这与我之前的问题有关: SAML Assertion in a XML using C#
<saml2:Issuer>标记仍在<Signature>之后结束,而应该是
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
另外,我需要帮助创建应在<saml2:Subject> </saml2:Subject>之后的</Signature>部分,并且需要在<saml2:Subject> </saml2:Subject>标记内添加签名密钥值。请检查我之前的帖子中提到的Desired输出。任何人都可以帮我吗?
C#代码
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Text;
using System.Threading.Tasks;
using System.Xml;
namespace Certificate
{
class Program
{
const string FILENAME = @"D:\Certificate\ITI55.xml";
static void Main(string[] args)
{
XmlDocument doc = new XmlDocument();
CreateSoap(doc);
XmlElement issuer = (XmlElement)(doc.GetElementsByTagName("saml2:Issuer")[0]);
XmlElement body = (XmlElement)(doc.GetElementsByTagName("soap:Body")[0]);
using (WebClient client = new WebClient())
{
byte[] xmlBytes = client.DownloadData(FILENAME);
body.InnerXml = Encoding.UTF8.GetString(xmlBytes);
}
string pfxpath = @"D:\Certificate\Test-cert.pfx";
X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(pfxpath),"123456789");
SignXmlWithCertificate(issuer, cert);
File.WriteAllText(@"D:\Certificate\digitallysigned.xml",doc.OuterXml);
}
public static void CreateSoap(XmlDocument doc)
{
DateTime date = DateTime.Now;
string soap = string.Format(
"<?xml version=\"1.0\"?>" +
"<soap:Envelope" +
" xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"" +
" xmlns:wsse11=\"http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd\"" +
" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"" +
" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd\"" +
" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"" +
" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" +
" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" +
" xmlns:exc14n=\"http://www.w3.org/2001/10/xml-exc-c14n#\">" +
"<soap:Header>" +
"<To mustUnderstand=\"true\"" +
" xmlns=\"http://www.w3.org/2005/08/addressing\">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery" +
"</To>" +
"<Action mustUnderstand=\"true\"" +
" xmlns=\"http://www.w3.org/2005/08/addressing\">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery" +
"</Action>" +
"<ReplyTo mustUnderstand=\"true\"" +
" xmlns=\"http://www.w3.org/2005/08/addressing\">" +
"<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>" +
"</ReplyTo>" +
"<MessageID mustUnderstand=\"true\"" +
" xmlns=\"http://www.w3.org/2005/08/addressing\">461433e3-4591-453b-9eb6-791c7f5ff882" +
"</MessageID>" +
"<wsse:Security soap:mustUnderstand=\"true\">" +
"<wsu:Timestamp wsu:Id=\"_1\"" +
" xmlns:ns17=\"http://docs.oasis-open.org/ws-sx/wssecureconversation/200512\"" +
" xmlns:ns16=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
"<wsu:Created>2012-06-08T18:31:44Z</wsu:Created>" +
"<wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>" +
"</wsu:Timestamp>" +
"<saml2:Assertion ID=\"_883e64a747a5449b83821913a2b189e6\" IssueInstant=\"{0}\" Version=\"2.0\"" +
" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" +
" xmlns:exc14n=\"http://www.w3.org/2001/10/xml-excc14n#\"" +
" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"" +
" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"" +
" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\">" +
"<saml2:Issuer Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US" +
"</saml2:Issuer>" +
"</saml2:Assertion>" +
"</wsse:Security>" +
"</soap:Header>" +
"<soap:Body>" +
"</soap:Body>" +
"</soap:Envelope>",
