Forum Discussion

Surefyre's avatar
Surefyre
New Contributor
4 years ago

Unable to recreate message digest from SOAPUI payload

When checking my method for generating a DIgestValue I try to recreate the SOAPUI value from the SOAPUI payload:

Timestamp element from SOAPUI Raw tab:

<wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>

 

In PHP:
$data = ' <wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>';

$xml = new \DOMDocument();
@$xml->loadXML($data); // undefined namespaces throw warnings so '@'
$data = $xml->C14N(true); // exclusive
$hash = sha1($data, true);
$hash64 = base64_encode($hash);

 

SOAPUI DigestValue: +A1kg20vvbEJjtgOfCgXliBBrPM=
PHP DigestValue: x0D7Qy3Yewha2BNzXidr98hCWCk=
PHP C14 result: <wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>

The SOAPUI Signature source from the Raw tab is:

<ds:Signature Id="SIG-613DCCBFEC7148A1BB159006246650090" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="wsa soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-613DCCBFEC7148A1BB159006246649786"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="wsse wsa soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>+A1kg20vvbEJjtgOfCgXliBBrPM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>flEIyViSCsASTqz+7/PcdyfK4Vyk6+UY9Z70mFrvzbsdJDQGyBUIrHfABzL3d3Fr7POQ5tFVr6ju
    7bYl/z6eAyt1BvPVOVgCqDeEJHHTfAt556vMsRQRCos5Y6z9ItWJVRRPwlMMDHoLs8j6m/NR1HXP
    /nsa70O6mIx1VYS7zOk/qfF1ujVS53KMF3gPhdHYMWs4bZnABV5gcn2+ifzIUxU7cDOjwvKVzFEU
    UF33kYiQANgYdOUILn5GyxfasHP3S9cyDo9cPQhGgVPIsHtGGaCmtLIqSQ09e9PFtRxZhP8j2oWp
    cKdH6RnVUWOp2776+PcVMuy+gh/lzZrT1i5l3w==</ds:SignatureValue><ds:KeyInfo Id="KI-613DCCBFEC7148A1BB159006246649988"><wsse:SecurityTokenReference wsu:Id="STR-613DCCBFEC7148A1BB159006246649989"><wsse:Reference URI="#X509-613DCCBFEC7148A1BB159006246649987" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature>

 SHA1 being a standard thing it would seem there is a problem with the Canonising but it's unclear what.

1 Reply

Sort By
  • Surefyre's avatar
    Surefyre
    New Contributor
    4 years ago

    So nobody has ever run into this issue, then?

    It doesn't seem an uncommon question on the internet, nobody having any clear answer.