Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

devX
Occasional Visitor
‎10-12-2015 04:54 AM
‎10-12-2015 04:54 AM

How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Tried to reproduce the SOAPUI Signature Calculation with php, but the signature value didn't match with the value in SOAPUI.

I'll can calculate the right digest value, but can't reproduce the sign process.

Signature value calculation includes:

My two approches are:

1.approach:

  • canonicalize signed info include digest value
  • sign canonicalized string (openssl_sign)
  • base64 encoding the result = signature value

2. approach:

  • canonicalize signed info include digest value
  • sha1 hash canonicalized string
  • base64 encoding ??? maybe to much encoding
  • encrypt with private key
  • openssl_sign
  • base64 encoding

Something must be wrong, because with each approach I'll got different signature value back as SOAPUI it calculate. What is SOAPUI doing with the signedInfo to calculate the signature value?

 

Thank you very much for any constructive response.

Marcel

 

0 Kudos
5 REPLIES 5
ced236
New Contributor
‎05-15-2017 05:27 AM
‎05-15-2017 05:27 AM

Hello, 

 

I have the same problem. 

Did you solve it ? 

 

Cédric 

0 Kudos
nmrao
Community Hero
Community Hero
In response to ced236
‎05-15-2017 09:11 PM
‎05-15-2017 09:11 PM

Please elaborate the problem. And are you having issue in SoapUI?


Regards,
Rao.
0 Kudos
rstommel
New Contributor
‎06-24-2018 10:02 PM
‎06-24-2018 10:02 PM

Hi,

I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):


 <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValu...>

There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:


<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI...>

Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <ds:SignedInfo> element.

 

Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <ds:SignatureValue> of the request created by SoapUI):

 

openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml


openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64

 

Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.

 

Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.

Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.

So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.

It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.

 

Your help is very much appreciated.

 

Raph

0 Kudos
kashiash
New Contributor
In response to rstommel
‎10-19-2018 05:22 AM
‎10-19-2018 05:22 AM

i have the same problem, did you found  the solution ?

0 Kudos
nikhil_pillai
New Member
In response to rstommel
‎03-15-2019 10:28 PM
‎03-15-2019 10:28 PM

Did you find anything regarding this issue ?

please reply if you found anything.

 

Thank y

@rstommel wrote:

Hi,

I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):


 <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</ds:DigestValu...>

There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:


<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI...>

Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <ds:SignedInfo> element.

 

Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <ds:SignatureValue> of the request created by SoapUI):

 

openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml


openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64

 

Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.

 

Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.

Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.

So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.

It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.

 

Your help is very much appreciated.

 

Raph


ou

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: