C# 带签名的XML疑难解答_C#_Xml_Encryption_Cryptography

C# 带签名的XML疑难解答

c# xml encryption cryptography

C# 带签名的XML疑难解答,c#,xml,encryption,cryptography,C#,Xml,Encryption,Cryptography,请帮助：供应商需要一个签名的xml，并且没有提供多少帮助来描述如何正确地对xml进行签名。我正在发送以下xml： <SOAP-ENV:Envelope xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsu="htt

请帮助：供应商需要一个签名的xml，并且没有提供多少帮助来描述如何正确地对xml进行签名。我正在发送以下xml：

<SOAP-ENV:Envelope xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference Id="_2"><wsse:Reference URI="#binarytoken" /></wsse:SecurityTokenReference></ds:KeyInfo><wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="binarytoken">removed for security</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>b3U301pqu017IPMBNIZ04dybZ+A=</DigestValue></Reference><Reference URI="#_1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>NLpGjn8jJ7RI/R4rVdiwZPRRyMU=</DigestValue></Reference></SignedInfo><SignatureValue>some signed value here</SignatureValue></Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body wsu:Id="_1"><msg:CompanyMessage xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:msg="companyNameSpace"><msg:Header><msg:Verb>get</msg:Verb><msg:Noun>CompanyFunction</msg:Noun><msg:Revision>1</msg:Revision><msg:Source>COMPANY</msg:Source><msg:UserID>USER</msg:UserID><msg:MessageID>123456789</msg:MessageID><msg:ReplayDetection><wsu:Created>2018-07-27T02:20:39-05:00</wsu:Created><wsse:Nonce>65b9a415-19d9-4090-8520-e1de12cc9721</wsse:Nonce></msg:ReplayDetection></msg:Header></msg:CompanyMessage></SOAP-ENV:Body></SOAP-ENV:Envelope>

非常感谢您的帮助。

当我在一家电信运营商工作时，我们有类似的服务，使用WS-Security，需要签名。当我需要测试这些服务时，我遇到了同样的问题。当然，我们的合作伙伴在使用这些服务时也会感到痛苦

最后，我通过使用WCF实现了它（您至少需要.NET framework 4.0）：

第一步，您需要从提供的WSDL导入Web服务描述，并对生成的代码进行以下更改：

您必须将

ProtectionLevel=System.Net.Security.ProtectionLevel.Sign

添加到

ServiceContratAttribute

中，告知WCF您需要对其进行签名：

[System.ServiceModel.ServiceContractAttribute(ProtectionLevel = System.Net.Security.ProtectionLevel.Sign, Namespace="http://ServiceProvider.someTelecom.fr/Services/Payment "
public interface GetPaymentPortType
{
…
}

然后您应该在app.config中使用以下customBinding

   <customBinding>
    <binding name="HTTPBinding_WSSecurity">
     <security enableUnsecuredResponse="true" authenticationMode="MutualCertificate"
      messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
      requireSignatureConfirmation="false">
      <localClientSettings maxClockSkew="00:10:00" />
      <localServiceSettings maxClockSkew="00:10:00" />
      <secureConversationBootstrap />
     </security>
     <textMessageEncoding messageVersion="Soap11" />
     <httpTransport />
    </binding>
    </customBinding>

奖金：

如果您使用的是自签名证书，请确保可以在服务提供商的服务器上验证该证书。否则，您应该使用提供商提供的证书。

这是我第一次尝试。供应商阻塞了wsdl，我无法获得任何工具来正确创建我要使用的服务对象。这非常令人沮丧。令人沮丧：/n您可以做的是使用VisualStudio从示例中重新生成XSD（仅限于soap:body中的对象），然后从XSD中定义的类型构建WSDL。您还可以手动创建服务契约（这也很痛苦），我对这种soap和xml的东西还相当陌生。我一直能够利用VS工具为我生成服务。这是我第一次在杂草丛中走这么远。我不一定确定如何做这些工作。

   <customBinding>
    <binding name="HTTPBinding_WSSecurity">
     <security enableUnsecuredResponse="true" authenticationMode="MutualCertificate"
      messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
      requireSignatureConfirmation="false">
      <localClientSettings maxClockSkew="00:10:00" />
      <localServiceSettings maxClockSkew="00:10:00" />
      <secureConversationBootstrap />
     </security>
     <textMessageEncoding messageVersion="Soap11" />
     <httpTransport />
    </binding>
    </customBinding>

//Load the signature certificate
X509Certificate2 mycertificate = new X509Certificate2("SignatureCertificate.pfx", "[pfx protection password]");

//Create the wcf client from the given binding
MyServicePortTypeClient client = new MyServicePortTypeClient("HTTPBinding_WSSecurity");
client.Endpoint.Address = new System.ServiceModel.EndpointAddress(new Uri("http://xxxxxx/myService"), EndpointIdentity.CreateDnsIdentity("dns_name"));
//set the client ceritificate
client.ClientCredentials.ClientCertificate.Certificate = mycertificate;
//Call the service
client.Payment(xxx);