Я пытаюсь подписать xml с SecurityTokenReference для отправки его в службу ibm datapower, но когда я отправляю, он возвращает пустой сертификат или ошибку, когда я отправляю из SOAPUI, DataPower получает нормально
I ' Я пробовал много времени с различными типами, такими как: BinarySecurityToken, SecurityTokenReference ... но я всегда получаю ту же ошибку, пожалуйста, помогите мне.
Исправить xml:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://www.example.org/ServiciosAdministrativosCodensa"
xmlns:met="http://www.colpatria.com/services/metadata">
<soapenv:Header>
<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:Signature Id="SIG-CFB8CEFD4DE1135138158023563139463"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="met ser soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-CFB8CEFD4DE1135138158023563139462">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="met ser"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>d4ThIYDCXlPoN6kGvXq+Ntf/XKQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>0Ph8zgWSDbWaEkczeu3RbpYmivkWSvzjjqqoUW91JnTR0NuyZhWisLTddbJvvY3xQzmjHuIVL1wW IXjIatJwMgAERjK48EjPXrr+MuMWzo2vAPmA04p2TWiF7vzFCI7pWgWzLk2D2oEx/bn3Xr4wQ2dm l00uT5Cj3B79UIRdTc76s60GBW/7ZOuFySbDywTxjXz1bNArKbS81EZXZH+jw0jk2Esf0wAHSF9u 2VCUeQvPAISKAMsx116bPT3+ReDX4b8XDTvfM1I7pnMZ9broV2adBG3nMW6FTucDEl2oJpfb7y0N CAE38EJjfdmfF/tRUHdmVGzHu8evWgqL9OgkXg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-CFB8CEFD4DE1135138158023563139460">
<wsse:SecurityTokenReference wsu:Id="STR-CFB8CEFD4DE1135138158023563139461">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">0+fjoRhUswYnp4F6biToxgrgnAg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-CFB8CEFD4DE1135138158023563139462"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ser:activacionTarjetasRequest>
<met:requestHeader>
<met:esbHeader>
<met:transactionId>350278742945543</met:transactionId>
<met:serviceCode>RBMCARD1</met:serviceCode>
<met:operationCode>Update</met:operationCode>
<met:requestUser>PARRAJOH</met:requestUser>
<met:requestSystem>GBM</met:requestSystem>
<met:channel>GBM</met:channel>
<met:host>10.236.224.50</met:host>
<met:executionMode>U</met:executionMode>
<met:operationCountry>057</met:operationCountry>
<met:operationBank>Colpatria</met:operationBank>
<met:transactionDate>2020-01-28</met:transactionDate>
<met:transactionTime>13:20:31</met:transactionTime>
<met:officeCode>9</met:officeCode>
<met:numberPages>01</met:numberPages>
<met:totalPages>01</met:totalPages>
<met:institutionCode>019</met:institutionCode>
<met:usernameToken>
<met:userName>testColDensa</met:userName>
<met:password>w5jgTS26eU</met:password>
</met:usernameToken>
</met:esbHeader>
</met:requestHeader>
<ser:parteFija>
<ser:codAplicacion>25</ser:codAplicacion>
<ser:codTerminal>235-55126-6</ser:codTerminal>
<ser:codEstablecimiento>019</ser:codEstablecimiento>
<ser:fecTransaccion>20190904</ser:fecTransaccion>
<ser:horTransaccion>105523</ser:horTransaccion>
<ser:dispositivo>INTERNET</ser:dispositivo>
<ser:nroAuditoria>123605</ser:nroAuditoria>
<ser:consecutivo>1069735</ser:consecutivo>
<ser:tipTransaccion>NORMAL</ser:tipTransaccion>
<ser:trackII>
<ser:nroCuentaPrimaria>0316552636556352</ser:nroCuentaPrimaria>
<ser:fecVencimiento>0905</ser:fecVencimiento>
<ser:codServicio>562</ser:codServicio>
<ser:campoVerificacionPIN>01234</ser:campoVerificacionPIN>
<ser:cardVerificationCode>2</ser:cardVerificationCode>
</ser:trackII>
</ser:parteFija>
</ser:activacionTarjetasRequest>
</soapenv:Body>
</soapenv:Envelope>
my xml:
<soapenv:Envelope xmlns:ser="http://www.example.org/ServiciosAdministrativosCodensa"
xmlns:met="http://www.colpatria.com/services/metadata"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subjectwsse:KeyIdentifier">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="met ser soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-C758EA542CABFF8A3C158014740919829">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="met ser"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>hALHAC9T8wWZ6+5b9JFAWFwqdKc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JHFeMOqW9hqGEgS2gtTlJiRqQfxsd5z88mC0qzOZKtw8/aEdDWBEZU7jwEwUYwym4kgbK8kXrTCfwdT8TFpYy6NEo8Yi3wlQtC3R4buCcVreeSeWRBe9dpDw6loLPR0VsU3qFeO+3NUFMsOG49jzG37DqQVSn/6tz7Ojh7t3zTQY9wWRJdrK2iAbf04+qmNK+ATKWpOEm/waJv4GNT0pQCELQQtJqQj2t6XhPR9LwYJMOcFvB3wpJ0cKjaJ8pUCLYT2WUofNZBrelMUVgQrYrWAJ/q1GYYqfFv1vcdjmja77Q11zH6I55sZPBDJ2vLpDJlmf8YBHcII2zUS5Qs61Tw==</ds:SignatureValue>
<ds:KeyInfo Id="KI-C758EA542CABFF8A3C158014740919527">
