Crear cuenta
public static void BypassCertificateError()
{ServicePointManager.ServerCertificateValidationCallback +=
delegate ( Object sender1, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {return true;
};}static void Main(string[] args)
{var x = new ServiceReference1.AutenticacionClient();
var certificate = new X509Certificate2("C:\\Users\\...\\prueba.pfx");
Console.WriteLine(certificate.Thumbprint);
x.ClientCredentials.ClientCertificate.Certificate = certificate;
BypassCertificateError();
x.Autentica();
}openssl pkcs12 -export -out prueba.pfx -inkey private.pem -in public.pem
// The client must specify a certificate trusted by the server.
cc.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectName,
"contoso.com");
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-US">An error occurred when verifying security for the message.</faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security mustUnderstand="true">
<u:Timestamp u:Id="id-c5b5adcb-520e-4927-9865-723e4ce1ba9e">
<u:Created>2018-08-09T00:30:10.811997Z</u:Created>
<u:Expires>2018-08-09T00:35:10.811997Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="id-5f0f719e-3c41-4875-9bf4-fc7a03731b9e"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">$BASE64_DEL_PEM</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#id-c5b5adcb-520e-4927-9865-723e4ce1ba9e">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>$HASH_SHA1</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>$SELLO_DIGITAL</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#id-5f0f719e-3c41-4875-9bf4-fc7a03731b9e"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<Autentica xmlns="http://tempuri.org/"/>
</s:Body>
</s:Envelope>
<o:BinarySecurityToken u:Id="id-5f0f719e-3c41-4875-9bf4-fc7a03731b9e"
Dim Certificate As String = "C:\Users\Ger\Desktop\FIEL\cerfinal.pfx"
Dim cert As New X509Certificate2(Certificate, "miContraseñaDeCertificado")
Dim Certificados As New X509Certificate2Collection
Dim Certificados As New X509Certificate2Collection
Certificados.Add(cert)
Dim autenticacion As New WSAutentica.net.cloudapp.pruebacfdirecepcion.Autenticacio
autenticacion.ClientCertificates.Add(cert)
System.Net.ServicePointManager.ServerCertificateValidationCallback = Function(se As Object,
cert As System.Security.Cryptography.X509Certificates.X509Certificate,
chain As System.Security.Cryptography.X509Certificates.X509Chain,
sslerror As System.Net.Security.SslPolicyErrors) True
System.Net.ServicePointManager.ServerCertificateValidationCallback = Function(se As Object, cert As System.Security.Cryptography.X509Certificates.X509Certificate, chain As System.Security.Cryptography.X509Certificates.X509Chain, sslerror As System.Net.Security.SslPolicyErrors) True
Del C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0Cer.pem
Del C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0key.pem
Del C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0.pfx
C:\OpenSSL-Win32\bin\openssl x509 -inform DER -outform PEM -in C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0.cer -pubkey -out C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0Cer.pem
C:\OpenSSL-Win32\bin\openssl pkcs8 -in C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0.key -inform DER -out C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0key.pem -passin pass:a12345678
C:\OpenSSL-Win32\bin\openssl pkcs12 -export -inkey C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0Key.pem -in C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0Cer.pem -out C:\Proyectos\CerKeyHerculesPFX\CSI121206SP0.pfx -passout pass:a12345678
System.Diagnostics.Process.Start("C:\ProyectosWeb\generapfx.bat");
/// <summary>
/// Convierte un CER y un KEY en un PFX
/// </summary>
/// <param name="cerText">Certificado CER en base64</param>
/// <param name="keyText">llave privada KEY en base64</param>
