C# C WCF Soap符号Sha256“密钥集不存在”_C#_Wcf_Soap_Sign

C# C WCF Soap符号Sha256“密钥集不存在”

c# wcf soap

C# C WCF Soap符号Sha256“密钥集不存在”,c#,wcf,soap,sign,C#,Wcf,Soap,Sign,我调用一个需要WSS的web服务。时间戳和正文块应该由数字签名签名，我使用USB令牌我使用AsymmetricSecurityBindingElement来完成这项工作如果使用DefaultAlgorithmSuite，则签名请求消息可以完美地工作。但当CustomDefaultAlgorithmSuite类将DefaultAsymmetricSignatureAlgorithm更改为RSASA256Signature时，它会抛出加密异常：第行不存在密钥集：durum response

我调用一个需要WSS的web服务。时间戳和正文块应该由数字签名签名，我使用USB令牌

我使用AsymmetricSecurityBindingElement来完成这项工作

如果使用DefaultAlgorithmSuite，则签名请求消息可以完美地工作。但当CustomDefaultAlgorithmSuite类将DefaultAsymmetricSignatureAlgorithm更改为RSASA256Signature时，它会抛出

加密异常：第行不存在密钥集：durum response=proxy.getBatchStatus1

堆栈跟踪： konum:System.Security.Cryptography.Utils.CreateProvHandleCspParameters参数，布尔随机密钥容器 konum:System.Security.Cryptography.Utils.GetKeyPairherPercsPalgorithType keyType、CspParameters参数、Boolean randomKeyContainer、Int32 dwKeySize、SafeProvHandle和SafeProvHandle、SafeKeyHandle和SafeKeyHandle konum:System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair konum:System.Security.Cryptography.RSACryptoServiceProvider..ctorInt32 dwKeySize，CspParameters参数，Boolean useDefaultKeySize konum:System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatterString算法 konum:System.IdentityModel.SignedXml.ComputeSignaturesSecurity密钥签名密钥 konum:System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureRecresendSecurityHeaderElement[]signatureConfirmations，SecurityToken[]SignedOnDorsingTokens，SecurityToken[]signedTokens，SendSecurityHeaderElement[]basicTokens，布尔isPrimarySignature konum:System.ServiceModel.Security.SendSecurityHeader.CompleteSignature konum:System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication konum:System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessageXmlDictionaryWriter编写器 konum:System.ServiceModel.Channel.BufferedMessageWriter.WriteMessageMessageMessage消息，BufferManager BufferManager，Int32 initialOffset，Int32 maxSizeQuota konum:System.ServiceModel.Channel.TextMessageEncoderFactory.TextMessageEncoder.WriteMessageMessageMessageMessage消息，Int32 maxMessageSize，BufferManager BufferManager，Int32 messageOffset konum:System.ServiceModel.Channels.HttpOutput.SerializedBufferedMessageMessage消息，布尔值应为RecycleBuffer konum:System.ServiceModel.Channel.HttpOutput.SendTimeSpan超时 konum:System.ServiceModel.Channel.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.SendRequestMessage消息，TimeSpan超时 konum:System.ServiceModel.Channel.RequestChannel.RequestMessage消息，TimeSpan超时 konum:System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.RequestMessage消息，TimeSpan超时 konum:System.ServiceModel.Dispatcher.RequestChannelBinder.RequestMessage消息，TimeSpan超时 konum:System.ServiceModel.Channel.ServiceChannel.CallString操作，布尔单向，ProxyOperationRuntime操作，对象[]输入，对象[]输出，时间跨度超时 konum:System.ServiceModel.Channel.ServiceChannelProxy.InvokeServiceMethodCallMessage方法调用，ProxyOperationRuntime操作

konum:System.ServiceModel.Channels.ServiceChannelProxy.InvokeMessage消息

您确定已在当前用户存储中找到SERIALNUMBER=26635982214的证书吗？你没有任何检查

另外，WCF客户端在哪个用户下运行？检查您要查找的证书是否在正确的存储中。

我认为您的问题在于您的私钥存储在USB令牌/智能卡上，并且此私钥不可导出/提取，或者受PIN保护。因此WCF客户端无法使用此私钥对soap消息进行签名

若您的证书和私钥存储在pfx上，那个么您可以像上面提到的那个样调用这个WS，但在您的情况下，我认为使用wcf客户端对soap消息进行签名是不可能的

X509Certificate2 certificate = null;

