I want to consume WCF web-service which uses X.509 certificate for mutual authentication. I had imported certificates using keytools in BKS keystore & able to use in android code. Now for mutual authentication i need to create web-request which have message digest & signature in it
I am using KSOAP 2. MY android Application working fine till my client is using https using srever side certificate. But now my client want X.509 certificate based mutual authentication. For which I need to form my request as per below mention format which i had extracted using wireshark (client is developed in Visual studio 8 which is working fine). As per the blogs & articles i need to create message digest then create signature but before creating message digest i need to create XML canonicalization Referenced Urls : http://java.sun.com/developer/technicalArticles/xml/dig_signatures/ http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/ http://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/samples/javax/xml/crypto/dsig/samples/GenEnveloped.java http://www.xml.com/pub/a/ws/2002/09/18/c14n.html?page=1 http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/ <s:Header> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"> <u:Timestamp u:Id="_0"> <u:Created>2012-02-21T04:45:06.429Z</u:Created> <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> </u:Timestamp> <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/ 2004/01/ oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http:// docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- security-1.0#Base64Binary"> MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E </o:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> </Reference> </SignedInfo> <SignatureValue> kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= </SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid- e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> </o:SecurityTokenReference> </KeyInfo> </Signature> </o:Security> </s:Header> But to create message digest we need perform XML canonicalization with "http://www.w3.org/2001/10/xml-exc-c14n#"; transform algorithm. I am not able to found any API or library which perform above task. I had used xmlsec jar but I guess it is not supported by android and also used all the option which I found after googling. I had find out that android don’t have support of following JAVA packages: • javax.xml.crypto.dom • javax.xml.crypto.dsig • javax.xml.crypto.dsig.dom • javax.xml.crypto.dsig.keyinfo • javax.xml.crypto.dsig.spec Please guide me how to call WCF web-service which involve X.509 certificate based mutual authentication. ASAP -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
