I am using SignedXml class to sign and verify soap xml documents. We are not
using WSE at this point. When I sign a soap document and send it to my
trading partner, they can verify the document without any problem. However
when they send me the signed soap document, I am not able to verify it. But
they can take their signed document and can verify it without any problem.
They are using Apache Xml Security Suite (v 1.0.4).
One thing we noticed is that SignedXml class does not add any prefix to the
Signature element. But the Apache suite adds it. However both namespace
values are pointing to same uri.
We are totally lost at this point. Any help is greatly appreciated.
Here is my code:
string filePath = @"C:\Signed.xml ";
// Create a SignedXml.
XmlDocument doc = new XmlDocument();
doc.Load(filePa th);
SignedXml signedXml = new SignedXml(doc);
// Load the XML.
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Loa d(new XmlTextReader(f ilePath));
XmlNodeList nodeList = xmlDocument.Get ElementsByTagNa me("ds:Signatur e");
signedXml.LoadX ml((XmlElement) nodeList[0]);
if (signedXml.Chec kSignature())
{
Console.WriteLi ne("Signature check OK");
}
else
{
Console.WriteLi ne("Signature check FAILED");
}
Here is the example of signed document (some parts are modified for security
and abbreviated for brevity reasons):
<soapenv:Envelo pe soapenv:actor=" some-uri" soapenv:mustUnd erstand="1"
xmlns:soapenv=" http://schemas.xmlsoap .org/soap/envelope/"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header ><ns1:Test1 xmlns:ns1="ns1"/> <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInf o>
<ds:Canonicaliz ationMethod
Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMe thod Algorithm="http ://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transform s>
<ds:Transform Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMetho d Algorithm="http ://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue >Iq02JTwtu7Bpya wiiGcSz8EI6Gc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureVa lue> *** Value **** </ds:SignatureVal ue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certifi cate> *** Certificate *** </ds:X509Certific ate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue >
<ds:Modulus> *** Modulus *** </ds:Modulus>
<ds:Exponent>** * Exponent *** </ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></soapenv:Header>
<soapenv:Body Id="Body"><ns2: Test2 xmlns:ns2="ns2" > </soapenv:Body>
</soapenv:Envelop e>
Thanks.
Raghu/..
5  2902 
Raghu wrote: One thing we noticed is that SignedXml class does not add any prefix to the
Signature element. But the Apache suite adds it. However both namespace
values are pointing to same uri.
That's really poor design to rely on namespace prefix. Don't do this,
namespace prefix doesn't matter on it's own, what matter is namespace
URI it's bound to. Use namespace-aware SelectSingleNod e method with
XmlNamespaceMan ager to select Signature element in a safe way.
--
Oleg Tkachenko
XML Insider http://www.tkachenko.com/blog
As I already indicated, this does not seem to be the problem. Any other
ideas?
"Oleg Tkachenko" <oleg@NO!SPAM!P LEASEtkachenko. com> wrote in message
news:Oo******** ******@TK2MSFTN GP09.phx.gbl... Raghu wrote:
One thing we noticed is that SignedXml class does not add any prefix to
the Signature element. But the Apache suite adds it. However both namespace
values are pointing to same uri.
That's really poor design to rely on namespace prefix. Don't do this,
namespace prefix doesn't matter on it's own, what matter is namespace
URI it's bound to. Use namespace-aware SelectSingleNod e method with
XmlNamespaceMan ager to select Signature element in a safe way.
--
Oleg Tkachenko
XML Insider
http://www.tkachenko.com/blog
Raghu wrote: As I already indicated, this does not seem to be the problem. Any other
ideas?
Sorry, then I missed what the problem actually is. Any exceptions?
--
Oleg Tkachenko
XML Insider http://www.tkachenko.com/blog
No. The CheckSignature simply returns false.
"Oleg Tkachenko" <oleg@NO!SPAM!P LEASEtkachenko. com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. .. Raghu wrote:
As I already indicated, this does not seem to be the problem. Any other
ideas?
