현재 .NET에서 SOAP 서비스를 사용하기 위해 클라이언트를 구현하고 있습니다 (확실하지 않습니다). SOAP 봉투는 매우 구체적인 방식으로 서명되어야하며 그렇게하려고하는 악몽이었습니다. 내가 서명 헤더에 적절한 네임 스페이스를 설정할 수 없었던XMl 서명과 WCF로 SOAp 메시지에 서명하기
- : 나는이 문제가 그래서 기본적으로
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-319644606"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>uQpjnTTrxxI7ck9FpeEI6YRVHBA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> paNzJWyYDBNTj8Ay4z0/wOKKQUCe/z0q/LRcDgB9CP1fn/FZW8uyLdASHxs2HHlpYG7daFvbtpsQ ZoiIUSzUuUBUAjjaqLWRZyUeCqc48f8X6vxR52mLARnJdPC9MWPZg8FTsoqJ2nvyH28chqf8Svql KxgtCtBiL9wPnkzG5m4= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1827725498"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-131635550"> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=DESARROLLO,OU=INGENIERIA,O=ASOBANCARIA,L=BOGOTA,ST=D.C,C=CO</ds:X509IssuerName> <ds:X509SerialNumber>1141316577</ds:X509SerialNumber> </ds:X509IssuerSerial> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2014-10-29T22:14:01Z</wsu:Created> <wsu:Expires>2014-10-29T22:19:01Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-319644606"> <ns1:evaluarCuestionario xmlns:ns1="http://ws.confrontaultra.cifin.asobancaria.com" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <p_parametrosSeguridad href="#id0"></p_parametrosSeguridad> <p_respuestaCuestionario href="#id1"></p_respuestaCuestionario> </ns1:evaluarCuestionario> <multiRef xmlns:ns2="http://ultras.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id1" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns2:RespuestaCuestionarioULTRADTO"> <secuenciaCuestionario href="#id2"></secuenciaCuestionario> <codigoCuestionario href="#id3"></codigoCuestionario> <respuestas xmlns:ns3="http://ultra.dto.confrontaultra.cifin.co" soapenc:arrayType="ns3:RespuestaPreguntaULTRADTO[5]" xsi:type="soapenc:Array"> <respuestas href="#id4"></respuestas> <respuestas href="#id5"></respuestas> <respuestas href="#id6"></respuestas> <respuestas href="#id7"></respuestas> <respuestas href="#id8"></respuestas> </respuestas> </multiRef> <multiRef xmlns:ns4="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns4:ParametrosSeguridadULTRADTO"> <claveCIFIN xsi:type="soapenc:string">90681</claveCIFIN> <password xsi:type="soapenc:string">H32std</password> </multiRef> <multiRef xmlns:ns5="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id7" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns5:RespuestaPreguntaULTRADTO"> <secuenciaPregunta href="#id9"></secuenciaPregunta> <secuenciaRespuesta href="#id10"></secuenciaRespuesta> </multiRef> <multiRef xmlns:ns6="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id4" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns6:RespuestaPreguntaULTRADTO"> <secuenciaPregunta href="#id11"></secuenciaPregunta> <secuenciaRespuesta href="#id12"></secuenciaRespuesta> </multiRef> <multiRef xmlns:ns7="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id6" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns7:RespuestaPreguntaULTRADTO"> <secuenciaPregunta href="#id13"></secuenciaPregunta> <secuenciaRespuesta href="#id14"></secuenciaRespuesta> </multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id2" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:long">8846263</multiRef> <multiRef xmlns:ns8="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id5" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns8:RespuestaPreguntaULTRADTO"> <secuenciaPregunta href="#id15"></secuenciaPregunta> <secuenciaRespuesta href="#id16"></secuenciaRespuesta> </multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id3" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">7062</multiRef> <multiRef xmlns:ns9="http://ultra.dto.confrontaultra.cifin.co" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id8" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns9:RespuestaPreguntaULTRADTO"> <secuenciaPregunta href="#id17"></secuenciaPregunta> <secuenciaRespuesta href="#id18"></secuenciaRespuesta> </multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id12" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">150136315</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id14" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">150136266</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id17" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">7</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id10" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">150136259</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id16" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">150136277</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id9" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">20</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id18" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">150136247</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id15" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">35</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id13" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">9</multiRef> <multiRef xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" id="id11" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:int">92</multiRef> </soapenv:Body> </soapenv:Envelope>
:
이
은 기대 봉투의 예입니다 . (ds 네임 스페이스) 또한 KeyInfo 태그 안에 wsse : SecutiryTokenReference 태그가 있습니다. SignedXml 클래스는 KeyInfo 엘리먼트 내부에 기본적으로이 XML을 생성
그래서<KeyInfo> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=RootCATest</X509IssuerName> <X509SerialNumber>228801528337358580231830876343013017805</X509SerialNumber> </X509IssuerSerial> </X509Data> </KeyInfo>
, 내가 <wsse:SecurityTokenReference>
요소와이 <X509Data>
요소를 대체 할 수있는 방법에 대해 설명합니다.
