ws-tsik-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Delbrouck" <henri.delbro...@skynet.be>
Subject RE: java and .net interoperability
Date Wed, 21 Dec 2005 20:40:12 GMT
Hans, thank you for your reply.

The java client I wrote uses similar functions as in wssecurity.java to sign
successfully the message. I only sign the body (no timestamp). Can you tell
me what part of the message is signed when we use wssecurity.jar.
I now use the new namespaces as defined in OASIS 1.0. 

The .net client generates the following xml signed message:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
  <soap:Header>
    <wsa:Action>
    </wsa:Action>
 
<wsa:MessageID>urn:uuid:508f1330-e778-4bd9-8182-df166ee8b909</wsa:MessageID>
    <wsa:ReplyTo>
 
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To>http://localhost:8080/Test/services/InsertRequest</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp
wsu:Id="Timestamp-3d29177e-e860-4c6d-b5f9-24019551ffe9">
        <wsu:Created>2005-12-21T15:33:44Z</wsu:Created>
        <wsu:Expires>2005-12-21T15:38:44Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-5ab4207d-903a-4086-8948-ff0b83e30e7f">MIIDNTCCAh0CBEM6
m9gwDQYJKoZIhvcNAQEEBQAwXzELMAkGA1UEBhMCYmUxDjAMBgNVBAgTBW5hbXVyMQ4wDAYDVQQH
EwVuYW11cjEQMA4GA1UEChMHc2llbWVuczEMMAoGA1UECxMDc2JzMRAwDgYDVQQDEwdyb3NldHRh
MB4XDTA1MDkyODEzMzQxNloXDTE5MDYwNzEzMzQxNlowXzELMAkGA1UEBhMCYmUxDjAMBgNVBAgT
BW5hbXVyMQ4wDAYDVQQHEwVuYW11cjEQMA4GA1UEChMHc2llbWVuczEMMAoGA1UECxMDc2JzMRAw
DgYDVQQDEwdyb3NldHRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrpj10Go1A35
qb2+UZtnyA3KPw1eUXLPRb8Tma+ndhpaKKB41wU5raZLqWnprZbqExdAg30guLwh/wb7BnYcWG34
FKAA2R0FiTsPJnUpojetKJsV4srIcKUoUrPiOLXnw9fVZc/giAGS6e56mdQh8rJAdr8HdofE/bC8
b2b/lruYKWBFxKkv+H/rYncwOkL7s41/FK/p/EcdrqMcRkVqADD1UWFLeAV1drzpAIwIIb2+hZjp
o4eYdXl64RvagH6Pwt/rUoi88G+MkCtStfZRCbFem+NE4EFjs3nBivrehXzffxtp8zY0cvvknU9S
ztcI0ACAsmStQZ7Ou2c+45QMowIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQBwuAXOyU6X4yhBeHcf
R+BLCsb7zYMstX6LLK9yhSf0gc71UAkhBu2PKrSWDiMSk4GfpD7YjVkSS//uB2EW8XHunVz3U0Zw
C/vBArjzW18VYRjAcktajWtn3HJtvdKD/iXBmqAVnmEf3CEpOg7YlLzWqSuvb9mS7g3P80cqR8n6
6Ru71GFT78HLQIVCdThaw4qHt6dtM4z94TinrpBqY+L9t90q9A1heuG4nylyqLBjYvi626WbeLjj
0+eDx/TI4oEiRQxI7S086wUYl+ha+ONxjiHwFDW2HPcfDqEfHBfdL7hfM57k7p6oYvvXt0CKNO4N
JtHuBPxxs2gEIvL5V9Tp</wsse:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
          <Reference URI="#Id-460d209f-f5e7-482e-b52a-13544ff79eb6">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
            <DigestValue>qCpuWbphmN2i4k34TLdJfuCQ+aA=</DigestValue>
          </Reference>
        </SignedInfo>
 
<SignatureValue>n2/WDZzR54Hd6leW4V5q7kjNtb37qJtq/9HNQd0ROExjQEg837Gx+fpLwGMn
un9qkBQyGUwDRnxxv4GzKh4uiQuin+bTXToPbhUjB8L9VUi09lmtDRMLl1m/kQmIR9aK1bx24ego
2xGjXgIYGOa+SnjfhmcukmXAxnByB0f6b37+OcmMCIRaf8Fa4zDPCC6kMaFEVp5tfFo9HkfxNQ7D
J4kB4MCwQcJ95wYSnOF0n2UizI1vJK6+P+Gs1aC3QML63GTGeAPASDNyVtPN7ldTS5mEpeJndf9O
JYQXzMURLOYtAuyWnx/kqKBQqCWD+qKtjAlEhoR+cscXV0pWAS6jFQ==</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference
URI="#SecurityToken-5ab4207d-903a-4086-8948-ff0b83e30e7f"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-460d209f-f5e7-482e-b52a-13544ff79eb6">
    <InsertProduct xmlns="http://myServices.test.be">
      <product>31</product>
      <quantity>10</quantity>
      <value>100</value>
     </InsertProduct>
  </soap:Body>
</soap:Envelope>

It seems that the digest comparison fails on the server. I don't know if the
server compute correctly the digest (on the same message part as the
client). That is why I would like to know exactly what part of the message
the code of wssecurity.java and tsik signs. The error could be that the
client sign something and the server try to check the signature against a
wrong message part. Do you have any idea.

Thank in advance for any help.

Henri

-----Original Message-----
From: Hans Granqvist [mailto:hgranqvist@verisign.com] 
Sent: mercredi 21 décembre 2005 2:36
To: Henri Delbrouck
Cc: tsik-dev@ws.apache.org
Subject: Re: java and .net interoperability

Henri Delbrouck wrote:
> Hello, I use tsik to build digital signature and sign SOAP message. I 
> have written a small java client which send signed messages to java web 
> services (using Axis 1.2 engine) which verify correctly the signed
messages.

Sounds good!

> 
> I try the same thing with a .net 2005 client but it fails. By examining 
> the xml generated by .net, it seems that the xml structure is well 
> formed. By doing some trace, It seems that the keyinfo et

Who generates the signature that fails? Can you post it here?

> 
> Signature are correctly retrieved from the signed message but 
> verification always fails.
> 
> Could anybody help me to know if there are some known issue with visual 
> studio .net 2005 ?

Sorry -- don't know VS 2005. Is it even out? ;)

> I would also like to know what is exactly signed in the message if I 
> only sign the body ? Is the element <soapenv:Enveloppe… and element 
> <?xml version=”1.0” encoding=”UTF-8”?> also part of the signed info or 
> only the part <Body> </Body>.

The preamble (the <?xml ... part) is normally never signed, but it's 
hard to know what else is signed -- can you send the code snippet doing
the signing?

Hans

---------------------------------------------------------------------
To unsubscribe, e-mail: tsik-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tsik-dev-help@ws.apache.org


-- 
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 2/12/2005
 

-- 
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 2/12/2005
 


---------------------------------------------------------------------
To unsubscribe, e-mail: tsik-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tsik-dev-help@ws.apache.org


Mime
View raw message