Loading ...
Sorry, an error occurred while loading the content.

Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?

Expand Messages
  • ahooi99
    I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my
    Message 1 of 9 , Apr 19, 2010
    • 0 Attachment
      I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my soap message from my code in runtime, get the private key from my digital certificate using X509Certificates2.

      I did not use any WSE1.0, WSE2.0 or WSE3.0

      1. Axis does provides the WSDL

      2. The WS provider does generate a sample soap message based on my private key file given which I have converted from .PKCS to .JKS format. I try to post the sample soap message to the Axis server and can be validated. Thus, the sample digest value and signature value is correct. Based on the sample link above, I can see the digest value is identical with the sample soap message generated by WS provider, but not signature value.

      3. No. Only "XML Signature Value is not Valid"

      Appreciate for your hints.

      Thank you.

      --- In soapbuilders@yahoogroups.com, "dougb62" <douglas.r.bunting@...> wrote:
      >
      >
      >
      > - Was the .NET 3.5 client generated from WSDL for the Axis service?
      > - What is the configuration (app.config or web.config contents) for the .NET 3.5 client?
      > - Why are you confident the digest is correct?
      > - Does Axix provide any more detail on the failure than "XML Signature is not valid?"
      > - Do you have example messages that work and fail to share?
      >
      > thanx,
      > doug
      >
      > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
      > >
      > > Hi,
      > >
      > > My WS provider is built on Apache Axis, and my soap client is on MS.NET 3.5. I need to create the soap message, generate the digest value and sign the message to generate the digital signature.
      > >
      > > I managed to generate the correct digest value, however no luck on the signature value. The WS provider keeps on saying "XML Signature is Not Valid!"
      > >
      > > Is there any interoperability between Apache Axis and MS.net for this? Or do I miss any steps on my .net client?
      > >
      > > Willing for your guidance. Thank you.
      > >
      >
    • yaron.naveh
      I agree you should publish here a sample working and failing soap. Also in ws-security the Id attribute of the encrypted element should be under the
      Message 2 of 9 , Apr 20, 2010
      • 0 Attachment
        I agree you should publish here a sample working and failing soap.

        Also in ws-security the Id attribute of the encrypted element should be under the "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" namespace.  With .Net plain vanila signatures it is under the empty namespace instead.

        I would additionally suggest to try and verify the message with .Net code, just to check if you may have changed something in the formatting / whitespace before sending.

        Yaron Naveh


        --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
        >
        > I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my soap message from my code in runtime, get the private key from my digital certificate using X509Certificates2.
        >
        > I did not use any WSE1.0, WSE2.0 or WSE3.0
        >
        > 1. Axis does provides the WSDL
        >
        > 2. The WS provider does generate a sample soap message based on my private key file given which I have converted from .PKCS to .JKS format. I try to post the sample soap message to the Axis server and can be validated. Thus, the sample digest value and signature value is correct. Based on the sample link above, I can see the digest value is identical with the sample soap message generated by WS provider, but not signature value.
        >
        > 3. No. Only "XML Signature Value is not Valid"
        >
        > Appreciate for your hints.
        >
        > Thank you.
        >
        > --- In soapbuilders@yahoogroups.com, "dougb62" douglas.r.bunting@ wrote:
        > >
        > >
        > >
        > > - Was the .NET 3.5 client generated from WSDL for the Axis service?
        > > - What is the configuration (app.config or web.config contents) for the .NET 3.5 client?
        > > - Why are you confident the digest is correct?
        > > - Does Axix provide any more detail on the failure than "XML Signature is not valid?"
        > > - Do you have example messages that work and fail to share?
        > >
        > > thanx,
        > > doug
        > >
        > > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
        > > >
        > > > Hi,
        > > >
        > > > My WS provider is built on Apache Axis, and my soap client is on MS.NET 3.5. I need to create the soap message, generate the digest value and sign the message to generate the digital signature.
        > > >
        > > > I managed to generate the correct digest value, however no luck on the signature value. The WS provider keeps on saying "XML Signature is Not Valid!"
        > > >
        > > > Is there any interoperability between Apache Axis and MS.net for this? Or do I miss any steps on my .net client?
        > > >
        > > > Willing for your guidance. Thank you.
        > > >
        > >
        >
      • Doug Bunting (WSSP)
        I would also suggest using Windows Communication Foundation (WCF) rather than the low-level .NET security APIs. WCF is the .NET component for Web services
        Message 3 of 9 , Apr 20, 2010
        • 0 Attachment

