Loading ...
Sorry, an error occurred while loading the content.

Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?

Expand Messages
  • ahooi99
    Sorry, but what do you meant by format I send?
    Message 1 of 9 , Apr 20, 2010
    • 0 Attachment
      Sorry, but what do you meant by format I send?


      --- In soapbuilders@yahoogroups.com, "yaron.naveh" <yaronn01@...> wrote:
      >
      > What is the format you actually send?
      > Not sure WCF will help here as the message uses rpc/encoded format.
      > Yaron NavehWeb Services Security Blog
      > <http://webservices20.blogspot.com/>
      >
      > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
      > >
      > > Here is the required format in the soap message.
      > >
      > > <soapenv:Envelope
      > xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
      > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
      > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
      > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><S\
      > OAP-SEC:Signature soapenv:actor=""
      > soapenv:mustUnderstand="0"><ds:Signature
      > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:Canonic\
      > alizationMethod
      > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
      > /><ds:SignatureMethod
      > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
      > URI="#Body"><ds:DigestMethod
      > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
      > /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Refe\
      > rence></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJ\
      > xtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoE\
      > TIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</d\
      > s:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><s\
      > oapenv:Body Id="Body"><ABIRequest
      > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIRe\
      > q href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0"
      > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      > xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices"
      > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC
      > xsi:type="soapenc:string">null</NVIC><chassisNo
      > xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode
      > xsi:type="soapenc:string">222</compCode><insRefNo
      > xsi:type="soapenc:string">235001</insRefNo><polEffDate
      > xsi:type="soapenc:string">01012008</polEffDate><userId
      > xsi:type="soapenc:string">myId</userId><vehCC
      > xsi:type="soapenc:string">1499</vehCC><vehClass
      > xsi:type="soapenc:string">04</vehClass><vehMake
      > xsi:type="soapenc:string">23</vehMake><vehModel
      > xsi:type="soapenc:string">99</vehModel><vehRegNo
      > xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft
      > xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></so\
      > apenv:Envelope>
      > >
      > >
      > > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)"
      > douglas.r.bunting@ wrote:
      > > >
      > > > I would also suggest using Windows Communication Foundation (WCF)
      > rather than the low-level .NET security APIs. WCF is the .NET component
      > for Web services interoperability. It replaced WSE.
      > > >
      > > > If you share your Axis configuration, I suspect some on this list
      > could provide the corresponding WCF configuration. Otherwise we'll have
      > to make predictions based on the working messages.
      > > >
      > > > thanx,
      > > > doug
      > > >
      > > > From: soapbuilders@yahoogroups.com
      > [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
      > > > Sent: Tuesday, 20 April, 2010 08:05
      > > > To: soapbuilders@yahoogroups.com
      > > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability
      > issue between Apache Axis and MS.net?
      > > >
      > > >
      > > > I agree you should publish here a sample working and failing soap.
      > > >
      > > > Also in ws-security the Id attribute of the encrypted element should
      > be under the
      > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util\
      > ity-1.0.xsd" namespace. With .Net plain vanila signatures it is under
      > the empty namespace instead.
      > > >
      > > > I would additionally suggest to try and verify the message with .Net
      > code, just to check if you may have changed something in the formatting
      > / whitespace before sending.
      > > >
      > > > Yaron Naveh
      > > > Web Services Security Blog<http://webservices20.blogspot.com/>
      > > >
      > > >
      > > > --- In
      > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
      > > > >
      > > > > I am following this example
      > (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest
      > message and sign the soap message. Of course, I generate my soap message
      > from my code in runtime, get the private key from my digital certificate
      > using X509Certificates2.
      > > > >
      > > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
      > > > >
      > > > > 1. Axis does provides the WSDL
      > > > >
      > > > > 2. The WS provider does generate a sample soap message based on my
      > private key file given which I have converted from .PKCS to .JKS format.
      > I try to post the sample soap message to the Axis server and can be
      > validated. Thus, the sample digest value and signature value is correct.
      > Based on the sample link above, I can see the digest value is identical
      > with the sample soap message generated by WS provider, but not signature
      > value.
      > > > >
      > > > > 3. No. Only "XML Signature Value is not Valid"
      > > > >
      > > > > Appreciate for your hints.
      > > > >
      > > > > Thank you.
      > > > >
      > > > > --- In
      > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > "dougb62" douglas.r.bunting@ wrote:
      > > > > >
      > > > > >
      > > > > >
      > > > > > - Was the .NET 3.5 client generated from WSDL for the Axis
      > service?
      > > > > > - What is the configuration (app.config or web.config contents)
      > for the .NET 3.5 client?
      > > > > > - Why are you confident the digest is correct?
      > > > > > - Does Axix provide any more detail on the failure than "XML
      > Signature is not valid?"
      > > > > > - Do you have example messages that work and fail to share?
      > > > > >
      > > > > > thanx,
      > > > > > doug
      > > > > >
      > > > > > --- In
      > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > "ahooi99" <ahooi99@> wrote:
      > > > > > >
      > > > > > > Hi,
      > > > > > >
      > > > > > > My WS provider is built on Apache Axis, and my soap client is
      > on MS.NET 3.5. I need to create the soap message, generate the digest
      > value and sign the message to generate the digital signature.
      > > > > > >
      > > > > > > I managed to generate the correct digest value, however no
      > luck on the signature value. The WS provider keeps on saying "XML
      > Signature is Not Valid!"
      > > > > > >
      > > > > > > Is there any interoperability between Apache Axis and MS.net
      > for this? Or do I miss any steps on my .net client?
      > > > > > >
      > > > > > > Willing for your guidance. Thank you.
      > > > > > >
      > > > > >
      > > > >
      > > >
      > >
      >
    • yaron.naveh
      What is the soap you actually send? Yaron NavehWeb Services Security Blog ...
      Message 2 of 9 , Apr 23, 2010
      • 0 Attachment
        What is the soap you actually send?

