Encryption not working for .NET service - Need help

Thu, 29 Mar 2007 13:17:31 -0800 

Hi,

I've got a service written in .NET that does both signing and
encryption.  I have looked at both the .NET client SOAP and my
java/axis2 client SOAP and they are very similar, so much so that I
can't figure out what the difference is and why my SOAP message fails to
be processed but the .NET message works.  Looking at the KeyInfo values
for the X509SerialNumber you can see they are identical, so what am I
doing wrong?  The error I get from the .NET service is: 
"Exception thrown: Referenced security token could not be retrieved">
at Microsoft.Web.Services3.Security.EncryptedKey.LoadXml(XmlElement
element)



Here is my java/axis2 SOAP:
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
      <soapenv:Header>
         <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <xenc:EncryptedKey Id="EncKeyId-15734641">
               <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; />
               <ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                  <wsse:SecurityTokenReference>
                     <ds:X509Data>
                        <ds:X509IssuerSerial>
                           <ds:X509IssuerName>CN=Root
Agency</ds:X509IssuerName>
 
<ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509Ser
ialNumber>
                        </ds:X509IssuerSerial>
                     </ds:X509Data>
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
               <xenc:CipherData>
 
<xenc:CipherValue>V8Ric6HGcQguCCiJUjKvRmYwfPC4u6AmWufJbKq3VEdoJlctmgSmsD
Lu/DpD6tG6rV4eCkuv0FUqJkwPDdWqIB/OEoUru3SGp1JPZlS03NNc0bLI5NAm1BCv9OO0bC
ryudG8WxOzB1oRX6j/jgf4ioaRiXMF5A6HnhOXRkkJt6w=</xenc:CipherValue>
               </xenc:CipherData>
               <xenc:ReferenceList>
                  <xenc:DataReference URI="#EncDataId-27811128" />
               </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so
ap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3"
wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUr
DgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIz
MTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJo
wWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoD
Y8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLk
CS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jU
qlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZA
L70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-21621663">
               <ds:SignedInfo>
                  <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
                  <ds:Reference URI="#id-27811128">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transforms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>qVTO1kRazaBiToVQdKIWFtCa1nw=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#id-13655059">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transforms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>L5fqzYVCb1Aik484/9oIiiBLLfs=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#id-21830977">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transforms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>k9zPUQYL9BP4m7oN/FLKBKruKHg=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#id-29087666">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transforms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>gAXeVuxphJhii3rrGZAojHPWeZc=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#id-21886820">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transforms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>Xd4lgup0QVfSAgTZqo29D38Etuc=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#Timestamp-6151022">
                     <ds:Transforms>
                        <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                     </ds:Transac4forms>
                     <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<ds:DigestValue>4nB7SPc+8bj1gKlsAnMJaoBHXUU=</ds:DigestValue>
                  </ds:Reference>
               </ds:SignedInfo>
 
<ds:SignatureValue>MYoeBXPWUrhEO3ZlfI9A7+UHnC+BfyQXWqBGDiMTBbrEHQ/d8OmTA
sZyJNzSFlpJQo/3NAn5n6fyqLw5lHllhXKA5YUxTjyy159xFVzscwwKNnP8VNlbmcMV+YfvB
kjYtABh0Oc3bRURi+V9x5YtIdYQjjqTc9k+VPQkL4HPNXo=</ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-2661678">
                  <wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="STRId-32689826">
                     <wsse:Reference URI="#CertId-1110094"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3" />
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
            </ds:Signature>
            <wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="Timestamp-6151022">
               <wsu:Created>2007-03-29T20:47:06.225Z</wsu:Created>
               <wsu:Expires>2007-03-29T20:52:06.225Z</wsu:Expires>
            </wsu:Timestamp>
         </wsse:Security>
         <wsa:To
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="id-21830977">http://localhost/ExampleWebService/ServiceWithSecur
ity.asmx</wsa:To>
         <wsa:ReplyTo
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="id-29087666">
 
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anony
mous</wsa:Address>
         </wsa:ReplyTo>
         <wsa:MessageID
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="id-21886820">urn:uuid:FA9812CAF51D5610541175201225065</wsa:Messa
geID>
         <wsa:Action
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="id-13655059">http://services.test.org/HelloWorld</wsa:Action>
      </soapenv:Header>
      <soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="id-27811128">
         <xenc:EncryptedData Id="EncDataId-27811128"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
            <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; />
            <xenc:CipherData>
 
<xenc:CipherValue>4dBmozS8ezTw3VhJv9o6tJS0zDewGdYxKRWE4ww38WtZFh1JcUeayO
NBDYl6WpPlKMY9Uh3jyLpwd5TmUlOthjJSnawGdKA8hbGF27GA7sNmcq4ZwTgYbGegQYaQNk
8+dpxVGE6OA61PrgObac4rD3rNxQ6BEvobbn1xH0a7hjW8aTBcuZVAG9Fb1BmO9RbwlL/FI2
55L1xsxX+HRHWvWfGc1c9Vniqrn8k8uyfBKf/iCZU6KwhXtig3PScjvaUF6N8fFCakVfnyE+
f1KYTWhp7gk/U+iSPVDGc0/Vrxp5K7/35h00bW1VoBZjqN23um2ilGSFnzf5Rfba4aIF5Z61
7SKBoQuYdhdAPQwTjUAiC/nzvyISwRS37zczD6XhUAJR7TK7shoo269HXRPlN+KmF2DteJan
8pu0vGkCUPhzQE+GhiCab7V0ubu1wGOZutJFgNqgNfdsD7mu2kKyOl1g==</xenc:CipherV
alue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soapenv:Body>
   </soapenv:Envelope>







