Signing SOAP/XML

Daniel

Hi, I need help signing SOAP/XML. Have been stuck with this for a
couple of days now.

I get the following error message from the server: "The security
token could not be authenticated or authorized."

I am probably doing something wrong in the signing process. I use a
tool called "Exchanger XML Professional 3.2" for canonicalization and
sending the message. OpenSSL for SHA-1 hashing, RSA signing and Base 64
encoding.

The digest value of <signedinfo> element I calculate to
ff069b57f83c7bf0cd5b4684c932d4593c1462aa (hex), signed with RSA
algorithm and displayed in Base 64 encoding in <signaturevalue> element
below.

It would also help to now in what order the server do things when
processing and verifing the message. Now I hardly know what is ok and
what isn't.

I would really appreciate some help with this. If anyone know how to do
this "manually" like this?

--------------- START ERROR MESSAGE ----------------
<?xml version="1.0" encoding="utf-8"?><soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"><wsu:Created>2006-02-23T08:47:25Z</wsu:Created><wsu:Expires>2006-02-23T08:52:25Z</wsu:Expires></wsu:Timestamp></soap:Header><soap:Body><soap:Fault><faultcode
xmlns:code="http://schemas.xmlsoap.org/ws/2002/07/secext">code:FailedAuthentication</faultcode><faultstring>Microsoft.Web.Services.Secu rity.SecurityFault:
The security token could not be authenticated or authorized
at Microsoft.Web.Services.Security.Security.LoadXml(X mlElement
element)
at
Microsoft.Web.Services.Security.SecurityInputFilte r.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services.Pipeline.ProcessInputMessag e(SoapEnvelope
envelope)
at
Microsoft.Web.Services.WebServicesExtension.Before DeserializeServer(SoapMessage
message)</faultstring><faultactor>https://ei.sst.dk/test-ei/frontend.asmx</faultactor></soap:Fault></soap:Body></soap:Envelope>
--------------- END ERROR MESSAGE ----------------

--------------- START RSA PRIVATE KEY ----------------
MIICWwIBAAKBgQCbIrspkjgUDUCcw9ZaJc9Qd7dFi39ewSnGDG KBdOSiPHcINiYZ
pr18BQGyh78BfV+6HHDfDS89YM+bwJu5ucWWRJyXSXgs0cgqCg Eti6JVku/ptAx8
ANYvUHfNuSO8BtBtsmwO4Z5zPUoGZUjh5u1iDWYlTzfsJqzxEr J1PKEhfQIDAQAB
AoGALoWCxNuhT3oN5zTfIdd2zPWpkwRbJMoeQdLS82lfarthIq hCUqzq47cIpEYK
5GJ5g3El8+2bPfe7KkTfLhnkg0z2rHI2Geqic7XI6dD34klWeB +lzAGyGsSxeVz4
N05xa4mymvp4Ucq5dI9lv1SAR7NVzyj9Jq7K6OV4BEjq8S0CQQ DJDiCGr8jhYeuH
yGMRcQW+fiqqj4Xn7nVtdv91BR52Cd0XbqgXsD26gWH6Zfu0qG hpGx1Cg181UL/H
xMHzrNIvAkEAxYgQFBInq9Nicb+017kkxqp+mI3Bn0RVvtb91M 4Ly8YioBgb6hMl
uQipTd+YGi0pN72kCeM6HHft0CWFG9D4EwJASoIIvcEhIZ0nKt +xDwKijVC2QRUF
G8l8DP//dX9bJYVMQOXKN1Uh2x8djy0CFZYfc2wP8Nk8jEaLe93HvqT6Ew JAeFhF
M3U8JjtLJvIdQ7DQ7xjAuEDlThtcAkEJtLU0CppUTiViHGI+AV V9kKxBBvGswwEP
B9cgeGe4w6+YQTI3cQJAPj4cgzjsLd8Ibzho3qaTWEPo/x9mAgrO9yDIqj67b00F
mZEsGmzzAh0DOJNdAodHLh+/rjwU/ZbCD4m9bcYsPA==
--------------- END RSA PRIVATE KEY ----------------