            X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 cert in collection)
            {
                if (cert.Subject.Contains("SERIALNUMBER=26635982214"))
                {
                    if (cert.NotAfter > DateTime.Today)
                    {
                        certificate = cert;
                    }
                }
            }

            CustomBinding binding = new CustomBinding();
            AsymmetricSecurityBindingElement securityElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);

            securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
            securityElement.IncludeTimestamp = true;
            securityElement.EnableUnsecuredResponse = true;
            securityElement.AllowInsecureTransport = true;
            securityElement.SetKeyDerivation(false);
            securityElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
            securityElement.DefaultAlgorithmSuite = new CustomDefaultAlgorithmSuite();
            securityElement.SecurityHeaderLayout = System.ServiceModel.Channels.SecurityHeaderLayout.Strict;
            securityElement.RequireSignatureConfirmation = false;

            X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial);
            x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            x509ProtectionParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.RawDataKeyIdentifier;
            x509ProtectionParameters.RequireDerivedKeys = false;
            securityElement.InitiatorTokenParameters = x509ProtectionParameters;

            binding.Elements.Add(securityElement);
            binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12, Encoding.UTF8));
            binding.Elements.Add(new HttpsTransportBindingElement());

            AddressHeader[] addressHeaders = null;
            EndpointAddress endpoint = new EndpointAddress(new Uri("https://uygtest.edefter.gov.tr/edefter/services/EDefterWSPort"), EndpointIdentity.CreateDnsIdentity("*.edefter.gov.tr"), addressHeaders);

            EDefterWSClient proxy = new gibService.EDefterWSClient(binding, endpoint);
            proxy.ClientCredentials.ClientCertificate.Certificate = certificate;
            string serverCertFilePath = Path.Combine(Application.StartupPath, "edefter.gov.tr.crt");
            proxy.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(serverCertFilePath);
            proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

            durum response = proxy.getBatchStatus("1");

public class CustomDefaultAlgorithmSuite : SecurityAlgorithmSuite
{
    public override string DefaultAsymmetricKeyWrapAlgorithm
    {
        get { return SecurityAlgorithms.RsaOaepKeyWrap; }
    }

    public override string DefaultAsymmetricSignatureAlgorithm
    {
        get { return SecurityAlgorithms.RsaSha256Signature; }
    }

    public override string DefaultCanonicalizationAlgorithm
    {
        get { return SecurityAlgorithms.ExclusiveC14n; ; }
    }

    public override string DefaultDigestAlgorithm
    {
        get { return SecurityAlgorithms.Sha1Digest; }
    }

    public override string DefaultEncryptionAlgorithm
    {
        get { return SecurityAlgorithms.Aes128Encryption; }
    }

    public override int DefaultEncryptionKeyDerivationLength
    {
        get { return 128; }
    }

    public override int DefaultSignatureKeyDerivationLength
    {
        get { return 128; }
    }

    public override int DefaultSymmetricKeyLength
    {
        get { return 128; }
    }

    public override string DefaultSymmetricKeyWrapAlgorithm
    {
        get { return SecurityAlgorithms.Aes128Encryption; }
    }

    public override string DefaultSymmetricSignatureAlgorithm
    {
        get { return SecurityAlgorithms.HmacSha1Signature; }
    }

    public override bool IsAsymmetricKeyLengthSupported(int length)
    {
        return length >= 1024 && length <= 4096;
    }

    public override bool IsSymmetricKeyLengthSupported(int length)
    {
        return length >= 128 && length <= 256;
    }
}