使用 WebServicesClientProtocol 和 sha256 的 Soap 签名
[英]Soap signature with WebServicesClientProtocol and sha256
问题描述
I am trying to implement a SOAP client using Web reference.
我正在尝试使用 Web 参考实现 SOAP 客户端。 Resulting signature is valid but uses sha1 algorithm.结果签名有效但使用 sha1 算法。
Is there a way how to use sha256 instead?有没有办法改用sha256?
Several solutions can be found but they all work with XmlDocument (SignedXml) directly.可以找到几种解决方案,但它们都直接与 XmlDocument (SignedXml) 一起使用。
Following code sets SignatureMethod to sha256 but sha1 is used anyway.以下代码将 SignatureMethod 设置为 sha256,但无论如何都使用 sha1。
var client = new EetRef.EETService();// Inherits from Microsoft.Web.Services3.WebServicesClientProtocol
var cert = new X509Certificate2("01000004.p12", "eet");
var token = new X509SecurityToken(cert);
var messageToken = new MessageSignature(token);
//Trying to register sha256 provider.
CryptoConfig.AddAlgorithm(typeof(RsaPkCs1Sha256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
//messageToken.SignedInfo.SignatureMethod is null
messageToken.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
client.RequestSoapContext.Security.Tokens.Add(token);
client.RequestSoapContext.Security.Elements.Add(messageToken);
client.CallSomeMethod();
Resulting soap:Header结果肥皂:标题
<soap:Header>
<wsa:Action wsu:Id="Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">http://fs.mfcr.cz/eet/OdeslaniTrzby</wsa:Action>
<wsa:MessageID wsu:Id="Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">urn:uuid:575cf2f5-296b-4dff-ab3d-0d3bf75c72a5</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">https://pg.eet.cz/eet/services/EETServiceSOAP/v2</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
<wsu:Created>2016-08-21T17:53:50Z</wsu:Created>
<wsu:Expires>2016-08-21T17:58:50Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1">MIID7DCCAtSgAwIBAgIEAQAABDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJDWjEaMBgGA1UEAwwRR0ZSIEVFVCB0ZXN0IENBIDExLTArBgNVBAoMJEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTAeFw0xNjA1MTkxMjQ4MjVaFw0xODA1MTkxMjQ4MjVaMFQxCzAJBgNVBAYTAkNaMRMwEQYDVQQDDApDWjAwMDAwMDE5MRowGAYDVQQKDBFQcsOhdm5pY2vDoSBvc29iYTEUMBIGA1UEBRMLVDAwMDAwMDAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCIfnLl3YjNyxM3y2FAVovKQMetfyyj/lfLY3DoN1z/8gaVRfcqTZbwh9Btg0HafSmrWBvfgjEC/pG9HNawYZ9nPE+WIP9bXkoOfDTmmVtX4n6OLi2Di+U7+FmPJzykV0ujsOsfcGnQ0f63xZYoGJIwLJuz3gmAF//DfnOeTT7OUZeOKobBSYkQOKv1j05QqQZ7HP+5oq7+hNylFrjuEi5OAeVgJAYScE4COvcpqPKpb7OeR9f78knYFffg5zp/6bi6qkP5uGYEuuQvbW1mATjoqbAWz8c7HNA56uNFlz8V+z9bL0f/xwQjgy4d+5qelTX46tq0vJ2XM9dJaF8ytJAgMBAAGjgcEwgb4wHgYDVR0RBBcwFYETZXBvZHBvcmFAZnMubWZjci5jejAfBgNVHSMEGDAWgBR6WvwNy+w2pg3aaRlmjJvvgsOpNDAdBgNVHQ4EFgQU8oKPLNlNY0/h8jWEmz3EZ1O3bBMwTAYDVR0gBEUwQzBBBgpghkgBZQMCATACMDMwMQYIKwYBBQUHAgIwJRojVGVudG8gY2VydGlmaWthdCBKRSBQT1VaRSBURVNUT1ZBQ0kwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IBAQBVulEYg6noEHqAW3DfNWLvW9XdHFZQj3L5EE3Nwdd0CtMZm4/RZ/CvSENkk+GWv0YCUqHPJzhcKs0NETMKW7L6CI+hY17rD5SHhuoCYzSMlcuMA6gZJr8wIxSWerQrvuZ4uAUMistWG9cgwETZjkGU9JK+H98wdAm2co7WaRweDsNx04aSXagUMDAmRY/jNe7c8/HvwIdnXftbIl56wbYlYiCIG2qS+6lVO+09EIEP40kz1PXlqFZbPLCSlT2YsYiqizfkCX/Ka+AebJykAQ3pOqD6PQ+Y2AMAIRX8AypcN6Yj9p+oof9rda8boA8rA7wwzlJs/+ipWt2ceqPPuL9x</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9NhSyQ67wzxd4lwaG+0PL6ztgMs=</DigestValue>
