我正在尝试创建SOAP Web服务客户端。 在代码中的某个时刻,我必须计算一个哈希来签署我的请求。
当我尝试规范化(使用xml-exc-c14n)请求的正文时,我遇到异常“未定义名称空间前缀's'”。 名称空间“ s”是在Envelope标记中定义的,因此我尝试使用信封标记并将其标准化后将其删除。 它起作用了,但是当我对规范化的主体进行哈希处理时,该值与通过SoapUI计算的值不匹配(这是正确的)。
有人可以告诉我为什么我的代码中生成的哈希值与SoapUI生成的哈希值不同吗?
我尝试更改CalculateHash方法中的流编码,该方法更改了哈希值,但仍与SoapUI不匹配。
用于规范身体标签的方法:
public static string GetCanonicalXMLC14NForm(string monXML)
{
var envelope = string.Format("<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\">{0}</s:Envelope>", monXML);
XmlDocument doc = new XmlDocument();
doc.LoadXml(envelope);
XmlDsigExcC14NTransform xmlTransform = new XmlDsigExcC14NTransform(true);
xmlTransform.InclusiveNamespacesPrefixList = "";
// Ensure the transform is using the appropriate algorithm.
xmlTransform.Algorithm = "http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718";
xmlTransform.LoadInput(doc);
// Retrieve the XML representation of the current transform.
MemoryStream outputStream = (MemoryStream)xmlTransform.GetOutput(typeof(Stream));
outputStream.Position = 0;
var sr = new StreamReader(outputStream);
var myStr = sr.ReadToEnd().Replace("<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\">", "").Replace("</s:Envelope>", "");
return myStr;
}
用于从规范化主体计算哈希的方法:
public static byte[] CalculateHash(string monXmlCanonise, X509Certificate2 certificate)
{
HashAlgorithm hashAlgo = HashAlgorithm.Create(GetHashAlgoFromCertificate(certificate));
// Pour calculer le hash, on a besoin d'un stream
MemoryStream stream = new MemoryStream();
StreamWriter writer = new StreamWriter(stream);
writer.Write(monXmlCanonise);
writer.Flush();
stream.Position = 0;
// Cacluer le hash à partir du stream du xml canonisé
return hashAlgo.ComputeHash(stream);
}
调用方法的代码:
var canonizedBody = GetCanonicalXMLC14NForm(_body);
var hash = CalculateHash(canonizedBody , myCertif);
SOAP请求示例:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" s:mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-6">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="cen s" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#id-5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="cen" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>mALggIhdtKIXoWyCYhSOusfxrhIDDOoMrDa7fdzhthQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GQdkT9yyxBJ0fOQMsFvhIex9IMCCxEoR1LO28F6Q2XP59/qddd8JIHXsHGBfZUcaAUCvRNOGnwnhlfAgs5RoL6m2VGNhBGo24Tu3tBjEQJdL1X1xzK9+pHM67Bgc2OekXviNRrlv97NSRNPpDVAhDEriF7Mq5Pa9oz88OshnxCzyhXTjKIhDUfcPTfN9x+NX1EfBfcgFhkIa8gaz9QP2am6n9NKlAgnDI8AruWkqaMiQLZvPCLqYVOSkTKobd4xGVVd+Wr7aomEiZ0LtQREstgiH+dLMr+DHMSniWDdRzP/iINLjXfuFnG9+MV+o943MuMkzodsyMp/Di/xXzPOtbg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-96940D73D32987C15214870649588808">
<wsse:SecurityTokenReference wsu:ID="STR-96940D73D32987C15214870649588809">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>...</ds:X509IssuerName>
<ds:X509SerialNumber>...</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</s:Header>
<s:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-5">...</s:Body>