          I would also suggest using Windows Communication Foundation (WCF) rather than the low-level .NET security APIs.  WCF is the .NET component for Web services interoperability.  It replaced WSE.

           

          If you share your Axis configuration, I suspect some on this list could provide the corresponding WCF configuration.  Otherwise we’ll have to make predictions based on the working messages.

           

          thanx,

              doug

           

          From: soapbuilders@yahoogroups.com [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
          Sent: Tuesday, 20 April, 2010 08:05
          To: soapbuilders@yahoogroups.com
          Subject: [soapbuilders] Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?

           

           

          I agree you should publish here a sample working and failing soap.

           

          Also in ws-security the Id attribute of the encrypted element should be under the "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" namespace.  With .Net plain vanila signatures it is under the empty namespace instead.

           

          I would additionally suggest to try and verify the message with .Net code, just to check if you may have changed something in the formatting / whitespace before sending.

           

          Yaron Naveh

           


          --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
          >
          > I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my soap message from my code in runtime, get the private key from my digital certificate using X509Certificates2.
          >
          > I did not use any WSE1.0, WSE2.0 or WSE3.0
          >
          > 1. Axis does provides the WSDL
          >
          > 2. The WS provider does generate a sample soap message based on my private key file given which I have converted from .PKCS to .JKS format. I try to post the sample soap message to the Axis server and can be validated. Thus, the sample digest value and signature value is correct. Based on the sample link above, I can see the digest value is identical with the sample soap message generated by WS provider, but not signature value.
          >
          > 3. No. Only "XML Signature Value is not Valid"
          >
          > Appreciate for your hints.
          >
          > Thank you.
          >
          > --- In soapbuilders@yahoogroups.com, "dougb62" douglas.r.bunting@ wrote:
          > >
          > >
          > >
          > > - Was the .NET 3.5 client generated from WSDL for the Axis service?
          > > - What is the configuration (app.config or web.config contents) for the .NET 3.5 client?
          > > - Why are you confident the digest is correct?
          > > - Does Axix provide any more detail on the failure than "XML Signature is not valid?"
          > > - Do you have example messages that work and fail to share?
          > >
          > > thanx,
          > > doug
          > >
          > > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
          > > >
          > > > Hi,
          > > >
          > > > My WS provider is built on Apache Axis, and my soap client is on MS.NET 3.5. I need to create the soap message, generate the digest value and sign the message to generate the digital signature.
          > > >
          > > > I managed to generate the correct digest value, however no luck on the signature value. The WS provider keeps on saying "XML Signature is Not Valid!"
          > > >
          > > > Is there any interoperability between Apache Axis and MS.net for this? Or do I miss any steps on my .net client?
          > > >
          > > > Willing for your guidance. Thank you.
          > > >
          > >
          >

        • ahooi99
          Here is the required format in the soap message.
          Message 4 of 9 , Apr 20, 2010
          • 0 Attachment
            Here is the required format in the soap message.

            <soapenv:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><SOAP-SEC:Signature soapenv:actor="" soapenv:mustUnderstand="0"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#Body"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJxtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoETIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</ds:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><soapenv:Body Id="Body"><ABIRequest soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIReq href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC xsi:type="soapenc:string">null</NVIC><chassisNo xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode xsi:type="soapenc:string">222</compCode><insRefNo xsi:type="soapenc:string">235001</insRefNo><polEffDate xsi:type="soapenc:string">01012008</polEffDate><userId xsi:type="soapenc:string">myId</userId><vehCC xsi:type="soapenc:string">1499</vehCC><vehClass xsi:type="soapenc:string">04</vehClass><vehMake xsi:type="soapenc:string">23</vehMake><vehModel xsi:type="soapenc:string">99</vehModel><vehRegNo xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></soapenv:Envelope>


