Я хотел бы создать следующий мыльный конверт с Microsoft WCF:
1 <?xml version="1.0" encoding="UTF-8"?>
2 <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
3 <soap:Header>
4 <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
5 <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-EF9E775D18F33FC3B413229472963674">
6 <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
7 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
8 <wsse:SecurityTokenReference>
9 <ds:X509Data>
10 <ds:X509IssuerSerial>
11 <ds:X509IssuerName>CN=My Credentials,OU=Dev,O=Bho,L=GENOA,ST=MP,C=IN</ds:X509IssuerName>
12 <ds:X509SerialNumber>1245003019</ds:X509SerialNumber>
13 </ds:X509IssuerSerial>
14 </ds:X509Data>
15 </wsse:SecurityTokenReference>
16 </ds:KeyInfo>
17 <xenc:CipherData>
18 <xenc:CipherValue>Chs0wrV2jZKtlLInNiZxdY/qE9L8n12HHcg/++MXLY/2Tmm2PUmheoVznzzN6EhfCLRyevGyAbb/vaBmj1fu71qKjA8M7j9kuCvfF8K9gAw/xIiP7XzHLOodNp0sUr0l8clWwnXuVN/Waqycplnamh5sqYfhymgSHakchzWwCj4=</xenc:CipherValue>
19 </xenc:CipherData>
20 <xenc:ReferenceList>
21 <xenc:DataReference URI="#ED-5"/>
22 </xenc:ReferenceList>
23 </xenc:EncryptedKey>
24 <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-EF9E775D18F33FC3B413229472961071">MIIC...oNhK</wsse:BinarySecurityToken>
25 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-4">
26 <ds:SignedInfo>
27 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
28 <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
29 </ds:CanonicalizationMethod>
30 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
31 <ds:Reference URI="#id-3">
32 <ds:Transforms>
33 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
34 <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
35 </ds:Transform>
36 </ds:Transforms>
37 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
38 <ds:DigestValue>mr4fnTQmBvqr6fMij0Z2zQJo37E=</ds:DigestValue>
39 </ds:Reference>
40 </ds:SignedInfo>
41 <ds:SignatureValue>DBhppI5G5LjZ54On3C8T/Ih1Mtr8xmSsDEeAufR19IEN9wcC6KGbrwES2qz+/VlS/H4fYHSG/NIcAAkC5U8wvIXBIFW0is+dB0drxTAPVPsEdnNzAw4ASn+YKAiGigS4tjYh6XB5hD30f8cqeqgWtcOUDhmnZm7/RYiBgP/Sq0A=</ds:SignatureValue>
42 <ds:KeyInfo Id="KI-EF9E775D18F33FC3B413229472961332">
43 <wsse:SecurityTokenReference wsu:Id="STR-EF9E775D18F33FC3B413229472961353">
44 <wsse:Reference URI="#X509-EF9E775D18F33FC3B413229472961071" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
45 </wsse:SecurityTokenReference>
46 </ds:KeyInfo>
47 </ds:Signature>
48 <wsu:Timestamp wsu:Id="TS-2">
49 <wsu:Created>2011-12-03T21:21:36.078Z</wsu:Created>
50 <wsu:Expires>2011-12-03T21:26:36.078Z</wsu:Expires>
51 </wsu:Timestamp>
52 <wsse:UsernameToken wsu:Id="UsernameToken-1">
53 <wsse:Username>guest</wsse:Username>
54 <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">server4ever!</wsse:Password>
55 </wsse:UsernameToken>
56 </wsse:Security>
57 </soap:Header>
58 <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3">
59 <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-5" Type="http://www.w3.org/2001/04/xmlenc#Content">
60 <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
61 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
62 <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
63 <wsse:Reference URI="#EK-EF9E775D18F33FC3B413229472963674"/>
64 </wsse:SecurityTokenReference>
65 </ds:KeyInfo>
66 <xenc:CipherData>
67 <xenc:CipherValue>m6rsQY6QDFGv...PkA==</xenc:CipherValue>
68 </xenc:CipherData>
69 </xenc:EncryptedData>
70 </soap:Body>
71 </soap:Envelope>
, но в настоящее время я получаю следующее
1 <?xml version="1.0" encoding="UTF-8"?>
2 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
3 <s:Header>
4 <a:Action s:mustUnderstand="1" u:Id="_3"/>
5 <a:MessageID u:Id="_4">urn:uuid:8700ee6f-101c-4f7f-98f2-7986fa515d53</a:MessageID>
6 <a:ReplyTo u:Id="_5">
7 <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
8 </a:ReplyTo>
9 <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPoyW9WCcF/zJBuWJeZQx7QKYAAAAA4/DPIUuF2ki0TJ2KedPjl8ET1ZUp7wxGj1ybKePCM5EACQAA</VsDebuggerCausalityData>
10 <a:To s:mustUnderstand="1" u:Id="_6">http://10.0.1.68:8160/Persistence</a:To>
11 <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
12 <u:Timestamp u:Id="uuid-96ce6386-3c30-4640-a167-c805ca1d2c0d-1">
13 <u:Created>2011-12-05T07:22:32.384Z</u:Created>
14 <u:Expires>2011-12-05T07:27:32.384Z</u:Expires>
15 </u:Timestamp>
16 <o:BinarySecurityToken u:Id="uuid-9696a4a0-2302-4f57-8585-eb51caeb423b-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MII...oNhK</o:BinarySecurityToken>
17 <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#" Id="_0">
18 <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
19 <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
20 </e:EncryptionMethod>
21 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
22 <o:SecurityTokenReference>
23 <X509Data>
24 <X509IssuerSerial>
25 <X509IssuerName>CN=Babbo Natale, OU=Dev, O=..., L=Genoa, S=MP, C=IN</X509IssuerName>
