EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Soap signed request - required package

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#32689
Posted: 03/21/2015 11:38:40
by Eduardo Hernandez (Basic support level)
Joined: 03/21/2015
Posts: 5

Hi, I want to know if for making a signed xml soap document, the only required package is XMLBlackbox, or I need an additional package.
From something like this:

Code
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.presenta.pdv/" xmlns:v1="http://www.personal.com.ar/PDV/Recarga/v1.0">
   <soapenv:Header/>
   <soapenv:Body><ws:recargar>
         <ws:recargarInput>
            <v1:idMayorista>102</v1:idMayorista>
            <v1:idSubred>2</v1:idSubred>
            <v1:idPdvTp>2</v1:idPdvTp>
            <v1:idPdvMay>2</v1:idPdvMay>
            <v1:tidPdv>778</v1:tidPdv>
            <v1:tipoTerminal>POSNET</v1:tipoTerminal>
            <v1:codTerminal>Term_00000000000</v1:codTerminal>
            <v1:tipoProducto>RECARGA</v1:tipoProducto>
            <v1:nroLinea>1144114411</v1:nroLinea>
            <v1:fechaTransPdv>2015-03-20 11:59:00</v1:fechaTransPdv>
            <v1:montoTransaccion>50.00</v1:montoTransaccion>
            <v1:monedaTransaccion>032</v1:monedaTransaccion>
            <v1:saldo>2000.00</v1:saldo>
         </ws:recargarInput>
      </ws:recargar>
   </soapenv:Body>
</soapenv:Envelope>


I need to get something like this:
Code
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://www.personal.com.ar/PDV/Recarga/v1.0" xmlns:ws="http://ws.presenta.pdv/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-97D69A60B08BEDAED9142686366056315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="soapenv v1 ws" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-97D69A60B08BEDAED9142686366056214">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="v1 ws" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>JnjeLNcRVrBqvTAKQ2gKEJr1ar0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SmB5C267sshjD+p0S/wZBlETDuRiMOrBTEXARn3SWBGKyzDckg3wqFmTY12s3n9IzT7RTxkAqLuF
rMDHZI4B+9KQd9NRMF/eo6ow4noxvZgjBqLmsYjVziCLnv8RxAjnVAi+gDwFdHMcXzQXXaCAOezL
ainGQL6ZVjt/TnLjrq24yD1nvaKOeSlfWaLsPYWK6RiZg8sI4FQa4WWIbNOkq5NqQUFAXWKlkK80
Of1K...GA8r
s0KgJZha7sT1Ot7NppNf1VZsk7jLC33phGrHZg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-97D69A60B08BEDAED9142686366056112">
<wsse:SecurityTokenReference wsu:Id="STR-97D69A60B08BEDAED9142686366056213">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIF...AH7w/IFw73CyFsNpLYqJq+fPJ4BDpnZ5Obz6Y051guhhrq/NjUowxDg1SQzACyfqzFFFNkN+YsrzlbNdpWxwtXqsO3ZHAk3+/IRtSUFU2p0pTGI8V5tBa7Iw8rKevHcfUF4u+KKh9ohZ0x6iqyCG3WjwQBXyakm3nT/cbGmFWl8Xnreltpx2R8NsCKWtLYMqkBlIH2/v4gc10f5ef42MgXak3/brHt3zB3eqIo+/Y8om...QU6T+vUqP1By4XJzCYR6CAncIb0NswHwYDVR0jBBgwFoAUWxQGnpaCD/L1Kh...yaGy/9GAg...AkOv/B+0ft9Gmd88ch1OULqAC3yQm3gZGKNedxeVeXeW9HrAMVGPswHrFwNSJ9+pMWzhGBzHKqaKH064y3gwqZKf3Xg+s2sF1BBDbMyR1wpuMrcP/yDhd...5RTI/H4WqccU7rQyBjrFJt125WaHcF7atF0cD8a3XqjS8f</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
   <soapenv:Body wsu:Id="id-97D69A60B08BEDAED9142686366056214" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ws:recargar>
         <ws:recargarInput>
            <v1:idMayorista>102</v1:idMayorista>
            <v1:idSubred>2</v1:idSubred>
            <v1:idPdvTp>2</v1:idPdvTp>
            <v1:idPdvMay>2</v1:idPdvMay>
            <v1:tidPdv>778</v1:tidPdv>
            <v1:tipoTerminal>POSNET</v1:tipoTerminal>
            <v1:codTerminal>Term_00000000000</v1:codTerminal>
            <v1:tipoProducto>RECARGA</v1:tipoProducto>
            <v1:nroLinea>1144114411</v1:nroLinea>
            <v1:fechaTransPdv>2015-03-20 11:59:00</v1:fechaTransPdv>
            <v1:montoTransaccion>50.00</v1:montoTransaccion>
            <v1:monedaTransaccion>032</v1:monedaTransaccion>
            <v1:saldo>2000.00</v1:saldo>
         </ws:recargarInput>
      </ws:recargar>
   </soapenv:Body>
</soapenv:Envelope>