--------------- START SOAP/XML ----------------
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<wsrp:path
soap:actor="http://schemas.xmlsoap.org/soap/actor/next"
soap:mustUnderstand="1" xmlns:wsrp="http://schemas.xmlsoap.org/rp">
<wsrp:action
wsu:Id="Id-4f88de95-2818-4696-9b99-6c1878f40851"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">https://ei.sst.dk/SendPackets</wsrp:action>
<wsrp:to
wsu:Id="Id-c5e4d24e-2532-4820-b238-9334f791506f"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">https://ei.sst.dk/test-ei/Frontend.asmx</wsrp:to>
<wsrp:id
wsu:Id="Id-cb2af9ee-2477-489c-ad0b-df86e06bb4b8"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">uuid:12345678-1234-1234-b49344da724ad5d4</wsrp:id>
</wsrp:path>
<wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created
wsu:Id="Id-87e6da6d-6ee1-4d0a-9da2-d27e1bd321a9">2006-02-22T12:40:59Z</wsu:Created>
</wsu:Timestamp>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-fc43cebf-ae98-4796-a099-026e4385c96b">MIIE5TCCBE6gAwIBAgIEQDZIdDANBgkqhkiG 9w0BAQUFADA/MQswCQYDVQQGEwJE
SzEMMAoGA1UEChMDVERDMSIwIAYDVQQDExlUREMgT0NFUyBTeX N0ZW10ZXN0IENB
IElJMB4XDTA1MDUxMDA2NDIzOFoXDTA3MDUxMDA3MTIzOFowfT ELMAkGA1UEBhMC
REsxKTAnBgNVBAoTIEluZ2VuIG9yZ2FuaXNhdG9yaXNrIHRpbG tueXRuaW5nMUMw
HAYDVQQDExVUZXN0cGVyc29uIDI4MDI3NTE3NzIwIwYDVQQFEx xQSUQ6OTIwOC0y
MDAyLTItNzM1MDg5ODU3OTgyMIGfMA0GCSqGSIb3DQEBAQUAA4 GNADCBiQKBgQCb
IrspkjgUDUCcw9ZaJc9Qd7dFi39ewSnGDGKBdOSiPHcINiYZpr 18BQGyh78BfV+6
HHDfDS89YM+bwJu5ucWWRJyXSXgs0cgqCgEti6JVku/ptAx8ANYvUHfNuSO8BtBt
smwO4Z5zPUoGZUjh5u1iDWYlTzfsJqzxErJ1PKEhfQIDAQABo4 ICrjCCAqowDgYD
VR0PAQH/BAQDAgP4MCsGA1UdEAQkMCKADzIwMDUwNTEwMDY0MjM4WoEPMj AwNzA1
MTAwNzEyMzhaMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAY YqaHR0cDovL3Rl
c3Qub2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMIIBAw YDVR0gBIH7MIH4
MIH1BgkpAQEBAQEBAQEwgecwLwYIKwYBBQUHAgEWI2h0dHA6Ly 93d3cuY2VydGlm
aWthdC5kay9yZXBvc2l0b3J5MIGzBggrBgEFBQcCAjCBpjAKFg NUREMwAwIBARqB
l1REQyBUZXN0IENlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdW RzdGVkZXMgdW5k
ZXIgT0lEIDEuMS4xLjEuMS4xLjEuMS4xLjEuIFREQyBUZXN0IE NlcnRpZmljYXRl
cyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS 4xLjEuMS4xLjEu
MS4xLjEuMS4wHQYJYIZIAYb4QgENBBAWDlBlcnNvbldlYk5vRG lyMIGWBgNVHR8E
gY4wgYswVqBUoFKkUDBOMQswCQYDVQQGEwJESzEMMAoGA1UECh MDVERDMSIwIAYD
VQQDExlUREMgT0NFUyBTeXN0ZW10ZXN0IENBIElJMQ0wCwYDVQ QDEwRDUkwyMDGg
L6AthitodHRwOi8vdGVzdC5jcmwub2Nlcy5jZXJ0aWZpa2F0Lm RrL29jZXMuY3Js
MB8GA1UdIwQYMBaAFByYCUcaTDi5EMUEKVvx9E6Aasx+MB0GA1 UdDgQWBBS+tbP2
sYVEEdHJJ1VnHgXC+0WtmTAJBgNVHRMEAjAAMBkGCSqGSIb2fQ dBAAQMMAobBFY3
LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4GBACxnDSKLxJRtEx579x KaEM4AB7Np1/JC
tCjzGjqFZGaaYNeH/W3wHgGRnG4GeaxuyCDhbawgS5MY+nmdOJWfb+2rEZiBa9i/
Ab7We9mWOG7oB1k4869Urqts5m9HeZK9ZoPCyrJGilypdUeRlQ VpEa+S0C9fe6pX
zsspe8R0HgYW</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference
URI="#Id-59ef0d9b-1ac6-4fff-85cb-3f52ec95c47c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>uqy5qDS9I/8vSuM00ebN0+vCIxo=</DigestValue>
</Reference>
<Reference
URI="#Id-4f88de95-2818-4696-9b99-6c1878f40851">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>O7u6Daxi1ke5vupMlgHdGORBy1E=</DigestValue>
</Reference>
<Reference
URI="#Id-c5e4d24e-2532-4820-b238-9334f791506f">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>Zznc1ReLvcyzDx+P73ppq6aaJ/w=</DigestValue>
</Reference>
<Reference
URI="#Id-cb2af9ee-2477-489c-ad0b-df86e06bb4b8">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>dvCP95TeYfLloJ3Ne80YQ0ZSteU=</DigestValue>
</Reference>
<Reference
URI="#Id-87e6da6d-6ee1-4d0a-9da2-d27e1bd321a9">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>NjGSdyqOqeb7k0/bBNWeYhE4T9A=</DigestValue>
</Reference>
</SignedInfo>

