WCF 서명 비누 메시지 확인
-
19-09-2019 - |
문제
비누 메시지 타임 스탬프와 본체를 확인하는 데 문제가 있습니다.
코드를 작성하기 전에 직접 확인하려고하는 코드를 작성하려고합니다. 타임 스탬프를 확인하기위한 단계입니다.
1) 타임 스탬프 태그를 추출하고 중고 네임 스페이스를 추가하여 파일에 씁니다.
<u:Timestamp u:Id="uuid-cd1febd3-a76a-4148-8a3e-367aee62293d-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<u:Created>2009-11-11T17:37:49.000Z</u:Created>
<u:Expires>2009-11-11T17:42:49.000Z</u:Expires>
</u:Timestamp>
2) xmllint를 사용하여 정식화하십시오
xmllint --exc-c14n timestamp.xml > timestamp.ext-c14n.xml
3) OpensSL을 사용하여 파일의 SHA-1 다이제스트를 얻으십시오.
openssl sha1 timestamp.ext-c14n.xml
4) uudecode베이스 64 DigestValue TimeStamp Reference (jgzkqcnltnufbdpofn19lsykhts =)의 HEX 편집기와 함께 열립니다.
5) 이진의 이진 값 DigestValue 표준화 된 XML 조각의 SHA1과 다릅니다.
내가 뭘 잘못하고 있죠?
다음은 전체 비누 요청입니다.
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="uuid-cd1febd3-a76a-4148-8a3e-367aee62293d-1">
<u:Created>2009-11-11T17:37:49.000Z</u:Created>
<u:Expires>2009-11-11T17:42:49.000Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" u:Id="uuid-ff111e4e-b184-493f-a3a7-1cb85013440a-2">MIIB/TCCAWagAwIBAgIQx9PrVMJZiohOMYoubtFJ4jANBgkqhkiG9w0BAQQFADAVMRMwEQYDVQQDEwpSb290Q0FUZXN0MB4XDTA5MTEwNTE1NTAzN1oXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOdGVtcENlcnRDbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPXXm8nHsKY7jDaAJ2MVtgj0vd15D4kAFCVrflAGCBDGxku1zVGgTppv8n7i2nJLoXkMpi4HSj9+ci78YMQOKeRq0uIN3AV39hQbjjf5RkV7QY0PYprKYcVKZrWa/LYesI4jYz+ULDnpF7Q2Euk2XFYVLTWPaWU/Zys9K1wNT/n/AgMBAAGjSjBIMEYGA1UdAQQ/MD2AEHNg0Im3hcyQVTxOx1KtRZmhFzAVMRMwEQYDVQQDEwpSb290Q0FUZXN0ghDPzOoIMA8Rkkur9od1bScFMA0GCSqGSIb3DQEBBAUAA4GBAHeTK0GedKo51ZplEfAL+7+NqU5YL9yPhyGqeMUtNBJBJUdbXfvKMZNN+wMHG72boM0HV9jiSKgdjdFDaQ5cLrpLMc48wPs+PPK4KCZynQ/qBCj91w8Vvsprk4EwjGKROGeFhq8FOO8nwukKj1dMCZWELqOPutHjAKgtKpYu4zyt</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>GFOHIzFb+GV4fj8/sGWx2J5U7ag=</DigestValue>
</Reference>
<Reference URI="#uuid-cd1febd3-a76a-4148-8a3e-367aee62293d-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>jGZkqCNLTnUfbdpoFn19LSYkhts=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Q6TsGUPlgzfvoh4obnpwTIM5+rG/MynC4Pr8DDkpsClkUBM4+VrR0i7bHdM51779lbLzqj01W1H3GfNehVKxwAi0c0aAKlcVUm0i3PeA2NzmdTPRHy6tHmX2yyLC5TDjhA+jmqRoU/VlWhShD7Komm/9zsyDhQKF4M92rPUo0To=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="#uuid-ff111e4e-b184-493f-a3a7-1cb85013440a-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<sayHello xmlns="urn:iPhone.Server"></sayHello>
</s:Body>
</s:Envelope>
해결책
태그와 다이제스트 사이의 모든 선 파단과 공백을 제거했습니다. 사용하기에 올바른 XML은 다음과 같습니다.
<u:Timestamp u:Id="uuid-cd1febd3-a76a-4148-8a3e-367aee62293d-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><u:Created>2009-11-11T17:37:49.000Z</u:Created><u:Expires>2009-11-11T17:42:49.000Z</u:Expires></u:Timestamp>
제휴하지 않습니다 StackOverflow