지금까지 XML 문서에 서명하기 위해 찾은 많은 게시물과 블로그를 따라 구현했습니다. 이것은 내 구현입니다.
public class Signer
{
public XmlDocument SignMessage(XmlDocument xmlDoc, X509Certificate2 certificate)
{
var ns = new XmlNamespaceManager(xmlDoc.NameTable);
ns.AddNamespace("soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
var body = xmlDoc.DocumentElement.SelectSingleNode(@"//soapenv:Body", ns) as XmlElement;
if (body == null)
throw new ApplicationException("No body tag found");
body.SetAttribute("id", "Body");
var signedXml = new SignedXml(xmlDoc);
var keyInfo = new KeyInfo();
signedXml.SigningKey = certificate.PrivateKey;
var keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(certificate.Issuer, certificate.GetSerialNumberString());
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
var reference = new Reference { Uri = "#Body" };
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();
var signedElement = signedXml.GetXml();
var securityNode = xmlDoc.CreateElement(
"wsse",
"Security",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
securityNode.AppendChild(signedElement);
var timeStampNOde = xmlDoc.CreateElement("Timestamp");
var createdNode = xmlDoc.CreateElement("Created");
createdNode.InnerText = JsonConvert.SerializeObject(DateTime.UtcNow, new IsoDateTimeConverter());
var expiresNode = xmlDoc.CreateElement("Created");
expiresNode.InnerText = JsonConvert.SerializeObject(DateTime.UtcNow.AddMinutes(5), new IsoDateTimeConverter());
timeStampNOde.AppendChild(createdNode);
timeStampNOde.AppendChild(expiresNode);
securityNode.AppendChild(timeStampNOde);
var soapHeader = xmlDoc.DocumentElement.SelectSingleNode(@"//soapenv:Header", ns) as XmlElement;
if (soapHeader == null)
{
soapHeader = xmlDoc.CreateElement("soapenv:Header", "");
xmlDoc.DocumentElement.InsertBefore(soapHeader, xmlDoc.DocumentElement.ChildNodes[0]);
}
soapHeader.AppendChild(securityNode);
return xmlDoc;
}
모든 의견, 제안 사항, 게시물 등은 매우 유용합니다. 이 조직은 나를 위해 그것을 바꿀 것이기 때문에 그들이 필요로하는 봉투를 보내야한다고 생각해. 나는 그들에게 많은 고객이있는 것 같아.
대단히 감사합니다!
음, 드디어 서비스에 왔습니다. 그러나 응답 중 : "WSDoAllReceiver : 서명에 사용 된 인증서가 신뢰할 수 없습니다." 내 추측으로는 이진 토큰을 가리키는 KeyInfo 요소를 허용하지 않는다는 것입니다. 어쨌든 제가 예제에서 보여준대로 이것을 설정할 수 있습니까? @ YaronNaveh – Daniel
서명 할 때 잘못된 인증서를 사용하는 것처럼이 오류가 발생합니다. 동일한 인증서를 사용하여 먼저 soapui를 사용하여 서비스에 액세스하여 문제가 실제로 인증서가 아닌 형식으로되어 있는지 확인하십시오. –
당신 말이 맞았습니다. 잘못된 인증서를 사용하고있었습니다. 마침내 서버를 쳤을 때부터 올바른 대답을 드리겠습니다. 응답을 볼 수 있습니다. 그러나.net 클라이언트는 응답에 보안 헤더가 있는지 확인하도록 구성되어 있습니다. 물론 보안이없는 응답을 보내는 경우도 있습니다. (WCF는 응답의 누락 된 보안 헤더에 대해 불평하고 있습니다.)이 보안 제한을 우회 할 방법이 있습니까? ? @YaronNaveh – Daniel