我需要与支持 Soap1.1 en WS Security 1.0 的 soap 服务通信。 我已经在 C# 中放置了一些与此服务通信的代码,但它返回了 FaultException。 serve 的要求之一是我在肥皂主体上签名。我得到的错误似乎与他签署消息有关。
当我检查发送到服务的消息时,我可以看到其中有一个签名,但这个签名有两个引用。第一个 (URI=#_2) 指向正文,第二个 (URI=#uuid-67....) 指向用于签署消息的证书。
我预计这是导致错误的原因。有人可以向我解释为什么将第二个引用添加到签名中以及我如何摆脱它吗?
来源:
//start communication
EndpointAddress address = new EndpointAddress(
new Uri("https://klac.procesinfrastructuur.nl:443/PIAanleverservices/services/AanleverService"),
EndpointIdentity.CreateDnsIdentity("*.procesinfrastructuur.nl"));
CustomBinding cbinding = new CustomBinding();
var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.EnableUnsecuredResponse = true;
sec.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
sec.IncludeTimestamp = false;
cbinding.Elements.Add(sec);
var tme = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
cbinding.Elements.Add(tme);
var https = new HttpsTransportBindingElement();
https.RequireClientCertificate = true;
cbinding.Elements.Add(https);
ChannelFactory<AanleverService> factory = new ChannelFactory<AanleverService>(cbinding, address);
factory.Endpoint.Behaviors.Add(new PaulsBehaviour());
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My,
X509FindType.FindBySubjectName, "My Certificate");
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectName,
"*.procesinfrastructuur.nl");
AanleverService client = factory.CreateChannel();
try
{
leverAanRequest request = new leverAanRequest("", "KLogiO.OB20100305", "Omzetbelasting", "inhoud", //EncodeTo64(inhoudsigned),
DateTime.Now, "24140938B01", "http://geenausp.nl");
leverAanResponse resultaat = client.leverAan(request);
Console.WriteLine("Resultaat: {0}/{1}", resultaat.leverAanReturn.PI_Kenmerk, resultaat.leverAanReturn.tijdstempelOntvangst);
Console.ReadKey();
}
留言:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<ActivityId CorrelationId="7b88bb7b-eb91-47c9-8163-8d0eb90e3adb" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">412197d8-e97b-4e33-a988-1a5390b798a4</ActivityId>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo44bS9QvZcdJjhUDKzWRBs8AAAAAeNyqcH1zhkeOzSiaDD0CyM+e8mGeN1FCmpSR5zqYPf8ACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-582a2846-2291-4c45-b788-2246af698cd8-3"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
MIIG....
</o:BinarySecurityToken>
<o:BinarySecurityToken u:Id="uuid-582a2846-2291-4c45-b788-2246af698cd8-1"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
MIIG....
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>AosPkLHPJGku8gcL+toVX62fPpg=</DigestValue>
</Reference>
<Reference URI="#uuid-582a2846-2291-4c45-b788-2246af698cd8-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>H5fqYFR6N3ryhcna8iXirRhG6w4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>C3oE37WKGthBLpwzN+q/qYJfMKllCnWItNInS1UY5FC4w74sZZh7OJeudS+cNciXNAvT6O+IslJAxdSwApjtuKFTtj0XzgoHqnyRoXbi8zaMT1Vinrw+QSzhhIigWlqXA+5MPUIOJWAWe2Anh6+1LtTyrJo7DpTiSvF8AkGD+sUSOiFcQ6PaA9DtaUDWUqb1rv1X3AqY4T19Twb4aT4sHc3GIi/51/3yALhY4e+jMvo9k3wreJHV/HBCK49sQUCOXHaIHdO7HFodytGRHV5qHaGiH9aJlocAqAKQuegW9O8+56AHt4v3q48zXiIrfQSnaCsSob5LQGudX1KJv7jYtQ==</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-582a2846-2291-4c45-b788-2246af698cd8-3"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<leverAan xmlns="http://procesinfrastructuur.nl/service/aanleverservice/2007/01/">
<betreftPI_Kenmerk xmlns=""/>
<aanleverKenmerk xmlns="">KLogiO.OB20100305</aanleverKenmerk>
<berichtsoort xmlns="">Omzetbelasting</berichtsoort>
<berichtInhoud xmlns="">inhoud</berichtInhoud>
<tijdstempelAangemaakt xmlns="">2011-06-22T15:45:18.457469+02:00</tijdstempelAangemaakt>
<bedrijfsnummer xmlns="">24140938B01</bedrijfsnummer>
<cspEndpoint xmlns="">http://geenausp.nl</cspEndpoint>
</leverAan>
</s:Body>
</s:Envelope>
最佳答案
嗯,
最后我发现了为什么我也在证书上获得了签名。这是因为这行代码:
sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
删除此行会生成正确的消息(只有 1 个带有 then 签名的引用元素)。
保罗
关于c# - 为什么我的 soap header 中的证书有签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6439730/