</Reference>
<Reference URI="#Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>cLktOiRAwoDSlKMMM8++gqc/TS8=</DigestValue>
</Reference>
<Reference URI="#Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>iOJ6axh+PU+ciOe+rSKpJbjlw9w=</DigestValue>
</Reference>
<Reference URI="#Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>yoaPc5P0gQPQipRira4FPlbUZlY=</DigestValue>
</Reference>
<Reference URI="#Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>eE1zIA5xoOnHWWbdb90X2bylySs=</DigestValue>
</Reference>
<Reference URI="#Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>8iCvJtbGDPGtZ60+mwZof++5ym4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Hy8yVARA8FIUxXfxkGU3i3zp2CZN4xREGrdEY4RQxC11rwrX8+i1hkwkE/KapH97iFcx4ryBF9sy+K64SoDEndmAipgHcdeZhbixBKVno7eLPnnaKtSQf6YGRgaOcvLdf/ELwYNXQa5fMbBmlL5rX15fXhPhjEJagMidppiDCLy48MGfd3fGJEwAlu5I2hh8jjumzJuuzk7pLB7oY9sCArcNCFDY2FSHgnnFEDT0krHnmYUePJZ8qjSrZ44D0YdChC07l9GpXLaNxVklMIRqpa3ALjohVV7bkFSskbs+to8ueXq6cUX3kwUiRTyf3lHxKfVjLAX16fEbguHiZVHa3A==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
...
The certificate is a playground certificate and can be downloaded from http://www.etrzby.cz/assets/cs/prilohy/CA_PG_v1.zip (The certificate supports SHA256)证书为playground证书,可从http://www.etrzby.cz/assets/cs/prilohy/CA_PG_v1.zip下载(证书支持SHA256)
1 个解决方案
解决方案1
2 2016-09-10 19:59:14
To anyone who is working on implementing EET (in Czech Republic).致所有致力于实施 EET(在捷克共和国)的人。 I did not find a solution using a Web reference.我没有找到使用 Web 参考的解决方案。
But there is an Apache licenced library on Github:但是 Github 上有一个 Apache 许可的库:
https://github.com/l-ra/openeet https://github.com/l-ra/openeet
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用SHA256的PayFort签名 - PayFort Signature using SHA256
RSA SHA256 签名生成和验证 - RSA SHA256 signature generation and validation
SignedXml 使用 SHA256 计算签名 - SignedXml Compute Signature with SHA256
C# 使用带有 SHA256 证书的 ECDSA 进行签名验证 - C# signature verification using ECDSA with SHA256 certificate
如何在 C# 中使用 SHA256 签名对 ECDSA 进行签名和验证 - How to sign and verify an ECDSA with SHA256 signature in C#
验证 C# 中的 RSA SHA256 签名 - Verify RSA SHA256 signature in C#
SSO SAML的签名XML签名验证(使用sha256) - Signed XML signature verification for SSO SAML (Using sha256)
JwtSecurityTokenHandler()。ValidateToken()::签名验证失败...在此上下文中不支持sha256 - JwtSecurityTokenHandler().ValidateToken() :: Signature validation failed… sha256 not supported in this context
RSA.SignHash SHA512 和 SHA256 给出相同的签名长度 - RSA.SignHash SHA512 and SHA256 give the same signature length
在 c# 中将签名算法从 sha1 转换为 sha256 - convert signature algorithm from sha1 to sha256 in c#
相关标签