You’re offline. This is a read only version of the page.
Hi,
i must consume a Webservice where the Soap Request must have a signed BinarySecurityToken and the KeyInfo must be in following Format:
<ds:KeyInfo Id="KeyId-AF69D5714A03B66EEA146183039572920"> <wsse:SecurityTokenReference wsu:Id="STRId-AF69D5714A03B66EEA146183039572921" xmlns:wsu="docs.oasis-open.org/.../oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Reference ValueType="docs.oasis-open.org/.../oasis-200401-wss-x509-token-profile- 1.0#X509v3" URI="#CertId-AF69D5714A03B66EEA146183039572919"/></wsse:SecurityTokenReference> </ds:KeyInfo>
After creating the reference to the webservice from visual studio 2010 and adding to the AOT of Dynamics Ax, using the following code to create a customBinding, I can get a similar request, but I think I need to refer to the token in the keyInfo section. I do not see how to get it.
Share
Report//Load the PEM file into a string and call the method above to get the bytes that represent the certificate.
new InteropPermission(InteropKind::ClrInterop).assert();
streamReader = new System.IO.StreamReader(_pemFile);
pem = streamReader.ReadToEnd();
certBuffer = this.GetBytesFromPEM( pem, #CertSection );
CodeAccessPermission::revertAssert();
//Certificado del cliente(Serkonten)
X509CertificateInitiatorClientCredential = clientCredentials.get_ClientCertificate();
X509CertificateInitiatorClientCredential.SetCertificate(certificateSubject,
System.Security.Cryptography.X509Certificates.StoreLocation::LocalMachine,
System.Security.Cryptography.X509Certificates.StoreName::My);
//X509CertificateInitiatorClientCredential.set_Certificate(X509CertificateInitiatorClientCredential.get_Certificate());
//Certificado del servicio (Clave pública para firma en los SOAP del servicio proveedor)
X509CertificateRecipientClientCredential = clientCredentials.get_ServiceCertificate();
X509ServiceCertificateAuthentication = X509CertificateRecipientClientCredential.get_Authentication();
X509ServiceCertificateAuthentication.set_CertificateValidationMode(System.ServiceModel.Security.X509CertificateValidationMode::None);
X509CertificateRecipientClientCredential.set_DefaultCertificate(new System.Security.Cryptography.X509Certificates.X509Certificate2(certBuffer));
addressHeaderCollection = new System.ServiceModel.Channels.AddressHeaderCollection();
endpointIdentity = System.ServiceModel.EndpointIdentity::CreateDnsIdentity(endpointIdentityDNS);
endpointAddress = new System.ServiceModel.EndpointAddress(new System.Uri(endPointAddressUri),endpointIdentity,addressHeaderCollection);
endPoint = proxyPortClient.get_Endpoint();
endPoint.set_Address(endPointAddress);
X509CertificateInitiatorClientCredential = clientCredentials.get_ClientCertificate();
X509Certificate2 = X509CertificateInitiatorClientCredential.get_Certificate();
X509SecurityToken = new System.IdentityModel.Tokens.X509SecurityToken(X509Certificate2);
X509SecurityTokenParameters2 = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters();
X509SecurityTokenParameters2.set_InclusionMode(System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode::Never);
X509SecurityTokenParameters2.set_RequireDerivedKeys(false);
X509SecurityTokenParameters2.set_X509ReferenceStyle(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType::Any);
X509SecurityTokenParameters2.set_ReferenceStyle(System.ServiceModel.Security.Tokens.SecurityTokenReferenceStyle::Internal);
X509SecurityTokenParameters3 = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters();
X509SecurityTokenParameters3.set_InclusionMode(System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode::Never);
X509SecurityTokenParameters3.set_RequireDerivedKeys(false);
X509SecurityTokenParameters3.set_X509ReferenceStyle(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType::Any);
X509SecurityTokenParameters3.set_ReferenceStyle(System.ServiceModel.Security.Tokens.SecurityTokenReferenceStyle::Internal);
//messageSecurityVersion = System.ServiceModel.MessageSecurityVersion::get_WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10();
//messageSecurityVersion = System.ServiceModel.MessageSecurityVersion::get_WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10();
messageSecurityVersion = System.ServiceModel.MessageSecurityVersion::get_WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10();
//Body signing
aSymmetricSecurityBindingElement = System.ServiceModel.Channels.SecurityBindingElement::CreateMutualCertificateDuplexBindingElement(messageSecurityVersion);
//aSymmetricSecurityBindingElement = new System.ServiceModel.Channels.AsymmetricSecurityBindingElement();
aSymmetricSecurityBindingElement.set_InitiatorTokenParameters(X509SecurityTokenParameters2);
aSymmetricSecurityBindingElement.set_RecipientTokenParameters(X509SecurityTokenParameters3);
aSymmetricSecurityBindingElement.set_MessageSecurityVersion(messageSecurityVersion);
//aSymmetricSecurityBindingElement.set_DefaultAlgorithmSuite(System.ServiceModel.Security.SecurityAlgorithmSuite::get_Basic128Rsa15());
aSymmetricSecurityBindingElement.set_DefaultAlgorithmSuite(System.ServiceModel.Security.SecurityAlgorithmSuite::get_TripleDesRsa15());
