需要 SAML 断言方面的帮助。我们需要创建具有以下结构的Subject元素:Subject>SubjectConfirmation>SubjectConfirmationData>KeyInfo>KeyValue>RSAKeyValue。否则,根据我们合作伙伴的要求,签名验证会失败。我已经更新了 SCM_HOLDER_OF_KEY 的 subjectConfirmationData() 元素。我不确定如何在签名期间在此部分中填充 KeyInfo > KeyInfoValue > RSAKeyValue 元素。
这是有问题的代码:
###Create the SAML assertion ###
###the audience should be the url of the server that will receive the SAML assertion
###the role should be the role of the requester of the data, e.g. MedicalDoctor
###the purposeOfUse should be the purpose of use of the data, e.g. TREATMENT, possible values are: https://www.hl7.org/fhir/codesystem-nhin-purposeofuse.html
issuer = ISSUER
not_on_or_after = self.issued_at + timedelta(hours=1)
refID = str(uuid.uuid4())
# Create SAML assertion
issuer = Issuer(name_qualifier=NAMEID_FORMAT_X509SUBJECTNAME, text=CERT_SUBJECT)
subjectConfirmationData = SubjectConfirmationData()
subject = Subject(
name_id=NameID(format=NAMEID_FORMAT_X509SUBJECTNAME, text=CERT_SUBJECT),
subject_confirmation=SubjectConfirmation(
method=SCM_HOLDER_OF_KEY,
subject_confirmation_data=subjectConfirmationData
)
)
# Create the attribute statement
attributes = [
Attribute(
name="urn:oasis:names:tc:xspa:1.0:subject:subject-id",
friendly_name="XSPA Subject",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
attribute_value=AttributeValue("valid")
),
Attribute(
name="urn:oasis:names:tc:xspa:1.0:subject:organization",
friendly_name="XSPA Organization",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
attribute_value=AttributeValue(ORGANIZATION)
),
Attribute(
name="urn:oasis:names:tc:xspa:1.0:subject:organization-id",
friendly_name="XSPA Organization ID",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
attribute_value=AttributeValue(ORGANIZATION_ID)
),
Attribute(
name="urn:ihe:iti:xca:2010:homeCommunityId",
friendly_name="XCA Home Community ID",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
attribute_value=AttributeValue(HOME_COMMUNITY_ID)
),
Attribute(
name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse",
friendly_name="Purpose of Use",
attribute_value=AttributeValue(purposeOfUse)
),
Attribute(
name="urn:oasis:names:tc:xacml:2.0:subject:role",
friendly_name="HL7 Role",
attribute_value=AttributeValue(role)
)
]
attribute_statement = AttributeStatement(attribute=attributes)
conditions = Conditions(
not_before=self.issued_at.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z',
not_on_or_after=not_on_or_after.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z',
audience_restriction=AudienceRestriction([
Audience(audience)
])
)
authn_statement = AuthnStatement(
authn_instant=self.issued_at.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z',
authn_context=AuthnContext(
authn_context_class_ref=AuthnContextClassRef(
text="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
)
)
)
assertion = Assertion(
id="_"+refID,
issue_instant=self.issued_at.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z',
issuer=issuer,
subject=subject,
conditions=conditions,
attribute_statement=attribute_statement,
version="2.0",
authn_statement=authn_statement
)
assertion_string = str(assertion)
assertion_string = assertion_string.replace("Issuer>","Issuer>" + "<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"placeholder\"></ds:Signature>")
assertion_string = assertion_string.replace("ns0", "samlns")
signed_saml_root = XMLSigner(method=signxml.methods.enveloped, c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#")\
.sign(saml_root, key=self.key, cert=self.cert, always_add_key_value=True)
verified_data = XMLVerifier().verify(signed_saml_root, x509_cert=self.cert).signed_xml
这是 SAML XML 结果:
<?xml version="1.0"?>
<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope">
<soap-env:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap-env:mustUnderstand="true">
<Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_1">
<Created>2024-03-08T16:26:59.802Z</Created>
<Expires>2024-03-08T17:26:59.802Z</Expires>
</Timestamp>
<samlns:Assertion xmlns:samlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="_1d69ba1f-e047-45e9-a2be-d21ec70827eb" IssueInstant="2024-03-08T16:26:59.802Z">
<samlns:Issuer NameQualifier="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=ourorgname, OU=IT, O=ourorgname, L=NewYork</samlns:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_1d69ba1f-e047-45e9-a2be-d21ec70827eb">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>+Kbf8gnL85LKLfHFtRftp9FtiPStCklxeY+mBko9B14=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Fftcv2W9Eq+iGl+8Yp6wjufX0wMCf3JDsN83kRE7dHiL2ADKEW2bV4akyNIo/hnzDopBi6USQPx1//wQ1BoqVaYKheK+AUHWh7i91zSaVy665OaZO+cA8xXKBCVSTmL617pcsrN7+25FtILn0cdTxGG+WbKrZWgG+WWrXeZpJ6idLlJbm+DK0EQUS/aTocxro7Al6/Grg2jG5bT9pARk35zIJfrzX6Chun6OBLXVxUInVk1CFeLhPFvK3qNqb3DhGXQ5nN0eIjhI/YxGR6omlMFpXRUuLGVmEQNx5R24u1Nzok1DqErGLEO9yW6Wj1e4U6D1M5NslOwula9T8o4ltw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>3yi31ivq8LPcR+e7d52IoY576QqrlkyriwKEPcPp1mkOJ5ScgtTEyEAqz2doE0aQJ8TEY2phzRIk5nnkM0ZE6DkK+1IeLW5JhAqJlpAgjbsJMcPTX6ftjQtOWyB4r5pgxG5BagiYHyLUiVavO3lP7DsaNLrKA6sRBvan+19DnZN9q7vvdG3fnioZNh91EZRsG8ZbBIuG6wp2ctqWcdTHBlEtCO4cmk5tiU6IdxoXiLR1PdrBq336t11dS+0iGVaBXNz+An/AuslVw0rwB+JxEtggrAL+ZXJ9WkVPZh9gQMacSrz9LGZN6lv06QVXI1wJZgG/cjjL2tWy8iyoB4VN6w==</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
<ds:X509Data>
<ds:X509Certificate>MIIGojCCBIqgAwIBAgIRAINdCG9+zvGuT8bNnY1bUJswDQYJKoZIhvcNAQELBQAwZTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCk5FVyBKRVJTRVkxETAPBgNVBAcMCEZvcnQgTGVlMQ4wDAYDVQQKDAVN
YXhNRDEeMBwGA1UEAwwVTWF4TUQgVExTIFJTQSBFVkFMIENBMB4XDTI0MDEyMjE5MzE1OFoXDTI1
MDEyMTE5MzE1OFowcDELMAkGA1UEBhMCVVMxITAfBgNVBAoMGEFic3RyYWN0aXZlIEhlYWx0aCwg
SW5jLjEZMBcGA1UECwwQQ0FSRVFVQUxJVFktVEVTVDEjMCEGA1UEAwwaY2FyZXF1YWxpdHkuYWJz
dHJhY3RpdmUuYWkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfKLfWK+rws9xH57t3
nYihjnvpCquWTKuLAoQ9w+nWaQ4nlJyC1MTIQCrPZ2gTRpAnxMRjamHNEiTmeeQzRkToOQr7Uh4t
bkmEComWkCCNuwkxw9Nfp+2NC05bIHivmmDEbkFqCJgfItSJVq87eU/sOxo0usoDqxEG9qf7X0Od
k32ru+90bd+eKhk2H3URlGwbxlsEi4brCnZy2pZx1McGUS0I7hyaTm2JToh3GheItHU92sGrffq3
XV1L7SIZVoFc3P4Cf8C6yVXDSvAH4nES2CCsAv5lcn1aRU9mH2BAxpxKvP0sZk3qW/TpBVcjXAlm
Ab9yOMva1bLyLKgHhU3rAgMBAAGjggJAMIICPDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEUGA1UdEQQ+MDyCGmNhcmVxdWFsaXR5LmFic3RyYWN0aXZlLmFp
hh5IVFRQOi8vV1dXLkNBUkVRVUFMSVRZLk9SRy9WMDEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
aeChng95VdF8VTR9dYonqCfjBLEwHwYDVR0jBBgwFoAUtovLrSuyoOG2jMJKizXgt4QpwVYwbgYI
KwYBBQUHAQEEYjBgMF4GCCsGAQUFBzAChlJodHRwOi8vd3d3LmRpcmVjdG1kZW1haWwuY29tL0NB
X1JlcG9zaXRvcnkvTWF4TURUbHNSc2FFVkFMQ0EvTWF4TURUbHNSc2FFVkFMQ0EucDdiMGMGA1Ud
HwRcMFowWKBWoFSGUmh0dHA6Ly93d3cuZGlyZWN0bWRlbWFpbC5jb20vQ0FfUmVwb3NpdG9yeS9N
YXhNRFRsc1JzYUVWQUxDQS9NYXhNRFRsc1JzYUVWQUxDQS5jcmwwgaAGA1UdIASBmDCBlTAMBgor