            --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)" <douglas.r.bunting@...> wrote:
            >
            > I would also suggest using Windows Communication Foundation (WCF) rather than the low-level .NET security APIs. WCF is the .NET component for Web services interoperability. It replaced WSE.
            >
            > If you share your Axis configuration, I suspect some on this list could provide the corresponding WCF configuration. Otherwise we'll have to make predictions based on the working messages.
            >
            > thanx,
            > doug
            >
            > From: soapbuilders@yahoogroups.com [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
            > Sent: Tuesday, 20 April, 2010 08:05
            > To: soapbuilders@yahoogroups.com
            > Subject: [soapbuilders] Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?
            >
            >
            > I agree you should publish here a sample working and failing soap.
            >
            > Also in ws-security the Id attribute of the encrypted element should be under the "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" namespace. With .Net plain vanila signatures it is under the empty namespace instead.
            >
            > I would additionally suggest to try and verify the message with .Net code, just to check if you may have changed something in the formatting / whitespace before sending.
            >
            > Yaron Naveh
            > Web Services Security Blog<http://webservices20.blogspot.com/>
            >
            >
            > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com>, "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
            > >
            > > I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my soap message from my code in runtime, get the private key from my digital certificate using X509Certificates2.
            > >
            > > I did not use any WSE1.0, WSE2.0 or WSE3.0
            > >
            > > 1. Axis does provides the WSDL
            > >
            > > 2. The WS provider does generate a sample soap message based on my private key file given which I have converted from .PKCS to .JKS format. I try to post the sample soap message to the Axis server and can be validated. Thus, the sample digest value and signature value is correct. Based on the sample link above, I can see the digest value is identical with the sample soap message generated by WS provider, but not signature value.
            > >
            > > 3. No. Only "XML Signature Value is not Valid"
            > >
            > > Appreciate for your hints.
            > >
            > > Thank you.
            > >
            > > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com>, "dougb62" douglas.r.bunting@ wrote:
            > > >
            > > >
            > > >
            > > > - Was the .NET 3.5 client generated from WSDL for the Axis service?
            > > > - What is the configuration (app.config or web.config contents) for the .NET 3.5 client?
            > > > - Why are you confident the digest is correct?
            > > > - Does Axix provide any more detail on the failure than "XML Signature is not valid?"
            > > > - Do you have example messages that work and fail to share?
            > > >
            > > > thanx,
            > > > doug
            > > >
            > > > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com>, "ahooi99" <ahooi99@> wrote:
            > > > >
            > > > > Hi,
            > > > >
            > > > > My WS provider is built on Apache Axis, and my soap client is on MS.NET 3.5. I need to create the soap message, generate the digest value and sign the message to generate the digital signature.
            > > > >
            > > > > I managed to generate the correct digest value, however no luck on the signature value. The WS provider keeps on saying "XML Signature is Not Valid!"
            > > > >
            > > > > Is there any interoperability between Apache Axis and MS.net for this? Or do I miss any steps on my .net client?
            > > > >
            > > > > Willing for your guidance. Thank you.
            > > > >
            > > >
            > >
            >
          • yaron.naveh
            What is the format you actually send? Not sure WCF will help here as the message uses rpc/encoded format. Yaron NavehWeb Services Security Blog
            Message 5 of 9 , Apr 20, 2010
            • 0 Attachment
              What is the format you actually send?

              Not sure WCF will help here as the message uses rpc/encoded format.

