cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to recreate message digest from SOAPUI payload

Highlighted
New Contributor

Unable to recreate message digest from SOAPUI payload

When checking my method for generating a DIgestValue I try to recreate the SOAPUI value from the SOAPUI payload:

Timestamp element from SOAPUI Raw tab:

<wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>

 

In PHP:
$data = ' <wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>';

$xml = new \DOMDocument();
@$xml->loadXML($data); // undefined namespaces throw warnings so '@'
$data = $xml->C14N(true); // exclusive
$hash = sha1($data, true);
$hash64 = base64_encode($hash);

 

SOAPUI DigestValue: +A1kg20vvbEJjtgOfCgXliBBrPM=
PHP DigestValue: x0D7Qy3Yewha2BNzXidr98hCWCk=
PHP C14 result: <wsu:Timestamp wsu:Id="TS-613DCCBFEC7148A1BB159006246649786"><wsu:Created>2020-05-21T12:01:06.497Z</wsu:Created><wsu:Expires>2020-05-21T12:16:06.497Z</wsu:Expires></wsu:Timestamp>

The SOAPUI Signature source from the Raw tab is:

<ds:Signature Id="SIG-613DCCBFEC7148A1BB159006246650090" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="wsa soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-613DCCBFEC7148A1BB159006246649786"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="wsse wsa soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>+A1kg20vvbEJjtgOfCgXliBBrPM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>flEIyViSCsASTqz+7/PcdyfK4Vyk6+UY9Z70mFrvzbsdJDQGyBUIrHfABzL3d3Fr7POQ5tFVr6ju
7bYl/z6eAyt1BvPVOVgCqDeEJHHTfAt556vMsRQRCos5Y6z9ItWJVRRPwlMMDHoLs8j6m/NR1HXP
/nsa70O6mIx1VYS7zOk/qfF1ujVS53KMF3gPhdHYMWs4bZnABV5gcn2+ifzIUxU7cDOjwvKVzFEU
UF33kYiQANgYdOUILn5GyxfasHP3S9cyDo9cPQhGgVPIsHtGGaCmtLIqSQ09e9PFtRxZhP8j2oWp
cKdH6RnVUWOp2776+PcVMuy+gh/lzZrT1i5l3w==</ds:SignatureValue><ds:KeyInfo Id="KI-613DCCBFEC7148A1BB159006246649988"><wsse:SecurityTokenReference wsu:Id="STR-613DCCBFEC7148A1BB159006246649989"><wsse:Reference URI="#X509-613DCCBFEC7148A1BB159006246649987" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature>

 SHA1 being a standard thing it would seem there is a problem with the Canonising but it's unclear what.

1 REPLY 1
Highlighted
New Contributor

Re: Unable to recreate message digest from SOAPUI payload

So nobody has ever run into this issue, then?

It doesn't seem an uncommon question on the internet, nobody having any clear answer.

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors