我们如何验证来自可信服务器的签名

时间:2013-10-04 13:41:38

标签: c# web-services windows-phone-8 signature trustedconnection

我正在开发一款Windows Phone 8 我正在使用可信证书连接HTTPS服务器。  我正在尝试读取服务器数字签名以使用本地字符串验证它,以避免人员处于中间攻击。

那么我应该发送什么来接收签名然后验证呢

这是我的代码:

public static RequestSoap call webservice()
2.         {
3.             NetworkCredential credentials = new 
4. NetworkCredential(Cryptography.getUserName(), Cryptography.getPassword(), 
5. Cryptography.getDomain());
6. 
7.             string wsUrl = 'link';
8.             HttpWebRequest request = 
9. (HttpWebRequest)HttpWebRequest.Create(wsUrl);
10.             request.UseDefaultCredentials = false;
11.             request.AllowAutoRedirect = true;
12.             request.Credentials = credentials;
13.             request.Headers["SOAPAction"] = 'soapLink';
14.             request.ContentType = "text/xml;charset=UTF-8";
15.             request.Method = "POST";
16. 
17.             String envelope =
18.               "<soap:Envelope 
19.xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
20.xmlns:xsd='http://www.w3.org/2001/XMLSchema' 
21.xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'>"
22.                 + "<soap:Body>"
23.                 ..........
24.                 + " </soap:Body>"
25.                 + " </soap:Envelope>";
26. 
27.             XDocument soapEnvelopeXml = XDocument.Parse(envelope);
28.             InsertSoapEnvelopeIntoWebRequest(soapEnvelopeXml, request);
29.         }
30. 
31. private void InsertSoapEnvelopeIntoWebRequest(XDocument soapEnvelopeXml, 
32. HttpWebRequest webRequest)
33.         {
34.             webRequest.BeginGetRequestStream((IAsyncResult 
35. asynchronousResult) =>
36.             {
37.                 HttpWebRequest request = 
38. (HttpWebRequest)asynchronousResult.AsyncState;
39.                 Stream postStream = 
40. request.EndGetRequestStream(asynchronousResult);
41.                 soapEnvelopeXml.Save(postStream);
42.                 postStream.Close();
43.                 request.BeginGetResponse(new 
44. AsyncCallback(GetResponseCallback), request);
45.             }, webRequest);
46.         }
47. 
48. private void GetResponseCallback(IAsyncResult asynchronousResult)
49.         {
50. 
51.             try
52.             {
53.                 HttpWebRequest request = 
54. (HttpWebRequest)asynchronousResult.AsyncState;
55.                 HttpWebResponse response = 
56. (HttpWebResponse)request.EndGetResponse(asynchronousResult);
57.                 Stream streamResponse = response.GetResponseStream();
58.                 StreamReader streamRead = new StreamReader(streamResponse);
59.                 string responseString = streamRead.ReadToEnd();
60. 
61.                 Deployment.Current.Dispatcher.BeginInvoke(() =>
62.                 {
63.                     if 
64. (request.Credentials.GetCredential(request.RequestUri, "NTLM").Domain != 
65. Cryptography.getDomain())
66.                     {
67.                         streamResponse.Close();
68.                         streamRead.Close();
69.                         response.Close();
70.                         return;
71.                     }
72. 
73.                     responseString = 
74. responseString.Replace("encoding=\"utf-8\"", "");
75.                     XmlReader reader = XmlReader.Create(new 
76. MemoryStream(System.Text.UnicodeEncoding.Unicode.GetBytes(responseString)));
77.                     reader.MoveToContent();
78. 
79.                     while (reader.Read())
80.                     {
81.                         // parsing
82.                     }
83.                     }
84.                 });
85. 
86.                 streamResponse.Close();
87.                 streamRead.Close();
88.                 response.Close();
89.             }
90.             catch (Exception a)
91.             {
92. 
93.             }
94.         }

0 个答案:

没有答案