繁体   English   中英

错误签名“哈希值不匹配”SOAP

Error Signature "Hash Values do not Match" SOAP

提示:本站收集StackOverFlow近2千万问答,支持中英文搜索,鼠标放在语句上弹窗显示对应的参考中文或英文, 本站还提供   中文繁体   英文版本   中英对照 版本,有任何建议请联系yoyou2525@163.com。

请帮助,如果有人知道为什么会出现“哈希值不匹配”错误,我正在发送一个自签名 XML,但是在使用该服务时,它会出现如下所示的错误。

         <faultcode>env:Server</faultcode>
         <faultstring>0x00d30003: Hash values do not match.</faultstring>
         <detail>
            <errorCode>0x00d30003</errorCode>
            <errorMessage>Hash values do not match.</errorMessage>
            <RqUID/>
         </detail>

这是我用来创建 XML 文件的代码,来自 .net,其中 header 的文档已按照服务的要求完全创建,以消费。

public static void firmarxmlconcertificado(XmlDocument xmlSalida, X509Certificate2 cert)
        {
            const string STR_SOAPENV = "http://schemas.xmlsoap.org/soap/envelope/";
            const string STR_WSSE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
            const string STR_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
            const string STR_DS = "http://www.w3.org/2000/09/xmldsig#";
            const string STR_EC = "http://www.w3.org/2001/10/xml-exc-c14n#";

            var ns = new XmlNamespaceManager(xmlSalida.NameTable);
            ns.AddNamespace("soapenv", STR_SOAPENV);
            ns.AddNamespace("wsse", STR_WSSE);
            ns.AddNamespace("wsu", STR_WSU);
            ns.AddNamespace("ds", STR_DS);
            ns.AddNamespace("ec", STR_EC);

            var idKeyInfo = "KI-" + Guid.NewGuid().ToString("N").ToUpper();
            var idWsu = "STR-" + Guid.NewGuid().ToString("N").ToUpper();
            var idwsseRef = "X509-" + Guid.NewGuid().ToString("N").ToUpper();
            var IdUriRef = "id-" + Guid.NewGuid().ToString("N").ToUpper() + Guid.NewGuid().ToString("N").Substring(0, 2).ToUpper();
            var IdSecTok = "SIG-" + Guid.NewGuid().ToString("N").ToUpper();

            const String RSA = "1.2.840.113549.1.1.1";
            const String DSA = "1.2.840.10040.4.1";
            const String ECC = "1.2.840.10045.2.1";


            //SignedXml PrivateKey

            SignedXml signedXml = new SignedXml(xmlSalida);
            RSA rsa = cert.GetRSAPrivateKey();
            signedXml.SigningKey = rsa;
            signedXml.SigningKeyName = cert.SubjectName.Name;
            signedXml.Signature.Id = IdSecTok;

            //Soap Body
            XmlElement soapbody = xmlSalida.DocumentElement.SelectSingleNode(@"//soapenv:Body", ns) as XmlElement;
            soapbody.SetAttribute("wsu:Id", IdUriRef);
            soapbody.SetAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

            //Reference
            Reference reference = new Reference();
            reference.DigestMethod = SignedXml.XmlDsigSHA256Url;
            reference.Uri = "";           
            XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
            reference.AddTransform(transform);
            transform.InclusiveNamespacesPrefixList = "ifx v1 v2";

            //SignedXml
            signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
            XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
            canMethod.InclusiveNamespacesPrefixList = "ifx soapenv v1 v2";
            signedXml.AddReference(reference);

            //KeyInfo
            KeyInfo keyInfo = new KeyInfo();
            keyInfo.Id = idKeyInfo;            
            KeyInfoNode keyInfoNode = new KeyInfoNode();
            XmlElement wsseSec = xmlSalida.CreateElement("wsse","SecurityTokenReference", string.Empty);
            XmlElement wsseRef = xmlSalida.CreateElement("wsse", "Reference", string.Empty);
            wsseSec.SetAttribute("wsu:Id", idWsu);
            wsseRef.SetAttribute("URI","#" + idwsseRef);
            wsseRef.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
            wsseSec.AppendChild(wsseRef);
            keyInfoNode.Value = wsseSec;
            keyInfo.AddClause(keyInfoNode);
            signedXml.KeyInfo = keyInfo;
            signedXml.ComputeSignature();            
            XmlElement xmlsig = signedXml.GetXml();