/// <param name="keyPass">password de la llaveprivada</param>
/// <returns>el certificado pfx</returns>
public static byte[] CerKey2Pfx(string cerText, string keyText, string keyPass)
{try
{byte[] pfxBytes = null;
var certificado = new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(cerText));
var pllavePrivada = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(keyPass.ToCharArray(), Convert.FromBase64String(keyText));
var certificadoBC = new Org.BouncyCastle.X509.X509Certificate(Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificado).CertificateStructure);
var acertificadoBC = new Org.BouncyCastle.Pkcs.X509CertificateEntry[1];
acertificadoBC[0] = new Org.BouncyCastle.Pkcs.X509CertificateEntry(certificadoBC);
var pfxStore = new Org.BouncyCastle.Pkcs.Pkcs12Store();
pfxStore.SetKeyEntry("", new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(pllavePrivada), acertificadoBC);
using (var pfxStream = new MemoryStream())
{pfxStore.Save(pfxStream, keyPass.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom());
pfxBytes = pfxStream.ToArray();
}var resultado = Org.BouncyCastle.Pkcs.Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes, keyPass.ToCharArray());
return resultado;
}catch (Exception ex)
{RegistraError(ex);
return null;
}}<serviceMetadata httpGetEnabled="false" />
private void ProcessFile(Stream package)
{ // Do something here
var fileStream = File.Create("C:\\sat-output\\LAN7008173R5_" + new Random().Next(0, 1000000).ToString());
package.Seek(0, SeekOrigin.Begin); ---->Errorpackage.CopyTo(fileStream);
fileStream.Close();
}private void ProcessFile(Stream package)
{using (System.IO.FileStream output = new System.IO.FileStream(@"d:\\docs\\arcvhivo" + new Random().Next(0, 1000000).ToString(), FileMode.Create))
{package.CopyTo(output);
}}
<?xml version='1.0' encoding='utf-8'?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2018-08-30T03:15:19.449Z</u:Created>
<u:Expires>2018-08-30T03:20:19.449Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<AutenticaResponse xmlns="http://DescargaMasivaTerceros.gob.mx"> <AutenticaResult>eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1MzU1OTg5MTksImV4cCI6MTUzNTU5OTUxOSwiaWF0IjoxNTM1NTk4OTE5LCJpc3MiOiJMb2FkU29saWNpdHVkRGVjYXJnYU1hc2l2YVRlcmNlcm9zIiwiYWN0b3J0IjoiMzAzMDMwMzAzMTMwMzAzMDMwMzAzMDM0MzAzNTM0MzczNTMyMzkzOSJ9.iWNl9her3ZuLXE_iCEvljcJUBx8rhlAGONKjvaNmPaE%26wrap_subject%"AQUI VA EL NUMERO DE SERIE DE LA FIEL"</AutenticaResult>
</AutenticaResponse>
</s:Body>
</s:Envelope>
// Make a request to download both, received invoices and issued ones
Request request = new Request(path, password, token);
string idIssuerRequest = request.MakeRequest(0).CodEstatus;
string idReceivedRequest = request.MakeRequest(1).IdSolicitud;
Console.WriteLine("Issued invoices request id = {0}", idIssuerRequest);
Console.WriteLine("Received invoices request id = {0}", idReceivedRequest);
foreach (var item in packages)
{Stream package;
Downloader.RespuestaDescargaMasivaTerceros message = downloaderClient.Descargar(Request(item.ToString()), out package);
if (message.CodEstatus == "5000")
ProcessFile(package);
}
string idIssuerRequest = "ab956117-0f5a-4492-b776-660c4d1091d4"; // request.MakeRequest(0).IdSolicitud;
string idReceivedRequest = "c715d8a3-52c6-4b45-bb36-244fb07591da"; // request.MakeRequest(1).IdSolicitud;
// Get the authentication token
Autentication autentication = new Autentication(path, password);
var token = autentication.AuthenticationToken();
if (token != null)
{Console.WriteLine("Autentication token = {0}", token);
// Make a request to download both, received invoices and issued ones
//Request request = new Request(path, password, token);
string idIssuerRequest = "ab956117-0f5a-4492-b776-660c4d1091d4"; // request.MakeRequest(0).IdSolicitud;
string idReceivedRequest = "c715d8a3-52c6-4b45-bb36-244fb07591da"; // request.MakeRequest(1).IdSolicitud;