date.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ"));
doc.LoadXml(soap);
}
public static void SignXmlWithCertificate(XmlElement doc, X509Certificate2 cert)
{
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = cert.PrivateKey;
Reference reference = new Reference();
reference.Uri = "";
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signedXml.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
XmlElement xmlsig = signedXml.GetXml();
doc.AppendChild(xmlsig);
}
}
}
当前输出
<?xml version="1.0"?>
<soap:Envelope
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsse11="http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<soap:Header>
<To mustUnderstand="true"
xmlns="http://www.w3.org/2005/08/addressing">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery
</To>
<Action mustUnderstand="true"
xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery
</Action>
<ReplyTo mustUnderstand="true"
xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID mustUnderstand="true"
xmlns="http://www.w3.org/2005/08/addressing">461433e3-4591-453b-9eb6-791c7f5ff882
</MessageID>
<wsse:Security soap:mustUnderstand="true">
<wsu:Timestamp wsu:Id="_1"
xmlns:ns17="http://docs.oasis-open.org/ws-sx/wssecureconversation/200512"
xmlns:ns16="http://schemas.xmlsoap.org/soap/envelope/">
<wsu:Created>2012-06-08T18:31:44Z</wsu:Created>
<wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion ID="_883e64a747a5449b83821913a2b189e6" IssueInstant="2017-10-17T04:42:15.609Z" Version="2.0"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:exc14n="http://www.w3.org/2001/10/xml-excc14n#"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Y4fQlgQom4UCIcQf09L17JAUnvE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Zcd+kYVve4/Qq4BiacvG05d5sHo9Td9W3VpmtuXWOgElwnmZnkGd1cRrKrElAqs6Xe9zaLFFW0Y047Wv0dPWN/zCEPsvBKLI6cMZUkV3kM9jM8NsKrE+7UKBs8QRFKPTsEPBdNuK0uoc0dhAYS6kIHz015cte1ciMqkvSoYmBUb+Bn+nOzVMAiOzCsUmCnj8uTZuuP2FV2yGAlanOUmOPjeDVs5M9ZMjQ7pfrkp9NWtDPaXmafcEZ6IT3VTKcNEGbKD/3uL3YywUxNEIGNzen1YRqo3kLOYT3IPizbl0FFi5LtwefCxVEOUohYZuDG8lGMwmkzOT5TQMObQyIpESUw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEZTCCA02gAwIBAgIJAMOJ3N+F0yoBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3RvbjESMBAGA1UEChMJQ29nbml6YW50MR0wGwYDVQQLExRTb2Z0d2FyZSBFbmdpbmVlcmluZzEaMBgGA1UEAxMRd3d3LmNvZ25pemFudC5jb20wHhcNMTcxMDExMDUwMzQ4WhcNMTgxMDExMDUwMzQ4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjIFT5mA4jIxXUilmH56Xk2n44vWaiVDR9KfsdKYUeGO/y0f0aUn+cwBeB7zR9Il8YLgaNh1dVvShvlwm31kWTD+dnTrnHB8pMHYh7Y5k7zSLeLgZolWqm+kpEBnre5MLwa2O+Thy6skpmr3sGE+t7mSibEptYSf1lfB2qCHUXYf+jfAJdNuXo3pJsPGsXwU0L1KPnUJIRMs4l4b8JvwZO3cj2eOSGd5JGDCSYG2w+o/Cgyq/A5iDMVgtsyds5kp3JIvhfqXmxhZxkmiTHm4AOglkTY96v7eptDZ0+yspt5p2H5fU1loVwLXQHnk8lXqV3gF+JD8iUEcNrwEX6xbNQIDAQABo4HlMIHiMB0GA1UdDgQWBBSHY9xnAIinZJNFNq7A5dVaa9D0FjCBsgYDVR0jBIGqMIGngBSHY9xnAIinZJNFNq7A5dVaa9D0FqGBg6SBgDB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tggkAw4nc34XTKgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAp0hd/qIbFUpdCAzY9K3/PKGOjlKJn6npyeeE4+jYandvpbxvPo00XCY+pvdLBejoPjnsNjgVYl5Y41SdI2hNP7F65h3BjG3C8AsA98KFIZrBaTaTiLk2B8Tr2Q7MSUcHSEbcs1uSUA8Uzmk4NdJICkLrLKgrWdRBKVyigZi+rD1vD4LTsQoVzQqBD8K8p8h5stOH0x1l5NxTsn3M6o4Q86fGzFLNDK2KUok7AcFl7I17l5DuOYgzIvqgQzCgQ+V/4alJ7dfkVOSqH/0oar5yDCLYjlXtMkqUQlLnni2NSLDmMJfWQ8HWJaAMAhu1hbG9LrUqN4/Xue6tyuWz+i0+0Q==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml2:Issuer>