<wsse:SecurityTokenReference wsu:Id="STR-C758EA542CABFF8A3C158014740919528"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">0+fjoRhUswYnp4F6biToxgrgnAg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-C758EA542CABFF8A3C158014740919829"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ser:activacionTarjetasRequest>
<met:requestHeader>
<met:esbHeader>
<met:transactionId>100360</met:transactionId>
<met:serviceCode>CRTPINES1</met:serviceCode>
<met:operationCode>Update</met:operationCode>
<met:requestUser>PARRAJOH</met:requestUser>
<met:requestSystem>GBM</met:requestSystem>
<met:channel>GBM</met:channel>
<met:host>10.236.125.242</met:host>
<met:executionMode>U</met:executionMode>
<met:operationCountry>057</met:operationCountry>
<met:operationBank>Colpatria</met:operationBank>
<met:transactionDate>2020-01-30</met:transactionDate>
<met:transactionTime>11:54:58</met:transactionTime>
<met:officeCode>9</met:officeCode>
<met:numberPages>01</met:numberPages>
<met:totalPages>01</met:totalPages>
<met:institutionCode>19</met:institutionCode>
<met:usernameToken />
</met:esbHeader>
</met:requestHeader>
<ser:parteFija>
<ser:codAplicacion>QE</ser:codAplicacion>
<ser:codTerminal>235-55126-D</ser:codTerminal>
<ser:codEstablecimiento>02167306040</ser:codEstablecimiento>
<ser:fecTransaccion>20200130</ser:fecTransaccion>
<ser:horTransaccion>115456</ser:horTransaccion>
<ser:dispositivo>INTERNET</ser:dispositivo>
<ser:nroAuditoria>013422</ser:nroAuditoria>
<ser:consecutivo>000000013422</ser:consecutivo>
<ser:tipTransaccion>NORMAL</ser:tipTransaccion>
<ser:trackII>
<ser:nroCuentaPrimaria>5907120600037112</ser:nroCuentaPrimaria>
<ser:fecVencimiento>1020</ser:fecVencimiento>
<ser:codServicio>562</ser:codServicio>
<ser:campoVerificacionPIN>00000</ser:campoVerificacionPIN>
<ser:cardVerificationCode>0</ser:cardVerificationCode>
</ser:trackII>
</ser:parteFija>
</ser:activacionTarjetasRequest>
</soapenv:Body>
и мой код:
public static string SignXml(XmlDocument xmlDoc)
{
xmlDoc.PreserveWhitespace = false;
XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable);
ns.AddNamespace("soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
X509Certificate2 cert = GetCertificateBySubject("WSRBM_CFacil_Firma_IIS_DP_dev");
// Create a SignedXml object.
CustomSignedXml signedXml = new CustomSignedXml(xmlDoc);
RSACryptoServiceProvider rsaKey2 = (RSACryptoServiceProvider)cert.PrivateKey;
signedXml.SigningKey = rsaKey2;
// Specify a canonicalization method.
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// Set the InclusiveNamespacesPrefixList property.
XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
canMethod.InclusiveNamespacesPrefixList = "met ser soapenv";
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "#id-C758EA542CABFF8A3C158014740919829";
reference.Type = "";
string referenceDigestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
reference.DigestMethod = referenceDigestMethod;
XmlDsigExcC14NTransform c14n = new XmlDsigExcC14NTransform();
c14n.InclusiveNamespacesPrefixList = "met ser";
reference.AddTransform(c14n);
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data kdata = new KeyInfoX509Data(cert);
X509ExtensionCollection extensions = cert.Extensions;
SecurityTokenReference skr = new SecurityTokenReference();
skr.Id = "STR-C758EA542CABFF8A3C158014740919528";
foreach (X509Extension extension in extensions)
if (extension.Oid.Value == "2.5.29.14")
{ // OID for SKI extension
X509SubjectKeyIdentifierExtension skiT = extension as X509SubjectKeyIdentifierExtension;
if (skiT != null)
{
kdata.AddSubjectKeyId(skiT.SubjectKeyIdentifier);
skr.KeyIdentifier = new KeyIdentifier(Convert.ToBase64String((byte[])kdata.SubjectKeyIds[0]));
break;
}
}
skr.ValueType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
keyInfo.Id = "KI-C758EA542CABFF8A3C158014740919527";
keyInfo.AddClause(skr);
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature("ds");
XmlElement xmlDigitalSignature = signedXml.GetXml("ds");
XmlElement root = (XmlElement)xmlDoc.DocumentElement;
root = setPrefix(root, "soapenv:Security", "wsse");
root = setAttr(root, "wsse:Security", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
root = setAttr(root, "wsse:Security", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subjectwsse:KeyIdentifier");
//xmlDigitalSignature = setAttr(xmlDigitalSignature, "ds:Signature", "id", "SIG-C758EA542CABFF8A3C158014740919830");
//var export = cert.Export(X509ContentType.Cert, ConfigurationManager.AppSettings["claveP12yCer"]);
//var base64 = Convert.ToBase64String(export);
root.GetElementsByTagName("wsse:Security")[0].AppendChild(xmlDigitalSignature);
return root.OuterXml;
}
спасибо.