问题
I’m trying to connect to a SOAP WS with the following features:
- HTTPS
- Signed Timestamp
- Signed Body
- Not encrypted Request
That's an example of the Soap Request I want:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-c1cf1e29">
<wsu:Created>2018-08-29T10:20:58Z</wsu:Created>
<wsu:Expires>2018-08-29T10:25:58Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-2e4f8773"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
[...]
</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Timestamp-c1cf1e29">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>........</DigestValue>
</Reference>
<Reference URI="#Body-d96b5e74">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>........</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
[...]
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-2e4f8773" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-d96b5e74">
[...]
</soapenv:Body>
</soapenv:Envelope>
I’m connecting thought WCF and I’ve created a custom binding that works via HTTPS, gives me the timestamp signed and is not encrypted, but I’m not able to sign the body. I use a X509 Certificate for sign the timestamp.
That's the binding I'm using:
<binding name="customBind">
<security allowInsecureTransport="true" includeTimestamp="true"
requireDerivedKeys="false" authenticationMode="CertificateOverTransport" />
<textMessageEncoding messageVersion="Soap11" writeEncoding="UTF-8"/>
<httpsTransport />
</binding>
I’ve tried different bindings like wsHttpBinding, ws2007HttpBinding, basicHttpBinding, wsHttpContextBinding… with different configurations, with no succeed.
Any idea?
Thanks!
来源:https://stackoverflow.com/questions/52516574/sign-soap-body-and-timestamp-with-x509-certifcate-in-wcf