<SignatureValue>XQuAWP/6cgqzpffggXzAvMkiQ5Jf4gYqj0avc9gPuKt+TnD2lW0Bmn/SUSZGqsUnseN8OwoR6uOKDBMn01xfBA/k3FR08df77s7poYHoHdgCQVTyjqDDxiqo9Fs3+gWKlTv+Bd/fLlBNoxn+pt10ge4p77zh2icUoUCayQCUk9g=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-fc43cebf-ae98-4796-a099-026e4385c96b"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-59ef0d9b-1ac6-4fff-85cb-3f52ec95c47c"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<SendPackets xmlns="https://ei.sst.dk/">
<Packets>
<SoapPacket>
<SoapData>testdata</SoapData>
<Found>false</Found>
</SoapPacket>
</Packets>
</SendPackets>
</soap:Body>
</soap:Envelope>
--------------- END SOAP/XML ----------------

Feb 23 '06 #1

Subscribe Post Reply

2099

by: Martin | last post by:

I have a couple of questions around code signing with MS technology: 1. Is there a way to transfer the generated strong name signing private key directly to a smartcard (or generate it on the...

.NET Framework

WSE 2.0 Signing messages

by: RBisch | last post by:

In order to sign a message, you can use a UserName token from the client (endpoint) , however must you use a X509 certificate to sign the response message from the service (endpoint) ? I am...

.NET Framework

Client side signing

by: DevilDog | last post by:

Hi, I am trying to create an *.aspx that will do client side signing of a SOAP message. The SOAP message is sent to our web service. I have been down a lot of roads with little success. I've...

.NET Framework

Signing ClickOnce Manifests and Shared Assemblies

by: Raffi Basmajian | last post by:

I am trying to understand the difference between signing ClickOnce manifests and signing shared assemblies. My company is building .Net 2005 WinForm applications for internal company use only....

.NET Framework

Signing a soap message

by: steve perry | last post by:

I'm having trouble signing an soap message using an ssl certificate. The error message I get is "Cannot find the certificate and private key for decryption" I have tried using WSE 1.0 and WSE 2.0...

.NET Framework

Help in signing SoapEnvelope using wse 3.0

by: sridhar | last post by:

hai Friends, I have a typical requirement.we are integrating with a partner that needs signed soap xml to be posted to an url. The partner provided me with their public key.and will post me a...

ASP.NET

Signing headers with carriage returns

by: markus.shure | last post by:

Hi, I'm noticed a problem testing a JAX-WS client with a WSE server. The JAX-WS client adds carriage returns to a SOAP header element that is signed. This causes the WSE server to raise an...

.NET Framework

Anybody use Strong Name Signing?

by: raylopez99 | last post by:

Anybody use Strong Name Signing? I think this is used by default for Resource files, which is one reason perhaps I can't get my resource files to work (somehow the public key is messed up, perhaps...

C# / C Sharp

signer's certificate is not valid for signing (VS2008 windows forms)

by: BillE | last post by:

<extreme frustration> I have googled and read about this, but can't seem to get a grip on it. Apparently I am being coerced into digitally signing applications. Is this true? What if I don't...

.NET Framework

Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

General

One-click Importing Excel Data into a*Database

by: ryjfgjl | last post by:

In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...

Microsoft Excel

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

Similar topics