EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML Signing

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#2489
Posted: 03/13/2007 09:23:15
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

I have to sign a SOAP message.

The following algoritms/encoding standards have to be used.

• CanonicalizationMethod Algorithm has to be: exc-c14n (http://www.w3.org/TR/xml-exc-c14n/ )
• Encoding has to be: Base64Binary
• Signing algoritm has to be: RSA-SHA1
• Digest algoritm has to be: SHA1
• Timestamps must be used.

Is this possible with your XML signing component?
#2491
Posted: 03/13/2007 10:01:31
by Eugene Mayevski (EldoS Corp.)

What kind of timestamps do you/they need? XMLDSig doesn't have timestamping mechanisms. XADdES-T does have them. We've implemented XADdES-T high-level support for SBB 5.1 whose beta is to be released this week.


Sincerely yours
Eugene Mayevski
#2517
Posted: 03/15/2007 02:03:03
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

This is an example of the signed SOAP message we need. Can this be generated by your component?

<?xml version="1.0" encoding="UTF-8" ?>

<soapenv:Header xsk:schemaLocation="<>" xmlns:xsk="http://www.w3.org/2001/XMLSchema-instance" xmlns="<>">
<headerGegevens>
<wsse:Security soapenv:mustUnderstand="1" xmlns="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-550a73b2-8857-4e5d-abf8-59273e398ee3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2007-02-26T09:52:29Z</wsu:Created>
<wsu:Expires>2007-02-26T09:57:29Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken wsu:Id="SecurityToken-0d662848-0a8f-4699-8a57-d442cd33cb94" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDbjCCAtegAwIBAgIQDptgGzBuc79uwlV1A7sxVzANBgkqhkiG9w0BAQQFADBB MRQwEgYDVQQKEwtQaW5rUm9jY2FkZTEpMCcGA1UEAxMgUGlua1JvY2NhZGUgTVBL SSBTdWJzY3JpYmVyIERlbW8wHhcNMDcwMjIzMDAwMDAwWhcNMDcwNDI0MjM1OTU5 WjCB7TELMAkGA1UEBhMCTkwxEDAOBgNVBAcUB1p1dHBoZW4xETAPBgNVBAoUCElC LUdyb2VwMRQwEgYDVQQLFAtCZXZlaWxpZ2luZzFGMEQGA1UECxM9d3d3LnZlcmlz aWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQo Yyk5NjEjMCEGA1UECxQaQlJJTi1hYW5sZXZlcnB1bnQgLSAxMUFBMDAxJDAiBgNV BAsUG1NjaG9vbCAtIExlYSBEYXNiZXJnIFNjaG9vbDEQMA4GA1UEAxMHMTFBQSAw MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzG3Qld0eugfYBrwQdh9fIItP 4RX65b2A2tCU7RHlNqJF4Kg+izZ0D3KWLMei7lAU8QLQAt1QP4ziWt8cfQBaqhfJ eZwLDJ9Sp6X6IQKlCAtQdTvc960CoO42Leqk9s1Fxgkb645rJ2HTnGxA51b4XxHJ mgsCnyufGXhLRWGO3c8CAwEAAaOBuTCBtjAJBgNVHRMEAjAAME0GA1UdHwRGMEQw QqBAoD6GPGh0dHA6Ly9wa2kucGlua3JvY2NhZGUuY29tL2NybC9PblNpdGVUZXN0 RHJpdmUvTGF0ZXN0Q1JMLmNybDBHBgNVHSAEQDA+MDwGC2CGSAGG+EUBBxcDMC0w KwYIKwYBBQUHAgEWH2h0dHBzOi8vcGtpLnBpbmtyb2NjYWRlLmNvbS9SUEEwEQYJ YIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBAUAA4GBAB+fBFy49bbadn/t/oDh +gZiIbDQ8cCQimkpaXRRbyJZ0Y8V83CYHILrCz2CDFxaMahYRMfrtuD5jLqAQz+b p3bFBE5B58pYxdPAuGbX3FRPGzatOUEIuHshkKfT01L/jJRQ5m6AINqQ9BOJZ+s9 R8FlSQ1RCO4JQwSGmAm8vzPS</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body-09007bdb-1b81-4ce9-8234-fc685fdae472">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>RFHEvtEw8Yp++M/bFSBCP6BMYhg=</DigestValue>
</Reference>
<Reference URI="#Timestamp-550a73b2-8857-4e5d-abf8-59273e398ee3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>906QFjKKElYCyY75xrb+BjTKg0o=</DigestValue
</Reference>
l+T/mtGNaz92oUGcugMnc4cxPoRM/rPxBWlmfF4pnYCDsDUA5zROjraA5dtiWxx0g0ElIfhknFNLtBe+NKqLZKGvP6UiBW1F3urPo2g3Yym7vmQH6PCkmOzi7n6EMB0B8fpkm6gsbRD0YsQb/EW6R1IZsBXHhi8r6fHzaEItfD0=
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-0d662848-0a8f-4699-8a57-d442cd33cb94" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>

THE XML OF THE SOAP BODY

</soapenv:Envelope>
#2522
Posted: 03/15/2007 05:08:25
by Eugene Mayevski (EldoS Corp.)

What you need is WS Security. We didn't implement one (yet?). I've added an item to ToDo list, but I can't estimate when the version is available.


Sincerely yours
Eugene Mayevski
#2523
Posted: 03/15/2007 05:30:26
by Dmytro Bogatskyy (EldoS Corp.)

In general, the Signature element as above could be generated using existent TElXMLSigner class, but Timestamp and BinarySecurityToken elements you will need to create by yourself.
#2524
Posted: 03/15/2007 06:16:27
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

Is this hard to do? in other words do you have an example for it?
#2525
Posted: 03/15/2007 06:27:21
by Eugene Mayevski (EldoS Corp.)

Do what? Create a timestamp? There are no samples and we won't create one as we better spend this time working on WS Security in whole rather than a partial sample.


Sincerely yours
Eugene Mayevski
#15384
Posted: 12/28/2010 05:14:31
by Pedro Salgado (Standard support level)
Joined: 10/18/2010
Posts: 9

Dear Sirs:

Did you do anything about "WS Security"(wsse) ?

I have to add in SOAP message :

<wsse:BinarySecurityToken wsu:Id="SecurityToken-9f52cb..........
...........
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-9f52cb.............


Best regards.
#15385
Posted: 12/28/2010 05:22:59
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Unfortunately, no, sorry. As Dmytro Bogatski answered above, you can create a signature with TElXMLSigner class, but WSSE-specific elements should be added manually.
#15387
Posted: 12/28/2010 06:08:37
by Pedro Salgado (Standard support level)
Joined: 10/18/2010
Posts: 9

Is there anyway to get the certx509v3 in Base64Binary format encoding ?

I have to add of this way
Quote

<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-9f52cb84-5b89-4c42-9226-2f083256a319">MIIGAzCCBOu.................
</wsse:BinarySecurityToken>

Best regards.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 5588 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!