</saml2:Assertion>
</wsse:Security>
</soap:Header>
<soap:Body>
<PRPA_IN201305UV02
xmlns="urn:hl7-org:v3"
xmlns:ns2="urn:gov:hhs:fha:nhinc:common:nhinccommon"
xmlns:ns3="http://www.w3.org/2005/08/addressing"
xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade"
xmlns:ns5="http://www.hhs.gov/healthit/nhin"
xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0"
xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" ITSVersion="XML_1.0" nullFlavor="">
<id extension="50a6fe29-cfd5-45ef-8cbe-67e567c9a23c" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
<creationTime nullFlavor="" value="20150309171201" />
<interactionId extension="PRPA_IN201305UV02" nullFlavor="" root="2.16.840.1.113883.1.6" />
<processingCode code="T" nullFlavor="" />
<processingModeCode code="T" nullFlavor="" />
<acceptAckCode code="NE" nullFlavor="" />
<receiver typeCode="RCV">
<device classCode="DEV" determinerCode="INSTANCE">
<id root="2.16.840.1.113883.3.1259.10.1003" />
<asAgent classCode="AGNT">
<representedOrganization classCode="ORG" determinerCode="INSTANCE">
<id root="2.16.840.1.113883.3.1259.10.1003" />
</representedOrganization>
</asAgent>
</device>
</receiver>
<sender nullFlavor="" typeCode="SND">
<device classCode="DEV" determinerCode="INSTANCE" nullFlavor="">
<id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
<asAgent classCode="AGNT" nullFlavor="">
<representedOrganization classCode="ORG" determinerCode="INSTANCE" nullFlavor="">
<id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
</representedOrganization>
</asAgent>
</device>
</sender>
<controlActProcess classCode="CACT" moodCode="EVN" nullFlavor="">
<code code="PRPA_TE201305UV02" codeSystem="2.16.840.1.113883.1.6" nullFlavor="" />
<authorOrPerformer nullFlavor="" typeCode="AUT">
<assignedDevice classCode="ASSIGNED" nullFlavor="">
<id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" />
</assignedDevice>
</authorOrPerformer>
<queryByParameter nullFlavor="">
<queryId extension="ee72b41a-4eb6-4eb0-ab74-0d4ea29dd1b2" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
<statusCode code="new" nullFlavor="" />
<responseModalityCode code="R" nullFlavor="" />
<responsePriorityCode code="I" nullFlavor="" />
<parameterList nullFlavor="">
<livingSubjectAdministrativeGender nullFlavor="">
<value code="M" nullFlavor="" />
<semanticsText nullFlavor="" />
</livingSubjectAdministrativeGender>
<livingSubjectBirthTime nullFlavor="">
<value nullFlavor="" value="19600210" />
<semanticsText nullFlavor="" />
</livingSubjectBirthTime>
<livingSubjectId nullFlavor="">
<value extension="1000131023" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" />
<semanticsText nullFlavor="" />
</livingSubjectId>
<livingSubjectName nullFlavor="">
<value nullFlavor="" use="">
<given partType="GIV" qualifier="">Robert</given>
<given partType="GIV" qualifier="">M</given>
<family partType="FAM" qualifier="">Carson</family>
</value>
<semanticsText nullFlavor="" />
</livingSubjectName>
</parameterList>
</queryByParameter>
</controlActProcess>
</PRPA_IN201305UV02>
</soap:Body>
</soap:Envelope>
答案 0 :(得分:0)
为什么不使用内置的.Net库WIF来创建断言:https://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2.saml2assertion.aspx,而不是像这样生成SAML令牌(这不是非常动态的)。 您可以按照以下答案中的说明生成由此生成的断言的XML:Working with SAML 2.0 in C# .NET 4.5 或者更好的是,为什么不使用一些非常容易使用的组件空间(https://www.componentspace.com/)等第三方库?