Soap signature with WebServicesClientProtocol and sha256

Question

I am trying to implement a SOAP client using Web reference. Resulting signature is valid but uses sha1 algorithm.

Is there a way how to use sha256 instead?

Several solutions can be found but they all work with XmlDocument (SignedXml) directly.

Following code sets SignatureMethod to sha256 but sha1 is used anyway.

var client = new EetRef.EETService();// Inherits from Microsoft.Web.Services3.WebServicesClientProtocol
var cert = new X509Certificate2("01000004.p12", "eet");
var token = new X509SecurityToken(cert);
var messageToken = new MessageSignature(token);
//Trying to register sha256 provider.
CryptoConfig.AddAlgorithm(typeof(RsaPkCs1Sha256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
//messageToken.SignedInfo.SignatureMethod is null
messageToken.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
client.RequestSoapContext.Security.Tokens.Add(token);
client.RequestSoapContext.Security.Elements.Add(messageToken);
client.CallSomeMethod();

Resulting soap:Header

<soap:Header>
    <wsa:Action wsu:Id="Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">http://fs.mfcr.cz/eet/OdeslaniTrzby</wsa:Action>
    <wsa:MessageID wsu:Id="Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">urn:uuid:575cf2f5-296b-4dff-ab3d-0d3bf75c72a5</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
      <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To wsu:Id="Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">https://pg.eet.cz/eet/services/EETServiceSOAP/v2</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
        <wsu:Created>2016-08-21T17:53:50Z</wsu:Created>
        <wsu:Expires>2016-08-21T17:58:50Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1">MIID7DCCAtSgAwIBAgIEAQAABDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJDWjEaMBgGA1UEAwwRR0ZSIEVFVCB0ZXN0IENBIDExLTArBgNVBAoMJEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTAeFw0xNjA1MTkxMjQ4MjVaFw0xODA1MTkxMjQ4MjVaMFQxCzAJBgNVBAYTAkNaMRMwEQYDVQQDDApDWjAwMDAwMDE5MRowGAYDVQQKDBFQcsOhdm5pY2vDoSBvc29iYTEUMBIGA1UEBRMLVDAwMDAwMDAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCIfnLl3YjNyxM3y2FAVovKQMetfyyj/lfLY3DoN1z/8gaVRfcqTZbwh9Btg0HafSmrWBvfgjEC/pG9HNawYZ9nPE+WIP9bXkoOfDTmmVtX4n6OLi2Di+U7+FmPJzykV0ujsOsfcGnQ0f63xZYoGJIwLJuz3gmAF//DfnOeTT7OUZeOKobBSYkQOKv1j05QqQZ7HP+5oq7+hNylFrjuEi5OAeVgJAYScE4COvcpqPKpb7OeR9f78knYFffg5zp/6bi6qkP5uGYEuuQvbW1mATjoqbAWz8c7HNA56uNFlz8V+z9bL0f/xwQjgy4d+5qelTX46tq0vJ2XM9dJaF8ytJAgMBAAGjgcEwgb4wHgYDVR0RBBcwFYETZXBvZHBvcmFAZnMubWZjci5jejAfBgNVHSMEGDAWgBR6WvwNy+w2pg3aaRlmjJvvgsOpNDAdBgNVHQ4EFgQU8oKPLNlNY0/h8jWEmz3EZ1O3bBMwTAYDVR0gBEUwQzBBBgpghkgBZQMCATACMDMwMQYIKwYBBQUHAgIwJRojVGVudG8gY2VydGlmaWthdCBKRSBQT1VaRSBURVNUT1ZBQ0kwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBCwUAA4IBAQBVulEYg6noEHqAW3DfNWLvW9XdHFZQj3L5EE3Nwdd0CtMZm4/RZ/CvSENkk+GWv0YCUqHPJzhcKs0NETMKW7L6CI+hY17rD5SHhuoCYzSMlcuMA6gZJr8wIxSWerQrvuZ4uAUMistWG9cgwETZjkGU9JK+H98wdAm2co7WaRweDsNx04aSXagUMDAmRY/jNe7c8/HvwIdnXftbIl56wbYlYiCIG2qS+6lVO+09EIEP40kz1PXlqFZbPLCSlT2YsYiqizfkCX/Ka+AebJykAQ3pOqD6PQ+Y2AMAIRX8AypcN6Yj9p+oof9rda8boA8rA7wwzlJs/+ipWt2ceqPPuL9x</wsse:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
          <Reference URI="#Id-9ef8e35c-6107-4d31-83ba-6006b0e76557">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>9NhSyQ67wzxd4lwaG+0PL6ztgMs=</DigestValue>
          </Reference>
          <Reference URI="#Id-7e6b8643-0760-4356-8062-c914a2b0b5a9">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>cLktOiRAwoDSlKMMM8++gqc/TS8=</DigestValue>
          </Reference>
          <Reference URI="#Id-abc8e30a-5a23-49c6-9ac3-d53c652e21e1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>iOJ6axh+PU+ciOe+rSKpJbjlw9w=</DigestValue>
          </Reference>
          <Reference URI="#Id-d8a0047e-48f2-4bd7-8d16-c89ff1cdf128">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>yoaPc5P0gQPQipRira4FPlbUZlY=</DigestValue>
          </Reference>
          <Reference URI="#Timestamp-9a3390ec-8f6d-4bf9-8d8f-b3d591ff599f">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>eE1zIA5xoOnHWWbdb90X2bylySs=</DigestValue>
          </Reference>
          <Reference URI="#Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>8iCvJtbGDPGtZ60+mwZof++5ym4=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>Hy8yVARA8FIUxXfxkGU3i3zp2CZN4xREGrdEY4RQxC11rwrX8+i1hkwkE/KapH97iFcx4ryBF9sy+K64SoDEndmAipgHcdeZhbixBKVno7eLPnnaKtSQf6YGRgaOcvLdf/ELwYNXQa5fMbBmlL5rX15fXhPhjEJagMidppiDCLy48MGfd3fGJEwAlu5I2hh8jjumzJuuzk7pLB7oY9sCArcNCFDY2FSHgnnFEDT0krHnmYUePJZ8qjSrZ44D0YdChC07l9GpXLaNxVklMIRqpa3ALjohVV7bkFSskbs+to8ueXq6cUX3kwUiRTyf3lHxKfVjLAX16fEbguHiZVHa3A==</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-6d5709b8-0ba3-413a-ba48-942ad6e763f1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-a5b17a91-2f27-4bb2-baa5-0f5afe812ace">
  ...

The certificate is a playground certificate and can be downloaded from http://www.etrzby.cz/assets/cs/prilohy/CA_PG_v1.zip (The certificate supports SHA256)

Answer 1

To anyone who is working on implementing EET (in Czech Republic). I did not find a solution using a Web reference.

But there is an Apache licenced library on Github:

https://github.com/l-ra/openeet