Certificat X509 : erreur SecurityKeyIdentifier
Bonjour,
Je dois développez une application qui doit pouvoir se connecter au registre national via des webservices. J'ai reçu les certificats de plusieurs environnements. L'application fonctionne très bien en test sauf en production aieieieieie. J'obtiens systématiquement une erreur :
L'exception System.ServiceModel.Security.MessageSecurityException s'est produite
HResult=0x80131501
Message=Impossible de résoudre KeyInfo pour la vérification d'une signature : KeyInfo 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x0EB85EF654988CA40950BB2F89E5E310C9E92B51)
)
', jetons disponibles 'SecurityTokenResolver
(
TokenCount = 1,
TokenEntry[0] = (AllowedReferenceStyle=External, Token=System.IdentityModel.Tokens.X509SecurityToken, Parameters=System.ServiceModel.Security.Tokens.X509SecurityTokenParameters:
InclusionMode: AlwaysToRecipient
ReferenceStyle: Internal
RequireDerivedKeys: True
X509ReferenceStyle: Thumbprint)
)
'.
Source=mscorlib
Arborescence des appels de procédure*:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ConsoleApp1.TestConnectionServiceReference.TestConnectionService_v10PortType.testConnection(testConnectionRequest request)
at ConsoleApp1.TestConnectionServiceReference.TestConnectionService_v10PortTypeClient.ConsoleApp1.TestConnectionServiceReference.TestConnectionService_v10PortType.testConnection(testConnectionRequest request) in \\Serveur\d\PH_NET\ZDIVERS\Fidus_test_csharp\Fidus_test_csharp\Connected Services\TestConnectionServiceReference\Reference.cs:line 458
at ConsoleApp1.TestConnectionServiceReference.TestConnectionService_v10PortTypeClient.testConnection(TestConnectionRequestType testConnectionRequest1) in \\Serveur\d\PH_NET\ZDIVERS\Fidus_test_csharp\Fidus_test_csharp\Connected Services\TestConnectionServiceReference\Reference.cs:line 464
at FidusExample.TestConnection.testConnection(Uri endpoint, X509Certificate2 clientCert, X509Certificate2 serverCert) in \\Serveur\d\PH_NET\ZDIVERS\Fidus_test_csharp\Fidus_test_csharp\Program.cs:line 71
at FidusExample.TestConnection.Main(String[] args) in \\Serveur\d\PH_NET\ZDIVERS\Fidus_test_csharp\Fidus_test_csharp\Program.cs:line 36
Que se soit en csharp ou vb.net même combat !.
Ci dessous mon code :
Si une personne à une petite idée ou des pistes de recherche je suis preneur car ca fait plusieurs semaines que je cherche;-)
Code : Sélectionner tout - Visualiser dans une fenêtre à part
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50Uri endpoint = new Uri("https://fidus.sec.brussels/services/TestConnectionService_v1.0"); X509Certificate2 clientCert = loadCertificate("F:/Dropbox/yyyy/wwww/ooooo/Formulaires et Certificats/Sisp/scte/Certif-prod.pfx", "xxxxxx"); X509Certificate2 serverCert = loadCertificate("F:/Dropbox/yyyy/wwww/ooooo/mmmmm-bundle-1/ffffff-gateway/xxxxxxxx_brussels.crt", "xxxxxxx"); testConnection(endpoint, clientCert, serverCert); private static X509Certificate2 loadCertificate(String file, String password) { X509Certificate2 cert = new X509Certificate2(); cert.Import(file, password, X509KeyStorageFlags.Exportable); return cert; } private static void testConnection(Uri endpoint, X509Certificate2 clientCert, X509Certificate2 serverCert) { //ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; SecurityTokenParameters initiatorSec = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.RawDataKeyIdentifier); SecurityTokenParameters recipientSec = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint); CustomBinding binding = new CustomBinding(); binding.Elements.Add(new AsymmetricSecurityBindingElement(recipientSec, initiatorSec)); binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8)); binding.Elements.Add(new HttpsTransportBindingElement()); //PRODUCTION EndpointAddress address = new EndpointAddress(endpoint, EndpointIdentity.CreateDnsIdentity("fidus-xxxxxxxxx.brussels")); TestConnectionService_v10PortTypeClient client = new TestConnectionService_v10PortTypeClient(binding, address); client.ClientCredentials.ClientCertificate.Certificate = clientCert; client.ClientCredentials.ServiceCertificate.DefaultCertificate = serverCert; // Trust the provider server certificate, even though it has not been signed by an official Root CA //client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMod = X509CertificateValidationMode.None; TestConnectionResponseType response = client.testConnection(createRequest()); Console.WriteLine("Received response: " + response.testConnectionResponse); } private static TestConnectionRequestType createRequest() { TestConnectionRequestType request = new TestConnectionRequestType(); request.messageContext = new RequestMessageContextType(); request.messageContext.messageId = System.Guid.NewGuid().ToString(); request.messageContext.timestamp = new DateTime(); request.testConnectionRequest = "ping"; return request; }
Cordialement,
Répondre avec citation
Partager