              Yaron Naveh


              --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
              >
              > Here is the required format in the soap message.
              >
              > <soapenv:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><SOAP-SEC:Signature soapenv:actor="" soapenv:mustUnderstand="0"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#Body"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJxtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoETIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</ds:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><soapenv:Body Id="Body"><ABIRequest soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIReq href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC xsi:type="soapenc:string">null</NVIC><chassisNo xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode xsi:type="soapenc:string">222</compCode><insRefNo xsi:type="soapenc:string">235001</insRefNo><polEffDate xsi:type="soapenc:string">01012008</polEffDate><userId xsi:type="soapenc:string">myId</userId><vehCC xsi:type="soapenc:string">1499</vehCC><vehClass xsi:type="soapenc:string">04</vehClass><vehMake xsi:type="soapenc:string">23</vehMake><vehModel xsi:type="soapenc:string">99</vehModel><vehRegNo xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></soapenv:Envelope>
              >
              >
              > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)" douglas.r.bunting@ wrote:
              > >
              > > I would also suggest using Windows Communication Foundation (WCF) rather than the low-level .NET security APIs. WCF is the .NET component for Web services interoperability. It replaced WSE.
              > >
              > > If you share your Axis configuration, I suspect some on this list could provide the corresponding WCF configuration. Otherwise we'll have to make predictions based on the working messages.
              > >
              > > thanx,
              > > doug
              > >
              > > From: soapbuilders@yahoogroups.com [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
              > > Sent: Tuesday, 20 April, 2010 08:05
              > > To: soapbuilders@yahoogroups.com
              > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?
              > >
              > >
              > > I agree you should publish here a sample working and failing soap.
              > >
              > > Also in ws-security the Id attribute of the encrypted element should be under the "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" namespace. With .Net plain vanila signatures it is under the empty namespace instead.
              > >
              > > I would additionally suggest to try and verify the message with .Net code, just to check if you may have changed something in the formatting / whitespace before sending.
              > >
              > > Yaron Naveh
              > > Web Services Security Blog<http://webservices20.blogspot.com/>
              > >
              > >
              > > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
              > > >
              > > > I am following this example (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest message and sign the soap message. Of course, I generate my soap message from my code in runtime, get the private key from my digital certificate using X509Certificates2.
              > > >
              > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
              > > >
              > > > 1. Axis does provides the WSDL
              > > >
              > > > 2. The WS provider does generate a sample soap message based on my private key file given which I have converted from .PKCS to .JKS format. I try to post the sample soap message to the Axis server and can be validated. Thus, the sample digest value and signature value is correct. Based on the sample link above, I can see the digest value is identical with the sample soap message generated by WS provider, but not signature value.
              > > >
              > > > 3. No. Only "XML Signature Value is not Valid"
              > > >
              > > > Appreciate for your hints.
              > > >
              > > > Thank you.
              > > >
              > > > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com, "dougb62" douglas.r.bunting@ wrote:
              > > > >
              > > > >
              > > > >
              > > > > - Was the .NET 3.5 client generated from WSDL for the Axis service?
              > > > > - What is the configuration (app.config or web.config contents) for the .NET 3.5 client?
              > > > > - Why are you confident the digest is correct?
              > > > > - Does Axix provide any more detail on the failure than "XML Signature is not valid?"
              > > > > - Do you have example messages that work and fail to share?
              > > > >
              > > > > thanx,
              > > > > doug
              > > > >
              > > > > --- In soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
              > > > > >
              > > > > > Hi,
              > > > > >
              > > > > > My WS provider is built on Apache Axis, and my soap client is on MS.NET 3.5. I need to create the soap message, generate the digest value and sign the message to generate the digital signature.
              > > > > >
              > > > > > I managed to generate the correct digest value, however no luck on the signature value. The WS provider keeps on saying "XML Signature is Not Valid!"
              > > > > >
              > > > > > Is there any interoperability between Apache Axis and MS.net for this? Or do I miss any steps on my .net client?
              > > > > >
              > > > > > Willing for your guidance. Thank you.
              > > > > >
              > > > >
              > > >
              > >
              >
            • ahooi99
              Sorry, but what do you meant by format I send?
              Message 6 of 9 , Apr 20, 2010
              • 0 Attachment
                Sorry, but what do you meant by format I send?


