2011-07-20 54 views
0

我一直在開發一個使用SOAP連接到Web服務的vb.net客戶端。這個Webservice需要對SOAP消息進行簽名並且有一個時間戳。SOAP標頭上的簽名和時間戳順序

至此一切皆有可能,使用WSE 2.0 SP3我已經能夠簽署該消息,包括安全標記到SOAP頭和時間戳標記包含太多,你可以在此示例中看到:

這是我送

 <soap:Header> 
     <wsa:Action>http://www.openuri.org/procesa</wsa:Action> 
     <wsa:MessageID> 
     uuid:8462973d-f108-4b27-999f-730663978d5b</wsa:MessageID> 
     <wsa:ReplyTo> 
      <wsa:Address> 
      http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address> 
     </wsa:ReplyTo> 
     <wsa:To> 
     https://serveis-pre.app.aoc.cat/siri-proxy/services/Sincron</wsa:To> 
     <wsse:Security soap:mustUnderstand="1"> 
      <wsu:Timestamp wsu:Id="Timestamp-05bf25bd-3ca0-4c4a-8052-996353dae4ad"> 
      <wsu:Created>2011-07-20T10:28:56Z</wsu:Created> 
      <wsu:Expires>2011-07-20T10:33:56Z</wsu:Expires> 
      </wsu:Timestamp> 
      <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
      wsu:Id="SecurityToken-faacda4d-8c09-4c30-9538-30e95daf674e">  MIIHcTCCBlmgAwIBAgIQBx1AaP6OMn5M5OpdJ2iqgjANBgkqhkiG9w0BAQUFADCCASYxCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTE0MDIGA1UEBxMrUGFzc2F0Z2UgZGUgbGEgQ29uY2VwY2lvIDExIDA4MDA4IEJhcmNlbG9uYTEuMCwGA1UECxMlU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbyBFQ1YtMjE2MDQGA1UECxMtVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyQ0lDLTIgIChjKTAzMSwwKgYDVQQLEyNBZG1pbmlzdHJhY2lvbnMgTG9jYWxzIGRlIENhdGFsdW55YTEOMAwGA1UEAxMFRUMtQUwwHhcNMTAxMTE4MDg1NjU3WhcNMTQxMTE4MDg1NjUzWjCBxzELMAkGA1UEBhMCRVMxITAfBgNVBAoTGEFqdW50YW1lbnQgZGUgVmlsYWRhc2VuczEuMCwGA1UECxQlU2VydmVpcyBQ+mJsaWNzIGRlIENlcnRpZmljYWNp8yBDREEtMTE1MDMGA1UECxMsVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5jYXQvdmVyQ0RBLTEgKGMpMDMxLjAsBgNVBAMUJVNlcnZlaSBkZSBub3RpZmljYWNpb25zIGVsZWN0cvJuaXF1ZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQoNVzo6aIdLhMLtPC9WSInReMVVIRistX5mKs6bMBw3LNl3UReZKZafOshkmxCH7osGz4hkcMRA6iIDMWD4dVKubNlnPenM0/7VxhYb3U4p12j5rObSZq1XZzF/0dJW9dv7XGei4Uuuy7uzCeZEBgzdHKCllmgYkgN0saV9ELAgMBAAGjggN5MIIDdTA8BgNVHREENTAzgRlzZWNyZXRhcmlhQHZpbGFkYXNlbnMub3JnpBYwFDESMBAGA1UEBRMJUDE3MjMwMDBEMA4GA1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBSumcFc8rrwqFK03Jw/hYI6JlEDGzCCATEGA1UdIwSCASgwggEkgBRM7I1J1CsCA5rQSDAKS2u9MXqmNKGB+aSB9jCB8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVDLUFDQ4IQPZfTkwQ5Yio+HE2mvtFzDjCBzAYDVR0gBIHEMIHBMIG+BgsrBgEEAfV4AQMBWzCBrjAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuY2F0Y2VydC5jYXQvdmVyQ0RBLTEwfgYIKwYBBQUHAgIwchpwQXF1ZXN0IOlzIHVuIGNlcnRpZmljYXQgZGUgZGlzcG9zaXRpdSBkJ2FwbGljYWNp8yBhc3NlZ3VyYWRhIGRlIGNsYXNzZSAxLiBWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0LmNhdC92ZXJDREEtMTBuBggrBgEFBQcBAQRiMGAwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhdGNlcnQuY2F0MDkGCCsGAQUFBzAChi1odHRwOi8vd3d3LmNhdGNlcnQuY2F0L2Rlc2NhcnJlZ2EvYWxfY3Nycy5jcnQwYAYDVR0fBFkwVzBVoFOgUYYmaHR0cDovL2Vwc2NkLmNhdGNlcnQubmV0L2NybC9lYy1hbC5jcmyGJ2h0dHA6Ly9lcHNjZDIuY2F0Y2VydC5uZXQvY3JsL2VjLWFsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALHPF+J25nYtVqB5NqFckzpHknE0oc7qJDoKMh5xrZBG92Q2IzPsQtFozH7NSj8A6FlYGFOlrC0icYlO0u4Gigl6bXzpjxK8tszY7i5kVFJwpwAqgCFjcvKliijaVHWReBphOk4qg3w+Sfo/S4tdMMMV5zGsMSOfUwUvwzGT2CzSXr7UrG1+8ihKqO2rFfpvtwrIF3SaPEvpATpjDL6mw+FhVSTADxydGsyZHnaCVt5izyiZEVFgYqt/2YRsvl/6Z8GoVWPx1vDjng64BT0jRcl4eu74gl+OmU8uo2fK7rnTfvbdQcoEh5kgmb6F8qCzkdz+mesMc7jnSMTXOj7nbbw==</wsse:BinarySecurityToken> 
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
      <SignedInfo> 
       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" 
       xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /> 
       <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
       <Reference URI="#Id-3ec311d8-8c01-4806-af7e-282a9ae69be7"> 
       <Transforms> 
        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </Transforms> 
       <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
       <DigestValue>67QHYb7b816b0zisspMyq54mFBU=</DigestValue> 
       </Reference> 
      </SignedInfo> 
      <SignatureValue> T7iT+m/JPDCtNVlj72Dj4Mofb/lNIWKLmLf52xuk6A5r1bAW+VH+ZYTbyEBzjLCMt37MiCwT+G6eNiTOfTn59Lxrcmw9ZG2U/1i02EqXA7akNoS+wMk1a9zN28yWDX2QOEEihltnFkJkQksQKI0ZK7/BZLlMFDudaujM2yYdkkA=</SignatureValue> 
      <KeyInfo> 
       <wsse:SecurityTokenReference> 
       <wsse:Reference URI="#SecurityToken-faacda4d-8c09-4c30-9538-30e95daf674e" 
       ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> 
       </wsse:SecurityTokenReference> 
      </KeyInfo> 
      </Signature> 
     </wsse:Security> 
     </soap:Header> 
     <soap:Body wsu:Id="Id-3ec311d8-8c01-4806-af7e-282a9ae69be7"> 
... THE MESSAGE BODY .... 

