2. 질의 응답
  3. WebServicesClientProtocol 및 sha256으로 비누 서명

WebServicesClientProtocol 및 sha256으로 비누 서명

2016-08-21 1 views
2

웹 참조를 사용하여 SOAP 클라이언트를 구현하려고합니다. 결과 서명은 유효하지만 sha1 알고리즘을 사용합니다.WebServicesClientProtocol 및 sha256으로 비누 서명

대신 sha256을 사용하는 방법이 있습니까?

여러 솔루션을 찾을 수 있지만 모두 XmlDocument (SignedXml)에서 직접 작동합니다.

다음 코드는 SignatureMethod를 sha256으로 설정하지만 sha1은 어쨌든 사용됩니다.

var client = new EetRef.EETService();// Inherits from Microsoft.Web.Services3.WebServicesClientProtocol 
var cert = new X509Certificate2("01000004.p12", "eet"); 
var token = new X509SecurityToken(cert); 
var messageToken = new MessageSignature(token); 
//Trying to register sha256 provider. 
CryptoConfig.AddAlgorithm(typeof(RsaPkCs1Sha256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); 
//messageToken.SignedInfo.SignatureMethod is null 
messageToken.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; 
client.RequestSoapContext.Security.Tokens.Add(token); 
client.RequestSoapContext.Security.Elements.Add(messageToken); 
client.CallSomeMethod();

