EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How send signed soap message?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#34385
Posted: 09/07/2015 09:34:36
by Bahattin Yaman (Standard support level)
Joined: 09/07/2015
Posts: 8

Hello,

We signed xml document using Usb token with TElXMLSOAPMessage.
I checked SOAPClient samples but I cant understand.

How can I send signed soap message string?
Is there any sample for this?
#34386
Posted: 09/07/2015 10:21:45
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Quote
We signed xml document using Usb token with TElXMLSOAPMessage.
I checked SOAPClient samples but I cant understand.

The TElXMLSOAPClient usually used to create the SOAP message from scratch and send it to the SOAP service. After the SOAP message is generated you can sign it (using TElXMLSOAPMessage properties) and send it. If you already have signed message then you can override/load message into TElXMLSOAPClient. Please refer to this post for the sample code:
https://www.eldos.com/forum/read.php?F...ssage31878
#34392
Posted: 09/08/2015 05:08:09
by Bahattin Yaman (Standard support level)
Joined: 09/07/2015
Posts: 8

I loaded signed xml. I get error when call SendMessage method.
Error message : Connection lost (error code is 10058)

What can I do?



My Code :
Code
        private void SendMessage(string signedXmlStr)
        {
            TElXMLSOAPClient _SOAPClient = new TElXMLSOAPClient();
            TElHTTPSClient _HTTPClient = new TElHTTPSClient();
            try
            {
                _SOAPClient.SOAPPrefix = "soap";
                _SOAPClient.SOAPVersion = SBXMLSOAPCore.Unit.SOAP_v1_1;
                _SOAPClient.OperationName = "getBatchStatus";
                _SOAPClient.OperationNamespaceURI = "http://webservice.edefter.gib.gov.tr/";// tbOperationNamespaceURI.Text;
                _SOAPClient.MessageNamespaces.Clear();
                _SOAPClient.HTTPClient = _HTTPClient;
                _SOAPClient.GenerateMessage();

                using (Stream xmlstream = new MemoryStream(UTF8Encoding.UTF8.GetBytes(signedXmlStr)))
                {
                    xmlstream.Seek(0, SeekOrigin.Begin);
                    _SOAPClient.XMLDocument.LoadFromStream(xmlstream, "utf-8", true);
                }

                _SOAPClient.SOAPMessage.LoadFromXML(_SOAPClient.XMLDocument); // reload a SOAP message if needed
                _SOAPClient.URL = "https://uygtest.edefter.gov.tr/edefter/services/EDefterWSPort";// tbServiceURL.Text;
                _SOAPClient.SOAPAction = "getBatchStatus";// tbSOAPAction.Text;

                _HTTPClient.OnCertificateValidate += _HTTPClient_OnCertificateValidate;
                _HTTPClient.OnError += _HTTPClient_OnError;
                _SOAPClient.SendMessage();
            }
            catch (Exception ex)
            {
                MessageBox.Show("Failed to send SOAP message: " + ex.Message, "", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }



        void _HTTPClient_OnCertificateValidate(object Sender, TElX509Certificate X509Certificate, ref bool Validate)
        {
            Validate = true;
        }

        void _HTTPClient_OnError(object Sender, int ErrorCode, bool Fatal, bool Remote)
        {
            
        }


[ Download ]
#34393
Posted: 09/08/2015 06:33:29
by Dmytro Bogatskyy (EldoS Corp.)

Hi,

Quote
Error message : Connection lost (error code is 10058)

Error 10058 (WSAESHUTDOWN) is a Winsock error:
Quote
Cannot send after socket shutdown. A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call. By calling shutdown a partial close of a socket is requested, which is a signal that sending or receiving, or both have been discontinued.

Please try to turn off all the firewalls between the client and the server and check if it changes something.

P.S. I have tried your settings and SOAP message, and got the following results (I think, as expected):
Quote

Fault code: soap:Sender
Fault string:
The message has expired (WSSecurityEngine: Invalid timestamp The security semantics of the message have expired)


P.P.S. I have checked your signature in SOAP message and it contains an invalid reference (to the timestamp element). How did you add it? Please see this sample code: https://www.eldos.com/forum/read.php?F...ssage32048
#34396
Posted: 09/08/2015 07:35:24
by Eugene Mayevski (EldoS Corp.)

The connectivity problem can be caused by the firewall or it can be caused by the server not understanding something in the client's request on TLS level.

Please try to send any HTTP request using the HTTPGet sample, which you will find in {SecureBlackbox}\Samples\{language}\HTTPBlackbox directory on your disk. Please see whether the regular request is sent and how the server responds. If you see server's response, this means that the client has connected past TLS step and sent the request. In this case we can diagnoze the HTTP or SOAP problems.