I have a keyfile generated by me, and a signed cert file provided by owner of WS (generated from a csr maked by me based on keyfile)
#32690
Posted: 03/21/2015 13:54:17
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

For this particular kind of operation it's enough to have a license for XMLBlackbox.

Should you decide to use TElSOAPClient component, though, an additional license for HTTPBlackbox client will be needed.


Sincerely yours
Eugene Mayevski
#32779
Posted: 03/26/2015 07:40:13
by Eduardo Hernandez (Basic support level)
Joined: 03/21/2015
Posts: 5

Thanks for answering, I've trying to sign a xml using XMLBlackbox\Signer but when I select the .cert file and hit ok, it says "The selected file doesn't contain a private key.". Can you provide me with a sample code that shows how to use key and certificate in separate files.
Thanks
#32780
Posted: 03/26/2015 07:45:51
by Vsevolod Ievgiienko (EldoS Corp.)

The sample accepts certificate formats that contain both certificate body and private key in a single file: PFX, PEM etc. You can try to use sample PFX files from SBB distributive. They can be found in \EldoS\SecureBlackbox.NET\Extra\Certificates folder.

If you need separate files, them you should load a certificate using TElX509Certificate.LoadFrom* method and then load a key using TElX509Certificate.LoadKeyFrom* method.
#32781
Posted: 03/26/2015 08:08:18
by Eugene Mayevski (EldoS Corp.)

Regarding the sample (XMLBlackbox\Signer) -- please search for "LoadFromStreamAuto" method call. It loads the certificate from the chosen file. For test purposes you can replace this call with two calls - LoadFromStream + LoadKeyFromStream for loading the certificate and a private key from .cer and .key file respectively. You can hard-code the path to those files for testing.


Sincerely yours
Eugene Mayevski
#32855
Posted: 03/30/2015 12:03:22
by Eduardo Hernandez (Basic support level)
Joined: 03/21/2015
Posts: 5

Thanks again for your reply, I've switched to SecureSoap sample because it fits exactly my needs. Now I've a different problem, I've made a reduced version of the sample code:

Code
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Memo1: TMemo;
    Memo2: TMemo;
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

uses
  SBX509, SBXMLCore, SBXMLSOAP, SBXMLSOAPSecurity, SBXMLDefs, SBUtils;

const
  iso8589='iso-8859-1';

procedure TForm1.Button1Click(Sender: TObject);
var
  F: TStringStream;
  Loaded : Boolean;
  FXMLDocument: TElXMLDOMDocument;
  FSOAPMessage : TElXMLSOAPMessage;
  Cert : TElX509Certificate;
  Handler : TElXMLSOAPBaseSignatureHandler;
  k: Integer;
begin
  FXMLDocument := TElXMLDOMDocument.Create;
  FSOAPMessage := TElXMLSOAPMessage.Create(nil);
  try
    F := TStringStream.Create(memo1.Lines.Text);
    try
      FXMLDocument.LoadFromStream(F, iso8589, false);
      Loaded := True;
    except
      on E : Exception do
      begin
        MessageDlg('Failed to load XML document: ' + E.Message, mtError, [mbOk], 0);
        Loaded := False;
      end;
    end;

