Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate.
I don't know for certain, but I think my counter-party is using some form of Java.
<soap-env:Header>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#secinfo">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>xxxxxxxxxxxxx</ds:DigestValue>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>//*[@id='secinfo']/child::*/text()</ds:XPath>
</ds:Transform>
</ds:Transforms>
</ds:Reference>
</ds:SignedInfo>
开发者_Python百科<ds:SignatureValue>xxxxxxxxxxds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxxxxxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<t:UsernameToken xmlns:t="http://schemas.xmlsoap.org/ws/2002/04/secext" id="secinfo">
<t:UserInfo>USER=xxxx;CORR=xxxx;TIMESTAMP=201003161916</t:UserInfo>
</t:UsernameToken>
</wsse:Security>
</soap-env:Header>
A little late, but How about this:
How to: Sign a SOAP Message Using an X.509 Certificate
精彩评论