            //Header 
            //Wsse:security
            XmlElement soapSignature = xmlSalida.DocumentElement.SelectSingleNode(@"//wsse:Security", ns) as XmlElement;
            XmlAttribute sId = xmlSalida.CreateAttribute("Id");
            sId.Value = IdSecTok;
            xmlsig.Attributes.Append(sId);
            // *** And add our signature as content            
            soapSignature.AppendChild(xmlsig);

            //wsse:BinarySecurityToken
            XmlElement soapBinSecTok = xmlSalida.DocumentElement.SelectSingleNode(@"//wsse:BinarySecurityToken", ns) as XmlElement;
            soapBinSecTok.SetAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
            soapBinSecTok.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
            soapBinSecTok.SetAttribute("wsu:Id", idwsseRef);
            var export = cert.Export(X509ContentType.Cert);
            var base64 = Convert.ToBase64String(export);
            soapBinSecTok.InnerText = base64;

            XmlElement referenceUri = xmlSalida.DocumentElement.SelectSingleNode(@"//ds:Reference", ns) as XmlElement;
            referenceUri.SetAttribute("URI", "#" + IdUriRef);

            //Prefix
            SetPrefix("ds", xmlsig);            
            signedXml.LoadXml(xmlsig);            
            signedXml.SignedInfo.References.Clear();            
            signedXml.ComputeSignature();
            string recomputedSignature = Convert.ToBase64String(signedXml.SignatureValue);
            // Replace value of the signature with recomputed one
            ReplaceSignature(xmlsig, recomputedSignature);

            //doc.DocumentElement.AppendChild(doc.ImportNode(xmlsig, true));
        }

        private static void SetPrefix(string prefix, XmlNode node)
        {
            node.Prefix = prefix;
            foreach (XmlNode n in node.ChildNodes)
            {

                SetPrefix(prefix, n);
            }

            if (node.NamespaceURI == "http://www.w3.org/2001/10/xml-exc-c14n#")
                node.Prefix = "ec";
            else if ((node.NamespaceURI == "http://www.w3.org/2000/09/xmldsig#") || (string.IsNullOrEmpty(node.Prefix)))
                node.Prefix = prefix;

        }
        //xmlDSignSecurityUrl

        private static void ReplaceSignature(XmlElement signature, string newValue)
        {
            if (signature == null) throw new ArgumentNullException(nameof(signature));
            if (signature.OwnerDocument == null) throw new ArgumentException("No owner document", nameof(signature));

            XmlNamespaceManager nsm = new XmlNamespaceManager(signature.OwnerDocument.NameTable);
            nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            XmlNode signatureValue = signature.SelectSingleNode("ds:SignatureValue", nsm);

            if (signatureValue == null)
                throw new Exception("Signature does not contain 'ds:SignatureValue'");

            signatureValue.InnerXml = newValue;
        }
问题暂未有回复.您可以查看右边的相关问题.
2 java签名“哈希值不匹配”

我正在尝试将 xml 文档发送到远程服务器。 我使用包含私钥和证书的密钥库签署文档。 但是当远程服务器获取 xml 时,它以“哈希值不匹配”作为响应。 对此错误的研究表明,xml 文档在签名后正在更改。 据我所知,我的 Java 代码在签名后没有进行任何此类更改。 我还尝试在签名之前从 xml 中 ...

3 我试图弄清楚我的哈希表出了什么问题。 我收到一条错误消息“哈希值不匹配”作为肥皂响应

我试图弄清楚我的哈希表出了什么问题。 我收到一个错误“哈希值不匹配”作为肥皂响应。 服务器日志实际上抱怨此哈希值吗? 摘要价值 1)导航到该元素。 我可以这样做GetBytes吗? 2)这是我的要求的实际内容。 所以它正在加密并签名 我可以比较这两个吗? ...

2013-06-28 19:29:56 0 375   c#/ wcf
6 soap签名验证错误-PHP

我在使用带有wssecurity的Web服务时遇到了一些问题。 即时通讯使用的是robrichard的wse-php,它可以很好地进行加密(如果我错过了任何必填字段,服务器将抛出一个错误消息,缺少必填字段,这意味着它可以解密即时消息发送)。 但是我的签名有问题。 服务器返回签名验证失败 ...

8 Angular 2错误:提供的参数与调用目标的任何签名都不匹配

我正在Angular 2应用程序中构建RESTful服务以连接到远程后端。 我的GET(所有)/ POST方法似乎还不错,我的PUT方法似乎还不错,但是我的GET(单个对象)方法看上去就像PUT一样,会引发上述错误:提供的参数与任何一个都不匹配呼叫目标的签名。 这在编译期间引发错误: ...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2022 STACKOOM.COM