Loading ...
Sorry, an error occurred while loading the content.

Re: Digital Signature - Any interoperability issue between Apache Axis and MS.net?

Expand Messages
  • yaron.naveh
    What is the soap you actually send? Yaron NavehWeb Services Security Blog ...
    Message 1 of 9 , Apr 23, 2010
    • 0 Attachment
      What is the soap you actually send?

      Yaron Naveh

      --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@...> wrote:
      >
      > Sorry, but what do you meant by format I send?
      >
      >
      > --- In soapbuilders@yahoogroups.com, "yaron.naveh" yaronn01@ wrote:
      > >
      > > What is the format you actually send?
      > > Not sure WCF will help here as the message uses rpc/encoded format.
      > > Yaron NavehWeb Services Security Blog
      > > <http://webservices20.blogspot.com/>
      > >
      > > --- In soapbuilders@yahoogroups.com, "ahooi99" <ahooi99@> wrote:
      > > >
      > > > Here is the required format in the soap message.
      > > >
      > > > <soapenv:Envelope
      > > xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
      > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
      > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
      > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><S\
      > > OAP-SEC:Signature soapenv:actor=""
      > > soapenv:mustUnderstand="0"><ds:Signature
      > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:Canonic\
      > > alizationMethod
      > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
      > > /><ds:SignatureMethod
      > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
      > > URI="#Body"><ds:DigestMethod
      > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
      > > /><ds:DigestValue>qXXWRV2N0Un1vjSlgvzHKyS4yfc=</ds:DigestValue></ds:Refe\
      > > rence></ds:SignedInfo><ds:SignatureValue>i12rzM9n0oYvYA+G+ug0NK4D36oUuMJ\
      > > xtKxer1Hp1g5sVLjvwDdgdLJ+mmBN2tdbXBOQhgUNBD12ca1qx9UFvEucsL6C2JUe8/6SgoE\
      > > TIzDrmUJ5qQ9GNfsiMskhBa+Vc1ZRw8eu/EMq48U0X4GFZ6qQvwdT9fWzADbcHZ/t0Ww=</d\
      > > s:SignatureValue></ds:Signature></SOAP-SEC:Signature></soapenv:Header><s\
      > > oapenv:Body Id="Body"><ABIRequest
      > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><ABIRe\
      > > q href="#id0" /></ABIRequest><multiRef id="id0" soapenc:root="0"
      > > soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      > > xsi:type="ns1:ABIRequest" xmlns:ns1="urn:ABIServices"
      > > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><NVIC
      > > xsi:type="soapenc:string">null</NVIC><chassisNo
      > > xsi:type="soapenc:string">JAANPR59PM7102039</chassisNo><compCode
      > > xsi:type="soapenc:string">222</compCode><insRefNo
      > > xsi:type="soapenc:string">235001</insRefNo><polEffDate
      > > xsi:type="soapenc:string">01012008</polEffDate><userId
      > > xsi:type="soapenc:string">myId</userId><vehCC
      > > xsi:type="soapenc:string">1499</vehCC><vehClass
      > > xsi:type="soapenc:string">04</vehClass><vehMake
      > > xsi:type="soapenc:string">23</vehMake><vehModel
      > > xsi:type="soapenc:string">99</vehModel><vehRegNo
      > > xsi:type="soapenc:string">PPA1234</vehRegNo><yearOfMft
      > > xsi:type="soapenc:string">1992</yearOfMft></multiRef></soapenv:Body></so\
      > > apenv:Envelope>
      > > >
      > > >
      > > > --- In soapbuilders@yahoogroups.com, "Doug Bunting (WSSP)"
      > > douglas.r.bunting@ wrote:
      > > > >
      > > > > I would also suggest using Windows Communication Foundation (WCF)
      > > rather than the low-level .NET security APIs. WCF is the .NET component
      > > for Web services interoperability. It replaced WSE.
      > > > >
      > > > > If you share your Axis configuration, I suspect some on this list
      > > could provide the corresponding WCF configuration. Otherwise we'll have
      > > to make predictions based on the working messages.
      > > > >
      > > > > thanx,
      > > > > doug
      > > > >
      > > > > From: soapbuilders@yahoogroups.com
      > > [mailto:soapbuilders@yahoogroups.com] On Behalf Of yaron.naveh
