EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ElXMLWSSSignatureHandler how to generate references Id with prefix

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#26519
Posted: 09/18/2013 17:04:40
by Rafal Kuc (Standard support level)
Joined: 09/18/2013
Posts: 3

Hello

I need to generate Id for the reference with prefix for example wsu: but ElXMLWSSSignatureHandler generate only Id without prefix. I've got Id="id-2048825484" but I need something like this wsu:Id="id-2048825484"

Best regards
#26525
Posted: 09/19/2013 04:08:54
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Did you mean that you need wsu: prefix for Id attribute that generated for the referenced element with TElXMLWSSSignatureHandler.AddReference method?
Then, yes, it should be so for WSS signature. I think, your xml document doesn't explicitly define wsu namespace. I will fix this for the next build.
As a workaround, please add wsu namespace to the desired element prior signing, for example:
Code
SOAPMessage.Envelope.Body.XMLElement.SetAttributeNS('', 'xmlns:wsu', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
Handler.AddReference(SOAPMessage.Envelope.Body, true);
#26526
Posted: 09/19/2013 05:46:33
by Rafal Kuc (Standard support level)
Joined: 09/18/2013
Posts: 3

Yes, it works fine

Thank You very much
#26893
Posted: 10/18/2013 06:41:36
by Rafal Kuc (Standard support level)
Joined: 09/18/2013
Posts: 3

Hello

In SOAP message I need transfer object "wiadomosc" whose type is base64Binary. In this object I put any text. If text is very short everything is fine, but if text is a little longer then server returns error signature error: not specified/sha1, invalid data: data and digest do not match". I generated WSS signature using TElXMLWSSSignatureHandler and can not find no solution why longer text causes error.

Sample message witch causes error :
Code
<?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1"><wsu:Timestamp wsu:Id="id-839934696"><wsu:Created>2013-10-18T08:18:49Z</wsu:Created><wsu:Expires>2013-10-19T13:06:49Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="id-1739352485">MIID...E98g/8jDIUYtseM2KvP7GYOAdmwKgDGu+1xykARn0n/M+GHD4...GPQF+UClj/SiUP...DpRp+IppKRpmf1rdcEnZXbK8ao+uRFj...yHEz/ETA7EuCxp+GjsE1ZV+Nl60ei5vWcGdc/AgMBAAGjEjAQMA4GA1UdDwEB/wQEA...lKd5+v2ZXOjEvJ+lppxo1Ss8tLeuy9IoB+zAa23YpxAvHcmP6UVY/dMcM/LfhcY2K+kFiykBWawipmNhs/p85M6BtaChZJSismpt07y2H+RtF8kwrzZYbOONp2gmXK9/IImnwAQ/hOZ1QV76SHyRR7GrKXrci7xKH5ZcLLsSgU6oetOPBEQ==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-2028555314"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>CUPD39f5XwU9Wv3NofjqDuPZwhY=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-839934696"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8data12Jmc6wnXJfViIn61m5VfY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>yJOFe8OAAoAH/i2ym5JHhnJ9+PdWJ...1XeB/D7dL...ip8i/HMaHIJ0+ClVHHg/Cbrvu/aDvjxq6LZ0HLABLk6LzbqLFFHkLjHcP0eqIIY+xG/22ieiJY7HYxpN6haw9xuWUWjA7P6SigA6qOoTDVw4gONC2eorPEe3P2Ysu/+AAbGRvbJlC6pIw==</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference wsu:Id="" TokenType="" Usage=""><wsse:Reference URI="#id-1739352485" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2028555314"><KzadWyslijWiadomosc xmlns="http://mpips.gov.pl/xsd/csizs/pi/mkm/pub/v2"><wiadomosc xmlns=""><nadawca>302403103000_KS_02</nadawca><odbiorca>302403042000_KS_01</odbiorca><nrDokumentu>badone</nrDokumentu><idKorelacji>badone</idKorelacji><rodzajDok>1</rodzajDok><obszarZSkod>1</obszarZSkod><wiadomosc>YmFk...ZSBi
YWRvbmU=</wiadomosc><doreczenieOdp>1</doreczenieOdp><wymagaUrzPotw>false</wymagaUrzPotw></wiadomosc></KzadWyslijWiadomosc></SOAP-ENV:Body></SOAP-ENV:Envelope>
#26896
Posted: 10/18/2013 07:19:30
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Most likely this issue is caused by line feed characters in the Base64 data. Did the final output contains CR LF (0x0d 0x0a) newline characters?
Different implementation do canonicalize CR character in three different ways: ignore it (usually a web applications/services, in fact it is okay if an application expect/perform newline character normalization on the input), canonicalize it as entity reference (a correct way defined by standard, also SecureBlackbox do this, if a document loaded with disabled normalization option) and canonicalize it as is (some buggy application). In each case you will get a different digest value.
To solve this issue we recommend to normalize newline characters before loading and signing a document. (It is a third parameter in the TElXMLDOMDocument.LoadFromStream method). If you create text with a DOM methods, then it is better to remove CR character.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 1636 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!