|
Advanced Web Services Security and Microsoft WSE by Jeannine Hall Gailey
WSJ Vol 04 Issue 03 - pg.41
Listing 1
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<soap:Header>
...
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-c600bbb2-7d35-441a-ad89-6b356777c2da"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsu:Created
wsu:Id="Id-69e5ed3d-ef43-4995-af05-1eb146d96f80"
>2004-01-06T21:50:20Z</wsu:Created>
<wsu:Expires
wsu:Id="Id-09185624-4f41-44eb-8dd6-4bed57f53c54"
>2004-01-06T21:55:20Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility"
wsu:Id="SecurityToken-69b4cdaa-4cf4-4e88-a591-78d0c73ba61d"
>MIIFIDCCBAigAwIBMRM ...=</wsse:BinarySecurityToken>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="wsse:X509v3"
>F5XpYpi3n00/mqB8/W8tWIBF4TA=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
>GSwglkSTqNM5h5nyzeZSFNTWMpQ ...=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#EncryptedContent-48d1ac67-0bab-4e8e-99d3-b12c45ebebbb" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-8b4fd84b-44a5-41c7-8458-0f11eb9c2883">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>cEKveGWL2UBX5TRrF4yyqtyxKg0=</DigestValue>
</Reference>
...
</SignedInfo>
<SignatureValue>P3Ah7ZhCZucoEz20y2BFsJ...=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-69b4cdaa-4cf4-4e88-a591-78d0c73ba61d"
ValueType="wsse:X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-8b4fd84b-44a5-41c7-8458-0f11eb9c2883"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<xenc:EncryptedData
Id="EncryptedContent-48d1ac67-0bab-4e8e-99d3-b12c45ebebbb"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData>
<xenc:CipherValue>s1SNQenKOIFQQxF...=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
Listing 2
// Instantiate a new binary security token for the
// X.509 certificate used to sign the message
X509SecurityToken myToken;
// Set the key bytes based on the supplied key string
byte[] keyIdentifer;
keyIdentifer = Convert.FromBase64String(keyString);
// Open and read the current user certificate store
X509CertificateStore myStore;
myStore = X509CertificateStore.CurrentUserStore(
X509CertificateStore.MyStore);
myStore.OpenRead();
// Get the certificate that matches the supplied key
X509CertificateCollection myCerts;
myCerts = myStore.FindCertificateByKeyIdentifier(
keyIdentifer);
// Instantiate a new certificate object
X509Certificate myCert = null;
// If the collection is not empty, get the first
// certificate in the collection
if (myCerts.Count == 1)
{
// Use the returned certificate
myCert = myCerts[0];
// Create the security token
// based on the certificate
myToken = new X509SecurityToken(myCert);
// Return the token
return myToken;
}
else if(myCerts.Count > 1)
{
// Multiple certificates exists
// with the same key
MessageBox.Show("There are more than one "
+ "certificates corresponding to the key "
+ keyString + ". \n"
+ "Please resolve this issue.");
}
else
{
// The certificate could not be found
MessageBox.Show("The certificate corresponding "
+ "to the key " + keyString
+ " could not be found. \n"
+ " Please verify that this certificate is "
+ "installed properly.");
}
return null;
Listing 3
// Instantiate the Web service
DocumentServiceWse myService;
myService = new DocumentServiceWse();
// Create a new SoapContext for the request message
SoapContext myReqContext;
myReqContext = myService.RequestSoapContext;
if (myTokens[0] != null)
{
// Add the new token to the Security.Tokens
// collection in the SoapContext of the
// request message
myReqContext.Security.Tokens.Add(myTokens[0]);
// Verify that the token can be used for signing
if (myTokens[0].SupportsDigitalSignature)
{
// Create a Signature using the token
Signature mySig = new Signature(myTokens[0]);
// Add the Signature to the SoapContext
myReqContext.Security.Elements.Add(mySig);
// If we have a second token, verify that
// it is a X509-based token that
// supports encryption
if (myTokens[1] != null &&
myTokens[1].TokenType == TokenType.X509v3
&& myTokens[1].SupportsDataEncryption)
{
// Create a new EncryptedData object
// that tells WSE to encrypt the
// message body using the provided
// security token
EncryptedData myEncData;
myEncData = new EncryptedData(myTokens[1]);
// Add the EncryptedData to the SoapContext
myReqContext.Security.Elements.Add(myEncData);
}
}
else
{
throw new ApplicationException("You cannot use "
+ "this token to access the service.");
}
try
{
// call the GetDocument method on the Web service
docNames = myService.GetDocument(docNames);
// get the context from the response message
// that contains XML documents as attachments
SoapContext myRespContext;
myRespContext = myService.ResponseSoapContext;
// get the XML documents from the attachments
string[] myDocs;
myDocs = GetAttachments(myRespContext, docNames);
// return the XML documents
return myDocs;
}
catch(Exception ex)
{
throw new ApplicationException(ex.Message);
}
}
return null;
vb
|
