Hello,

I try to connect to .NET soap webservice. The messages must have a signature confirm to ws - security 2004 with
enveloping mode.
I tried to build it with ZSI, but i hang at the signature. After this i tried to us pyxmlsec which build a signature, but not confirm to the ws 2004 standard. Right now i try to do it by hand but i am still not able to get the right digest.

As a short explanation using following template:

<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header><wsse:Security><wsse:BinarySecurityToken Id="binarytoken" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; elementEncoding="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>{HERE IS THE CERTIFICATE IN DER FORMAT AND BASE64 ENCODED}</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <ds:Reference URI="#RefID">
     <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>{DIGEST GENERATED WITH CODESNIPPET #1}</ds:DigestValue>
   </ds:Reference>
 </ds:SignedInfo>
 <ds:SignatureValue>
   {DIGEST ECRYPTED WITH PRIVATE KEY}
 </ds:SignatureValue>
<dsig:Object Id="RefID" xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>{XML REQUEST FROM SOAP BODY}</dsig:Object> <ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header><soapenv:Body>{CUSTOM_XML_REQUEST}</soapenv:Body></soapenv:Envelope>



CODESNIPPET #1 to generate digest:
I take the complete <dsig:Object> .... </dsig:Object> and put this into c14n from ZSI.wstools and Canonicalize it with exclusive = 1 and with_comments = 1. On the result of that i do simply base64.encodestring(sha.new(resultOfCanonicalize).digest()) and this is my digest. But this part is allways diffrent from that was apaches axis modul for java is doing. With the javaversion i get access to the webservice with my python version not.

I do not believe that the problem is in canonicalization because i tried a lot of diffrent modules from other projects and e.g. libxml2, xmllint and the result was everytime the same. (I also checked it by hand).


I am now at the point where i try to take a look into the sourcecode of apaches axis modul. I would be happy if you can give me a hint what i am doing wrong or if there is somewhere some python code outside where i can take a look.

Best regards Kim



begin:vcard
fn;quoted-printable:Andy-Kim M=C3=B6ller
n;quoted-printable:M=C3=B6ller;Andy-Kim
org:Ypsilon.Net AG;Software development
adr:;;Vilbeler Landstr. 203;Frankfurt;;60388;Germany
email;internet:[EMAIL PROTECTED]
title:director of coresoftware development
tel;work:+49 6109 505 0
tel;fax:+49 6109 505 25
url:http://www.ypsilon.net
version:2.1
end:vcard

_______________________________________________
XML-SIG maillist  -  XML-SIG@python.org
http://mail.python.org/mailman/listinfo/xml-sig

Reply via email to