                --- In soapbuilders@yahoogroups.com, "yaron.naveh" <yaronn01@...> wrote:
                >
                > What is the format you actually send?
                > Not sure WCF will help here as the message uses rpc/encoded format.
                > Yaron NavehWeb Services Security Blog
                > <http://webservices20.blogspot.com/>
                >
                > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
                > >
                > > Here is the required format in the soap message.
                > >
                > > <soapenv:Envelope
                > xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
                > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><S\
                > OAP-SEC:Signature soapenv:actor=""
                > soapenv:mustUnderstand="0"><ds:Signature
                > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:Canonic\
                > alizationMethod
                > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
                > /><ds:SignatureMethod
                > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
                > URI="#Body"><ds:DigestMethod
                > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
                > /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Refe\
                > rence></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJ\
                > xtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoE\
                > TIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</d\
                > s:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><s\
                > oapenv:Body Id="Body"><ABIRequest
                > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIRe\
                > q href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0"
                > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
                > xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices"
                > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC
                > xsi:type="soapenc:string">null</NVIC><chassisNo
                > xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode
                > xsi:type="soapenc:string">222</compCode><insRefNo
                > xsi:type="soapenc:string">235001</insRefNo><polEffDate
                > xsi:type="soapenc:string">01012008</polEffDate><userId
                > xsi:type="soapenc:string">myId</userId><vehCC
                > xsi:type="soapenc:string">1499</vehCC><vehClass
                > xsi:type="soapenc:string">04</vehClass><vehMake
                > xsi:type="soapenc:string">23</vehMake><vehModel
                > xsi:type="soapenc:string">99</vehModel><vehRegNo
                > xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft
                > xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></so\
                > apenv:Envelope>
                > >
                > >
                > > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)"
                > douglas.r.bunting@ wrote:
                > > >
                > > > I would also suggest using Windows Communication Foundation (WCF)
                > rather than the low-level .NET security APIs. WCF is the .NET component
                > for Web services interoperability. It replaced WSE.
                > > >
                > > > If you share your Axis configuration, I suspect some on this list
                > could provide the corresponding WCF configuration. Otherwise we'll have
                > to make predictions based on the working messages.
                > > >
                > > > thanx,
                > > > doug
                > > >
                > > > From: soapbuilders@yahoogroups.com
                > [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
                > > > Sent: Tuesday, 20 April, 2010 08:05
                > > > To: soapbuilders@yahoogroups.com
                > > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability
                > issue between Apache Axis and MS.net?
                > > >
                > > >
                > > > I agree you should publish here a sample working and failing soap.
                > > >
                > > > Also in ws-security the Id attribute of the encrypted element should
                > be under the
                > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util\
                > ity-1.0.xsd" namespace. With .Net plain vanila signatures it is under
                > the empty namespace instead.
                > > >
                > > > I would additionally suggest to try and verify the message with .Net
                > code, just to check if you may have changed something in the formatting
                > / whitespace before sending.
                > > >
                > > > Yaron Naveh
                > > > Web Services Security Blog<http://webservices20.blogspot.com/>
                > > >
                > > >
                > > > --- In
                > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                > "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
                > > > >
                > > > > I am following this example
                > (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest
                > message and sign the soap message. Of course, I generate my soap message
                > from my code in runtime, get the private key from my digital certificate
                > using X509Certificates2.
                > > > >
                > > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
                > > > >
                > > > > 1. Axis does provides the WSDL
                > > > >
                > > > > 2. The WS provider does generate a sample soap message based on my
                > private key file given which I have converted from .PKCS to .JKS format.
                > I try to post the sample soap message to the Axis server and can be
                > validated. Thus, the sample digest value and signature value is correct.
                > Based on the sample link above, I can see the digest value is identical
                > with the sample soap message generated by WS provider, but not signature
                > value.
                > > > >
                > > > > 3. No. Only "XML Signature Value is not Valid"
                > > > >
                > > > > Appreciate for your hints.
                > > > >
                > > > > Thank you.
                > > > >
                > > > > --- In
                > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                > "dougb62" douglas.r.bunting@ wrote:
                > > > > >
                > > > > >
                > > > > >
                > > > > > - Was the .NET 3.5 client generated from WSDL for the Axis
                > service?
                > > > > > - What is the configuration (app.config or web.config contents)
                > for the .NET 3.5 client?
                > > > > > - Why are you confident the digest is correct?
                > > > > > - Does Axix provide any more detail on the failure than "XML
                > Signature is not valid?"
                > > > > > - Do you have example messages that work and fail to share?
                > > > > >
                > > > > > thanx,
                > > > > > doug
                > > > > >
                > > > > > --- In
                > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                > "ahooi99" <ahooi99@> wrote:
                > > > > > >
                > > > > > > Hi,
                > > > > > >
                > > > > > > My WS provider is built on Apache Axis, and my soap client is
                > on MS.NET 3.5. I need to create the soap message, generate the digest
                > value and sign the message to generate the digital signature.
                > > > > > >
                > > > > > > I managed to generate the correct digest value, however no
                > luck on the signature value. The WS provider keeps on saying "XML
                > Signature is Not Valid!"
                > > > > > >
                > > > > > > Is there any interoperability between Apache Axis and MS.net
                > for this? Or do I miss any steps on my .net client?
                > > > > > >
                > > > > > > Willing for your guidance. Thank you.
                > > > > > >
                > > > > >
                > > > >
                > > >
                > >
                >
              • yaron.naveh
                What is the soap you actually send? Yaron NavehWeb Services Security Blog ...
                Message 7 of 9 , Apr 23, 2010
                • 0 Attachment
                  What is the soap you actually send?

                  Yaron Naveh

                  --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
                  >
                  > Sorry, but what do you meant by format I send?
                  >
                  >
                  > --- In soapbuilders@yahoogroups.com, "yaron.naveh" yaronn01@ wrote:
                  > >
                  > > What is the format you actually send?
                  > > Not sure WCF will help here as the message uses rpc/encoded format.
                  > > Yaron NavehWeb Services Security Blog
                  > > <http://webservices20.blogspot.com/>
                  > >
                  > > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
                  > > >
                  > > > Here is the required format in the soap message.
                  > > >
                  > > > <soapenv:Envelope
                  > > xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
                  > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                  > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                  > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><S\
                  > > OAP-SEC:Signature soapenv:actor=""
                  > > soapenv:mustUnderstand="0"><ds:Signature
                  > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:Canonic\
                  > > alizationMethod
                  > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
                  > > /><ds:SignatureMethod
                  > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
                  > > URI="#Body"><ds:DigestMethod
                  > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
                  > > /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Refe\
                  > > rence></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJ\
                  > > xtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoE\
                  > > TIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</d\
                  > > s:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><s\
                  > > oapenv:Body Id="Body"><ABIRequest
                  > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIRe\
                  > > q href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0"
                  > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
                  > > xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices"
                  > > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC
                  > > xsi:type="soapenc:string">null</NVIC><chassisNo
                  > > xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode
                  > > xsi:type="soapenc:string">222</compCode><insRefNo
                  > > xsi:type="soapenc:string">235001</insRefNo><polEffDate
                  > > xsi:type="soapenc:string">01012008</polEffDate><userId
                  > > xsi:type="soapenc:string">myId</userId><vehCC
                  > > xsi:type="soapenc:string">1499</vehCC><vehClass
                  > > xsi:type="soapenc:string">04</vehClass><vehMake
                  > > xsi:type="soapenc:string">23</vehMake><vehModel
                  > > xsi:type="soapenc:string">99</vehModel><vehRegNo
                  > > xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft
                  > > xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></so\
                  > > apenv:Envelope>
                  > > >
                  > > >
                  > > > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)"
                  > > douglas.r.bunting@ wrote:
                  > > > >
                  > > > > I would also suggest using Windows Communication Foundation (WCF)
                  > > rather than the low-level .NET security APIs. WCF is the .NET component
                  > > for Web services interoperability. It replaced WSE.
                  > > > >
                  > > > > If you share your Axis configuration, I suspect some on this list
                  > > could provide the corresponding WCF configuration. Otherwise we'll have
                  > > to make predictions based on the working messages.
                  > > > >
                  > > > > thanx,
                  > > > > doug
                  > > > >
                  > > > > From: soapbuilders@yahoogroups.com
                  > > [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
                  > > > > Sent: Tuesday, 20 April, 2010 08:05
                  > > > > To: soapbuilders@yahoogroups.com
                  > > > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability
                  > > issue between Apache Axis and MS.net?
                  > > > >
                  > > > >
                  > > > > I agree you should publish here a sample working and failing soap.
