1

我在 WCF 的安全部分遇到问题。

问题是:部分加密不适用于消息有效负载。当我在 MessageContract 和 MessageBodyMember 属性中更改 ProtectionLevel 时,它要么完全加密有效负载,要么保持未加密整个有效负载。

即,部分加密不起作用,我希望有效负载(消息正文元素)的根标记未加密,其余部分,即根标记的子元素要加密。在服务器上,spring webservices的enpoint-mapping需要这种行为。

这是一个用Java开发的Web Service的Dot Net客户端程序(Contract First WebService Developed in Spring WS)。它使用相互证书来保证安全。

我正在使用 messageSecurityVersion、WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 的自定义绑定。

我不确定它是否与此绑定的 WS-Addressing 支持有关。

这是我的 app.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
      <section name="DISClientLibTest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />
    </sectionGroup>
  </configSections>

  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel.MessageLogging">
        <listeners>
          <add name="messages"
          type="System.Diagnostics.XmlWriterTraceListener"
          initializeData="c:\logs\messages.svclog" />
        </listeners>
      </source>
    </sources>
  </system.diagnostics>

  <system.serviceModel>
    <behaviors>
      <endpointBehaviors>
        <behavior name="DISEndPointBehaviour">
          <clientCredentials>
            <clientCertificate storeLocation="LocalMachine" storeName="Root" 
                               x509FindType="FindBySubjectName" findValue="d-i-s-partner"/>
            <serviceCertificate>
              <defaultCertificate storeLocation="LocalMachine" storeName="Root"
                                  x509FindType="FindBySubjectName" findValue="dis"/>
              <authentication certificateValidationMode="PeerOrChainTrust"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>

      </endpointBehaviors>
    </behaviors>

    <bindings>
      <customBinding>
        <binding name="DISMutualCertificateDuplexBinding">
          <!--<security authenticationMode="MutualCertificateDuplex"-->
          <security authenticationMode="MutualCertificate"
                    includeTimestamp="false"
                    requireDerivedKeys="false"
                    keyEntropyMode="ClientEntropy"
                    messageProtectionOrder="EncryptBeforeSign"
                    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"/>
          <textMessageEncoding messageVersion="Soap11WSAddressing10"/>
          <httpTransport manualAddressing="false"/>
        </binding>
      </customBinding>

    </bindings>
    <client>
      <endpoint binding="customBinding" 
                bindingConfiguration="DISMutualCertificateDuplexBinding"
                contract="DaDeskDataExchange" 
                name="DaDeskDataExchangeSoap11_DaDeskDataExchange"
                address="http://192.168.0.27:8080/disweb/1.0/spring-ws/"
                behaviorConfiguration="DISEndPointBehaviour">
        <identity>
          <dns value="dis"/>
        </identity>
        <headers>
          <wsse:UsernameToken
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="UsernameToken-6"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:Username>50001</wsse:Username>
            <wsse:Password
              Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password>
            <wsse:Nonce
              EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce>
            <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created>
          </wsse:UsernameToken>
        </headers>
      </endpoint>
    </client>
    <diagnostics>
      <messageLogging logEntireMessage="true" 
                      logMalformedMessages="true" 
                      logMessagesAtTransportLevel="true" 
                      logMessagesAtServiceLevel="true"/>
    </diagnostics>

  </system.serviceModel>
</configuration>

这是 svcutil 生成的代理类(仅相关部分)

[System.CodeDom.Compiler.GeneratedCodeAttribute("svcutil", "4.0.30319.1")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType = true, Namespace = "http://www.dadesk.com/dis/schema")]
// This is added for bypassing encryption
[System.ServiceModel.MessageContract(ProtectionLevel = System.Net.Security.ProtectionLevel.None)]
public partial class getActualInvoiceOutputRequest
{

    // This is added for bypassing encryption
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)]
    private string interfaceUniqueReferenceField;

    // This is added for bypassing encryption
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)]
    private string invoiceIdField;

    // This is added for bypassing encryption
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)]
    private string daEventField;

    /// <remarks/>
    [System.Xml.Serialization.XmlElementAttribute(Order = 0)]
    public string interfaceUniqueReference
    {
        get
        {
            return this.interfaceUniqueReferenceField;
        }
        set
        {
            this.interfaceUniqueReferenceField = value;
        }
    }

    /// <remarks/>
    [System.Xml.Serialization.XmlElementAttribute(Order = 1)]
    public string invoiceId
    {
        get
        {
            return this.invoiceIdField;
        }
        set
        {
            this.invoiceIdField = value;
        }
    }

    /// <remarks/>
    [System.Xml.Serialization.XmlElementAttribute(Order = 2)]
    public string daEvent
    {
        get
        {
            return this.daEventField;
        }
        set
        {
            this.daEventField = value;
        }
    }
}

