I am trying to check a SOAP signature with WSE 1.0 SP1, but with a
certain transform I only get an "Unknown tranform" [sic] exception.
The SOAP signature is like this:
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="" URI="#TGSS01">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>[Omitted...]</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
[Omitted...]
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
[Omitted...]
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
Java and Exchanger XML Editor have no problem to validate the
signature.
The exception is:
"Unknown tranform has been encountered."
at Microsoft.Web.Services.Security.Reference.LoadXml( XmlElement
value)
at Microsoft.Web.Services.Security.SignedInfo.LoadXml (XmlElement
value)
at
Microsoft.Web.Services.Security.SignedXmlSignature .LoadXml(XmlElement
value)
at Microsoft.Web.Services.Security.SignedXml.LoadXml( XmlElement
value)
at es.map.xml.Firma.ValidarFirma(MensajeSOAPXml mensaje) in
C:\\MapBeta2\\Codigo\\NET\\Fuentes\\Librerias\\es. map\\xml\\Firma.cs:line
151
at es.map.xml.soap.MensajeSOAPXml.ValidarFirma(Mensaj eSOAPXml
mensaje) in
c:\\mapbeta2\\codigo\\net\\fuentes\\librerias\\es. map\\xml\\soap\\mensajesoapxml.cs:line
359
at PruebaValidarFirma.Prueba.Main(String[] args) in
c:\\mapbeta2\\codigo\\net\\fuentes\\beta2\\pruebav alidarfirma\\prueba.cs:line
32
Reading around, I tried to make WSE recognize the enveloped-signature
transform by adding this to machine.config:
<mscorlib>
<cryptographySettings>
<cryptoNameMapping>
<cryptoClasses>
<cryptoClass
envsigTran
=
"System.Security.Cryptography.Xml.XmlDsigEnveloped SignatureTransform,
System.Security, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"
/>
</cryptoClasses>
<nameEntry
name="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
class="envsigTran" />
</cryptoNameMapping>
</cryptographySettings>
</mscorlib>
But it seems useless. I have also tried
envsigTran
=
"System.Security.Cryptography.Xml.XmlDsigEnveloped SignatureTransform,
System.Security" and
"System.Security.Cryptography.Xml.XmlDsigEnveloped SignatureTransform,
System.Security.Cryptography.Xml", but to no avail.
In http://msdn.microsoft.com/downloads/list/wse1readme.htm I read:
# WSE SP1 is now more restrictive in the set of algorithms that it will
accept when receiving an XML Signature:
* The CanonicalizationMethod for the Signature must be either XML
Exclusive Canonicalization or XML Exclusive Canonicalization with
Comments ("http://www.w3.org/2001/10/xml-exc-c14n#" or
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments").
* The Transforms collection for an individual Signature Reference
can only include XML Exclusive Canonicalization, XML Exclusive
Canonicalization with Comments and XPath
("http://www.w3.org/TR/1999/REC-xpath-19991116",
"http://www.w3.org/2001/10/xml-exc-c14n#" or
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments").
* The Digest method for an individual Signature Reference can only
be SHA-1 ("http://www.w3.org/2000/09/xmldsig#sha1").
that seems to deny the possibility of recognizing the enveloped
transform.
Do you have some suggestion?
Thanks in advance.
--
David Mediavilla