        Yaron Naveh

        --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
        >
        > Sorry, but what do you meant by format I send?
        >
        >
        > --- In soapbuilders@yahoogroups.com, "yaron.naveh" yaronn01@ wrote:
        > >
        > > What is the format you actually send?
        > > Not sure WCF will help here as the message uses rpc/encoded format.
        > > Yaron NavehWeb Services Security Blog
        > > <http://webservices20.blogspot.com/>
        > >
        > > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
        > > >
        > > > Here is the required format in the soap message.
        > > >
        > > > <soapenv:Envelope
        > > xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
        > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
        > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
        > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><S\
        > > OAP-SEC:Signature soapenv:actor=""
        > > soapenv:mustUnderstand="0"><ds:Signature
        > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:Canonic\
        > > alizationMethod
        > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
        > > /><ds:SignatureMethod
        > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
        > > URI="#Body"><ds:DigestMethod
        > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
        > > /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Refe\
        > > rence></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJ\
        > > xtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoE\
        > > TIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</d\
        > > s:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><s\
        > > oapenv:Body Id="Body"><ABIRequest
        > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIRe\
        > > q href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0"
        > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
        > > xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices"
        > > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC
        > > xsi:type="soapenc:string">null</NVIC><chassisNo
        > > xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode
        > > xsi:type="soapenc:string">222</compCode><insRefNo
        > > xsi:type="soapenc:string">235001</insRefNo><polEffDate
        > > xsi:type="soapenc:string">01012008</polEffDate><userId
        > > xsi:type="soapenc:string">myId</userId><vehCC
        > > xsi:type="soapenc:string">1499</vehCC><vehClass
        > > xsi:type="soapenc:string">04</vehClass><vehMake
        > > xsi:type="soapenc:string">23</vehMake><vehModel
        > > xsi:type="soapenc:string">99</vehModel><vehRegNo
        > > xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft
        > > xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></so\
        > > apenv:Envelope>
        > > >
        > > >
        > > > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)"
        > > douglas.r.bunting@ wrote:
        > > > >
        > > > > I would also suggest using Windows Communication Foundation (WCF)
        > > rather than the low-level .NET security APIs. WCF is the .NET component
        > > for Web services interoperability. It replaced WSE.
        > > > >
        > > > > If you share your Axis configuration, I suspect some on this list
        > > could provide the corresponding WCF configuration. Otherwise we'll have
        > > to make predictions based on the working messages.
        > > > >
        > > > > thanx,
        > > > > doug
        > > > >
        > > > > From: soapbuilders@yahoogroups.com
        > > [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
        > > > > Sent: Tuesday, 20 April, 2010 08:05
        > > > > To: soapbuilders@yahoogroups.com
        > > > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability
        > > issue between Apache Axis and MS.net?
        > > > >
