C# WCF Soap Sign Sha256 "keyset does not exist" -
i call web service requires wss. timestamp , body blocks should signed digital signature (i use usb token)
i job using asymmetricsecuritybindingelement.
if use defaultalgorithmsuite, signing request message works perfectly. when changed defaultasymmetricsignaturealgorithm rsasha256signature customdefaultalgorithmsuite class, throws
"cryptographicexception: keyset not exist" (at line : durum response = proxy.getbatchstatus("1");
x509certificate2 certificate = null; x509store store = new x509store("my", storelocation.currentuser); store.open(openflags.readonly | openflags.openexistingonly); x509certificate2collection collection = (x509certificate2collection)store.certificates; foreach (x509certificate2 cert in collection) { if (cert.subject.contains("serialnumber=26635982214")) { if (cert.notafter > datetime.today) { certificate = cert; } } } custombinding binding = new custombinding(); asymmetricsecuritybindingelement securityelement = (asymmetricsecuritybindingelement)securitybindingelement.createmutualcertificatebindingelement(messagesecurityversion.wssecurity10wstrustfebruary2005wssecureconversationfebruary2005wssecuritypolicy11basicsecurityprofile10); securityelement.messagesecurityversion = messagesecurityversion.wssecurity11wstrust13wssecureconversation13wssecuritypolicy12basicsecurityprofile10; securityelement.includetimestamp = true; securityelement.enableunsecuredresponse = true; securityelement.allowinsecuretransport = true; securityelement.setkeyderivation(false); securityelement.keyentropymode = securitykeyentropymode.combinedentropy; securityelement.defaultalgorithmsuite = new customdefaultalgorithmsuite(); securityelement.securityheaderlayout = system.servicemodel.channels.securityheaderlayout.strict; securityelement.requiresignatureconfirmation = false; x509securitytokenparameters x509protectionparameters = new x509securitytokenparameters(x509keyidentifierclausetype.issuerserial); x509protectionparameters.inclusionmode = securitytokeninclusionmode.alwaystorecipient; x509protectionparameters.x509referencestyle = x509keyidentifierclausetype.rawdatakeyidentifier; x509protectionparameters.requirederivedkeys = false; securityelement.initiatortokenparameters = x509protectionparameters; binding.elements.add(securityelement); binding.elements.add(new textmessageencodingbindingelement(messageversion.soap12, encoding.utf8)); binding.elements.add(new httpstransportbindingelement()); addressheader[] addressheaders = null; endpointaddress endpoint = new endpointaddress(new uri("https://uygtest.edefter.gov.tr/edefter/services/edefterwsport"), endpointidentity.creatednsidentity("*.edefter.gov.tr"), addressheaders); edefterwsclient proxy = new gibservice.edefterwsclient(binding, endpoint); proxy.clientcredentials.clientcertificate.certificate = certificate; string servercertfilepath = path.combine(application.startuppath, "edefter.gov.tr.crt"); proxy.clientcredentials.servicecertificate.defaultcertificate = new x509certificate2(servercertfilepath); proxy.clientcredentials.servicecertificate.authentication.certificatevalidationmode = system.servicemodel.security.x509certificatevalidationmode.none; durum response = proxy.getbatchstatus("1"); stack trace: konum: system.security.cryptography.utils.createprovhandle(cspparameters parameters, boolean randomkeycontainer) konum: system.security.cryptography.utils.getkeypairhelper(cspalgorithmtype keytype, cspparameters parameters, boolean randomkeycontainer, int32 dwkeysize, safeprovhandle& safeprovhandle, safekeyhandle& safekeyhandle) konum: system.security.cryptography.rsacryptoserviceprovider.getkeypair() konum: system.security.cryptography.rsacryptoserviceprovider..ctor(int32 dwkeysize, cspparameters parameters, boolean usedefaultkeysize) konum: system.identitymodel.tokens.x509asymmetricsecuritykey.getsignatureformatter(string algorithm) konum: system.identitymodel.signedxml.computesignature(securitykey signingkey) konum: system.servicemodel.security.wssecurityonedotzerosendsecurityheader.completeprimarysignaturecore(sendsecurityheaderelement[] signatureconfirmations, securitytoken[] signedendorsingtokens, securitytoken[] signedtokens, sendsecurityheaderelement[] basictokens, boolean isprimarysignature) konum: system.servicemodel.security.sendsecurityheader.completesignature() konum: system.servicemodel.security.sendsecurityheader.completesecurityapplication() konum: system.servicemodel.security.securityappliedmessage.onwritemessage(xmldictionarywriter writer) konum: system.servicemodel.channels.bufferedmessagewriter.writemessage(message message, buffermanager buffermanager, int32 initialoffset, int32 maxsizequota) konum: system.servicemodel.channels.textmessageencoderfactory.textmessageencoder.writemessage(message message, int32 maxmessagesize, buffermanager buffermanager, int32 messageoffset) konum: system.servicemodel.channels.httpoutput.serializebufferedmessage(message message, boolean shouldrecyclebuffer) konum: system.servicemodel.channels.httpoutput.send(timespan timeout) konum: system.servicemodel.channels.httpchannelfactory
1.httprequestchannel.httpchannelrequest.sendrequest(message message, timespan timeout) konum: system.servicemodel.channels.requestchannel.request(message message, timespan timeout) konum: system.servicemodel.channels.securitychannelfactory1.securityrequestchannel.request(message message, timespan timeout) konum: system.servicemodel.dispatcher.requestchannelbinder.request(message message, timespan timeout) konum: system.servicemodel.channels.servicechannel.call(string action, boolean oneway, proxyoperationruntime operation, object[] ins, object[] outs, timespan timeout) konum: system.servicemodel.channels.servicechannelproxy.invokeservice(imethodcallmessage methodcall, proxyoperationruntime operation)konum: system.servicemodel.channels.servicechannelproxy.invoke(imessage message)
public class customdefaultalgorithmsuite : securityalgorithmsuite { public override string defaultasymmetrickeywrapalgorithm { { return securityalgorithms.rsaoaepkeywrap; } } public override string defaultasymmetricsignaturealgorithm { { return securityalgorithms.rsasha256signature; } } public override string defaultcanonicalizationalgorithm { { return securityalgorithms.exclusivec14n; ; } } public override string defaultdigestalgorithm { { return securityalgorithms.sha1digest; } } public override string defaultencryptionalgorithm { { return securityalgorithms.aes128encryption; } } public override int defaultencryptionkeyderivationlength { { return 128; } } public override int defaultsignaturekeyderivationlength { { return 128; } } public override int defaultsymmetrickeylength { { return 128; } } public override string defaultsymmetrickeywrapalgorithm { { return securityalgorithms.aes128encryption; } } public override string defaultsymmetricsignaturealgorithm { { return securityalgorithms.hmacsha1signature; } } public override bool isasymmetrickeylengthsupported(int length) { return length >= 1024 && length <= 4096; } public override bool issymmetrickeylengthsupported(int length) { return length >= 128 && length <= 256; } }
are sure certificate serialnumber=26635982214 has been found in current user store? don't have check on it.
also, user wcf client run under? check if certificate looking in correct store.
Comments
Post a Comment