Web Services Security WSS OASIS

Web Services Security WSS OASIS

Postby Francisco Valério » Mon Feb 20, 2023 7:14 pm

Hello,

I'm trying to perform an integration with a Brazilian webservice that requires the standard: Web Services Security:
3 SOAP Message Security 1.0 Oasis.

And I'm being beaten a lot about this, I'm using CAPICOM.dll and MSXML5.dll to work with the certificate and signature

I have an example that I got on the internet signed which is the following:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-869FA65AC981B550EF133970680975219">MIID0jCCArqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCQlIxDzANBgNVBAgTBlBhcmFuYTEQMA4GA1UEBxMHTWFyaW5nYTEtMCsGA1UEChMkRWxvdGVjaCBJbmZvcm1hdGljYSBlIFNpc3RlbWFzIExUREEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xFzAVBgNVBAMTDmVsb3RlY2guY29tLmJyMB4XDTEyMDYwNTEzNDIwNVoXDTE0MDYwNTEzNDIwNVowgb0xCzAJBgNVBAYTAkJSMQ8wDQYDVQQIEwZQYXJhbmExEDAOBgNVBAcTB01hcmluZ2ExODA2BgNVBAoTL0Vsb3RlY2ggSW5mb3JtYXRpY2EgZSBTaXN0ZW1hcyBMVERBIChDbGllbnQgVjIpMRcwFQYDVQQKEw5lbG90ZWNoLmNvbS5icjEYMBYGA1UECxMPRGVzZW52b2x2aW1lbnRvMR4wHAYDVQQDExVjbGllbnQuZWxvdGVjaC5jb20uYnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4UjnPe3nSXs28t7SR1DT44VFTAXbVBZsHvmRAWmihb9fk0f5hvDAIcyISXad7PaTdyLFIjdFu/JwVFLuoJsnxP4uT3q1B8+IfLQnWDI17EXEG7MU2j1UXubfycjZl6bs4i3Vov2f3pI6spPqTyYnrkceOZ94wZYAdcDsN1xApJAgMBAAGjgYkwgYYwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwLAYJYIZIAYb4QgENBB8WHUNlcnRpZmljYWRvcyBkZSB0ZXN0ZSBlbG90ZWNoMB0GA1UdDgQWBBRs2mBn8VevdQ2v5+YZqn54t5YzPTAfBgNVHSMEGDAWgBSeAZDaAJIZJSvE3e50jv6JGa1R5TANBgkqhkiG9w0BAQUFAAOCAQEARrga7UeET8Vo1F0AdQhVPUZlF6uxeBj7CjvEf7NUzHN51WgpMz8g9EfuOvRDb0tzUi/XWmeRmNFpdQvhBGfCbqnyookpmUtG58w4CV8yfcJ00G6q/Qx25ShH8xB2isBgC/ydc+Cnj7rIt1SGdtfQ+Ul6F8+R2LwBE/4hKXW6KZiCLXNFSoZijYtxOxX0oPJ3pb326mdhAuToV9NXEOlj7UxkiY0xOeXr8gsqRT1eM7de+guqHtWzUEQ8tfbKAP/1Jvzl3PcXdFajxoW4QodDTDpnnRb4hvEAuKocSDNqQ+BVB3N1iXHm1adR0O8aS50wl+wzZ/iB1Ag0Ote4a7AXPA==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-13">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-14">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>eAwbtXezEY2yk6Cb6vi2iME2AKk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue> dOVlvyAJ+9a9IKt4uO0aNGHKSIPF2QTg9bEjcy0iAu+Kpl0iaUerUEmZve5Vf8CY6Mmq6Ht0eURH hWi5yb4flmi+kcflVLlPRg2MDk/q0tOtCZrsCFPeiRtL8GIon7uDrYmlUaH9xTgaVPZW8l7rlBK/ LDPiwVqr4tbm2U5TkUY= </ds:SignatureValue>
<ds:KeyInfo Id="KeyId-869FA65AC981B550EF133970680975220">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="STRId-869FA65AC981B550EF133970680975221">
<wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#CertId-869FA65AC981B550EF133970680975219" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-14">
<EnviarLoteRpsSincronoEnvio xmlns="http://shad.elotech.com.br/schemas/iss/nfse_v1_2.xsd">....</EnviarLoteRpsSincronoEnvio>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

