Hello All,
I am trying to write a code against XML-Signature wrapping.
The attached XML is validating, but it shouldn't (the signature was made
on the correct XML, where I switched the body) :-)
I was trying to use the w3c's best practice #14, which is described in
http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053F26BFE5D1D385257067004CFD80/$File/rc23691.pdf
How can I do that easily with wss4j?
Thanks a lot!
<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<wsse:Security s:mustUnderstand="true" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:BinarySecurityToken EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-5ED3F58FF83785A1E613401010446741">MIIDMDCCApmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCB0ZXN0czEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIE1hc2kxMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wIBcNMTIwMTAyMDkwMDM1WhgPMjE5MTA2MDgwOTAwMzVaMIGPMQswCQYDVQQGEwJBVDEQMA4GA1UECBMHQXVzdHJpYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCBUZXN0czEOMAwGA1UEAxMFY2VydDExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgfPyeyh5akguf7m0rxeAlzeTmfSHQw6VFcttllUHvK7EowEhnCXySqqd6F+rFf6GtvYxdIKAoSy2dW6clU9Qa43GdDxnRH2nWj/2BHQpNeagn4SnHnB0Sh+Tg+GyIzGMLwVW+3exKfNqXX+bT/0qe2s9aSx5+6YablcPdbjd7nAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTyZNkaXQQW/poejdu6nXjh3rBhbzAfBgNVHSMEGDAWgBR0cbZF2tyFPQ8VxQGIiJhzLmEADjANBgkqhkiG9w0BAQUFAAOBgQBNxznZ6jvfMQDjCZvI+/SVGubIDGse9kYgeIqkzxs/fxZQHf2WCZLwnRLWKiPbVuiyJqQaP+BefGWTwzw76abjPOliPLyCoZeJS3bT6Pdubswlgzx49yp0b+RF424tRtGAgDpvRPij7RYIQuGt30iVOTkgEqMciOw/8ZHWHS3/+Q==</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#
">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="s" xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="" xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>mjUU4XkDWH4O/mdFHz65/e5C6hw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>OZBdrJ4ucWbfdTJIFd6thEtyaBH3OshqVHEmPDlaaoqFXqD4dHJCUWR9KMjcJ1gozFEe1aVM4Ju7
w2jJdSa4CKLgX2xf5dIdUkoH1+ck68hYBT7zfYj3sivctxRwLh2PwuI8qTrUB2ya1vw5X9vsPp2z
f0nfnO3NoOHScDa1ZcI=</ds:SignatureValue>
<ds:KeyInfo Id="KI-5ED3F58FF83785A1E613401010446952">
<wsse:SecurityTokenReference
wsu:Id="STR-5ED3F58FF83785A1E613401010446963">
<wsse:Reference URI="#X509-5ED3F58FF83785A1E613401010446741"
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<fooHeader>
<s:Body wsu:Id="id-1" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<ns1:sampleValue xmlns:ns1="urn:tiani-spirit:test">
this is a value
</ns1:sampleValue>
</s:Body>
</fooHeader>
</s:Header>
<Body xmlns="http://www.w3.org/2003/05/soap-envelope">
<sampleValue xmlns="urn:tiani-spirit:test">This is another one,
FAKED</sampleValue>
</Body>
</s:Envelope>
--
Massimiliano Masi
http://www.mascanc.net/~max
|