如何使用XMLIB2典型化和消化肥皂的身体
我正在尝试手动签署肥皂请求。在我的CPP应用程序中使用libxml2我可以使用XMLC14NNDOCDUMPMEMORY函数使用XMLNodesetPtr作为null参数,可以使用canonicalize和消化整个XML SOAP文档。但是,对于实际签名,我需要专门处理肥皂的身体。
xmlChar* canon;
int canonLength = xmlC14NDocDumpMemory(
doc,
nullptr,
xmlC14NMode::XML_C14N_EXCLUSIVE_1_0,
nullptr,
1,
&canon
);
std::string canonizedString(reinterpret_cast<const char*>(canon), canonLength);
std::cout << "canonized string:\n" << canonizedString << std::endl;
//freeing the original parsed file:
xmlFreeDoc(doc);
//digesting the value:
const EVP_MD* md = EVP_sha1(); // algorithm
unsigned char digest_value[EVP_MAX_MD_SIZE]; //the digest result value
unsigned int dv_length; //the digest result length
EVP_MD_CTX* mdctx = EVP_MD_CTX_new(); //create msg digest context
EVP_DigestInit_ex(mdctx, md, NULL); // Initialise the context (engine null value?)
EVP_DigestUpdate(mdctx, canon, canonLength); //digesting
EVP_DigestFinal_ex(mdctx, digest_value, &dv_length); //finalizing
EVP_MD_CTX_free(mdctx); //free the context
char* base64convert;
size_t base64convertLength;
base64::Encode(
reinterpret_cast<const char*>(digest_value),
dv_length,
&base64convert,
&base64convertLength);
std::string digest64(base64convert, base64convertLength);
std::cout << "\ndigest value:\n" << digest64;
示例肥皂:
<?xml version="1.0" encoding="UTF-8"?>
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Header/>
<e:Body>
<!-- doctor-E,EGN:XXXXXXXXXX -->
<ws:hbIn xmlns:ws="http://pis.technologica.com/ws/">
<ws:egn>XXXXXXXXXX</ws:egn>
<ws:date>2015-06-11</ws:date>
</ws:hbIn>
</e:Body>
</e:Envelope>
示例示例的结果:
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#signedContent">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>93BoBU73Y0Efm1rarqzUGw5x4SU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>jQGU7xsoSVGx/a......</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIICjzCCAfi......</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</e:Header>
<e:Body id="signedContent">
<!-- doctor-E,EGN:XXXXXXXXXX -->
<ws:hbIn xmlns:ws="http://pis.technologica.com/ws/">
<ws:egn>XXXXXXXXXX</ws:egn>
<ws:date>2015-06-11</ws:date>
</ws:hbIn>
</e:Body>
</e:Envelope>
问题是如何获取93BOBU73Y0EFM1RARQZUGW5X4SU =值? 我注意到签名的肥皂体具有“签名”的URI ID。我不确定该URI是否是在消化之前或之后插入的(如果之前插入的话,它可能会更改整个哈希)。
I am trying to sign manually a SOAP request. Using libxml2 in my cpp app I can canonicalize and digest the whole xml soap document using the xmlC14NDocDumpMemory function with xmlNodeSetPtr as null argument. However for the actual signature I need specifically process only the Body of the SOAP.
xmlChar* canon;
int canonLength = xmlC14NDocDumpMemory(
doc,
nullptr,
xmlC14NMode::XML_C14N_EXCLUSIVE_1_0,
nullptr,
1,
&canon
);
std::string canonizedString(reinterpret_cast<const char*>(canon), canonLength);
std::cout << "canonized string:\n" << canonizedString << std::endl;
//freeing the original parsed file:
xmlFreeDoc(doc);
//digesting the value:
const EVP_MD* md = EVP_sha1(); // algorithm
unsigned char digest_value[EVP_MAX_MD_SIZE]; //the digest result value
unsigned int dv_length; //the digest result length
EVP_MD_CTX* mdctx = EVP_MD_CTX_new(); //create msg digest context
EVP_DigestInit_ex(mdctx, md, NULL); // Initialise the context (engine null value?)
EVP_DigestUpdate(mdctx, canon, canonLength); //digesting
EVP_DigestFinal_ex(mdctx, digest_value, &dv_length); //finalizing
EVP_MD_CTX_free(mdctx); //free the context
char* base64convert;
size_t base64convertLength;
base64::Encode(
reinterpret_cast<const char*>(digest_value),
dv_length,
&base64convert,
&base64convertLength);
std::string digest64(base64convert, base64convertLength);
std::cout << "\ndigest value:\n" << digest64;
Example SOAP:
<?xml version="1.0" encoding="UTF-8"?>
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Header/>
<e:Body>
<!-- doctor-E,EGN:XXXXXXXXXX -->
<ws:hbIn xmlns:ws="http://pis.technologica.com/ws/">
<ws:egn>XXXXXXXXXX</ws:egn>
<ws:date>2015-06-11</ws:date>
</ws:hbIn>
</e:Body>
</e:Envelope>
The result from the sign-example:
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#signedContent">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>93BoBU73Y0Efm1rarqzUGw5x4SU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>jQGU7xsoSVGx/a......</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIICjzCCAfi......</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</e:Header>
<e:Body id="signedContent">
<!-- doctor-E,EGN:XXXXXXXXXX -->
<ws:hbIn xmlns:ws="http://pis.technologica.com/ws/">
<ws:egn>XXXXXXXXXX</ws:egn>
<ws:date>2015-06-11</ws:date>
</ws:hbIn>
</e:Body>
</e:Envelope>
So the question is how to get the 93BoBU73Y0Efm1rarqzUGw5x4SU= value?
I've noticed the signed soap body has URI id "signedContent". I'm not sure if this URI is inserted before or after digestion (it could potentially change the whole hash if it is inserted before).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我对在这里跌跌撞撞的任何人的建议 - 不要尝试自己的规范化,消化和签名。使用XMLSEC。尽管构建屁股的痛苦(我在Windows上),并且文档几乎不存在,但它可以完成工作。最终答案可以在这里找到:
My advice to anyone, who stumbles here is - DON'T try to canonicalize, digest and sign by yourself. Use xmlsec. Although it's pain in the ass to build (I'm on windows) and the documentation is almost non-existent, it gets the job done. The final answer can be found here:
Sign part of XML using xmlsec