And follow the example prg trying to reach the same pattern.

static procedure DOMElotech()

local cXML, oDOMDocument, oXmldsig, oStore, oCertificados
local nI, oCert, cSerialCert, oStoreMem

cXML := '<?xml version="1.0" encoding="utf-8"?>'
cXML += '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">'
cXML += '<SOAP-ENV:Header>'
cXML += '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">'
cXML += '<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509Token">'
cXML += '</wsse:BinarySecurityToken>'
cXML += '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">'
cXML += '<ds:SignedInfo>'
cXML += '<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>'
cXML += '<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>'
cXML += '<Reference URI="#id-29">'
cXML += '<Transforms>'
cXML += '<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>' //ESSE NAO TEM E TESTE
cXML += '<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>'
cXML += '</Transforms>'
cXML += '<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>'
cXML += '<DigestValue></DigestValue>'
cXML += '</Reference>'
cXML += '</ds:SignedInfo>'
cXML += '<ds:SignatureValue></ds:SignatureValue>'
//cXML += '<ds:KeyInfo Id="KeyId-869FA65AC981B550EF133970680868817">'
cXML += '<KeyInfo>'
//cXML += '<X509Data>' //ISSO NAO TEM E TESTE
//cXML += '<X509Certificate></X509Certificate>' //ISSO NAO TEM E TESTE
//cXML += '</X509Data>' //ISSO NAO TEM E TESTE
cXML += '<wsse:SecurityTokenReference>'
//cXML += '<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="STRId-869FA65AC981B550EF133970680868818">'
cXML += '<wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#X509Token" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>'
cXML += '</wsse:SecurityTokenReference>'
cXML += '</KeyInfo>'
cXML += '</ds:Signature>'
cXML += '</wsse:Security>'
cXML += '</SOAP-ENV:Header>'
cXML += '<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-29">'
cXML += '<EnviarLoteRpsSincronoEnvio xmlns="http://shad.elotech.com.br/schemas/iss/nfse_v2_03.xsd"><Nfse Id="01"><IdentificacaoRequerente><CpfCnpj><Cnpj>82039025000163</Cnpj></CpfCnpj><InscricaoMunicipal>00216490</InscricaoMunicipal><Senha>ZYZAXP34</Senha><Homologa>true</Homologa></IdentificacaoRequerente><LoteRps versao="2.03"><NumeroLote>52</NumeroLote><CpfCnpj><Cnpj>82039025000163</Cnpj></CpfCnpj><InscricaoMunicipal>00216490</InscricaoMunicipal><QuantidadeRps>1</QuantidadeRps><ListaRps><Rps><InfDeclaracaoPrestacaoServico><Rps><IdentificacaoRps><Numero>52</Numero><Serie>F</Serie><Tipo>1</Tipo></IdentificacaoRps><DataEmissao>2023-02-20</DataEmissao><Status>1</Status></Rps><Competencia>2023-02-09</Competencia><Servico><Valores><ValorServicos>50.00</ValorServicos><AliquotaPis>0.00</AliquotaPis><RetidoPis>2</RetidoPis><ValorPis>0.00</ValorPis><AliquotaCofins>0.00</AliquotaCofins><RetidoCofins>2</RetidoCofins><ValorCofins>0.00</ValorCofins><AliquotaInss>0.00</AliquotaInss><RetidoInss>2</RetidoInss><ValorInss>0.00</ValorInss><AliquotaIr>0.00</AliquotaIr><RetidoIr>2</RetidoIr><ValorIr>0.00</ValorIr><AliquotaCsll>0.00</AliquotaCsll><RetidoCsll>2</RetidoCsll><ValorCsll>0.00</ValorCsll><AliquotaCpp>0.00</AliquotaCpp><RetidoCpp>2</RetidoCpp><ValorCpp>0.00</ValorCpp><OutrasRetencoes>0.00</OutrasRetencoes><RetidoOutrasRetencoes>2</RetidoOutrasRetencoes></Valores><IssRetido>2</IssRetido><Discriminacao>teste</Discriminacao><CodigoMunicipio>4126256</CodigoMunicipio><ExigibilidadeISS>1</ExigibilidadeISS><MunicipioIncidencia>4126256</MunicipioIncidencia><ListaItensServico><ItemServico><ItemListaServico>1402</ItemListaServico><CodigoCnae>4520001</CodigoCnae><Descricao>SERVICO</Descricao><Tributavel>1</Tributavel><Quantidade>1.0000</Quantidade><ValorUnitario>50.0000000000</ValorUnitario><ValorLiquido>0.00</ValorLiquido></ItemServico></ListaItensServico></Servico><Prestador><CpfCnpj><Cnpj>82039025000163</Cnpj></CpfCnpj><InscricaoMunicipal>00216490</InscricaoMunicipal></Prestador><Tomador><IdentificacaoTomador><CpfCnpj><Cnpj>20783933000100</Cnpj></CpfCnpj></IdentificacaoTomador><RazaoSocial>MGA SISTEMAS DE AUTOMACAO LTDA</RazaoSocial><Endereco><Endereco>R ANA CORONADO MARQUIOTO</Endereco><Numero>213</Numero><Bairro>JARDIM PAULISTA III</Bairro><CodigoMunicipio>4115200</CodigoMunicipio><Uf>PR</Uf><Cep>87047590</Cep></Endereco><Contato><Telefone>4430473634</Telefone><Email>hrvalerio@gmail.com</Email></Contato><InscricaoEstadual>ISENTO</InscricaoEstadual></Tomador><IncentivoFiscal>2</IncentivoFiscal></InfDeclaracaoPrestacaoServico></Rps></ListaRps></LoteRps></Nfse></EnviarLoteRpsSincronoEnvio>'
cXML += '</SOAP-ENV:Body>'
cXML += '</SOAP-ENV:Envelope>'

