6

Buenas, necesito firmar un mensaje SOAP con un certificado X509 en C#, necesito que el XML resultante tenga la siguiente estructura. ¿como puedo lograrlo? 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Header>
        <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Timestamp wsu:Id="timestamp">
                <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-04-22T18:10:01.543Z</wsu:Created>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-2708-1461348601986-569898">
              MIIC6DCCAdCgAwIBAgIIMvq+uxvaKXMwDQYJKoZIhvcNAQEFBQAwLzESMBAGA1UEAwwJRE5BUm9v
                Jn+VKd/XzA==
            </wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod>
                    <ds:Reference URI="#element-2707-1461348601546-28112081" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
                        <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">+JOeYUPdt97cFSyjvUR+OZr7j0M=
                        </ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
                        <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">vIx0BeotF3elLws+7FWxeUfYPp4=
                        </ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    H8xGtzwpodCCBzP/I4D/fastXGZxflOUpbjvNu8MGdBxkwPlpJdtx5EDwigvahy9iOgkxtSCMDUf
                    Qf9DyuGYITRuAvXxodjreopo74f/WrXbK+uoyt/LKVSmIXnzHBzLrBfTWhrOL8AAK0pn+QXlbTrp
                    b2Sa7CI0m3QEbCtQjLk=
                </ds:SignatureValue>
                <ds:KeyInfo>
                    <wsse:SecurityTokenReference wsu:Id="reference-2709-1461348601986-15273600" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:Reference URI="#token-2708-1461348601986-569898" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </env:Header>
    <env:Body wsu:Id="element-2707-1461348601546-28112081" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <ns1:ingresoDeposito xmlns:ns1="http://aduana.gov.py/webservices">
            <DATO />
        </ns1:ingresoDeposito>
    </env:Body>
</env:Envelope>
Martyny
  • 61
  • 3

1 Answers1

2

Puedes utilizar este código para firmar el mensaje SOAP:

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;

using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Design;
using Microsoft.Web.Services3.Security;
using Microsoft.Web.Services3.Security.Tokens;




    ...



        public override void SecureMessage(SoapEnvelope envelope, Security security)
        {
            X509SecurityToken signatureToken = GetSecurityToken("CN=WSE2QuickStartClient");
            if (signatureToken == null)
            {
                throw new SecurityFault("Message Requirements could not be satisfied.");
            }

            // Add the security token.                
            security.Tokens.Add(signatureToken);
            // Specify the security token to sign the message with.
            MessageSignature sig = new MessageSignature(signatureToken);

            security.Elements.Add(sig);

        }
        public X509SecurityToken GetSecurityToken(string subjectName)
        {
            X509SecurityToken securityToken = null;
            X509Store store = new X509Store(StoreName.My,
              StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            try
            {
                X509Certificate2Collection certs =
                    store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
                    subjectName, false);

                X509Certificate2 cert;
                if (certs.Count == 1)
                {
                    cert = certs[0];
                    securityToken = new X509SecurityToken(cert);
                }
                else
                    securityToken = null;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
            finally
            {
                if (store != null)
                    store.Close();
            }
            return securityToken;
        }

De hecho, la información se encuentra dentro del MSDN, en inglés únicamente. Puedes verla aquí.

Christian Amado
  • 672
  • 3
  • 12
  • Y no se podría hacer con alguna configuración en el webconfig? ya que se genera el cliente WCF, indicarle certificado y SOAP1.0 – Alejandro L. Aug 21 '20 at 12:38