Wcf 已从格式为x509';的BinarySecurityToken中提取证书链;。哈希值与客户端';
如何调试此错误;'哈希值与客户端的值不匹配 我的出货量与供应商样品相符Wcf 已从格式为x509';的BinarySecurityToken中提取证书链;。哈希值与客户端';,wcf,Wcf,如何调试此错误;'哈希值与客户端的值不匹配 我的出货量与供应商样品相符 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3"> <soapenv:Header> <wsse:Security soap:mustUnderstand="1" xmln
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
<wsse:Username>....your_username.....</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
<wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
<wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wRUq.........</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>tBSsaZi........</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
<wsse:Username>....your_username.....</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
<wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
<wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wRUq.........</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>tBSsaZi........</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
private CustomBinding PeerCustomBinding()
{
AsymmetricSecurityBindingElement secBE = AsymmetricSecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
secBE.AllowSerializedSigningTokenOnReply = false;
secBE.RequireSignatureConfirmation = true ;
secBE.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDesRsa15;
secBE.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters();
x509ProtectionParameters.RequireDerivedKeys = false;
x509ProtectionParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.SubjectKeyIdentifier;
x509ProtectionParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
secBE.InitiatorTokenParameters = x509ProtectionParameters;
secBE.RecipientTokenParameters = x509ProtectionParameters;
secBE.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
secBE.RequireSignatureConfirmation = false;
secBE.IncludeTimestamp = false;
CustomTextMessageBindingElement enc = new CustomTextMessageBindingElement(Encoding.UTF8.ToString(), "text/xml", MessageVersion.Soap11);
HttpsTransportBindingElement b = new HttpsTransportBindingElement();
b.RequireClientCertificate = true;
CustomBinding be = new CustomBinding();
be.Elements.Add(secBE);
be.Elements.Add(enc);
be.Elements.Add(b);
return be;
}
public override ArraySegment<byte> WriteMessage(Message message, int maxMessageSize, BufferManager bufferManager, int messageOffset)
{
MemoryStream stream = new MemoryStream();
XmlWriter writer = XmlWriter.Create(stream, this.writerSettings);
message.WriteMessage(writer);
writer.Close();
DateTime created = DateTime.Now;
string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ");
string phrase = Guid.NewGuid().ToString();
var nonce = GetSHA1String(phrase);
StringBuilder b = new StringBuilder();
b.Append("<Nonce>" + nonce + "</Nonce>");
stream.Position = 0;
XElement xmlMessage = XElement.Load(stream);
XmlDocument dc = new XmlDocument();
dc.PreserveWhitespace = false;
dc.LoadXml(xmlMessage.ToString());
XmlNamespaceManager nsmgr =
new XmlNamespaceManager(dc.NameTable);
nsmgr.AddNamespace("a",
@"http://www.w3.org/2005/08/addressing");
nsmgr.AddNamespace("u",
@"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
nsmgr.AddNamespace("s",
@"http://schemas.xmlsoap.org/soap/envelope/");
nsmgr.AddNamespace("o",
@"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
nsmgr.AddNamespace("e",
@"http://www.w3.org/2001/04/xmlenc#");
nsmgr.AddNamespace("sig", "http://www.w3.org/2000/09/xmldsig#");
string xpathTime = "/s:Envelope/s:Header/o:Security/u:Timestamp";
string xpathBSToken = "/s:Envelope/s:Header/o:Security/o:BinarySecurityToken[2]";
string xpathUserToken = "/s:Envelope/s:Header/o:Security/o:BinarySecurityToken[1]";
XmlNode xmlnodeBS = dc.DocumentElement.SelectSingleNode(xpathBSToken, nsmgr);
XmlNode usernameTokenNode = dc.CreateNode(XmlNodeType.Element, "o:UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement userElement = usernameTokenNode as XmlElement;
userElement.SetAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
//userElement.SetAttribute("xmlns:wsu:Id", DateTime.Now.Ticks.ToString());
XmlNode userNameNode = dc.CreateNode(XmlNodeType.Element, "o:Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
userNameNode.InnerXml = "username";