And here is the .NET SOAP:
      <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd">
        <soap:Header>
          <wsa:Action
wsu:Id="Id-0d310d8e-af6f-46f9-9df4-77025fe434a9">http://services.test.or
g/HelloWorld</wsa:Action>
          <wsa:MessageID
wsu:Id="Id-5186d5db-4b6b-4b11-80c9-d01f224a648d">urn:uuid:9a594b3c-d2f2-
4226-98e4-b33155fa408a</wsa:MessageID>
          <wsa:ReplyTo wsu:Id="Id-ed0bee26-cb79-410d-ac79-31bf8d772dbc">
 
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anony
mous</wsa:Address>
          </wsa:ReplyTo>
          <wsa:To
wsu:Id="Id-03470ab9-f2e0-4e12-b855-0750aa513401">http://localhost/WebSer
viceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
          <wsse:Security soap:mustUnderstand="1">
            <wsu:Timestamp
wsu:Id="Timestamp-bb8a4784-294d-449d-8c97-68ec967e7e8b">
              <wsu:Created>2007-03-29T20:09:51Z</wsu:Created>
              <wsu:Expires>2007-03-29T20:14:51Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so
ap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="SecurityToken-e85c2096-3409-4b66-9b2e-d34152e44a42">MIIBtjCCAWSg
AwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdl
bmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2Vydmlj
ZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQ
acr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6W
nCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRca
ELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQD
EwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RY
ik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoT
EQ==</wsse:BinarySecurityToken>
            <xenc:EncryptedKey
Id="SecurityToken-758b1f6d-87ed-4e47-8054-dd4e45c86445"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
              <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";>
                <ds:DigestMethod
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
              </xenc:EncryptionMethod>
              <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
                <wsse:SecurityTokenReference>
                  <X509Data>
                    <X509IssuerSerial>
                      <X509IssuerName>CN=Root Agency</X509IssuerName>
 
<X509SerialNumber>115941452602315739450622432474596853575</X509SerialNum
ber>
                    </X509IssuerSerial>
                  </X509Data>
                </wsse:SecurityTokenReference>
              </KeyInfo>
              <xenc:CipherData>
 
<xenc:CipherValue>QCtstsoe1mPAQgopyXXKU3ZJy29IAgfJuqTW3XqVfR9fqmTazZdHuV
Krq+laVhFPsCX+hPiOqrhs8/4WJL+/rQZ4tthV6iEE8XmNeuy691XzyWMhMCrdOpjvvIK8vA
cXSn1PFi51/sYEfI+MhOVxqMxwMGra/MqPuH7rm/WcDJA=</xenc:CipherValue>
              </xenc:CipherData>
              <xenc:ReferenceList>
                <xenc:DataReference
URI="#Enc-f9203f08-f11e-40c7-86b7-c678f22cc3ab" />
              </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
              <SignedInfo>
                <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
                <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
                <Reference
URI="#Id-0d310d8e-af6f-46f9-9df4-77025fe434a9">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>46Cy9FhyPrjVoNIilJEBP+fGAWM=</DigestValue>
                </Reference>
                <Reference
URI="#Id-5186d5db-4b6b-4b11-80c9-d01f224a648d">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>Ot2g2M6nKSKiDsqlXW1tTT2c0IY=</DigestValue>
                </Reference>
                <Reference
URI="#Id-ed0bee26-cb79-410d-ac79-31bf8d772dbc">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>f6RONrK+oxs63Zp/vfL93zc6/Hw=</DigestValue>
                </Reference>
                <Reference
URI="#Id-03470ab9-f2e0-4e12-b855-0750aa513401">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>lEltY1LJ1nO0jqU5JPNmSkQ9giQ=</DigestValue>
                </Reference>
                <Reference
URI="#Timestamp-bb8a4784-294d-449d-8c97-68ec967e7e8b">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>WJPgv1NBMKXWSvf6QSSGJNmjJaE=</DigestValue>
                </Reference>
                <Reference
URI="#Id-e09afa3e-d960-4a08-8b83-658907358295">
                  <Transforms>
                    <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </Transforms>
                  <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
 
<DigestValue>C+2om4gseuTc9QWx21qRfVOlbS0=</DigestValue>
                </Reference>
              </SignedInfo>
 
<SignatureValue>U8CiuLJLbz6pPKy2165wzOWcIXki290b270OBxEXD49dnDDmztV+zzYc
VasShjdZfMabYolwB5Rh0SOfmSgJtFtD0BaLGKWvrACRwkwPhLb3qjKjK/pyC+M71643PAki
me1eyjhGtkHaNP7W9D4IuLEBmJBnAOug8DJrxQTeMe4=</SignatureValue>
              <KeyInfo>
                <wsse:SecurityTokenReference>
                  <wsse:Reference
URI="#SecurityToken-e85c2096-3409-4b66-9b2e-d34152e44a42"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3" />
                </wsse:SecurityTokenReference>
              </KeyInfo>
            </Signature>
          </wsse:Security>
        </soap:Header>
        <soap:Body wsu:I="Id-e09afa3e-d960-4a08-8b83-658907358295">
          <xenc:EncryptedData
Id="Enc-f9203f08-f11e-40c7-86b7-c678f22cc3ab"
Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
            <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; />
            <xenc:CipherData>
 
<xenc:CipherValue>A8ykZb1io0WStXih0W6OTgo3Le2yJpy6tzb1ZXnzETwLiFrvzNJn5+
U5nv95ITp+S977US5lfjq6QWr/ZBOrGkFn7XUHdEImUWZ/0rbyyp4=</xenc:CipherValue
>
            </xenc:CipherData>
          </xenc:EncryptedData>
        </soap:Body>
      </soap:Envelope>

George 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to