aSymmetricSecurityBindingElement.set_MessageProtectionOrder(System.ServiceModel.Security.MessageProtectionOrder::SignBeforeEncrypt);
aSymmetricSecurityBindingElement.SetKeyDerivation(false);
aSymmetricSecurityBindingElement.set_AllowSerializedSigningTokenOnReply(true);
aSymmetricSecurityBindingElement.set_SecurityHeaderLayout(System.ServiceModel.Channels.SecurityHeaderLayout::LaxTimestampLast);
aSymmetricSecurityBindingElement.set_EnableUnsecuredResponse(true);
aSymmetricSecurityBindingElement.set_IncludeTimestamp(true);
aSymmetricSecurityBindingElement.set_ProtectTokens(false);
aSymmetricSecurityBindingElement.set_KeyEntropyMode(System.ServiceModel.Security.SecurityKeyEntropyMode::ClientEntropy);
//aSymmetricSecurityBindingElement.set_RequireSignatureConfirmation(true);
// Firma token begin
X509SecurityTokenParameters1 = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters();
X509SecurityTokenParameters1.set_InclusionMode(System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode::AlwaysToRecipient);
X509SecurityTokenParameters1.set_RequireDerivedKeys(false);
X509SecurityTokenParameters1.set_X509ReferenceStyle(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType::Any);
X509SecurityTokenParameters1.set_ReferenceStyle(System.ServiceModel.Security.Tokens.SecurityTokenReferenceStyle::Internal);
supportingTokenParameters = aSymmetricSecurityBindingElement.get_EndpointSupportingTokenParameters();
supportingTokenParameters.SetKeyDerivation(false);
collectionBase = supportingTokenParameters.get_Signed();
//supportingTokenParameters.get_Signed().Add(X509SecurityTokenParameters1);
collectionBase.Add(X509SecurityTokenParameters1);
//collectionBase.Add(X509SecurityToken);
// Firma token end
//Setup for SOAP 11 and UTF8 Encoding
messageVersion = System.ServiceModel.Channels.MessageVersion::CreateVersion(System.ServiceModel.EnvelopeVersion::get_Soap11(),
System.ServiceModel.Channels.AddressingVersion::get_None());
textMessageEncodingBindingElement = new System.ServiceModel.Channels.TextMessageEncodingBindingElement(messageVersion,System.Text.Encoding::get_UTF8());
//HTTPS Transport
httpsTransportBindingElement = new System.ServiceModel.Channels.HttpsTransportBindingElement();
httpsTransportBindingElement.set_MaxBufferSize(5000000);
httpsTransportBindingElement.set_MaxReceivedMessageSize(5000000);
httpsTransportBindingElement.set_RequireClientCertificate(true);
//Bind in order (Security layer, message layer, transport layer)
bindingElementCollection = new System.ServiceModel.Channels.BindingElementCollection();
//customBinding = new System.ServiceModel.Channels.CustomBinding(bindingElementCollection);
//customBinding = new System.ServiceModel.Channels.CustomBinding();
//bindingElementCollection = customBinding.CreateBindingElements();
bindingElementCollection.Add(aSymmetricSecurityBindingElement);
bindingElementCollection.Add(textMessageEncodingBindingElement);
bindingElementCollection.Add(httpsTransportBindingElement);
//Setup custom binding with HTTPS + Body Signing + Soap1.1
customBinding = new System.ServiceModel.Channels.CustomBinding(bindingElementCollection);
endPoint.set_Binding(customBinding);
//Only Sign, no encrypt
contractDescription = endpoint.get_Contract();
contractDescription.set_ProtectionLevel(System.Net.Security.ProtectionLevel::Sign);
The request that I get with my code is:
<MessageLogTraceRecord> <Addressing xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace"> <Action>https://webservice.face.gob.es#enviarFactura</Action> <To>http://apps.bizkaia.net/CGS2/FacturaSSPPWebServiceProxyPort</To> </Addressing> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:BinarySecurityToken u:Id="uuid-5f670820-e7df-4fc7-8c86-faefcba4152d-13" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">--removed</o:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod> <Reference URI="#_1"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>IeUZN5ywBhAivDR9o9prSp9CGQg=</DigestValue> </Reference> <Reference URI="#uuid-5f236a5e-ebbc-4037-b31e-a2a0c2089334-3"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>p0/f4uPyL+1/ENlB7lo+prQz0vQ=</DigestValue> </Reference> <Reference URI="#uuid-5f670820-e7df-4fc7-8c86-faefcba4152d-13"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>lMsKlObk2I77fC+/QnbXkHPcJ3Q=</DigestValue> </Reference> </SignedInfo> <SignatureValue>--removed</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qQYmsEUV3Y4K3s62dNh93G+x9bQ=</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> </Signature> <u:Timestamp u:Id="uuid-5f236a5e-ebbc-4037-b31e-a2a0c2089334-3"> <u:Created>2018-03-01T08:53:11.515Z</u:Created> <u:Expires>2018-03-01T08:58:11.515Z</u:Expires> </u:Timestamp> </o:Security> </s:Header> <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <enviarFactura xmlns="https://webservice.face.gob.es"> <request xmlns=""> <correo>xxxxx@serkonten.com</correo> <factura> <factura>--removed</factura> <nombre>45F136677.Xsig</nombre> <mime>application/xml</mime> </factura> <anexos xsi:nil="true"></anexos> </request> </enviarFactura> </s:Body> </s:Envelope> </MessageLogTraceRecord>
How can i sign the BST and have the required KeyInfo?
*This post is locked for comments
I have the same question (0)
All responses (
Answers (
4