If the server drops connection immediately, this means that the socket or TLS connection doesn't work. In this case you can read the article on https://www.eldos.com/security/articles/8091.php and try to setup the client component.

As connection worked fine for Dmytro as he reported above, I believe the issue is not in TLS .


Sincerely yours
Eugene Mayevski
#34397
Posted: 09/08/2015 08:08:56
by Bahattin Yaman (Standard support level)
Joined: 09/07/2015
Posts: 8

I disabled client antivirus and firewall. I can not have access server side.
Nothing changes. Same error.

I update expire time and reattached signedXmlStr file.

My Sign Code :
What is wrong for timestamp?
Code
        private string Sign(string xmlStr)
        {
            using (Stream xmlstream = new MemoryStream(UTF8Encoding.UTF8.GetBytes(xmlStr)))
            {
                xmlstream.Seek(0, SeekOrigin.Begin);
                _XMLDocument.LoadFromStream(xmlstream, "utf-8", true);
            }
            try
            {
                _SOAPMessage.LoadFromXML(_XMLDocument);
            }
            catch (Exception E)
            {
                MessageBox.Show("Failed to load SOAP message: " + E.Message, "", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            TElXMLSOAPBaseSignatureHandler handler = new TElXMLWSSSignatureHandler();
            handler.OnPrepareSignature += handler_OnPrepareSignature;
            int handlerIndex = _SOAPMessage.AddSignature(handler, true);
            int k = _SOAPMessage.AddSecurityHeader();
            ((TElXMLWSSSignatureHandler)handler).SecurityHeader = _SOAPMessage.get_SecurityHeaders(k);
            

            TElXMLWSUTimestamp Timestamp = new TElXMLWSUTimestamp();
            _SOAPMessage.get_SecurityHeaders(k).AddToken(Timestamp);
            Timestamp.CreatedUTC = DateTime.UtcNow;
            Timestamp.ExpiresUTC = DateTime.UtcNow.AddDays(5);
            Timestamp.ID = "TS-1";

            handler.AddReference(_SOAPMessage.Envelope.Body, true);
            handler.References.get_Reference(0).DigestMethod = SBXMLSec.Unit.xdmSHA256;
            TElXMLC14NTransform C14N_Body = handler.References.get_Reference(0).TransformChain.get_Transforms(0) as TElXMLC14NTransform;
            C14N_Body.InclusiveNamespacesPrefixList = "web";
            handler.AddReference(_SOAPMessage.Envelope.Header.get_Blocks(0), true);
            handler.References.get_Reference(1).ID = Timestamp.ID;
            handler.References.get_Reference(1).URI = "#" + Timestamp.ID;

            handler.References.get_Reference(1).DigestMethod = SBXMLSec.Unit.xdmSHA256;
            TElXMLC14NTransform C14N_Ts = handler.References.get_Reference(1).TransformChain.get_Transforms(0) as TElXMLC14NTransform;
            C14N_Ts.InclusiveNamespacesPrefixList = "wsse soap web";



            TElXAdESSigner XAdESSigner = new TElXAdESSigner();
            handler.XAdESProcessor = XAdESSigner;

            #region USB
            TElPKCS11CertStorage Storage = null;
            TElPKCS11SessionInfo Session;
            TElPKCS11SlotInfo SlotInfo;

            Storage = new TElPKCS11CertStorage();
            Storage.DLLName = Application.StartupPath + "\\akisp11.dll";
            try
            {
                Storage.Open();

                for (int i = 0; i < Storage.Module.SlotCount; i++)
                {
                    SlotInfo = Storage.Module.get_Slot(i);
                }


            }
            catch (Exception E)
            {
                Storage.Dispose();
                MessageBox.Show(E.Message);
                return;
            }

            bool readOnly = Storage.Module.get_Slot(0).ReadOnly;
            try
            {
                Session = Storage.OpenSession(0, readOnly);
            }
            catch (Exception ex)
            {
                if (!readOnly)
                    Session = Storage.OpenSession(0, true);
                else
                    throw ex;
            }
            try
            {
                Session.Login((int)SBPKCS11Base.Unit.utUser, "12345");
            }
            catch (Exception E)
            {
                Storage.CloseSession(0);
                Session = null;
                MessageBox.Show(E.Message);
            }
            TElX509Certificate SigningCertificate = null;
            for (int i = 0; i < Storage.Count; i++)
            {
                TElX509Certificate Cert = Storage.get_Certificates(i);
                if (Cert.Extensions.KeyUsage.DigitalSignature)
                {
                    SigningCertificate = Cert;
                    break;
                }
            }
            #endregion

            XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2;
            XAdESSigner.PolicyId.SigPolicyId.IdentifierQualifier = SBXMLAdES.Unit.xqtNone;
            TElMemoryCertStorage CertStorage = new TElMemoryCertStorage();
            CertStorage.Add(SigningCertificate, false);
            XAdESSigner.SigningCertificates = CertStorage;
            XAdESSigner.SigningTime = DateTime.UtcNow;
            XAdESSigner.Generate(SBXMLAdES.Unit.XAdES_BES);
            XAdESSigner.QualifyingProperties.XAdESPrefix = "xades";
            ((TElXMLWSSSignatureHandler)handler).Sign(SigningCertificate, TSBXMLWSSEmbedCertificate.InBinarySecurityToken);
            using (MemoryStream ms = new MemoryStream())
            {
                _XMLDocument.SaveToStream(ms, SBXMLDefs.Unit.xcmNone, "utf-8");
                ms.Seek(0, SeekOrigin.Begin);
                string xml = UTF8Encoding.UTF8.GetString(ms.ToArray());
                return xml;
            }
        }

        void handler_OnPrepareSignature(object Sender, TElXMLSigner Signer)
        {
            Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
            for (int i = 0; i < Signer.References.Count; i++)
            {
                string aa = Signer.References[i].URI;
            }
        }


[ Download ]
#34398
Posted: 09/08/2015 08:18:15
by Eugene Mayevski (EldoS Corp.)

Let's solve one problem at a time. Did you check my previous message regarding the sample? Did you try the sample?


Sincerely yours
Eugene Mayevski
#34399
Posted: 09/08/2015 09:20:53
by Bahattin Yaman (Standard support level)
Joined: 09/07/2015
Posts: 8

Sorry I didnt see your post before answer.
Service Address :
https://uygtest.edefter.gov.tr/edefter/services/EDefterWSPort?wsdl

I try HTTPGet.

Quote


Protocol : https
Host : uygtest.edefter.gov.tr/edefter/services/EDefterWSPort
Port : 80

Result:

Sending headers:
GET /edefter/services/EDefterWSPort:80/getBatchStatus HTTP/1.1
Host: uygtest.edefter.gov.tr
User-Agent: SecureBlackbox
Accept-Encoding: gzip, deflate
Connection: Close


Received headers:
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Content-Language: tr
Content-Length: 47
Date: Tue, 08 Sep 2015 13:17:03 GMT
Server: -
Set-Cookie: NSC_uftu_fefgufsWJQ=ffffffffaf142d0445525d5f4f58455e445a4a4243ea;path=/;secure;httponly


-- Document started --
<html>No service was found.</html>
-- Document finished --

--------------------------------------------------
Protocol : https
Host : uygtest.edefter.gov.tr/edefter/services/EDefterWSPort
Port : 443

Result:

Sending headers:
GET /edefter/services/EDefterWSPort:443/getBatchStatus HTTP/1.1
Host: uygtest.edefter.gov.tr
User-Agent: SecureBlackbox
Accept-Encoding: gzip, deflate
Connection: Close


Received headers:
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Content-Language: tr
Content-Length: 47
Date: Tue, 08 Sep 2015 13:18:01 GMT
Server: -
Set-Cookie: NSC_uftu_fefgufsWJQ=ffffffffaf142d0445525d5f4f58455e445a4a4243ea;path=/;secure;httponly


-- Document started --
<html>No service was found.</html>
-- Document finished --

-------------------------------------------------------------------------

Protocol : http
Host : uygtest.edefter.gov.tr/edefter/services/EDefterWSPort
Port : 80

Result:

Sending headers:
GET /edefter/services/EDefterWSPort:80/getBatchStatus HTTP/1.1
Host: uygtest.edefter.gov.tr
User-Agent: SecureBlackbox
Accept-Encoding: gzip, deflate
Connection: Close

Exception happened during HTTP download: Connection lost (error code is 100353)

#34400
Posted: 09/08/2015 09:35:41
by Eugene Mayevski (EldoS Corp.)

Thank you for checking.

You are specifying the path where you should specify just the host name. The sample doesn't parse the path for you. This is why you get inadequate replies.

Still the test was successful - it has shown that the component can connect to the server correctly without connection being dropped. So the issue can be in your SOAP code.

If you get the connection error (Winsock error 10058) when the request is sent, please handle OnError event (your event handler is currently empty) and put some debug output (such as the messagebox) to it. The messageBox should show the values of ErrorCode, Fatal, Remote and remote parameters. It will be great if you could capture the values of those parameters and tell us. I hope that maybe there's an error reported before the socket is closed, and it will let us understand, what is wrong.


Sincerely yours
Eugene Mayevski
#34401
Posted: 09/08/2015 09:49:04
by Bahattin Yaman (Standard support level)
Joined: 09/07/2015
Posts: 8

I set breakpoint for on error event but never fired.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 6256 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!