    FreeAndNil(F);

    if Loaded then
    begin
      try
        FSOAPMessage.LoadFromXML(FXMLDocument);
      except
        on E : Exception do
          MessageDlg('Failed to load SOAP message: ' + E.Message, mtError, [mbOk], 0);
      end;

      try
        Handler := TElXMLWSSSignatureHandler.Create(nil);
        FSOAPMessage.AddSignature(Handler, true);
        //TElXMLWSSSignatureHandler(Handler).SecurityHeader := FSOAPMessage.SecurityHeaders[0];

        Handler.AddReference(FSOAPMessage.Envelope.Body, '1234');

        Handler.KeyName := '';

        Cert := TElX509Certificate.Create(nil);
        k := cert.LoadFromFileAuto('d:\desarrollo.cert.pem', '');
        if k <> 0 then
        begin
          if k <> SB_X509_ERROR_UNRECOGNIZED_FORMAT then
            MessageDlg('Failed to load certificate. Error code: ' + IntToStr(k), mtError, [mbOk], 0);
          FreeAndNil(Cert);
        end;

        if Assigned(Cert) then
        begin
          TElXMLWSSSignatureHandler(handler).Sign(Cert, wecInBinarySecurityToken);
          FreeAndNil(Cert);
        end;
      finally
        F := TStringStream.Create('');
        try
          FXMLDocument.SaveToStream(F, xcmNone, iso8589);
          memo2.Lines.Text := F.DataString;
        finally
          FreeAndNil(F);
        end;
      end;
    end;
  finally
    FreeAndNil(FXMLDocument);
    FreeAndNil(FSOAPMessage);
  end;
end;

begin

SetLicenseKey('565A787275C2E8DBA3A3117AD80849411E15D404FFF22B20278D9279BE591ADF' +
  '34359CAF3E54244E866B8F5C7D99CB270A4B094700777955985D97374C00FD4E' +
  '6CEB84E53735B917260F6A386F82631453025CBC6B3BB10DF9ACEDFE8F10360D' +
  '97BE8056FD886081FF9E030D198F2276F7B9FF7C27C035DD5FC0EB51E5BB0276' +
  '9F0610CDD1F51562EC5AE3F83E1268E1DBA9AE6B6F75A91505743007472B2475' +
  '0F1F009AFB1092F02FE7A2F5D2733AE052B02041CEF2A55E78765E6C56B7E6B7' +
  'BA799BFA93771771F81365C235CE1A36757F62954D6B74FE78F826AB0B89ADD7' +
  '81DB6BF41708BAEF3F76F55787D179605595652990D88A24E402E4B946E6A46E');
end.


The settings used on SecureSoap sample are:
Signature Handler Options:
Signature handler: Wss signature handler
Security header: Create new security header
Sign body: checked

Signature handler Options
Embed Certificate Option: In Binary Security Token
Use Key/Certificate from file: D:\desarrollo.cert.pem

No other setting was changed.



The result from SecureSoap is accepted by server as good signed, my the result of my code is rejected as bad signed.
What setting could I be missing?
#32860
Posted: 03/30/2015 15:01:25
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote
What setting could I be missing?

Your code looks ok.
Did you compare the generated xml files? Does the structure of those xml match?

Quote
Handler.AddReference(FSOAPMessage.Envelope.Body, '1234');

The ID value should start with a letter. Please try to change it.

P.S. Please don't post license keys and license tickets to the forum.
#32864
Posted: 03/31/2015 09:00:53
by Eduardo Hernandez (Basic support level)
Joined: 03/21/2015
Posts: 5

The problem was the newline normalization:

FXMLDocument.LoadFromStream(F, iso8589, false);

Changed to true and the signatures become valid.
#32865
Posted: 03/31/2015 09:07:55
by Eduardo Hernandez (Basic support level)
Joined: 03/21/2015
Posts: 5

I've using trial version, I need to purchase a package, recalling my initial question does XMLBlackbox package support SOAP signing function that I do use in my code?
#32872
Posted: 03/31/2015 16:08:49
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote
I've using trial version, I need to purchase a package, recalling my initial question does XMLBlackbox package support SOAP signing function that I do use in my code?

Yes, for your code above it would be enough to have a license for XMLBlackbox.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1362 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!