Sorry, then I missed what the problem actually is. Any exceptions?
--
Oleg Tkachenko
XML Insider
http://www.tkachenko.com/blog
There are couple of reasons why the Checksignature could fail.
a) Unable to get the Signature element. You can try by using
..GetElementsBy TagName("Signat ure",SignedXml. XmlDsigNamespac eUrl);
b) I did not see any Enveloped signature transform. try adding enveloped
signature transform during generation, that might fix your problem.
Thanks
Ram
"Raghu" <Ra***@nospamzz zqcsi.com> wrote in message
news:e5******** ******@tk2msftn gp13.phx.gbl... No. The CheckSignature simply returns false.
"Oleg Tkachenko" <oleg@NO!SPAM!P LEASEtkachenko. com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. .. Raghu wrote:
As I already indicated, this does not seem to be the problem. Any
other ideas?
Sorry, then I missed what the problem actually is. Any exceptions?
--
Oleg Tkachenko
XML Insider
http://www.tkachenko.com/blog
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jagdeesh |
last post by:
Hai Colleagues,
I am using Tomcat 4.1.24 and JDK 1.4.0_03 in my winXP machine. I've
transferred a set of folders(containing jsp files) into tomcat's
webapps directory(to /webapps/bob , /webapps/sue) and i have added the
folders bob, sue in my server.xml(in the context path).
When i am trying to run jsp files from my browser, it works fine. But,
the following jsp files reports some exceptions which is quite hard to
understand. Here is...
|
by: baustin75 |
last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie
only when debugging in php designer 2005
--------------------------------------------------------------------------------
Hello,
I have a very simple problem but cannot seem to figure it out. I have a
very simple php script that sends a test email to myself. When I debug
it in PHP designer, it works with no problems, I get the test email. If
|
by: William Stacey [MVP] |
last post by:
Given the following, how do I get the plain xml without the security
elements (i.e. the original xml before the security was added) in the
VerifyXML() method. TIA.
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.IO;
|
by: info |
last post by:
Dear all,
is the first time that I use SOAP, and i must say that i'm having
several problems.
this is SOAP message that expects the server
=================XML EXPECTED FROM THE SERVER================
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
|
by: Rune Nergard |
last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class
to sign an Xml message with Xml-DSIG and using an Enveloped signature type
and the sha1RSA algorithm. Everything works fine with soft certificates
and some smartcard based certificates. I'm using X509Certificate2 to hold
the certificates. My problem is that our customers is forced (by law!) to
use a smart-card based personal certificate with strong protection. That
is...
| | |
by: Peter Ravnholt |
last post by:
Hello all,
It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.
The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.
|
by: |
last post by:
Hey Friends,
I have a Signed XML that looks like the below
I also have the public certificate for this but i am not able to pass the
public key of the X509Certificate2 to the CheckSignature method any idea or
help?
<?xml version="1.0" encoding="UTF-8"?>
<B:Envelope xmlns:B="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:A="http://www.routeone.com/namespace.messaging.diag#"...
|
by: pmlane2001 |
last post by:
I have a PHP SOAP XML file size problem that I was wondering if anyone has seen before. I have an XML file that when I put it through my PHP script with 270 lines (13,082 KB) it works fine. If I make it 271 lines (13,112 KB), it causes the script to end with a soap fault.
I've tried adding substance to the 270 lines to make the file bigger with out adding lines, but it didn't fail.
I've installed everything on a second development box...
|
by: reco |
last post by:
Hi,
I am only new to development and have been given a task to convert a Perl script to a Windows Service. The issue I am facing is that the current Perl Script uses a SOAP call to an Apache Web Server to retrieve data through https xml feeds.
I am unable to locate any help on how to write this in c#. I am using Visual Studios 2005. I have provided part of the Perl Script if it helps (I have altered the proxy and uri for security reasons)....
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