      > > > > Sent: Tuesday, 20 April, 2010 08:05
      > > > > To: soapbuilders@yahoogroups.com
      > > > > Subject: [soapbuilders] Re: Digital Signature - Any interoperability
      > > issue between Apache Axis and MS.net?
      > > > >
      > > > >
      > > > > I agree you should publish here a sample working and failing soap.
      > > > >
      > > > > Also in ws-security the Id attribute of the encrypted element should
      > > be under the
      > > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util\
      > > ity-1.0.xsd" namespace. With .Net plain vanila signatures it is under
      > > the empty namespace instead.
      > > > >
      > > > > I would additionally suggest to try and verify the message with .Net
      > > code, just to check if you may have changed something in the formatting
      > > / whitespace before sending.
      > > > >
      > > > > Yaron Naveh
      > > > > Web Services Security Blog<http://webservices20.blogspot.com/>
      > > > >
      > > > >
      > > > > --- In
      > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > > "ahooi99" <ahooi99@<mailto:ahooi99@>> wrote:
      > > > > >
      > > > > > I am following this example
      > > (http://msdn.microsoft.com/en-us/ms229745.aspx) to generate the digest
      > > message and sign the soap message. Of course, I generate my soap message
      > > from my code in runtime, get the private key from my digital certificate
      > > using X509Certificates2.
      > > > > >
      > > > > > I did not use any WSE1.0, WSE2.0 or WSE3.0
      > > > > >
      > > > > > 1. Axis does provides the WSDL
      > > > > >
      > > > > > 2. The WS provider does generate a sample soap message based on my
      > > private key file given which I have converted from .PKCS to .JKS format.
      > > I try to post the sample soap message to the Axis server and can be
      > > validated. Thus, the sample digest value and signature value is correct.
      > > Based on the sample link above, I can see the digest value is identical
      > > with the sample soap message generated by WS provider, but not signature
      > > value.
      > > > > >
      > > > > > 3. No. Only "XML Signature Value is not Valid"
      > > > > >
      > > > > > Appreciate for your hints.
      > > > > >
      > > > > > Thank you.
      > > > > >
      > > > > > --- In
      > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > > "dougb62" douglas.r.bunting@ wrote:
      > > > > > >
      > > > > > >
      > > > > > >
      > > > > > > - Was the .NET 3.5 client generated from WSDL for the Axis
      > > service?
      > > > > > > - What is the configuration (app.config or web.config contents)
      > > for the .NET 3.5 client?
      > > > > > > - Why are you confident the digest is correct?
      > > > > > > - Does Axix provide any more detail on the failure than "XML
      > > Signature is not valid?"
      > > > > > > - Do you have example messages that work and fail to share?
      > > > > > >
      > > > > > > thanx,
      > > > > > > doug
      > > > > > >
      > > > > > > --- In
      > > soapbuilders@yahoogroups.com<mailto:soapbuilders@yahoogroups.com,
      > > "ahooi99" <ahooi99@> wrote:
      > > > > > > >
      > > > > > > > Hi,
      > > > > > > >
      > > > > > > > My WS provider is built on Apache Axis, and my soap client is
      > > on MS.NET 3.5. I need to create the soap message, generate the digest
      > > value and sign the message to generate the digital signature.
      > > > > > > >
      > > > > > > > I managed to generate the correct digest value, however no
      > > luck on the signature value. The WS provider keeps on saying "XML
      > > Signature is Not Valid!"
      > > > > > > >
      > > > > > > > Is there any interoperability between Apache Axis and MS.net
      > > for this? Or do I miss any steps on my .net client?
      > > > > > > >
      > > > > > > > Willing for your guidance. Thank you.
      > > > > > > >
      > > > > > >
      > > > > >
      > > > >
      > > >
      > >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.