결과 비누 : 헤더

<soap:Header> 
    <wsa:Action wsu:Id="Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">http://fs.mfcr.cz/eet/OdeslaniTrzby</wsa:Action> 
    <wsa:MessageID wsu:Id="Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">urn:uuid:575cf2f5-296b-4dff-ab3d-0d3bf75c72a5</wsa:MessageID> 
    <wsa:ReplyTo wsu:Id="Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1"> 
     <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> 
    </wsa:ReplyTo> 
    <wsa:To wsu:Id="Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">https://pg.eet.cz/eet/services/EETServiceSOAP/v2</wsa:To> 
    <wsse:Security soap:mustUnderstand="1"> 
     <wsu:Timestamp wsu:Id="Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f"> 
     <wsu:Created>2016-08-21T17:53:50Z</wsu:Created> 
     <wsu:Expires>2016-08-21T17:58:50Z</wsu:Expires> 
     </wsu:Timestamp> 
     <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1">MIID7DCCAtSgAwIBAgIEAQAABDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJDWjEaMBgGA1UEAwwRR0ZSIEVFVCB0ZXN0IENBIDExLTArBgNVBAoMJEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTAeFw0xNjA1MTkxMjQ4MjVaFw0xODA1MTkxMjQ4MjVaMFQxCzAJBgNVBAYTAkNaMRMwEQYDVQQDDApDWjAwMDAwMDE5MRowGAYDVQQKDBFQcsOhdm5pY2vDoSBvc29iYTEUMBIGA1UEBRMLVDAwMDAwMDAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCIfnLl3YjNyxM3y2FAVovKQMetfyyj/lfLY3DoN1z/8gaVRfcqTZbwh9Btg0HafSmrWBvfgjEC/pG9HNawYZ9nPE+WIP9bXkoOfDTmmVtX4n6OLi2Di+U7+FmPJzykV0ujsOsfcGnQ0f63xZYoGJIwLJuz3gmAF//DfnOeTT7OUZeOKobBSYkQOKv1j05QqQZ7HP+5oq7+hNylFrjuEi5OAeVgJAYScE4COvcpqPKpb7OeR9f78knYFffg5zp/6bi6qkP5uGYEuuQvbW1mATjoqbAWz8c7HNA56uNFlz8V+z9bL0f/xwQjgy4d+5qelTX46tq0vJ2XM9dJaF8ytJAgMBAAGjgcEwgb4wHgYDVR0RBBcwFYETZXBvZHBvcmFAZnMubWZjci5jejAfBgNVHSMEGDAWgBR6WvwNy+w2pg3aaRlmjJvvgsOpNDAdBgNVHQ4EFgQU8oKPLNlNY0/h8jWEmz3EZ1O3bBMwTAYDVR0gBEUwQzBBBgpghkgBZQMCATACMDMwMQYIKwYBBQUHAgIwJRojVGVudG8gY2VydGlmaWthdCBKRSBQT1VaRSBURVNUT1ZBQ0kwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IBAQBVulEYg6noEHqAW3DfNWLvW9XdHFZQj3L5EE3Nwdd0CtMZm4/RZ/CvSENkk+GWv0YCUqHPJzhcKs0NETMKW7L6CI+hY17rD5SHhuoCYzSMlcuMA6gZJr8wIxSWerQrvuZ4uAUMistWG9cgwETZjkGU9JK+H98wdAm2co7WaRweDsNx04aSXagUMDAmRY/jNe7c8/HvwIdnXftbIl56wbYlYiCIG2qS+6lVO+09EIEP40kz1PXlqFZbPLCSlT2YsYiqizfkCX/Ka+AebJykAQ3pOqD6PQ+Y2AMAIRX8AypcN6Yj9p+oof9rda8boA8rA7wwzlJs/+ipWt2ceqPPuL9x</wsse:BinarySecurityToken> 
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
     <SignedInfo> 
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /> 
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <Reference URI="#Id-9ef8e35c-6107-4d31-83ba-6006b0e76557"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>9NhSyQ67wzxd4lwaG+0PL6ztgMs=</DigestValue> 
      </Reference> 
      <Reference URI="#Id-7e6b8643-0760-4356-8062-c914a2b0b5a9"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>cLktOiRAwoDSlKMMM8++gqc/TS8=</DigestValue> 
      </Reference> 
      <Reference URI="#Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>iOJ6axh+PU+ciOe+rSKpJbjlw9w=</DigestValue> 
      </Reference> 
      <Reference URI="#Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>yoaPc5P0gQPQipRira4FPlbUZlY=</DigestValue> 
      </Reference> 
      <Reference URI="#Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>eE1zIA5xoOnHWWbdb90X2bylySs=</DigestValue> 
      </Reference> 
      <Reference URI="#Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
      <DigestValue>8iCvJtbGDPGtZ60+mwZof++5ym4=</DigestValue> 
      </Reference> 
     </SignedInfo> 
     <SignatureValue>Hy8yVARA8FIUxXfxkGU3i3zp2CZN4xREGrdEY4RQxC11rwrX8+i1hkwkE/KapH97iFcx4ryBF9sy+K64SoDEndmAipgHcdeZhbixBKVno7eLPnnaKtSQf6YGRgaOcvLdf/ELwYNXQa5fMbBmlL5rX15fXhPhjEJagMidppiDCLy48MGfd3fGJEwAlu5I2hh8jjumzJuuzk7pLB7oY9sCArcNCFDY2FSHgnnFEDT0krHnmYUePJZ8qjSrZ44D0YdChC07l9GpXLaNxVklMIRqpa3ALjohVV7bkFSskbs+to8ueXq6cUX3kwUiRTyf3lHxKfVjLAX16fEbguHiZVHa3A==</SignatureValue> 
     <KeyInfo> 
      <wsse:SecurityTokenReference> 
      <wsse:Reference URI="#SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> 
      </wsse:SecurityTokenReference> 
     </KeyInfo> 
     </Signature> 
    </wsse:Security> 
    </soap:Header> 
    <soap:Body wsu:Id="Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace"> 
    ...

인증서는 놀이터 인증서과에서 ((인증서가 SHA256 지원) EET를 구현하는 작업을하는 사람으로

출처

2016-08-21 Vojtech B

+0

당신이 그것을 해결 했는가는? 우리 둘 다 EET (체코 공화국)에서 일할 것입니까? :) – SmartK8

+0

아직 없습니다. 웹 참조가이를 지원하지 않는 것 같습니다. 그러나 짧은 기간 동안 EET 서버는 SHA1을 수용했습니다. 나는 내 부분에 무언가를 부러 뜨리거나 변경했다면 잘 모르겠지만 지금은 효과가 없다. 어쨌든 아마 처음부터 다시 구현할 것입니다. 어쩌면 [email protected]에서 나를 때려서 우리가 figgure하는 것을 공유 할 수 있습니까? –

답변

관련 문제

 관련 문제