                  > > > >
                  > > > > Also in ws-security the Id attribute of the encrypted element should
                  > > be under the
                  > > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util\
                  > > ity-1.0.xsd" namespace. With .Net plain vanila signatures it is under
                  > > the empty namespace instead.
                  > > > >
                  > > > > I would additionally suggest to try and verify the message with .Net
                  > > code, just to check if you may have changed something in the formatting
                  > > / whitespace before sending.
                  > > > >
                  > > > > Yaron Naveh
                  > > > > Web Services Security Blog<http://webservices20.blogspot.com/>
                  > > > >
                  > > > >
                  > > > > --- In
                  > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                  > > "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
                  > > > > >
                  > > > > > I am following this example
                  > > (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest
                  > > message and sign the soap message. Of course, I generate my soap message
                  > > from my code in runtime, get the private key from my digital certificate
                  > > using X509Certificates2.
                  > > > > >
                  > > > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
                  > > > > >
                  > > > > > 1. Axis does provides the WSDL
                  > > > > >
                  > > > > > 2. The WS provider does generate a sample soap message based on my
                  > > private key file given which I have converted from .PKCS to .JKS format.
                  > > I try to post the sample soap message to the Axis server and can be
                  > > validated. Thus, the sample digest value and signature value is correct.
                  > > Based on the sample link above, I can see the digest value is identical
                  > > with the sample soap message generated by WS provider, but not signature
                  > > value.
                  > > > > >
                  > > > > > 3. No. Only "XML Signature Value is not Valid"
                  > > > > >
                  > > > > > Appreciate for your hints.
                  > > > > >
                  > > > > > Thank you.
                  > > > > >
                  > > > > > --- In
                  > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                  > > "dougb62" douglas.r.bunting@ wrote:
                  > > > > > >
                  > > > > > >
                  > > > > > >
                  > > > > > > - Was the .NET 3.5 client generated from WSDL for the Axis
                  > > service?
                  > > > > > > - What is the configuration (app.config or web.config contents)
                  > > for the .NET 3.5 client?
                  > > > > > > - Why are you confident the digest is correct?
                  > > > > > > - Does Axix provide any more detail on the failure than "XML
                  > > Signature is not valid?"
                  > > > > > > - Do you have example messages that work and fail to share?
                  > > > > > >
                  > > > > > > thanx,
                  > > > > > > doug
                  > > > > > >
                  > > > > > > --- In
                  > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
                  > > "ahooi99" <ahooi99@> wrote:
                  > > > > > > >
                  > > > > > > > Hi,
                  > > > > > > >
                  > > > > > > > My WS provider is built on Apache Axis, and my soap client is
                  > > on MS.NET 3.5. I need to create the soap message, generate the digest
                  > > value and sign the message to generate the digital signature.
                  > > > > > > >
                  > > > > > > > I managed to generate the correct digest value, however no
                  > > luck on the signature value. The WS provider keeps on saying "XML
                  > > Signature is Not Valid!"
                  > > > > > > >
                  > > > > > > > Is there any interoperability between Apache Axis and MS.net
                  > > for this? Or do I miss any steps on my .net client?
                  > > > > > > >
                  > > > > > > > Willing for your guidance. Thank you.
                  > > > > > > >
                  > > > > > >
                  > > > > >
                  > > > >
                  > > >
                  > >
                  >
                Your message has been successfully submitted and would be delivered to recipients shortly.