[英]Sign SOAP using certificate (WSE)
我有一个要求,我必须先构建SOAP消息,然后使用X509证书对其进行签名,然后再通过POST将其发送到服务。 我不知道这是什么类型的服务,但是给了我一个SOAP示例。
我尝试在MSDN上使用该示例,但该示例有限且不完整,无法实例化Security对象。 但是,即使可以,如何将其与SoapEnvelope关联?
http://msdn.microsoft.com/en-us/library/aa529277.aspx
SOAP消息是通过Xslt构建的。 我需要尽我所能将其签名。 很难找到任何东西。 有任何想法吗?
我当前正在使用以下代码对xml进行签名,然后将其注入SOAP xml中。
private static XmlElement EncryptMessage(XmlElement msgBody)
{
StoreName storeName = (StoreName)Enum.Parse(typeof(StoreName), "My");
StoreLocation storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), "LocalMachine");
X509Certificate2 cert = X509Helper.GetCertificate(storeName, storeLocation, "CN=Something");
SignedXml signedXml = new SignedXml(msgBody);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
signedXml.SigningKey = cert.PrivateKey;
signedXml.KeyInfo.AddClause(new System.Security.Cryptography.Xml.KeyInfoX509Data(cert));
Reference tRef = new Reference("");
XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();
tRef.AddTransform(env);
signedXml.AddReference(tRef);
signedXml.ComputeSignature();
XmlElement xmlDsig = signedXml.GetXml();
xmlDsig.SetAttribute("Id", "Signature-1");
return xmlDsig;
}
哪个返回
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>iGDf7TGuTzLDv/PYYF7/DC7xcZs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">nALPlzIs96AE6/oMeFLFgxNJEeExwbvVLQI5HmevtthSX8hppH6Wr3OSk6/GSBtfyw6x1rXZXVbiXLuZ5jxiOsFfz314gBhoRzAskIxEer2SVmJ3BGUknEj+8pAAWfHFd3S8I4xPDjXvNPKalPsos8SBIDGNztACuG/aTb8FfomtxeJuzuIxQMPzXcJmX3bc1Sm7vkfrImY0Ep6LgFhl7NH5cl9R51APoSyRAjAxgPSQ/B3cdYxKwRO4Xe0A3XmFhdVWbFz+IfZGoWWqol0pOlVjkyzagqaMKl6Qstg3qmoqwspiQ/sUcyl+BOqXUtOw8ItFNUhrCeHxp4Utq8Hlqg==</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIDAjCCAeqgAwIBAgIQdTFx7HlggYRD6LNeHg9uITANBgkqhkiG9w0BAQUFADAqMSgwJgYDVQQDEx9kZGF2aXMtUEMuaW50cmFuZXQud2VibWV0cm8uY29tMB4XDTExMDExODIxNDAyNFoXDTEyMDExODAwMDAwMFowKjEoMCYGA1UEAxMfZGRhdmlzLVBDLmludHJhbmV0LndlYm1ldHJvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMTgt9dnWwPEquCzW0sfUvRN5VLqX8BGeT9IL3MSXT9jdY2fWHav6SNdoXGp2RnSmQnTjHoz7WRu0r8UHfV9H7W6bUwiE+Ek1mQcbTGM3v/MOzzpbK4OT/OexP8LLFV0DihtX3PHinaTIvczledUHj135hOF6q6YDgLg/XkYUiuXk2DzYSIFSTQ5cPgt7k7fYwpVPiqddU56djKov2xWbnJKmNyO7XbKQiHYUADvqem3WE4NcTHIwScmjXdLxrN3xKKhh+UFvRRXeMyV+I4yvHGRUx1ZSsJ7yvC8rMYWuq3n8GymYSXJyWZKzEKxISbl9RTeri4ToyghpEcqiQ0oBUCAwEAAaMkMCIwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQAWlISMloQU+SmZ1vAvup6WngUUsWc27h/mkA2wO1/H8GfjiiUrS/BCIqL37L/x0uFw6uUF4v0qbK2/weuqKPCUYu676k4D9fuwdTLwZaoIclSrM7XWwcbp/m4IHzHuW3BZ+r4MWe0Jv49CDlVj5A2kT0FXDc+qemulPtP4OOb0f8UzBoPuWTM86rjjY290F1jUdtEtgY9EJWxNAC2AnIY2dxXBZZm5v3FBPcqXTQXxCAmMV9xXfGb6Rg2j8IiL04qJ/2y4u+G3VKjWRyqDvKQ293qO7JMAdDnBleRxgwPNTJ/B5R5UcRT5AAwqbSfUgmcZeJN1ZCWMEdX41oONzkJJ</X509Certificate>
</X509Data>
</KeyInfo>
根据我在这里阅读的内容: http : //www.trl.ibm.com/projects/xml/soap/wp/wp.html我所需要的只是我所拥有的,因此我可以将其注入到标题中。
您不需要WSE,可以通过从邮件正文生成签名来对邮件签名。 您使用的代码是正确的。 只需对其进行更改以处理消息的主体,然后将您的方法返回的xml放入soap消息的标头即可。 同样,您似乎需要添加参考。 该URL应该是您为正文提供的ID。
我以以下方式进行操作,首先获取证书,然后将其保存在股票证书中,然后从商店访问证书并在肥皂消息上签名
在此链接中,您将找到相同的示例和其他相似的http://www.systemdeveloper.info/2013/11/digital-signature-in-c.html
这是我如何做的一个例子:
public static getDataResponse queryingData(string name)
{
proxy.BanWS conexion = new proxy.Banws();
//VALIDATION OF CONNECTION V3
X509Certificate2 elCert = new X509Certificate2(@"C:\portecle-1.5\12345.P12", "12345");
conexion.ClientCertificates.Add(elCert);
// Copy the certificate to the certificate store using ASPNET
// spent the path and password
X509Certificate2 certificate = new X509Certificate2(@"C:\portecle-1.5\12345.P12", "12345");
X509Store stores = new X509Store(StoreName.My, StoreLocation.CurrentUser);
stores.Open(OpenFlags.ReadWrite);
stores.Add(certificate);
stores.Close();
String sto = X509CertificateStore.MyStore;
// Open the Certificates Stores
X509CertificateStore store = X509CertificateStore.CurrentUserStore(sto);
store.OpenRead();
// We look for the certificate that we will use to perform the signature
String certname = "conticert";
Microsoft.Web.Services2.Security.X509.X509CertificateCollection certcoll = store.FindCertificateBySubjectString(certname);
if (certcoll.Count != 0)
{
Microsoft.Web.Services2.Security.X509.X509Certificate cert = certcoll[0];
SoapContext ctx = conexion.RequestSoapContext;
SecurityToken tok = new X509SecurityToken(cert);
ctx.Security.Timestamp.TtlInSeconds = 120;
ctx.Security.Tokens.Add(tok);
// We signed the request
ctx.Security.Elements.Add(new MessageSignature(tok));
}
//remote call
getDataResponse response = new getDataResponse();
response = conexion.getData(name);
return response;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.