You are viewing a plain text version of this content. The canonical link for it is here.
Posted to tsik-dev@ws.apache.org by Henri Delbrouck <he...@skynet.be> on 2005/12/20 21:20:30 UTC
java and .net interoperability
Hello, I use tsik to build digital signature and sign SOAP message. I have
written a small java client which send signed messages to java web services
(using Axis 1.2 engine) which verify correctly the signed messages.
I try the same thing with a .net 2005 client but it fails. By examining the
xml generated by .net, it seems that the xml structure is well formed. By
doing some trace, It seems that the keyinfo et
Signature are correctly retrieved from the signed message but verification
always fails.
Could anybody help me to know if there are some known issue with visual
studio .net 2005 ?
I would also like to know what is exactly signed in the message if I only
sign the body ? Is the element <soapenv:Enveloppe… and element <?xml
version=”1.0” encoding=”UTF-8”?> also part of the signed info or only the
part <Body> </Body>.
Thanks in advance for any help
Henri Delbrouck
--
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 2/12/2005
RE: java and .net interoperability
Posted by Henri Delbrouck <he...@skynet.be>.
Hans, thank you for your reply.
The java client I wrote uses similar functions as in wssecurity.java to sign
successfully the message. I only sign the body (no timestamp). Can you tell
me what part of the message is signed when we use wssecurity.jar.
I now use the new namespaces as defined in OASIS 1.0.
The .net client generates the following xml signed message:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
</wsa:Action>
<wsa:MessageID>urn:uuid:508f1330-e778-4bd9-8182-df166ee8b909</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://localhost:8080/Test/services/InsertRequest</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-3d29177e-e860-4c6d-b5f9-24019551ffe9">
<wsu:Created>2005-12-21T15:33:44Z</wsu:Created>
<wsu:Expires>2005-12-21T15:38:44Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-5ab4207d-903a-4086-8948-ff0b83e30e7f">MIIDNTCCAh0CBEM6
m9gwDQYJKoZIhvcNAQEEBQAwXzELMAkGA1UEBhMCYmUxDjAMBgNVBAgTBW5hbXVyMQ4wDAYDVQQH
EwVuYW11cjEQMA4GA1UEChMHc2llbWVuczEMMAoGA1UECxMDc2JzMRAwDgYDVQQDEwdyb3NldHRh
MB4XDTA1MDkyODEzMzQxNloXDTE5MDYwNzEzMzQxNlowXzELMAkGA1UEBhMCYmUxDjAMBgNVBAgT
BW5hbXVyMQ4wDAYDVQQHEwVuYW11cjEQMA4GA1UEChMHc2llbWVuczEMMAoGA1UECxMDc2JzMRAw
DgYDVQQDEwdyb3NldHRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrpj10Go1A35
qb2+UZtnyA3KPw1eUXLPRb8Tma+ndhpaKKB41wU5raZLqWnprZbqExdAg30guLwh/wb7BnYcWG34
FKAA2R0FiTsPJnUpojetKJsV4srIcKUoUrPiOLXnw9fVZc/giAGS6e56mdQh8rJAdr8HdofE/bC8
b2b/lruYKWBFxKkv+H/rYncwOkL7s41/FK/p/EcdrqMcRkVqADD1UWFLeAV1drzpAIwIIb2+hZjp
o4eYdXl64RvagH6Pwt/rUoi88G+MkCtStfZRCbFem+NE4EFjs3nBivrehXzffxtp8zY0cvvknU9S
ztcI0ACAsmStQZ7Ou2c+45QMowIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQBwuAXOyU6X4yhBeHcf
R+BLCsb7zYMstX6LLK9yhSf0gc71UAkhBu2PKrSWDiMSk4GfpD7YjVkSS//uB2EW8XHunVz3U0Zw
C/vBArjzW18VYRjAcktajWtn3HJtvdKD/iXBmqAVnmEf3CEpOg7YlLzWqSuvb9mS7g3P80cqR8n6
6Ru71GFT78HLQIVCdThaw4qHt6dtM4z94TinrpBqY+L9t90q9A1heuG4nylyqLBjYvi626WbeLjj
0+eDx/TI4oEiRQxI7S086wUYl+ha+ONxjiHwFDW2HPcfDqEfHBfdL7hfM57k7p6oYvvXt0CKNO4N
JtHuBPxxs2gEIvL5V9Tp</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-460d209f-f5e7-482e-b52a-13544ff79eb6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>qCpuWbphmN2i4k34TLdJfuCQ+aA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>n2/WDZzR54Hd6leW4V5q7kjNtb37qJtq/9HNQd0ROExjQEg837Gx+fpLwGMn
un9qkBQyGUwDRnxxv4GzKh4uiQuin+bTXToPbhUjB8L9VUi09lmtDRMLl1m/kQmIR9aK1bx24ego
2xGjXgIYGOa+SnjfhmcukmXAxnByB0f6b37+OcmMCIRaf8Fa4zDPCC6kMaFEVp5tfFo9HkfxNQ7D
J4kB4MCwQcJ95wYSnOF0n2UizI1vJK6+P+Gs1aC3QML63GTGeAPASDNyVtPN7ldTS5mEpeJndf9O
JYQXzMURLOYtAuyWnx/kqKBQqCWD+qKtjAlEhoR+cscXV0pWAS6jFQ==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-5ab4207d-903a-4086-8948-ff0b83e30e7f"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-460d209f-f5e7-482e-b52a-13544ff79eb6">