BgEEAYLBWwEFMAwGCisGAQQBgsFbAwEwDAYKKwYBBAGCwVsCBTBpBgsrBgEEAYLBWwACADBaMFgG
CCsGAQUFBwIBFkxodHRwczovL3d3dy5kaXJlY3R0cnVzdC5vcmcvcmVzb3VyY2VzL2NvbXBsaWFu
Y2UtYW5kLWtleS1wb2xpY2llcyNjb21wbGlhbmNlMA0GCSqGSIb3DQEBCwUAA4ICAQCZzgvvC3mp
vil434M4VSl90WhZXwLfBsFCZjjGwkWAZDAuNHGIzQTq7EmVBmHTlswz5xg3tNw31Oq6GOO7yuUt
vWip5OMK1X2jxclyTENyZUNf38Sj0TjC0/JYDTaqlksjoHaUaXCuY/qHVek13lCGjRxj4HSV8eCo
NFyhyn4rujNcpelomxFXPo5ahZ9sqoF64AxJ4I8FCmHUVAXe8wjOAWkXSw8tTVl3Mt9HG6zeTPAw
mnV0pJtcwIB5UQnaZn01MoGvaxP0ddcpLADOb3+uDaKV3XJT72K3nzlc7HEQlkKgrSaEvGhrcu2a
Rkr2QgyRzeaF1Oo907G+Yt6OdjBf8ctgrhCsDW1GTeGogeE0xNyvSPjXRv3eUWVMR/IUERfmhnEB
m1+kpCDEXplAXNcaM+QijayufKDFX8dPd6wCk39QuSDDemdpof0fdbv4vrJ6AU9uqhtgIyOcnLJe
z2JLnIcNCXQ2icAEKnN1UG7zfbdd1ghuD+aIxKLzN0YNXbtf5XzOIFMvf3MDrgn1iEvGnCAToOK6
JUjElJNumAsJbh/gvSgRh5RP7s/c7A14KGrNoSPrFjjjLGUhISPpREeCZwb7ZdaWiaaaQDzq++eS
9eCUbnosagtLxOq2ndJQxdf0YaKvPd5QDA0u1Km+jThzJXs1xZOTIpWDQFN1KMENyg==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlns:Subject>
<samlns:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=ourorgname, OU=IT, O=ourorgname, L=NewYork</samlns:NameID>
<samlns:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<samlns:SubjectConfirmationData/>
</samlns:SubjectConfirmation>
</samlns:Subject>
<samlns:Conditions NotBefore="2024-03-08T16:26:59.802Z" NotOnOrAfter="2024-03-08T17:26:59.802Z">
<samlns:AudienceRestriction>
<samlns:Audience>http://ihe.connectathon.XUA/X-ServiceProvider-IHE-Connectathon</samlns:Audience>
</samlns:AudienceRestriction>
</samlns:Conditions>
<samlns:AuthnStatement AuthnInstant="2024-03-08T16:26:59.802Z">
<samlns:AuthnContext>
<samlns:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</samlns:AuthnContextClassRef>
</samlns:AuthnContext>
</samlns:AuthnStatement>
<samlns:AttributeStatement>
<samlns:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="XSPA Subject">
<samlns:AttributeValue xsi:type="xs:string">valid</samlns:AttributeValue>
</samlns:Attribute>
<samlns:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="XSPA Organization">
<samlns:AttributeValue xsi:type="xs:string">ourorgname</samlns:AttributeValue>
</samlns:Attribute>
<samlns:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="XSPA Organization ID">
<samlns:AttributeValue xsi:type="xs:string">urn:oid:0.0</samlns:AttributeValue>
</samlns:Attribute>
<samlns:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="XCA Home Community ID">
<samlns:AttributeValue xsi:type="xs:string">urn:oid:0.0</samlns:AttributeValue>
</samlns:Attribute>
<samlns:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Purpose of Use">
<samlns:AttributeValue xsi:type="xs:string">TREATMENT</samlns:AttributeValue>
</samlns:Attribute>
<samlns:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="HL7 Role">
<samlns:AttributeValue xsi:type="xs:string">MedicalDoctor</samlns:AttributeValue>
</samlns:Attribute>
</samlns:AttributeStatement>
</samlns:Assertion>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_0">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>07nepYP63amsgcufvkLHuLlIMOGG8r2g54JkSTx/d5g=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>0x8aRv+y3gfky0FaUMxHWPaNmwc4fYq0anpvHyees/0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>wmP3xxadW9s6VcLlDOTICH1MWS4aH4WDvu3saw/JmBfDROY7V63q6yRRGCSV24ywtVZZ+euL1jkxHb44QtSwKPH6SB1ZSMihapSJJjLAUM74TFhsb2is+NAqqBcvux/U+CXD5TSKxTKJgBFGDHUCI8jEaF8+SBx1awpWpVkcxQQD0fVMiOpyDaqex6UfAVuagDho7zHYr3/jKhLvlqzBpelYS0W9P7V7PeSqBGjjyPm/YOCQ1T7K2PIERISyP335JbWgn14GSgyaR/QQVCr00MnzwlD+sJBMNtFwfLYi7f51f/Q28HBr6h/Yl6/C87KXL7Y84S0d00Y0HNfS5nNODQ==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_1d69ba1f-e047-45e9-a2be-d21ec70827eb</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</wsa:Action>
