EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML Signing

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#2489
Posted: 03/13/2007 09:23:15
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

I have to sign a SOAP message.

The following algoritms/encoding standards have to be used.

• CanonicalizationMethod Algorithm has to be: exc-c14n (http://www.w3.org/TR/xml-exc-c14n/ )
• Encoding has to be: Base64Binary
• Signing algoritm has to be: RSA-SHA1
• Digest algoritm has to be: SHA1
• Timestamps must be used.

Is this possible with your XML signing component?
#2491
Posted: 03/13/2007 10:01:31
by Eugene Mayevski (EldoS Corp.)

What kind of timestamps do you/they need? XMLDSig doesn't have timestamping mechanisms. XADdES-T does have them. We've implemented XADdES-T high-level support for SBB 5.1 whose beta is to be released this week.


Sincerely yours
Eugene Mayevski
#2517
Posted: 03/15/2007 02:03:03
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

This is an example of the signed SOAP message we need. Can this be generated by your component?

<?xml version="1.0" encoding="UTF-8" ?>

<soapenv:Header xsk:schemaLocation="<>" xmlns:xsk="http://www.w3.org/2001/XMLSchema-instance" xmlns="<>">
<headerGegevens>
<wsse:Security soapenv:mustUnderstand="1" xmlns="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-550a73b2-8857-4e5d-abf8-59273e398ee3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2007-02-26T09:52:29Z</wsu:Created>
<wsu:Expires>2007-02-26T09:57:29Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken wsu:Id="SecurityToken-0d662848-0a8f-4699-8a57-d442cd33cb94" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDbjCCAtegAwIBAgIQDptgGzBuc79uwlV1A7sxVzANBgkqhkiG9w0BAQQFADBB MRQwEgYDVQQKEwtQaW5rUm9jY2FkZTEpMCcGA1UEAxMgUGlua1JvY2NhZGUgTVBL SSBTdWJzY3JpYmVyIERlbW8wHhcNMDcwMjIzMDAwMDAwWhcNMDcwNDI0MjM1OTU5 WjCB7TELMAkGA1UEBhMCTkwxEDAOBgNVBAcUB1p1dHBoZW4xETAPBgNVBAoUCElC LUdyb2VwMRQwEgYDVQQLFAtCZXZlaWxpZ2luZzFGMEQGA1UECxM9d3d3LnZlcmlz aWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQo Yyk5NjEjMCEGA1UECxQaQlJJTi1hYW5sZXZlcnB1bnQgLSAxMUFBMDAxJDAiBgNV BAsUG1NjaG9vbCAtIExlYSBEYXNiZXJnIFNjaG9vbDEQMA4GA1UEAxMHMTFBQSAw MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzG3Qld0eugfYBrwQdh9fIItP 4RX65b2A2tCU7RHlNqJF4Kg+izZ0D3KWLMei7lAU8QLQAt1QP4ziWt8cfQBaqhfJ eZwLDJ9Sp6X6IQKlCAtQdTvc960CoO42Leqk9s1Fxgkb645rJ2HTnGxA51b4XxHJ mgsCnyufGXhLRWGO3c8CAwEAAaOBuTCBtjAJBgNVHRMEAjAAME0GA1UdHwRGMEQw QqBAoD6GPGh0dHA6Ly9wa2kucGlua3JvY2NhZGUuY29tL2NybC9PblNpdGVUZXN0 RHJpdmUvTGF0ZXN0Q1JMLmNybDBHBgNVHSAEQDA+MDwGC2CGSAGG+EUBBxcDMC0w KwYIKwYBBQUHAgEWH2h0dHBzOi8vcGtpLnBpbmtyb2NjYWRlLmNvbS9SUEEwEQYJ YIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBAUAA4GBAB+fBFy49bbadn/t/oDh +gZiIbDQ8cCQimkpaXRRbyJZ0Y8V83CYHILrCz2CDFxaMahYRMfrtuD5jLqAQz+b p3bFBE5B58pYxdPAuGbX3FRPGzatOUEIuHshkKfT01L/jJRQ5m6AINqQ9BOJZ+s9 R8FlSQ1RCO4JQwSGmAm8vzPS</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body-09007bdb-1b81-4ce9-8234-fc685fdae472">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>RFHEvtEw8Yp++M/bFSBCP6BMYhg=</DigestValue>
</Reference>
<Reference URI="#Timestamp-550a73b2-8857-4e5d-abf8-59273e398ee3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>906QFjKKElYCyY75xrb+BjTKg0o=</DigestValue
</Reference>
l+T/mtGNaz92oUGcugMnc4cxPoRM/rPxBWlmfF4pnYCDsDUA5zROjraA5dtiWxx0g0ElIfhknFNLtBe+NKqLZKGvP6UiBW1F3urPo2g3Yym7vmQH6PCkmOzi7n6EMB0B8fpkm6gsbRD0YsQb/EW6R1IZsBXHhi8r6fHzaEItfD0=
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-0d662848-0a8f-4699-8a57-d442cd33cb94" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>

THE XML OF THE SOAP BODY

</soapenv:Envelope>
#2522
Posted: 03/15/2007 05:08:25
by Eugene Mayevski (EldoS Corp.)

What you need is WS Security. We didn't implement one (yet?). I've added an item to ToDo list, but I can't estimate when the version is available.


Sincerely yours
Eugene Mayevski
#2523
Posted: 03/15/2007 05:30:26
by Dmytro Bogatskyy (EldoS Corp.)

In general, the Signature element as above could be generated using existent TElXMLSigner class, but Timestamp and BinarySecurityToken elements you will need to create by yourself.
#2524
Posted: 03/15/2007 06:16:27
by E V (Basic support level)
Joined: 02/10/2007
Posts: 12

Is this hard to do? in other words do you have an example for it?
#2525
Posted: 03/15/2007 06:27:21
by Eugene Mayevski (EldoS Corp.)

Do what? Create a timestamp? There are no samples and we won't create one as we better spend this time working on WS Security in whole rather than a partial sample.


Sincerely yours
Eugene Mayevski
#15384
Posted: 12/28/2010 05:14:31
by Pedro Salgado (Standard support level)
Joined: 10/18/2010
Posts: 9

Dear Sirs:

Did you do anything about "WS Security"(wsse) ?

I have to add in SOAP message :

<wsse:BinarySecurityToken wsu:Id="SecurityToken-9f52cb..........
...........
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-9f52cb.............


Best regards.
#15385
Posted: 12/28/2010 05:22:59
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Unfortunately, no, sorry. As Dmytro Bogatski answered above, you can create a signature with TElXMLSigner class, but WSSE-specific elements should be added manually.
#15387
Posted: 12/28/2010 06:08:37
by Pedro Salgado (Standard support level)
Joined: 10/18/2010
Posts: 9

Is there anyway to get the certx509v3 in Base64Binary format encoding ?

I have to add of this way
Quote

<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-9f52cb84-5b89-4c42-9226-2f083256a319">MIIGAzCCBOu.................
</wsse:BinarySecurityToken>

Best regards.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 5586 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!