Console.WriteLine("Issued invoices request id = {0}", idIssuerRequest);
Console.WriteLine("Received invoices request id = {0}", idReceivedRequest);
// Verify the requests to know when the files are ready to download
Verification verification = null;Verifier.RespuestaVerificaSolicitudDescMasTercero response = null;
if (idIssuerRequest != null)
{verification = new Verification(idIssuerRequest, token);
response = verification.MakeRequest();
// Download packages for issued invoices
if (response.IdsPaquetes != null)
{DownloadPackage download = new DownloadPackage(response.IdsPaquetes, token);
download.MakeRequest();
} }if (idReceivedRequest != null)
{verification = new Verification(idReceivedRequest, token);
response = verification.MakeRequest();
// Download packages for received invoices
if (response.IdsPaquetes != null)
{DownloadPackage download = new DownloadPackage(response.IdsPaquetes, token);
download.MakeRequest();
} }}Console.ReadLine();
public Verifier.RespuestaVerificaSolicitudDescMasTercero MakeRequest()
{Verifier.VerificaSolicitudDescargaServiceClient verifierClient = new Verifier.VerificaSolicitudDescargaServiceClient();
//X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.DefaultKeySet);
//requesterClient.ClientCredentials.ClientCertificate.Certificate = cert;
Verifier.RespuestaVerificaSolicitudDescMasTercero response = null;
using (new OperationContextScope(verifierClient.InnerChannel))
{ // Add a HTTP Header to an outgoing request
HttpRequestMessageProperty requestMessage = new HttpRequestMessageProperty();
requestMessage.Headers["Authorization"] = "WRAP access_token=\"" + token + "\"";
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = requestMessage;
// Verify the process until the request is ready
response = verifierClient.VerificaSolicitudDescarga(Request());
int Estado = response.EstadoSolicitud;
while (Estado != 3)
{response = verifierClient.VerificaSolicitudDescarga(Request());
Estado = response.EstadoSolicitud;
if (Estado > 3 || Estado == 0)
{break;
} } }return response;
}using System.Security.Cryptography.X509Certificates;
namespace sat_ws
{class Signer
{ string path, password;public Signer(string path, string password)
{this.path = path;
this.password = password;
}public Requester.SignatureType Signature()
{X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.DefaultKeySet);
Requester.SignatureType signature = new Requester.SignatureType();
signature.SignedInfo = new Requester.SignedInfoType();
signature.SignedInfo.CanonicalizationMethod = new Requester.CanonicalizationMethodType();
signature.SignedInfo.CanonicalizationMethod.Algorithm = "Algorithm";
signature.SignedInfo.SignatureMethod = new Requester.SignatureMethodType();
signature.SignedInfo.SignatureMethod.Algorithm = "Algorithm";
signature.SignedInfo.Reference = new Requester.ReferenceType
{DigestMethod = new Requester.DigestMethodType
{ Algorithm = "Algorithm" },
DigestValue = cert.GetCertHash()
};signature.SignatureValue = cert.GetPublicKey();
signature.KeyInfo = new Requester.KeyInfoType
{X509Data = new Requester.X509DataType
{X509IssuerSerial = new Requester.X509IssuerSerialType
{X509IssuerName = cert.IssuerName.Name,
X509SerialNumber = cert.GetSerialNumberString()
},
X509Certificate = cert.RawData
} };return signature;
}public Verifier.SignatureType SignatureVerifier()
{X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.DefaultKeySet);
Verifier.SignatureType signature = new Verifier.SignatureType();
signature.SignedInfo = new Verifier.SignedInfoType();
signature.SignedInfo.CanonicalizationMethod = new Verifier.CanonicalizationMethodType();
signature.SignedInfo.CanonicalizationMethod.Algorithm = "Algorithm";
signature.SignedInfo.SignatureMethod = new Verifier.SignatureMethodType();
signature.SignedInfo.SignatureMethod.Algorithm = "Algorithm";
signature.SignedInfo.Reference = new Verifier.ReferenceType
