如何签署自定义的肥皂标题?
时间:2020-03-06 14:54:56 来源:igfitidea点击:
我在<soap:Header>元素中添加了一个自定义的肥皂标头<MyApp:FOO>元素,并且要求指出我必须对此元素进行签名,该怎么做?
<MyApp:FOO>包含许多东西(用户名,首选项等),这些东西可以识别更高级别的用户。
我已经成功使用了策略文件,现在使用带有CertificateAssertions和SoapFilters的policyClass对wsu:Timestamp,wsu:action,wsu:MessageId等进行签名。但是现在,<MyApp:FOO>元素也需要进行签名。
我到目前为止所了解的是,必须使用wsu:Id属性来标识需要签名的元素,然后使用xml-exc-c14n对其进行转换。
那么,如何指定soap标头也要签名?
这是我用来签名消息的当前类。
internal class FOOClientOutFilter: SendSecurityFilter
{
X509SecurityToken clientToken;
public FOOClientOutFilter(SSEKCertificateAssertion parentAssertion)
: base(parentAssertion.ServiceActor, true)
{
// Get the client security token.
clientToken = X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=TestClientCert");
// Get the server security token.
serverToken = X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=TestServerCert");
}
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);
security.Elements.Add(new MessageSignature(clientToken));
}
}
解决方案
我当前的SecureMessage版本似乎可以解决问题。
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
//EncryptedData data = new EncryptedData(userToken);
SignatureReference ssekSignature = new SignatureReference();
MessageSignature signature = new MessageSignature(clientToken);
// encrypt custom headers
for (int index = 0; index < envelope.Header.ChildNodes.Count; index++)
{
XmlElement child =
envelope.Header.ChildNodes[index] as XmlElement;
// find all FOO headers
if (child != null && child.Name == "FOO")
{
string id = Guid.NewGuid().ToString();
child.SetAttribute("Id", "http://docs.oasis-" +
"open.org/wss/2004/01/oasis-200401-" +
"wss-wssecurity-utility-1.0.xsd", id);
signature.AddReference(new SignatureReference("#" + id));
}
}
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);
security.Elements.Add(signature);
}
包括来自MSDN的补充文章
如何:将Id属性添加到SOAP标头
如何:对自定义SOAP标头进行数字签名