        > > > >
        > > > > I agree you should publish here a sample working and failing soap.
        > > > >
        > > > > Also in ws-security the Id attribute of the encrypted element should
        > > be under the
        > > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util\
        > > ity-1.0.xsd" namespace. With .Net plain vanila signatures it is under
        > > the empty namespace instead.
        > > > >
        > > > > I would additionally suggest to try and verify the message with .Net
        > > code, just to check if you may have changed something in the formatting
        > > / whitespace before sending.
        > > > >
        > > > > Yaron Naveh
        > > > > Web Services Security Blog<http://webservices20.blogspot.com/>
        > > > >
        > > > >
        > > > > --- In
        > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
        > > "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
        > > > > >
        > > > > > I am following this example
        > > (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest
        > > message and sign the soap message. Of course, I generate my soap message
        > > from my code in runtime, get the private key from my digital certificate
        > > using X509Certificates2.
        > > > > >
        > > > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
        > > > > >
        > > > > > 1. Axis does provides the WSDL
        > > > > >
        > > > > > 2. The WS provider does generate a sample soap message based on my
        > > private key file given which I have converted from .PKCS to .JKS format.
        > > I try to post the sample soap message to the Axis server and can be
        > > validated. Thus, the sample digest value and signature value is correct.
        > > Based on the sample link above, I can see the digest value is identical
        > > with the sample soap message generated by WS provider, but not signature
        > > value.
        > > > > >
        > > > > > 3. No. Only "XML Signature Value is not Valid"
        > > > > >
        > > > > > Appreciate for your hints.
        > > > > >
        > > > > > Thank you.
        > > > > >
        > > > > > --- In
        > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
        > > "dougb62" douglas.r.bunting@ wrote:
        > > > > > >
        > > > > > >
        > > > > > >
        > > > > > > - Was the .NET 3.5 client generated from WSDL for the Axis
        > > service?
        > > > > > > - What is the configuration (app.config or web.config contents)
        > > for the .NET 3.5 client?
        > > > > > > - Why are you confident the digest is correct?
        > > > > > > - Does Axix provide any more detail on the failure than "XML
        > > Signature is not valid?"
        > > > > > > - Do you have example messages that work and fail to share?
        > > > > > >
        > > > > > > thanx,
        > > > > > > doug
        > > > > > >
        > > > > > > --- In
        > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
        > > "ahooi99" <ahooi99@> wrote:
        > > > > > > >
        > > > > > > > Hi,
        > > > > > > >
        > > > > > > > My WS provider is built on Apache Axis, and my soap client is
        > > on MS.NET 3.5. I need to create the soap message, generate the digest
        > > value and sign the message to generate the digital signature.
        > > > > > > >
        > > > > > > > I managed to generate the correct digest value, however no
        > > luck on the signature value. The WS provider keeps on saying "XML
        > > Signature is Not Valid!"
        > > > > > > >
        > > > > > > > Is there any interoperability between Apache Axis and MS.net
        > > for this? Or do I miss any steps on my .net client?
        > > > > > > >
        > > > > > > > Willing for your guidance. Thank you.
        > > > > > > >
        > > > > > >
        > > > > >
        > > > >
        > > >
        > >
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.