axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shyam Shukla " <shyam_shu...@persistent.co.in>
Subject RE: Calculating the DigestValue over a URI
Date Wed, 06 Dec 2006 04:52:54 GMT
Werner,

 

You meant I should look at the source code of xmlsec library??

 

Best Regards,
Shyam Shukla


  _____  

From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] 
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI

 

Well, "use the source" :-)

 

The computation of all these digests are part of the xmlsec library.

 

Regards,

Werner

 

 


  _____  


Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in] 
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI

Hi All,

 

I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig>   and my findings are as below as per
this document:

For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-

1.	Extract the portion of the document indicated in the <Reference>. 
2.	Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html>  the extract. 
3.	Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest). 
4.	Convert the binary digest to Base-64 and insert into <DigestValue> 

My question is not about how the digest is calculated, but on what. For
example,

<Header>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
                <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <Reference URI="#Body">
                    <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue />
                </Reference>
            </SignedInfo>
            <SignatureValue />
            <KeyInfo>
                <X509Data>
                    <X509Certificate />
                </X509Data>
            </KeyInfo>
        </Signature>
    </Header>
    <Body Id="Body">
        <Timestamp>2006-May-04 20:16:21</Timestamp>
    </Body>

So as per the rule, results at each step are:

   1- <Body Id="Body">
        <Timestamp>2006-May-04 20:16:21</Timestamp>
       </Body>

2-     <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>

3-     The SHA1 on the data of step2

4-     hI2M81Ns4JNPVeHVlBaxOtu8HPY=

I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".

Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?

 

Best Regards,
Shyam Shukla

DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails. 


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent
Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it
is addressed. If you are not the intended recipient, you are not authorized to read, retain,
copy, print, distribute or use this message. If you have received this communication in error,
please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd.
does not accept any liability for virus infected mails.

Mime
View raw message