预期的 SOAP 请求

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
 <SOAP-ENV:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
   <wsse:BinarySecurityToken
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    wsu:Id="CertId-1BC7C7CC8C1DC237A312742702475786"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ==
   </wsse:BinarySecurityToken>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    Id="Signature-7">
    <ds:SignedInfo>
     <ds:CanonicalizationMethod
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
     <ds:Reference URI="#id-8">
      <ds:Transforms>
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      </ds:Transforms>
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <ds:DigestValue>O+wONgrnKflVXuIf/QqMIVPHICg=</ds:DigestValue>
     </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
     cPLtiHI8a3Ay7lCau0wosF7pakNPaOkFdmjC8osUqkUUECjQvSPCoVyWZldPxheWIEEM1qUAR7X2
     1cOFNn2YUfTu9c3ElEgfRycDUTpcvF5hs37Er+ssR3QBKQ9Jmd76MHcc8LW12KNGGWZn/grUMhnR
     uuOzSrfAtOHYK22wPvE=
</ds:SignatureValue>
    <ds:KeyInfo Id="KeyId-1BC7C7CC8C1DC237A312742702475787">
     <wsse:SecurityTokenReference
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      wsu:Id="STRId-1BC7C7CC8C1DC237A312742702475788"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:Reference URI="#CertId-1BC7C7CC8C1DC237A312742702475786"
       ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
     </wsse:SecurityTokenReference>
    </ds:KeyInfo>
   </ds:Signature>
   <wsse:UsernameToken
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="UsernameToken-6"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:Username>115394</wsse:Username>
    <wsse:Password
     Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password>
    <wsse:Nonce
     EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce>
    <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created>
   </wsse:UsernameToken>
  </wsse:Security>
 </SOAP-ENV:Header>
 <SOAP-ENV:Body
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  wsu:Id="id-8">
              <!---- I need the root tag un-encrypted-->
  <getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema">
              <!---- I need the content encrypted-->
   <interfaceUniqueReference>aasd</interfaceUniqueReference>
   <invoiceId>-1</invoiceId>
   <daEvent>1</daEvent>
  </getActualInvoiceOutputRequest>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

在上面的 SOAP 消息中,在正文内部,我需要对 getActualInvoiceOutputRequest 的内容进行加密,并且不希望对 getActualInvoiceOutputRequest 进行加密。现在,整个正文内容都被加密了。

我遵循了以下 MSDN 网页 http://msdn.microsoft.com/en-us/library/aa347692.aspx中给出的指导方针

它警告 WS-Addressing Dependency。它有一个声明,[例如,BasicHttpBinding 类不支持规范,或者如果您创建了不支持 WS-Addressing 的自定义绑定。]。

我怀疑那个区域,WS-Addressing 对我的自定义绑定的支持。有人可以帮忙吗?

谢谢, 沙米尔

4

2 回答 2

1

您的自定义绑定指定了 WS-Addressing,但预期的 SOAP 请求不使用它。我很害怕这是互操作性被破坏的部分。您是否有描述安全设置的服务的 WSDL?您是否还有使用加密的 SOAP 请求示例?