<wsa:MessageID>urn:uuid:b0fe7b2a-9129-4c11-992c-1fcd1201dcbc</wsa:MessageID>
<wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_0">replacementto.org</wsa:To>
<wsa:Action soap-env:mustUnderstand="1">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</wsa:Action>
<wsa:ReplyTo>
<wsa:Address>ourownurl.org</wsa:Address>
</wsa:ReplyTo>
</soap-env:Header>
<soap-env:Body>
<ns0:PRPA_IN201305UV02 xmlns:ns0="urn:hl7-org:v3" ITSVersion="XML_1.0">
<ns0:id extension="2211" root="4d271a79-0b22-439a-b64a-72d961a6cd38"/>
<ns0:creationTime value="20240308162659"/>
<ns0:interactionId extension="PRPA_IN201305UV02" root="2.16.840.1.113883.1.6"/>
<ns0:processingCode code="P"/>
<ns0:processingModeCode code="T"/>
<ns0:acceptAckCode code="AL"/>
<ns0:receiver typeCode="RCV">
<ns0:device classCode="DEV" determinerCode="INSTANCE">
<ns0:id root="ourownoid"/>
<ns0:asAgent classCode="AGNT">
<ns0:representedOrganization classCode="ORG" determinerCode="INSTANCE">
<ns0:id root="ourownoid"/>
</ns0:representedOrganization>
</ns0:asAgent>
</ns0:device>
</ns0:receiver>
<ns0:sender typeCode="SND">
<ns0:device classCode="DEV" determinerCode="INSTANCE">
<ns0:id root="2.16.840.1.113883.3.9918"/>
</ns0:device>
</ns0:sender>
<ns0:controlActProcess classCode="CACT" moodCode="EVN">
<ns0:code code="PRPA_TE201305UV02" codeSystemName="2.16.840.1.113883.1.6"/>
<ns0:authorOrPerformer typeCode="AUT">
<ns0:assignedPerson classCode="ASSIGNED"/>
</ns0:authorOrPerformer>
<ns0:queryByParameter>
<ns0:queryId root="61023518-3f6e-4ad5-a465-87082e96b66f"/>
<ns0:statusCode code="new"/>
<ns0:responseModalityCode code="R"/>
<ns0:responsePriorityCode code="I"/>
<ns0:matchCriterionList/>
<ns0:parameterList>
<ns0:livingSubjectAdministrativeGender>
<ns0:value code="male"/>
<ns0:semanticsText>LivingSubject.AdministrativeGender</ns0:semanticsText>
</ns0:livingSubjectAdministrativeGender>
<ns0:livingSubjectBirthTime>
<ns0:value value="1955-06-27"/>
<ns0:semanticsText>LivingSubject.birthTime</ns0:semanticsText>
</ns0:livingSubjectBirthTime>
<ns0:livingSubjectName>
<ns0:value>
<ns0:family>Hickle134</ns0:family>
<ns0:given>Abram53</ns0:given>
</ns0:value>
<ns0:semanticsText>LivingSubject.name</ns0:semanticsText>
</ns0:livingSubjectName>
</ns0:parameterList>
</ns0:queryByParameter>
</ns0:controlActProcess>
</ns0:PRPA_IN201305UV02>
</soap-env:Body>
</soap-env:Envelope>
要将
RSAKeyValueKeyInfoRSAKeyValueRSAKeyValueKeyInfo以下是如何使用 Python 代码执行此操作的示例:
from lxml import etree
# Create a RSAKeyValue element
rsa_key_value = etree.Element('{http://www.w3.org/2000/09/xmldsig#}RSAKeyValue')
# Create Modulus and Exponent elements
modulus = etree.SubElement(rsa_key_value, '{http://www.w3.org/2000/09/xmldsig#}Modulus')
modulus.text = "Fill in your RSA Modulus"
exponent = etree.SubElement(rsa_key_value, '{http://www.w3.org/2000/09/xmldsig#}Exponent')
exponent.text = "Fill in your RSA Exponent"
# Insert rsa_key_value into the KeyInfo element
key_info = assertion.xpath("//ds:Signature/ds:KeyInfo", namespaces={"ds": "http://www.w3.org/2000/09/xmldsig#"})
key_info[0].append(rsa_key_value)
确保将“填写您的 RSA 模数”和“填写您的 RSA 指数”替换为 RSA 密钥中适当的模数和指数值。