我一直在開發一個使用SOAP連接到Web服務的vb.net客戶端。這個Webservice需要對SOAP消息進行簽名並且有一個時間戳。SOAP標頭上的簽名和時間戳順序
至此一切皆有可能,使用WSE 2.0 SP3我已經能夠簽署該消息,包括安全標記到SOAP頭和時間戳標記包含太多,你可以在此示例中看到:
這是我送
<soap:Header>
<wsa:Action>http://www.openuri.org/procesa</wsa:Action>
<wsa:MessageID>
uuid:8462973d-f108-4b27-999f-730663978d5b</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
https://serveis-pre.app.aoc.cat/siri-proxy/services/Sincron</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-05bf25bd-3ca0-4c4a-8052-996353dae4ad">
<wsu:Created>2011-07-20T10:28:56Z</wsu:Created>
<wsu:Expires>2011-07-20T10:33:56Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-faacda4d-8c09-4c30-9538-30e95daf674e"> MIIHcTCCBlmgAwIBAgIQBx1AaP6OMn5M5OpdJ2iqgjANBgkqhkiG9w0BAQUFADCCASYxCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTE0MDIGA1UEBxMrUGFzc2F0Z2UgZGUgbGEgQ29uY2VwY2lvIDExIDA4MDA4IEJhcmNlbG9uYTEuMCwGA1UECxMlU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbyBFQ1YtMjE2MDQGA1UECxMtVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyQ0lDLTIgIChjKTAzMSwwKgYDVQQLEyNBZG1pbmlzdHJhY2lvbnMgTG9jYWxzIGRlIENhdGFsdW55YTEOMAwGA1UEAxMFRUMtQUwwHhcNMTAxMTE4MDg1NjU3WhcNMTQxMTE4MDg1NjUzWjCBxzELMAkGA1UEBhMCRVMxITAfBgNVBAoTGEFqdW50YW1lbnQgZGUgVmlsYWRhc2VuczEuMCwGA1UECxQlU2VydmVpcyBQ+mJsaWNzIGRlIENlcnRpZmljYWNp8yBDREEtMTE1MDMGA1UECxMsVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5jYXQvdmVyQ0RBLTEgKGMpMDMxLjAsBgNVBAMUJVNlcnZlaSBkZSBub3RpZmljYWNpb25zIGVsZWN0cvJuaXF1ZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQoNVzo6aIdLhMLtPC9WSInReMVVIRistX5mKs6bMBw3LNl3UReZKZafOshkmxCH7osGz4hkcMRA6iIDMWD4dVKubNlnPenM0/7VxhYb3U4p12j5rObSZq1XZzF/0dJW9dv7XGei4Uuuy7uzCeZEBgzdHKCllmgYkgN0saV9ELAgMBAAGjggN5MIIDdTA8BgNVHREENTAzgRlzZWNyZXRhcmlhQHZpbGFkYXNlbnMub3JnpBYwFDESMBAGA1UEBRMJUDE3MjMwMDBEMA4GA1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBSumcFc8rrwqFK03Jw/hYI6JlEDGzCCATEGA1UdIwSCASgwggEkgBRM7I1J1CsCA5rQSDAKS2u9MXqmNKGB+aSB9jCB8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVDLUFDQ4IQPZfTkwQ5Yio+HE2mvtFzDjCBzAYDVR0gBIHEMIHBMIG+BgsrBgEEAfV4AQMBWzCBrjAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuY2F0Y2VydC5jYXQvdmVyQ0RBLTEwfgYIKwYBBQUHAgIwchpwQXF1ZXN0IOlzIHVuIGNlcnRpZmljYXQgZGUgZGlzcG9zaXRpdSBkJ2FwbGljYWNp8yBhc3NlZ3VyYWRhIGRlIGNsYXNzZSAxLiBWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0LmNhdC92ZXJDREEtMTBuBggrBgEFBQcBAQRiMGAwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhdGNlcnQuY2F0MDkGCCsGAQUFBzAChi1odHRwOi8vd3d3LmNhdGNlcnQuY2F0L2Rlc2NhcnJlZ2EvYWxfY3Nycy5jcnQwYAYDVR0fBFkwVzBVoFOgUYYmaHR0cDovL2Vwc2NkLmNhdGNlcnQubmV0L2NybC9lYy1hbC5jcmyGJ2h0dHA6Ly9lcHNjZDIuY2F0Y2VydC5uZXQvY3JsL2VjLWFsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALHPF+J25nYtVqB5NqFckzpHknE0oc7qJDoKMh5xrZBG92Q2IzPsQtFozH7NSj8A6FlYGFOlrC0icYlO0u4Gigl6bXzpjxK8tszY7i5kVFJwpwAqgCFjcvKliijaVHWReBphOk4qg3w+Sfo/S4tdMMMV5zGsMSOfUwUvwzGT2CzSXr7UrG1+8ihKqO2rFfpvtwrIF3SaPEvpATpjDL6mw+FhVSTADxydGsyZHnaCVt5izyiZEVFgYqt/2YRsvl/6Z8GoVWPx1vDjng64BT0jRcl4eu74gl+OmU8uo2fK7rnTfvbdQcoEh5kgmb6F8qCzkdz+mesMc7jnSMTXOj7nbbw==</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-3ec311d8-8c01-4806-af7e-282a9ae69be7">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>67QHYb7b816b0zisspMyq54mFBU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue> T7iT+m/JPDCtNVlj72Dj4Mofb/lNIWKLmLf52xuk6A5r1bAW+VH+ZYTbyEBzjLCMt37MiCwT+G6eNiTOfTn59Lxrcmw9ZG2U/1i02EqXA7akNoS+wMk1a9zN28yWDX2QOEEihltnFkJkQksQKI0ZK7/BZLlMFDudaujM2yYdkkA=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-faacda4d-8c09-4c30-9538-30e95daf674e"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-3ec311d8-8c01-4806-af7e-282a9ae69be7">
... THE MESSAGE BODY ....
的問題是,在一個Webservice,運行配置爲識別其簽名標籤是時間戳標記之上的SOAP消息的服務器,默認情況下WSE 2.0 SP3以相反的順序在SOAP標題中包含此信息。
令我SOAP消息的標籤:
<soap:Header>
<wsa:Action>
<wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
</wsa:ReplyTo>
<wsa:To>
<wsse:Security>
<wsu:Timestamp>
<wsu:Created>
<wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken>
<Signature>
<SignedInfo>
<ds:CanonicalizationMethod>
<SignatureMethod>
<Reference>
<Transforms>
<Transform Algorithm/>
</Transforms>
<DigestMethod>
<DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body>
順序服務器期望的標籤是:
<soap:Header>
<wsa:Action>
<wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
</wsa:ReplyTo>
<wsa:To>
<wsse:Security>
<wsse:BinarySecurityToken>
<Signature>
<SignedInfo>
<ds:CanonicalizationMethod>
<SignatureMethod>
<Reference>
<Transforms>
<Transform Algorithm/>
</Transforms>
<DigestMethod>
<DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
<wsu:Timestamp>
<wsu:Created>
<wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
有沒有辦法來改變這種秩序?。
有關我該怎麼做的任何建議?