Forum Discussion
Hi,
I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValue></ds:Reference></ds:SignedInfo>
There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValue></ds:Reference></ds:SignedInfo>
Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <ds:SignedInfo> element.
Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <ds:SignatureValue> of the request created by SoapUI):
openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml
openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64
Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.
Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.
Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.
So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.
It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.
Your help is very much appreciated.
Raph
Did you find anything regarding this issue ?
please reply if you found anything.
Thank y
rstommel wrote:
Hi,
I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValue></ds:Reference></ds:SignedInfo>There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValue></ds:Reference></ds:SignedInfo>Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <ds:SignedInfo> element.
Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <ds:SignatureValue> of the request created by SoapUI):
openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml
openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64
Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.
Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.
Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.
So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.
It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.
Your help is very much appreciated.
Raph
ou
Related Content
- 6 years ago
Recent Discussions
- 15 years ago