使用 ruby/savon 生成 wsse-security 的 DigestValue 元素
我需要连接到具有 wsse 安全性的 Web 服务,并且需要手动生成所有哈希值和令牌,因为 savon 尚不具备此功能。
最让我抓狂的是签名。
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>......</DigestValue>
</Reference>
</SignedInfo>
这是引用的部分:
<u:Timestamp u:Id="_0">
<u:Created>2012-01-04T08:21:22.143Z</u:Created>
<u:Expires>2012-01-04T08:26:22.143Z</u:Expires>
</u:Timestamp>
据我了解,我需要规范化引用的元素(时间戳),然后使用 SHA-1 对其进行哈希处理,然后将其编码为 base64。
问题是,我需要规范化时间戳的哪一部分?我尝试使用整个元素,然后分别使用 和 ,但我从未得到正确的 DigestValue 。
I need to connect to a web service that has wsse security and need to generate all the hashes and tokens by hand because savon doesn't have this functionality yet.
The thing that drives me insane is the signature.
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>......</DigestValue>
</Reference>
</SignedInfo>
This is the referenced part:
<u:Timestamp u:Id="_0">
<u:Created>2012-01-04T08:21:22.143Z</u:Created>
<u:Expires>2012-01-04T08:26:22.143Z</u:Expires>
</u:Timestamp>
From what I understand, I need to canonicalize the referenced element(the timestamp), then get hash it with SHA-1 and then encode it to base64.
The question is, what part of the timestamp do i need to canonicalize? I tried using the whole element, then using and separately but I never get the correct DigestValue.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我整理了一下。我正在规范化时间戳块,其中包含缩进,这留下了一些空格和“\n”,弄乱了摘要。当我将整个 xml 请求转换为单行请求后,一切正常。经过一个多星期的与这种安全性的斗争并最终看到一些结果,世界变得美丽了:)
I sorted it out. I was canonicalizing the timestamp block with indentation inside it, which left some spaces and "\n"s that messed up the digest. After I transformed the whole xml request to one-liner, everything worked correct. After more than week battling with this security and finally seeing some result, the world seams a beautiful place :)
我向 Akami 添加了一个使用签名时间戳的拉取请求(gem Savon 用于 WSSE 签名)。
您可以在这里查看:https://github.com/savonrb/akami/pull/25
在它实现之前,您可以使用 https://github.com/webit-de/akami已经实施了。
I added a pull request to use signed timestamps to Akami (the gem Savon uses for WSSE signing).
You can view it here: https://github.com/savonrb/akami/pull/25
Until it gets implemented you may use https://github.com/webit-de/akami which has implemented it already.