ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "massimiliano.masi@gmail.com" <massimiliano.m...@gmail.com>
Subject Xml-Signature wrapping
Date Tue, 19 Jun 2012 10:28:02 GMT
Hello All,

I am trying to write a code against XML-Signature wrapping.

The attached XML is validating, but it shouldn't (the signature was made
on the correct XML, where I switched the body) :-)

I was trying to use the w3c's best practice #14, which is described in
http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053F26BFE5D1D385257067004CFD80/$File/rc23691.pdf

How can I do that easily with wss4j?

Thanks a lot!

<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">

  <s:Header>

    <wsse:Security s:mustUnderstand="true" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">

      <wsse:BinarySecurityToken EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-5ED3F58FF83785A1E613401010446741">MIIDMDCCApmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCB0ZXN0czEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIE1hc2kxMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wIBcNMTIwMTAyMDkwMDM1WhgPMjE5MTA2MDgwOTAwMzVaMIGPMQswCQYDVQQGEwJBVDEQMA4GA1UECBMHQXVzdHJpYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCBUZXN0czEOMAwGA1UEAxMFY2VydDExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgfPyeyh5akguf7m0rxeAlzeTmfSHQw6VFcttllUHvK7EowEhnCXySqqd6F+rFf6GtvYxdIKAoSy2dW6clU9Qa43GdDxnRH2nWj/2BHQpNeagn4SnHnB0Sh+Tg+GyIzGMLwVW+3exKfNqXX+bT/0qe2s9aSx5+6YablcPdbjd7nAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTyZNkaXQQW/poejdu6nXjh3rBhbzAfBgNVHSMEGDAWgBR0cbZF2tyFPQ8VxQGIiJhzLmEADjANBgkqhkiG9w0BAQUFAAOBgQBNxznZ6jvfMQDjCZvI+/SVGubIDGse9kYgeIqkzxs/fxZQHf2WCZLwnRLWKiPbVuiyJqQaP+BefGWTwzw76abjPOliPLyCoZeJS3bT6Pdubswlgzx49yp0b+RF424tRtGAgDpvRPij7RYIQuGt30iVOTkgEqMciOw/8ZHWHS3/+Q==</wsse:BinarySecurityToken>

      <ds:Signature Id="SIG-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#
">

        <ds:SignedInfo>

          <ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#">

            <ec:InclusiveNamespaces PrefixList="s" xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#"/>

          </ds:CanonicalizationMethod>

          <ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

          <ds:Reference URI="#id-1">

            <ds:Transforms>

              <ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#">

                <ec:InclusiveNamespaces PrefixList="" xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#"/>

              </ds:Transform>

            </ds:Transforms>

            <ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>

            <ds:DigestValue>mjUU4XkDWH4O/mdFHz65/e5C6hw=</ds:DigestValue>

          </ds:Reference>

        </ds:SignedInfo>


<ds:SignatureValue>OZBdrJ4ucWbfdTJIFd6thEtyaBH3OshqVHEmPDlaaoqFXqD4dHJCUWR9KMjcJ1gozFEe1aVM4Ju7

w2jJdSa4CKLgX2xf5dIdUkoH1+ck68hYBT7zfYj3sivctxRwLh2PwuI8qTrUB2ya1vw5X9vsPp2z

f0nfnO3NoOHScDa1ZcI=</ds:SignatureValue>

        <ds:KeyInfo Id="KI-5ED3F58FF83785A1E613401010446952">

          <wsse:SecurityTokenReference
wsu:Id="STR-5ED3F58FF83785A1E613401010446963">

            <wsse:Reference URI="#X509-5ED3F58FF83785A1E613401010446741"
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
"/>

          </wsse:SecurityTokenReference>

        </ds:KeyInfo>

      </ds:Signature>

    </wsse:Security>

    <fooHeader>

      <s:Body wsu:Id="id-1" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">

        <ns1:sampleValue xmlns:ns1="urn:tiani-spirit:test">

this is a value

</ns1:sampleValue>

      </s:Body>

    </fooHeader>

  </s:Header>

  <Body xmlns="http://www.w3.org/2003/05/soap-envelope">

    <sampleValue xmlns="urn:tiani-spirit:test">This is another one,
FAKED</sampleValue>

  </Body>

</s:Envelope>




-- 
Massimiliano Masi

http://www.mascanc.net/~max

Mime
View raw message