oDOMDocument := win_OleCreateObject( "MSXML2.DOMDocument.5.0" )

oDOMDocument:async := .F.
oDOMDocument:resolveExternals := .F.
oDOMDocument:validateOnParse := .F.
oDOMDocument:preserveWhiteSpace := .T.

oDOMDocument:loadXML( cXml )

ns := 'xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"'

oDOMDocument:setProperty( "SelectionNamespaces", ns )

oXmldsig := win_oleCreateObject( 'MSXML2.MXDigitalSignature.5.0' )

oXmldsig:signature := oDOMDocument:selectSingleNode('.//SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature')

IF (oXmldsig:signature = nil)
? 'É preciso carregar o template antes de assinar.'
return
ENDIF

oCert := win_OleCreateObject( "CAPICOM.Certificate" )

oCert:Load( 'certificado.pfx', '1234', 1, 0 )

IF oCert == Nil
? 'Certificado não encontrado, Favor revisar a instalação do Certificado.'
return
ENDIF

oStoreMem := win_oleCreateObject('CAPICOM.Store')

oStoreMem:open(0,'Memoria',2)

oStoreMem:Add(oCert)

oXmldsig:store:=oStoreMem

dsigKey:=oXmldsig:createKeyFromCSP(oCert:PrivateKey:ProviderType, oCert:PrivateKey:ProviderName, oCert:PrivateKey:ContainerName, 0)

signedKey:=oXmldsig:sign(dsigKey, 0)

? 'fim', oDOMDocument:xml

//base64_encode(sha1($canonicalized, true))

return


I found the example mentioned in the link ( https://gist.github.com/luizvaz/43ccbd8 ... b6d34c26de )

Has anyone here implemented this subscription model or could help me?

thanks in advance.
Francisco Valério
 
Posts: 18
Joined: Mon Jan 13, 2014 8:37 pm

Return to FiveWin for Harbour/xHarbour

Who is online

Users browsing this forum: Google [Bot] and 54 guests