{DigestMethod = new Verifier.DigestMethodType
{ Algorithm = "Algorithm" },
DigestValue = cert.GetCertHash()
};signature.SignatureValue = cert.GetPublicKey();
signature.KeyInfo = new Verifier.KeyInfoType
{X509Data = new Verifier.X509DataType
{X509IssuerSerial = new Verifier.X509IssuerSerialType
{X509IssuerName = cert.IssuerName.Name,
X509SerialNumber = cert.GetSerialNumberString()
},
X509Certificate = cert.RawData
} };return signature;
}public Downloader.SignatureType SignatureDownloader() {
X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.DefaultKeySet);
Downloader.SignatureType signature = new Downloader.SignatureType();
signature.SignedInfo = new Downloader.SignedInfoType();
signature.SignedInfo.CanonicalizationMethod = new Downloader.CanonicalizationMethodType();
signature.SignedInfo.CanonicalizationMethod.Algorithm = "Algorithm";
signature.SignedInfo.SignatureMethod = new Downloader.SignatureMethodType();
signature.SignedInfo.SignatureMethod.Algorithm = "Algorithm";
signature.SignedInfo.Reference = new Downloader.ReferenceType
{DigestMethod = new Downloader.DigestMethodType
{ Algorithm = "Algorithm" },
DigestValue = cert.GetCertHash()
};signature.SignatureValue = cert.GetPublicKey();
signature.KeyInfo = new Downloader.KeyInfoType
{X509Data = new Downloader.X509DataType
{X509IssuerSerial = new Downloader.X509IssuerSerialType
{X509IssuerName = cert.IssuerName.Name,
X509SerialNumber = cert.GetSerialNumberString()
},
X509Certificate = cert.RawData
} };return signature;
} }}private Verifier.VerificaSolicitudDescargaMasivaTercero Request()
{ string path, password;path = @"C:\FielHerculesPFX\CSI121206SP0.pfx";
password = "23456789";
Verifier.VerificaSolicitudDescargaMasivaTercero request = new Verifier.VerificaSolicitudDescargaMasivaTercero();
request.IdSolicitud = id;
request.RfcSolicitante = "CSI121206SP0";
request.Signature = new Signer(path, password).SignatureVerifier();
return request;
}private Downloader.PeticionDescargaMasivaTerceros Request(string packageId)
{ string path, password;path = @"C:\FielHerculesPFX\CSI121206SP0.pfx";
password = "23456789";
Downloader.PeticionDescargaMasivaTerceros request = new Downloader.PeticionDescargaMasivaTerceros();
request.IdPaquete = packageId;
request.RfcSolicitante = "CSI121206SP0";
request.Signature = new Signer(path, password).SignatureDownloader();
return request;
}<bindings>
<basicHttpBinding>
<binding name="basicHttp"
allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISolicitaDescargaService" maxBufferSize="1073741824"
maxReceivedMessageSize="1073741824">
<security mode="Transport" />
</binding>
<binding name="BasicHttpBinding_IVerificaSolicitudDescargaService" maxBufferSize="1073741824"
maxReceivedMessageSize="1073741824">
<security mode="Transport" />
</binding>
<binding name="BasicHttpBinding_IDescargaMasivaTercerosService" maxBufferSize="1073741824"
maxReceivedMessageSize="1073741824">
<security mode="Transport" />
</binding>
<binding name="BasicHttpBinding_IAutenticacion" maxBufferSize="1073741824"
maxReceivedMessageSize="1073741824">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
private void ProcessFile(Stream package)
{using (System.IO.FileStream output = new System.IO.FileStream(@"d:\\docs\\arcvhivo.zip" ), FileMode.Create))
{package.CopyTo(output);
}}private void ProcessFile(Stream package)
{ // Do something here
var fileStream = File.Create("C:\\sat-output\\CSI121206SP0_" + new Random().Next(0, 1000000).ToString() + ".zip");
// package.Seek(0, SeekOrigin.Begin);
package.CopyTo(fileStream);
fileStream.Close();
}Excepción no controlada del tipo 'System.ServiceModel.Security.MessageSecurityException' en mscorlib.dll
Información adicional: La marca de tiempo de seguridad no es válida porque la hora de creación ('2018-09-18T03:47:39.529Z') es una hora futura. La hora actual es '2018-09-18T03:42:26.647Z' y el sesgo de reloj permitido es '00:05:00'.