26 <X509SerialNumber>1245003015</X509SerialNumber>
27 </X509IssuerSerial>
28 </X509Data>
29 </o:SecurityTokenReference>
30 </KeyInfo>
31 <e:CipherData>
32 <e:CipherValue>ea...NQ=</e:CipherValue>
33 </e:CipherData>
34 <e:ReferenceList>
35 <e:DataReference URI="#_2"/>
36 </e:ReferenceList>
37 </e:EncryptedKey>
38 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
39 <SignedInfo>
40 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
41 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
42 <Reference URI="#_1">
43 <Transforms>
44 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
45 </Transforms>
46 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
47 <DigestValue>RhzTIgxGW8WJEsenp18kgkQ1ZTg=</DigestValue>
48 </Reference>
49 <Reference URI="#_3">
50 <Transforms>
51 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
52 </Transforms>
53 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
54 <DigestValue>DonC3xMPywpTOjov235wsJMaMcQ=</DigestValue>
55 </Reference>
56 <Reference URI="#_4">
57 <Transforms>
58 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
59 </Transforms>
60 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
61 <DigestValue>huo5cRdMWOMdDZ9SyjqA4rsmNWY=</DigestValue>
62 </Reference>
63 <Reference URI="#_5">
64 <Transforms>
65 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
66 </Transforms>
67 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
68 <DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue>
69 </Reference>
70 <Reference URI="#_6">
71 <Transforms>
72 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
73 </Transforms>
74 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
75 <DigestValue>E67eSmi27vowd7GQdZsWXchWrds=</DigestValue>
76 </Reference>
77 <Reference URI="#uuid-96ce6386-3c30-4640-a167-c805ca1d2c0d-1">
78 <Transforms>
79 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
80 </Transforms>
81 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
82 <DigestValue>3wc3KUKssReS/ZGlGvmdReDFDOk=</DigestValue>
83 </Reference>
84 </SignedInfo>
85 <SignatureValue>RK0...a6U=</SignatureValue>
86 <KeyInfo>
87 <o:SecurityTokenReference>
88 <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-9696a4a0-2302-4f57-8585-eb51caeb423b-2"/>
89 </o:SecurityTokenReference>
90 </KeyInfo>
91 </Signature>
92 </o:Security>
93 </s:Header>
94 <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" u:Id="_1">
95 <e:EncryptedData xmlns:e="http://www.w3.org/2001/04/xmlenc#" Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content">
96 <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
97 <e:CipherData>
98 <e:CipherValue>6TQ...O6M=</e:CipherValue>
99 </e:CipherData>
100 </e:EncryptedData>
101 </s:Body>
102 </s:Envelope>
, где код на стороне клиента:
X509Certificate2 client_pk, server_cert;
client_pk = new X509Certificate2(@"C:\x509\clientPFX.pfx", "storepassword");
server_cert = new X509Certificate2(@"C:\x509\server-cert.pem", "storepassword");
// Create the binding
AsymmetricSecurityBindingElement abe =
(AsymmetricSecurityBindingElement)SecurityBindingElement.
CreateMutualCertificateBindingElement(
MessageSecurityVersion.
WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
abe.SetKeyDerivation(false);
X509SecurityTokenParameters istp =
abe.InitiatorTokenParameters as X509SecurityTokenParameters;
if (istp != null){
istp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
}
X509SecurityTokenParameters rstp =
abe.RecipientTokenParameters as X509SecurityTokenParameters;
if (rstp != null){
rstp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
}
HttpTransportBindingElement transport = new HttpTransportBindingElement();
abe.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
abe.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;
abe.RequireSignatureConfirmation = false;
abe.EnableUnsecuredResponse = true;
Binding myBinding = new CustomBinding(abe, transport);
// Create the endpoint address.
EndpointAddress ea =
new EndpointAddress(new Uri("http://10.0.1.68:8160/Persistence"), EndpointIdentity.CreateDnsIdentity("Babbo Natale"));
// Create the client.
PersistenceClient client = new PersistenceClient(myBinding, ea);
// Specify a certificate to use for authenticating the client.
client.ClientCredentials.ClientCertificate.Certificate = client_pk;
// Specify a default certificate for the service.
client.ClientCredentials.ServiceCertificate.DefaultCertificate = server_cert;
Console.WriteLine("encrypting with {0}" + client.ClientCredentials.ServiceCertificate.DefaultCertificate.SignatureAlgorithm);
// Test only
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
// Begin using the client.
try
{
client.Open();
clientProxySubscription[] response = client.GetAllSubscriptions();
Не могли бы вы подсказать, как убедить WCF изготовить конверт, который мне нужен?
Большое спасибо и извините за довольно длинный вопрос.