服务代码,并将其调试为 .Net 代码。但是在那个阶段,您可能会寻求以其他方式绕过该问题。

于 2013-08-02T10:38:35.140 回答