带有WebServicesClientProtocol和sha256的Soap签名。

I am trying to implement a SOAP client using Web reference. Resulting signature is valid but uses sha1 algorithm.

我正在尝试使用Web引用实现SOAP客户机。结果签名是有效的，但使用sha1算法。

Is there a way how to use sha256 instead?

有没有办法用sha256代替?

Several solutions can be found but they all work with XmlDocument (SignedXml) directly.

可以找到几个解决方案，但是它们都直接使用XmlDocument (SignedXml)。

Following code sets SignatureMethod to sha256 but sha1 is used anyway.

下面的代码将签名方法设置为sha256，但无论如何使用sha1。

var client = new EetRef.EETService();// Inherits from Microsoft.Web.Services3.WebServicesClientProtocol
var cert = new X509Certificate2("01000004.p12", "eet");
var token = new X509SecurityToken(cert);
var messageToken = new MessageSignature(token);
//Trying to register sha256 provider.
CryptoConfig.AddAlgorithm(typeof(RsaPkCs1Sha256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
//messageToken.SignedInfo.SignatureMethod is null
messageToken.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
client.RequestSoapContext.Security.Tokens.Add(token);
client.RequestSoapContext.Security.Elements.Add(messageToken);
client.CallSomeMethod();

Resulting soap:Header

生成的soap:Header

<soap:Header>
    <wsa:Action wsu:Id="Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">http://fs.mfcr.cz/eet/OdeslaniTrzby</wsa:Action>
    <wsa:MessageID wsu:Id="Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">urn:uuid:575cf2f5-296b-4dff-ab3d-0d3bf75c72a5</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
      <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To wsu:Id="Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">https://pg.eet.cz/eet/services/EETServiceSOAP/v2</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
        <wsu:Created>2016-08-21T17:53:50Z</wsu:Created>
        <wsu:Expires>2016-08-21T17:58:50Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1">MIID7DCCAtSgAwIBAgIEAQAABDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJDWjEaMBgGA1UEAwwRR0ZSIEVFVCB0ZXN0IENBIDExLTArBgNVBAoMJEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTAeFw0xNjA1MTkxMjQ4MjVaFw0xODA1MTkxMjQ4MjVaMFQxCzAJBgNVBAYTAkNaMRMwEQYDVQQDDApDWjAwMDAwMDE5MRowGAYDVQQKDBFQcsOhdm5pY2vDoSBvc29iYTEUMBIGA1UEBRMLVDAwMDAwMDAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCIfnLl3YjNyxM3y2FAVovKQMetfyyj/lfLY3DoN1z/8gaVRfcqTZbwh9Btg0HafSmrWBvfgjEC/pG9HNawYZ9nPE+WIP9bXkoOfDTmmVtX4n6OLi2Di+U7+FmPJzykV0ujsOsfcGnQ0f63xZYoGJIwLJuz3gmAF//DfnOeTT7OUZeOKobBSYkQOKv1j05QqQZ7HP+5oq7+hNylFrjuEi5OAeVgJAYScE4COvcpqPKpb7OeR9f78knYFffg5zp/6bi6qkP5uGYEuuQvbW1mATjoqbAWz8c7HNA56uNFlz8V+z9bL0f/xwQjgy4d+5qelTX46tq0vJ2XM9dJaF8ytJAgMBAAGjgcEwgb4wHgYDVR0RBBcwFYETZXBvZHBvcmFAZnMubWZjci5jejAfBgNVHSMEGDAWgBR6WvwNy+w2pg3aaRlmjJvvgsOpNDAdBgNVHQ4EFgQU8oKPLNlNY0/h8jWEmz3EZ1O3bBMwTAYDVR0gBEUwQzBBBgpghkgBZQMCATACMDMwMQYIKwYBBQUHAgIwJRojVGVudG8gY2VydGlmaWthdCBKRSBQT1VaRSBURVNUT1ZBQ0kwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IBAQBVulEYg6noEHqAW3DfNWLvW9XdHFZQj3L5EE3Nwdd0CtMZm4/RZ/CvSENkk+GWv0YCUqHPJzhcKs0NETMKW7L6CI+hY17rD5SHhuoCYzSMlcuMA6gZJr8wIxSWerQrvuZ4uAUMistWG9cgwETZjkGU9JK+H98wdAm2co7WaRweDsNx04aSXagUMDAmRY/jNe7c8/HvwIdnXftbIl56wbYlYiCIG2qS+6lVO+09EIEP40kz1PXlqFZbPLCSlT2YsYiqizfkCX/Ka+AebJykAQ3pOqD6PQ+Y2AMAIRX8AypcN6Yj9p+oof9rda8boA8rA7wwzlJs/+ipWt2ceqPPuL9x</wsse:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
          <Reference URI="#Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>9NhSyQ67wzxd4lwaG+0PL6ztgMs=</DigestValue>
          </Reference>
          <Reference URI="#Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>cLktOiRAwoDSlKMMM8++gqc/TS8=</DigestValue>
          </Reference>
          <Reference URI="#Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>iOJ6axh+PU+ciOe+rSKpJbjlw9w=</DigestValue>
          </Reference>
          <Reference URI="#Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>yoaPc5P0gQPQipRira4FPlbUZlY=</DigestValue>
          </Reference>
          <Reference URI="#Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>eE1zIA5xoOnHWWbdb90X2bylySs=</DigestValue>
          </Reference>
          <Reference URI="#Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>8iCvJtbGDPGtZ60+mwZof++5ym4=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>Hy8yVARA8FIUxXfxkGU3i3zp2CZN4xREGrdEY4RQxC11rwrX8+i1hkwkE/KapH97iFcx4ryBF9sy+K64SoDEndmAipgHcdeZhbixBKVno7eLPnnaKtSQf6YGRgaOcvLdf/ELwYNXQa5fMbBmlL5rX15fXhPhjEJagMidppiDCLy48MGfd3fGJEwAlu5I2hh8jjumzJuuzk7pLB7oY9sCArcNCFDY2FSHgnnFEDT0krHnmYUePJZ8qjSrZ44D0YdChC07l9GpXLaNxVklMIRqpa3ALjohVV7bkFSskbs+to8ueXq6cUX3kwUiRTyf3lHxKfVjLAX16fEbguHiZVHa3A==</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
  ...

The certificate is a playground certificate and can be downloaded from http://www.etrzby.cz/assets/cs/prilohy/CA_PG_v1.zip (The certificate supports SHA256)

证书是一个运动证书，可以从http://www.etrzby.cz/assets/cs/prilohy/CA_PG_v1.zip下载(该证书支持SHA256)

1 个解决方案

#1

To anyone who is working on implementing EET (in Czech Republic). I did not found a solution using Web reference.

对于正在执行EET(在捷克*)的任何人来说。我没有找到使用Web引用的解决方案。

But there is an Apache licenced library on Github:

但是Github上有一个Apache许可的图书馆:

https://github.com/l-ra/openeet

#1