none
digitally sign soap body RRS feed

  • Question

  • I have to make a soap request to a webservice.I have the request but it asks to be digitally signed (only the soap body).

    <soap:Envelope
    xmlns:soap="http://www.w3.org/2001/12/soap-envelope"
    soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding">

    <soap:Body xmlns:m="http://www.example.org/stock">
      data to be signed
    </soap:Body>

    </soap:Envelope>

    What i have to do is sign the body with the certificate .It also asks to send the token use to sign(x509 certificate) in the request header.

    I made some tests but nothing good so far.Any advice would be great.

    http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature

    I tried smth similar

    Friday, February 8, 2013 8:32 PM

All replies

  • Any help?

    I tried a request like this:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:idp="http://fw3rd.services.telefonica.es/services/IDP" xmlns:spg="http://mesv5.tme.com/spg180">
       <soapenv:Header>
       <wsse:Security xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >

    <wsse:BinarySecurityToken
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    wsu:Id="x509cert00">.......</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
             <ds:SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ds:Reference URI="#Body">
                   <ds:Transforms>
                      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:Transforms>
                   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                   <ds:DigestValue>..........</ds:DigestValue>
                </ds:Reference>
             </ds:SignedInfo>
             <ds:SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">........</ds:SignatureValue>
             <ds:KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference>
          <wsse:Reference URI="#x509cert00" />                   
        </wsse:SecurityTokenReference>
       </ds:KeyInfo>
          </ds:Signature>
          </wsse:Security>
          <idp:IDPHeader>
             <!--Optional:-->
             <serviceProviderId>?</serviceProviderId>
             <!--Optional:-->
             <autoProvisioning>?</autoProvisioning>
          </idp:IDPHeader>
       </soapenv:Header>
       <soapenv:Body wsu:Id="Body">
          <spg:chargeEvent>
             <!--Optional:-->
             <spg:subject_type>?</spg:subject_type>
             <!--Optional:-->
             <spg:subject>?</spg:subject>
             <!--Optional:-->
             <spg:correlationId>?</spg:correlationId>
             <!--Optional:-->
             <spg:serviceId>?</spg:serviceId>
             <!--Optional:-->
             <spg:content_selector>?</spg:content_selector>
             <!--Optional:-->
             <spg:content_value>?</spg:content_value>
             <!--Optional:-->
             <spg:platformId>?</spg:platformId>
             <!--Optional:-->
             <spg:default_profile>?</spg:default_profile>
             <!--Optional:-->
             <spg:charging_info>?</spg:charging_info>
          </spg:chargeEvent>
       </soapenv:Body>
    </soapenv:Envelope>

    But I get invalid signature when trying it even if when test the signature in code it says that it is valid.

    In their docum. they also specify a policy:

    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"

    xmlns:wssp="http://www.bea.com/wls90/security/policy"

    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

    wsu:Id="SignBody">

    <ExactlyOne xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">

    <All>

     <wssp:Integrity SignToken="false"

    xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part"

    xmlns:wssp="http://www.bea.com/wls90/security/policy"

    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

    <wssp:SignatureAlgorithm

    URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

    <wssp:CanonicalizationAlgorithm

    URI="http://www.w3.org/2001/10/xml-exc-c14n#"/>

    <wssp:Target>

    <wssp:DigestAlgorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"/>

    <wssp:MessageParts Dia-

    lect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>

    </wssp:Target>

    <wssp:SupportedTokens>

    <wssp:SecurityToken IncludeInMessage="true" Token-

    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">

    </wssp:SecurityToken>

    </wssp:SupportedTokens>

    </wssp:Integrity>

    </All>

    </ExactlyOne>

    </wsp:Policy>

    Not sure if how this should be used....Thanks

    Tuesday, February 12, 2013 9:39 AM