<InsertProduct xmlns="http://myServices.test.be">
<product>31</product>
<quantity>10</quantity>
<value>100</value>
</InsertProduct>
</soap:Body>
</soap:Envelope>
It seems that the digest comparison fails on the server. I don't know if the
server compute correctly the digest (on the same message part as the
client). That is why I would like to know exactly what part of the message
the code of wssecurity.java and tsik signs. The error could be that the
client sign something and the server try to check the signature against a
wrong message part. Do you have any idea.
Thank in advance for any help.
Henri
-----Original Message-----
From: Hans Granqvist [mailto:hgranqvist@verisign.com]
Sent: mercredi 21 décembre 2005 2:36
To: Henri Delbrouck
Cc: tsik-dev@ws.apache.org
Subject: Re: java and .net interoperability
Henri Delbrouck wrote:
> Hello, I use tsik to build digital signature and sign SOAP message. I
> have written a small java client which send signed messages to java web
> services (using Axis 1.2 engine) which verify correctly the signed
messages.
Sounds good!
>
> I try the same thing with a .net 2005 client but it fails. By examining
> the xml generated by .net, it seems that the xml structure is well
> formed. By doing some trace, It seems that the keyinfo et
Who generates the signature that fails? Can you post it here?
>
> Signature are correctly retrieved from the signed message but
> verification always fails.
>
> Could anybody help me to know if there are some known issue with visual
> studio .net 2005 ?
Sorry -- don't know VS 2005. Is it even out? ;)
> I would also like to know what is exactly signed in the message if I
> only sign the body ? Is the element <soapenv:Enveloppe
and element
> <?xml version=1.0 encoding=UTF-8?> also part of the signed info or
> only the part <Body> </Body>.
The preamble (the <?xml ... part) is normally never signed, but it's
hard to know what else is signed -- can you send the code snippet doing
the signing?
Hans
---------------------------------------------------------------------
To unsubscribe, e-mail: tsik-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tsik-dev-help@ws.apache.org
--
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 2/12/2005
--
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 2/12/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: tsik-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tsik-dev-help@ws.apache.org
Re: java and .net interoperability
Posted by Hans Granqvist <hg...@verisign.com>.
Henri Delbrouck wrote:
> Hello, I use tsik to build digital signature and sign SOAP message. I
> have written a small java client which send signed messages to java web
> services (using Axis 1.2 engine) which verify correctly the signed messages.
Sounds good!
>
> I try the same thing with a .net 2005 client but it fails. By examining
> the xml generated by .net, it seems that the xml structure is well
> formed. By doing some trace, It seems that the keyinfo et
Who generates the signature that fails? Can you post it here?
>
> Signature are correctly retrieved from the signed message but
> verification always fails.
>
> Could anybody help me to know if there are some known issue with visual
> studio .net 2005 ?
Sorry -- don't know VS 2005. Is it even out? ;)
> I would also like to know what is exactly signed in the message if I
> only sign the body ? Is the element <soapenv:Enveloppe… and element
> <?xml version=”1.0” encoding=”UTF-8”?> also part of the signed info or
> only the part <Body> </Body>.
The preamble (the <?xml ... part) is normally never signed, but it's
hard to know what else is signed -- can you send the code snippet doing
the signing?
Hans
---------------------------------------------------------------------
To unsubscribe, e-mail: tsik-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tsik-dev-help@ws.apache.org