public static string ObtenCertificado(string emisorRfc)
{using (var unidadTrabajo1 = new UnidadTrabajo())
{var sello = unidadTrabajo1.Sello.Buscar(r => r.RFC == emisorRfc).FirstOrDefault();
return Convert.ToBase64String(sello.Certificado);
}}public static string ObtenKey(string emisorRfc)
{using (var unidadTrabajo1 = new UnidadTrabajo())
{var sello = unidadTrabajo1.Sello.Buscar(r => r.RFC == emisorRfc).FirstOrDefault();
return Convert.ToBase64String(sello.Llave);
}}public static byte[] CerKey2Pfx(string cerText, string keyText, string keyPass)
{try
{byte[] pfxBytes = null;
var certificado = new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(cerText));
var pllavePrivada = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(keyPass.ToCharArray(), Convert.FromBase64String(keyText));
var certificadoBC = new Org.BouncyCastle.X509.X509Certificate(Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificado).CertificateStructure);
var acertificadoBC = new Org.BouncyCastle.Pkcs.X509CertificateEntry[1];
acertificadoBC[0] = new Org.BouncyCastle.Pkcs.X509CertificateEntry(certificadoBC);
var pfxStore = new Org.BouncyCastle.Pkcs.Pkcs12Store();
pfxStore.SetKeyEntry("", new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(pllavePrivada), acertificadoBC);
using (var pfxStream = new MemoryStream())
{pfxStore.Save(pfxStream, keyPass.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom());
pfxBytes = pfxStream.ToArray();
}var resultado = Org.BouncyCastle.Pkcs.Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes, keyPass.ToCharArray());
return resultado;
}catch (Exception ex)
{RegistraError(ex);
return null;
}}Dim cer As String = Convert.ToBase64String(IO.File.ReadAllBytes(pathcer))
Dim key As String = Convert.ToBase64String(IO.File.ReadAllBytes(pathkey))
Dim keyBytes As Byte() = Convert.FromBase64String(pathkey)
Dim certificado = New System.Security.Cryptography.X509Certificates.X509Certificate2(cer)
Dim pllavePrivada = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(keypass.ToCharArray(), keyBytes)
Dim certificadoBC = New Org.BouncyCastle.X509.X509Certificate(Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificado).CertificateStructure)
//ERROR
Dim acertificadoBC As Org.BouncyCastle.X509.X509Certificate = Org.BouncyCastle.Pkcs.X509CertificateEntry[1]
acertificadoBC(0) = New Org.BouncyCastle.Pkcs.X509CertificateEntry(certificadoBC)
string path, password;if (args.Length == 0)
{path = @"C:\FielHerculesPFX\CSI121206SP0.pfx";
password = "23456789";
}else
{path = args[0];
password = args[1];
}
<binding closeTimeout="00:20:00"
openTimeout="00:30:00" receiveTimeout="00:30:00" sendTimeout="00:30:00"
allowCookies="false" bypassProxyOnLocal="false" maxBufferPoolSize="33554432"
maxReceivedMessageSize="33554432" useDefaultWebProxy="true" />