于 2010-08-18T09:03:41.067 回答
0

这是使用适当加密级别的示例 SOAP 请求,这是预期的 SOAP 请求,由 java 客户端生成。

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<SOAP-ENV:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:mustUnderstand="1">
<xenc:EncryptedKey Id="EncKeyId-B521E60EB6640CC36812821275442335"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dis</ds:X509IssuerName>
<ds:X509SerialNumber>1273126865</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>uVuKFUAyy7NvyMJuFgqB27nZ/uf1YCQLOjQJrOJN+iAiUGYBcIFYThpr+D2UK5l80HzWL8KUbbg8YcurjwOzuLM+DvuXbnsP3niFlFNipB0FTmnojD5t5J7xinRzfRzSVpSxxa/czOdFZTwyPclnUNFWEsWML8npQNOX2gir3Lk=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-4" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-B521E60EB6640CC36812821275439461"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpkaXNwYXJ0bmVyMB4XDTEwMDUwNjA2MjEwNloXDTM3MDkyMDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkZCpIil24gHZdARUQXRrm0izFwMkACEeHoTv6/35FjSiQpntBxbaTLmGZ4U93Pjuko2jlBheiFeq0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>cYtMaQuuiVAho+6m8lj66ZPLFJc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ccAZE+FRn2ads52Ma5FsoYPx8P3SBYqjRYSctTNUmcsDQEhHowOoTyhkW5IElo9r/GaGWL0EBfmC
SyNBh/qtKA4YHxjradG2Mk2Bxv/aRGuxaCllYTTr1kr37vC1fYiWVI2QrjbGOvp0i/5RgLanl40k
gkDxle9CxegVDdZkijI=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-B521E60EB6640CC36812821275439532">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-B521E60EB6640CC36812821275439553"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#CertId-B521E60EB6640CC36812821275439461"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>119136</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">R3WWGSkNtmPztaSUbiyAWOcpwTM=</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">pkJh0dN0yE8iIRe49T1bwg==</wsse:Nonce>
<wsu:Created>2010-08-18T10:32:23.937Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-3">
<getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema">
<xenc:EncryptedData Id="EncDataId-4"
Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-B521E60EB6640CC36812821275442335"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Qg9GlqcRgEi6EJACo/RxVYbUTdX2fnHUdrmdsXolHPFcigsuTMMwj0ST5DIXuh3C4nB738Acd8ez
hKyZdDR2skNYIWHKGzM8wuT3wrjbZGAnXl78PtzjfNSyldmwm1cm4JxW2YH0QvtUq5e2exVOnkVT
ojBtvxYSjQl2F/pK0uawD/m3RFFyqB3/lOWShYSLqW+H5h0d96FxIyVPb27z+mGK0xRXO9sh51ES
4wHozKnQvSMBbokOPaHLMgyNBqkRvDX5bNvsvnpyjBT8trlaSQYE6l+zyqSIj8apu+HxpLM8g73f
MPeGyzn28I078ZVe6vOzVPhXsSLMEUwtEHWjHIe49h6uGGLg2xd5pehbXxqDbw2/a1UipBOOjz4v
5UYVoFtw7OjfONbPrrhqEkyg8zV2S4SPH6ItGKYLuiLNGV7XEXgc4dhyZ+qV/byJ/tqxuP2eNF6+
a2pp+jEQ8z0QCLZSnWicrbz3sbRHzM2CyZk=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</getActualInvoiceOutputRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我的 Dotnet 客户端当前生成以下请求

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3"></a:Action>
<a:MessageID u:Id="_4">urn:uuid:cbfc787e-d759-41b6-a919-9aba6fbd4fe6</a:MessageID>
<a:ReplyTo u:Id="_5">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_6">http://192.168.0.27:8080/disweb/1.0/spring-ws/</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"></DigestMethod>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=dis</X509IssuerName>
<X509SerialNumber>1273126865</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>YYorbYHYP+AmYDttzFQ4BtlnmvQPZVbIZqy/VD5eQendMmhZXXEKNiv32BVAqBDwmmiXzHjjaPkWOfA4Q0iRG6XNvFzmxo6G2hc3WJ+6ZDW/8RFaCjEjtGNp9LezuDrIBjdfMXZOR63H809mB4wtDwamg6eIxn64UmXfwybbNw4=</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>LGEAlgVrR38d/JwppXPW4KvY/K0=</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>a8T/6AHa4bBGUI0zRJY5m1I0kYo=</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>hv0eRU3IzGVmeDHlGzlHyzVChkM=</DigestValue>
</Reference>
<Reference URI="#_5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue>
</Reference>
<Reference URI="#_6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>wnN99C6DCmP7MaOlTJxf10Urf/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>e2kDwoGU0XrmkUqO1rpkKSwYDMe327XN0hTLSQtutm04BX7+JjxbO5EbmmgX3F/hdKFjUk5rDdWxu1AC1LRlAhwiZKqzhnMx05ixuGoAxmlTLnL+ItdLTomOaOHkf7b7KNZouZDuCNeE/VdiQBOEmCYw2XfoukZxvIqyA03YffY=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-127196be-7cc5-47ce-abd2-90d000c4fa2b-2"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_1"></e:DataReference>
</e:ReferenceList>
</o:Security>
</s:Header>
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="#_0"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>rPnwZV8JzRPPf7jAR6HCNRTvELt5caZbyyBzs1icNP+5HPmKxzPfROs8aq4Soi5+HfOpAsanW6IdA3o9m466WOM4jVorN7dx+8VCygsKfp79JtniFfH3Us9YlJsjgxljCM5QvH84ZkXc/+TJy+zVwpTm0t3mEB8h83gDA0ZOYkCXG8ksZhOwvj4aaLpDoBI+e/4usJ2XsW2oi2xF8sCFzV20X4S/IJlTyUHqeQcW5N8evXF0A8K64FfnoFARCe/Bkq2kmbclNRBmCZE+sJNTNxkYVlA6QufCPASgZJg35fwDveHTcQb19IqccGC51khQWV8L4gIhnJ2RSRzgsDjuzO8wGYTjoSBvm18hfHMywqdEyUCYX9bFEGcaBFMevD9mIu/B/ksh6nqkp30NGctReupdTFyrNcUn9Zqu/xlwU/uJws4LIk4G7ggjF4IrqjOu</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
于 2010-08-18T12:03:23.573 回答