cancel
Showing results for 
Search instead for 
Did you mean: 

How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Highlighted
Occasional Visitor

How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Tried to reproduce the SOAPUI Signature Calculation with php, but the signature value didn't match with the value in SOAPUI.

I'll can calculate the right digest value, but can't reproduce the sign process.

Signature value calculation includes:

My two approches are:

1.approach:

  • canonicalize signed info include digest value
  • sign canonicalized string (openssl_sign)
  • base64 encoding the result = signature value

2. approach:

  • canonicalize signed info include digest value
  • sha1 hash canonicalized string
  • base64 encoding ??? maybe to much encoding
  • encrypt with private key
  • openssl_sign
  • base64 encoding

Something must be wrong, because with each approach I'll got different signature value back as SOAPUI it calculate. What is SOAPUI doing with the signedInfo to calculate the signature value?

 

Thank you very much for any constructive response.

Marcel

 

5 REPLIES 5
New Contributor

Re: How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Hello, 

 

I have the same problem. 

Did you solve it ? 

 

Cédric 

Community Hero

Re: How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Please elaborate the problem. And are you having issue in SoapUI?


Regards,
Rao.
New Contributor

Re: How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Hi,

I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):


 <dsSmiley FrustratedignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><dsSmiley FrustratedignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><dsSmiley Very HappyigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsSmiley Very HappyigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</dsSmiley Very HappyigestValue></...Smiley Frustrated>

There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:


<dsSmiley FrustratedignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><dsSmiley FrustratedignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsSmiley FrustratedignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><dsSmiley Very HappyigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsSmiley Very HappyigestMethod><dsSmiley Very HappyigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</...Smiley Very HappySmiley Frustrated>

Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <dsSmiley FrustratedignedInfo> element.

 

Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <dsSmiley FrustratedignatureValue> of the request created by SoapUI):

 

openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml


openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64

 

Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.

 

Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.

Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.

So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.

It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.

 

Your help is very much appreciated.

 

Raph

New Contributor

Re: How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

i have the same problem, did you found  the solution ?

New Member

Re: How is SOAPUI calculating the signature value withn C14E and InclusiveNamespaces?

Did you find anything regarding this issue ?

please reply if you found anything.

 

Thank y


@rstommel wrote:

Hi,

I have the same question and would like to elaborate this in more detail:
Using SoapUI I am sending a request with a Signature created by SoapUI. This Signature element contains the following SignedInfo element (copied as is from the SoapUI Raw request view):


 <dsSmiley FrustratedignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><dsSmiley FrustratedignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><dsSmiley Very HappyigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsSmiley Very HappyigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</dsSmiley Very HappyigestValue></...Smiley Frustrated>

There are now carriage returns and line feeds in there.
Using Oxygen (XML Editor) this SignedInfo element is cananicalize according to http://www.w3.org/2001/10/xml-exc-c14n# resulting in the following:


<dsSmiley FrustratedignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><dsSmiley FrustratedignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsSmiley FrustratedignatureMethod><ds:Reference URI="#otto"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><dsSmiley Very HappyigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsSmiley Very HappyigestMethod><dsSmiley Very HappyigestValue>bU+yPTYXfSsBFgl16K8D2YFLLI4=</...Smiley Very HappySmiley Frustrated>

Before doing so I added the namespace declaration "xmlns:ds="http://www.w3.org/2000/09/xmldsig#" to the <dsSmiley FrustratedignedInfo> element.

 

Then I used the following OpenSSL commands to sign this SignedInfo element and to create the Base64 encoding myself in order to compare it with the one created by SoapUI (i.e. placed <dsSmiley FrustratedignatureValue> of the request created by SoapUI):

 

openssl dgst -sha1 -sign privkey.openssl -out soapuiSignedInfoCanon.xml.sha1 soapuiSignedInfoCanon.xml


openssl base64 -in soapuiSignedInfoCanon.xml.sha1 -out soapuiSignedInfoCanon.xml.sha1.Base64

 

Here soapuiSignedInfoCanon.xml is a file containing the canonicalized SignedInfo element. soapuiSignedInfoCanon.xml.sha1 contains the binary signature of soapuiSignedInfoCanon.xml. soapuiSignedInfoCanon.xml.sha1.Base64 is a file containing the Base64 encoded signature.

 

Finally when comparing the content of soapuiSignedInfoCanon.xml.sha1.Base64 with the Base64 encoded signature created by SoapUI (i.e. found in the raw SOAP request) they differ.

Using the same approach with a SignedInfo element created by Oxygen the signature created signature matches the one from Oxygen.

So obviously canonicalizing the SignedInfo element created by SoapUI is not sufficient.

It would therefore be good to know what the SignedInfo element looks like before it is signed by SoapUI.

 

Your help is very much appreciated.

 

Raph



ou