时间戳必须签名在响应中出错

Question

对于初学者，我知道你会认为这是重复的，但是如果你阅读它们，你会注意到有些人说删除时间戳会解决它，而其他人则说不然。

我试图用的.Net 3.5使用证书连接到一个Java SOAP web服务，但是当我收到响应它抛出一个错误：“安全头元素‘戳’与“时间戳-984 'id必须签名。“

var b = new CustomBinding(); 
b.Name = "AVbinding"; 
b.CloseTimeout = new TimeSpan(0, 1, 0); 
b.OpenTimeout = new TimeSpan(0, 1, 0); 
b.ReceiveTimeout = new TimeSpan(0, 10, 0); 
b.SendTimeout = new TimeSpan(0, 1, 0); 

AsymmetricSecurityBindingElement security = new AsymmetricSecurityBindingElement(); 
security.IncludeTimestamp = true; 
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; 
security.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToInitiator); 
security.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient); 
security.SecurityHeaderLayout = SecurityHeaderLayout.Lax; 
security.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic256Sha256Rsa15; 
security.AllowSerializedSigningTokenOnReply = true; 
security.AllowInsecureTransport = true; 
security.EnableUnsecuredResponse = true; 
security.RequireSignatureConfirmation = true; 

security.SecurityHeaderLayout = SecurityHeaderLayout.Lax; 

ExtensionElement extensionElement = new ExtensionElement(); 

b.Elements.Add(security); 
b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8)); 
HttpsTransportBindingElement httpsBinding = new HttpsTransportBindingElement(); 
b.Elements.Add(httpsBinding); 

string certMapPath = Server.MapPath("~/App_Data"); 
X509Certificate2 cert = new X509Certificate2(certMapPath + "\\_CERTNAME_", "X"); 
X509Certificate2 serCert = new X509Certificate2(certMapPath + "\\_CERTNAME2_.cer"); 
AsymmetricAlgorithm key = new System.Security.Cryptography.RSACryptoServiceProvider(); 
key.FromXmlString("_KEY_"); 
cert.PrivateKey = key; 

client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign; 

问题是，我该怎么办？

我的要求：

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<ActivityId CorrelationId="7d9e44cb-cecd-4c49-9a71-79a2ad04a2ec" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">63bde0b8-8953-41b8-b5c2-a69c712346b6</ActivityId> 
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo3dbGZWnrwhDouJE+VgKu4MAAAAAzmpHur/flUSUy0rxOVAJ8Nk4GsFjc6xOg46yQ3o0ZMQACQAA</VsDebuggerCausalityData> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:BinarySecurityToken> 
<!-- Removed--> 
</o:BinarySecurityToken> 
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> 
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> 
<Reference URI="#_2"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> 
<DigestValue>Z4OHoIS/bVCWIROLBFcxjfJuXv0ebA/SO8WQWuPTrQo=</DigestValue> 
</Reference> 
<Reference URI="#uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> 
<DigestValue>Pnp4gaKUnboMFE2LgLdsFzPBL+7fHqXacVg/MR7AS6c=</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue>NSE/peVOxXheXOqyNT1qx7uZPOhSms35fmJxlf4lBuODD9tz8/TCwzmAAdDArGwc6VJmdw1jVX5tNchYvAqignsPRgTwB+tSbMvUZ6UMwOgHZWRh8rXjYw34EhdEWWBzg0U1ves6ynY88vJW0oFyWiiFcNGkEuy140X7h/Ev+3I=</SignatureValue> 
<KeyInfo> 
<o:SecurityTokenReference> 
<o:Reference URI="#uuid-da5ccb9b-2c40-4ede-9079-c94abf912843-2"></o:Reference> 
</o:SecurityTokenReference> 
</KeyInfo> 
</Signature> 
<u:Timestamp u:Id="uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1"> 
<u:Created>2013-03-04T09:27:15.087Z</u:Created> 
<u:Expires>2013-03-04T09:32:15.087Z</u:Expires> 
</u:Timestamp> 
</o:Security> 
</s:Header> 
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
<getAvailabilityRequest xmlns="_url_"> 
<userID xmlns="">_UserID_</userID> 
<password xmlns="">_pass_</password> 
<requestID xmlns="">_request_</requestID> 
<SystemIdentifier xmlns="">?</SystemIdentifier> 
</getAvailabilityRequest> 
</s:Body> 
</s:Envelope> 

响应：

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> 
<SOAP-ENV:Header> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> 
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-932"> 
<wsu:Created>2013-03-04T09:27:24.013Z</wsu:Created> 
<wsu:Expires>2013-03-04T09:32:24.013Z</wsu:Expires> 
</wsu:Timestamp> 
<wsse:BinarySecurityToken> 
<!-- Removed--> 
</wsse:BinarySecurityToken> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-930"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod> 
<ds:Reference URI="#id-931"> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod> 
<ds:DigestValue>+/NJN562AUh5U5T4VXGRbdU28+JLmW2bdHg1gLf/SWg=</ds:DigestValue> 
</ds:Reference> 
<ds:Reference URI="#SigConf-929"> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod> 
<ds:DigestValue>uzljMoX3dAm90+8P10b2/xE5OooNeP81NDtlefCBoc8=</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue>Fixb+0TnwQ2KfLqywusmwcKF8OvoBP/bLqIKfLadyV1U97+NZKzcMrSJjSD0a0sDhJZ+lo/KoHVE 
KBY12ZZDP9xE+k9LHAlWZIq3a2gvBkTFR3p5NcYFQM4cbA/x/bvpEqDyzqYSoXnXMOG46DFn5klo 
DO0PJkMiXKvLBhrCpZtM26AovD5WQlD694EeIXt4jey15zvGzKz88eNfHqNiYa1Wu2HuOTcnSJRv 
hQKHmJKpDzn9+ZSohsULVR5xtGFQD7GWL6LLFEMqthD2a10KMan43Qd62SMUcB64o+l/M+l89+Oo 
AbE0S2GXP3vvSa3ZoGduktWlyNlC7Qz/Iww0Qg== 
</ds:SignatureValue> 
<ds:KeyInfo Id="KeyId-83F04DBB53B92E8E1F1362389243499698"> 
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-83F04DBB53B92E8E1F1362389243499699" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Reference URI="#CertId-83F04DBB53B92E8E1F1362389243499697" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature> 
<wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="NSE/peVOxXheXOqyNT1qx7uZPOhSms35fmJxlf4lBuODD9tz8/TCwzmAAdDArGwc6VJmdw1jVX5tNchYvAqignsPRgTwB+tSbMvUZ6UMwOgHZWRh8rXjYw34EhdEWWBzg0U1ves6ynY88vJW0oFyWiiFcNGkEuy140X7h/Ev+3I=" wsu:Id="SigConf-929"></wsse11:SignatureConfirmation> 
</wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-931"> 
<ns3:getAvailabilityResponse xmlns:ns3="_URL_" xmlns=""> 
<RequestID>_requestID_</RequestID> 
<Status>Available</Status> 
<Version>1.32.0</Version> 
</ns3:getAvailabilityResponse> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope> 

Answer 1

请发布完整的请求和响应消息在这里（你可以从WCF日志或提琴手让他们）。 通常，如果Wcf发送带符号的时间戳，并且响应包含时间戳，则必须对响应ts进行签名。根据确切的消息，有各种工作区，包括不从第一个地方发送时间戳，或者通过将其推送到处理程序中的消息或从响应中删除时间戳发送它。