的問題是,在一個Webservice,運行配置爲識別其簽名標籤是時間戳標記之上的SOAP消息的服務器,默認情況下WSE 2.0 SP3以相反的順序在SOAP標題中包含此信息。

令我SOAP消息的標籤:

<soap:Header> 
    <wsa:Action> 
    <wsa:MessageID> 
    <wsa:ReplyTo> 
     <wsa:Address> 
    </wsa:ReplyTo> 
    <wsa:To> 
    <wsse:Security> 
     <wsu:Timestamp> 
      <wsu:Created> 
      <wsu:Expires> 
     </wsu:Timestamp> 
     <wsse:BinarySecurityToken> 
     <Signature> 
      <SignedInfo> 
       <ds:CanonicalizationMethod> 
       <SignatureMethod> 
       <Reference> 
        <Transforms> 
         <Transform Algorithm/> 
        </Transforms> 
        <DigestMethod> 
        <DigestValue> 
       </Reference> 
      </SignedInfo> 
      <SignatureValue> 
      <KeyInfo> 
       <wsse:SecurityTokenReference> 
      </KeyInfo> 
     </Signature> 
    </wsse:Security> 
</soap:Header> 
<soap:Body> 

順序服務器期望的標籤是:

<soap:Header> 
    <wsa:Action> 
    <wsa:MessageID> 
    <wsa:ReplyTo> 
     <wsa:Address> 
    </wsa:ReplyTo> 
    <wsa:To> 
    <wsse:Security> 
     <wsse:BinarySecurityToken> 
     <Signature> 
      <SignedInfo> 
       <ds:CanonicalizationMethod> 
       <SignatureMethod> 
       <Reference> 
        <Transforms> 
         <Transform Algorithm/> 
        </Transforms> 
        <DigestMethod> 
        <DigestValue> 
       </Reference> 
      </SignedInfo> 
      <SignatureValue> 
      <KeyInfo> 
       <wsse:SecurityTokenReference> 
      </KeyInfo> 
     </Signature> 
     <wsu:Timestamp> 
      <wsu:Created> 
      <wsu:Expires> 
     </wsu:Timestamp> 
    </wsse:Security> 
</soap:Header> 
<soap:Body> 

有沒有辦法來改變這種秩序?。

有關我該怎麼做的任何建議?

回答

0

經過一些測試後,我發現了一種方法來攔截創建發送到服務器的XML字符串。

爲了在將XML SOAP消息發送到服務器之前修改XML SOAP消息,必須覆蓋SOAP客戶端的Microsoft.Web.Services2.WebServicesClientProtocol類中的ProcessMessage子。

首先,您將創建一個從SoapOutputFilter繼承的新類,並重寫ProcessMessage子類來執行您想要執行的操作。

Public Class YourOutputFilterClass 
    Inherits SoapOutputFilter 

    Public Overrides Sub ProcessMessage(ByVal envelope As SoapEnvelope) 
     'Find the XmlNode you want to change 

     'Change the XmlNode 
    End Sub 

End Class 

然後,設置你的新類作爲OutputFilter輸出爲您Microsoft.Web.Services2.WebServicesClientProtocol類:

Dim YourSOAPClient as New SoapClientClass() 
Dim YourOutputFilter as New YourOutputFilterClass() 

YourSOAPClient.Pipeline.OutputFilters.Insert(0, YourOutputFilter) 

有了這個你OutputFilter輸出將能夠修改SOAP消息是sended之前。

相關問題