XmlNode pwdNode = dc.CreateNode(XmlNodeType.Element, "o:Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement pwdElement = pwdNode as XmlElement;
pwdElement.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pwdNode.InnerXml = "password";
XmlNode NonceNode = dc.CreateNode(XmlNodeType.Element, "o:Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement NonceElement = NonceNode as XmlElement;
NonceNode.InnerXml = nonce;
XmlNode createNode = dc.CreateNode(XmlNodeType.Element, "o:Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement createdElement = createNode as XmlElement;
createNode.InnerXml = createdStr;
usernameTokenNode.AppendChild(userNameNode);
usernameTokenNode.AppendChild(pwdNode);
usernameTokenNode.AppendChild(NonceNode);
usernameTokenNode.AppendChild(createNode);
XmlNode commonParent = xmlnodeBS.ParentNode;
commonParent.InsertAfter(usernameTokenNode, xmlnodeBS);
}
public-override-ArraySegment-WriteMessage(消息消息消息、int-maxMessageSize、BufferManager-BufferManager、int-messageOffset)
{
MemoryStream stream=新的MemoryStream();
XmlWriter=XmlWriter.Create(流,this.writerSettings);
message.WriteMessage(编写器);
writer.Close();
DateTime created=DateTime.Now;
string createdStr=created.ToString(“yyyy-MM-ddThh:MM:ss.fffZ”);
字符串短语=Guid.NewGuid().ToString();
var nonce=GetSHA1String(短语);
StringBuilder b=新的StringBuilder();
b、 追加(“+nonce+”);
流位置=0;
XElement xmlMessage=XElement.Load(流);
XmlDocument dc=新的XmlDocument();
dc.PreserveWhitespace=false;
LoadXml(xmlMessage.ToString());
XmlNamespaceManager nsmgr=
新的XmlNamespaceManager(dc.NameTable);
nsmgr.AddNamespace(“a”,
@"http://www.w3.org/2005/08/addressing");
nsmgr.AddNamespace(“u”,
@"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
nsmgr.AddNamespace(“s”,
@"http://schemas.xmlsoap.org/soap/envelope/");
nsmgr.AddNamespace(“o”,
@"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
nsmgr.AddNamespace(“e”,
@"http://www.w3.org/2001/04/xmlenc#");
nsmgr.AddNamespace(“sig”http://www.w3.org/2000/09/xmldsig#");
字符串xpathTime=“/s:Envelope/s:Header/o:Security/u:Timestamp”;
字符串xpathBSToken=“/s:Envelope/s:Header/o:Security/o:BinarySecurityToken[2]”;
字符串xpathUserToken=“/s:Envelope/s:Header/o:Security/o:BinarySecurityToken[1]”;
xmlnodeBS=dc.DocumentElement.SelectSingleNode(xpathBSToken,nsmgr);
XmlNode usernameTokenNode=dc.CreateNode(XmlNodeType.Element,“o:UsernameToken,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement userElement=usernameTokenNode作为XmlElement;
SetAttribute(“xmlns:wsu,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
//SetAttribute(“xmlns:wsu:Id”,DateTime.Now.Ticks.ToString());
XmlNode userNameNode=dc.CreateNode(XmlNodeType.Element,“o:Username”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
userNameNode.InnerXml=“username”;
XmlNode pwdNode=dc.CreateNode(XmlNodeType.Element,“o:Password”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
xmlement pwdElement=pwdNode作为xmlement;
pwdElement.SetAttribute(“类型”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pwdNode.InnerXml=“密码”;
XmlNode NonceNode=dc.CreateNode(XmlNodeType.Element,“o:Nonce,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement NonceElement=非编码为XmlElement;
NonceNode.InnerXml=nonce;
XmlNode createNode=dc.createNode(XmlNodeType.Element,“o:Created”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement createdElement=createNode作为XmlElement;
createNode.InnerXml=createdStr;
AppendChild(userNameNode);
usernameTokenNode.AppendChild(pwdNode);
usernameTokenNode.AppendChild(非编码);
usernameTokenNode.AppendChild(createNode);
XmlNode commonParent=xmlnodeBS.ParentNode;
commonParent.InsertAfter(usernameTokenNode,xmlnodeBS);
}
secBE.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign
否则,消息看起来确实是一样的。我这样做了,但仍然不走运:(这是IBM所记录的。引用节点生成的哈希DataPower)与DigestValue节点中原始签名者提供的哈希不匹配。通常这是由以下原因之一造成的:请参阅编辑..我正在CustomMessageEncoder中执行一些XML操作..可能是原因1)处理策略修改了数据2)消息被中间节点修改3)签名应用程序处理不当。不确定哪一项适用于我是的,编码器可能是问题所在。创建这样的令牌而不是编码器:在示例中,Rick使用Usernameovertransport安全var security=TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();如果我必须这样做,我将不得不考虑为AsymmetricSecurity.CreateMutualCertificate进行abt编码。如果我正在创建customcredentials,那么该类还应该处理binarysecuritytoken,而不仅仅是usernametoken?请建议?尝试将用户名令牌添加到secBE.OperationSupportingTokenParameters
secBE.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign