You can extract the certificate manually and pass it to xmlsec
for verification. Or you can add a custom KeyInfo element support.
Both are possible but not through xmlsec1 command line utility.
Aleksey
On 6/11/19 11:08 AM, Davor Perkovac wrote:
I see.
Are you aware of other options available to sign/verify SOAP XML file
like this one?
Would xmlsec need to be extended somehow, or could it still be used if
an appropriate template file is prepared for it?
Thanks!
Davor.
On 11.06.2019 19:56, Aleksey Sanin wrote:
Well, another thing that you have is wsse:SecurityTokenReference
extension for the certificate. It is not supported by xmlsec
directly.
Aleksey
On 6/11/19 4:51 AM, Davor Perkovac wrote:
I tried many different combinations similar to the one you suggested,
but neither worked.
Could it be because Id attribute in <soapenv:Body> has a namespace
prefix?
wsu:Id="..."
Is this causing problems?
Davor.
On 10.06.2019 22:51, Davor Perkovac wrote:
This requires more parameters to xmlsec1
I'm using version 1.2.20 for win32:
xmlsec1.exe --version
xmlsec1 1.2.20 (openssl)
and it results in:
xmlsec1.exe --verify
--id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Example_SOAP_PKI_Echo_1_sent.xml
Error: <file> parameter is required for this command
Usage: xmlsec <command> [<options>] [<files>]
I've pasted again this full/unchanged xml file, so it should be
possible
for you to try to verify it as well:
https://pastebin.com/u7SqZTLB
Davor.
On 10.06.2019 19:22, Aleksey Sanin wrote:
Try something like this:
--id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Aleksey
On 6/10/19 9:13 AM, Davor Perkovac wrote:
Hi,
I assume it should be possible possible to verify and sign SOAP
message
using WS-Security standard with xmlsec1 command line tool.
I see there was already discussion about this or something similar -
referring to Section 3.2 from the FAQ and I was reading it but
somehow
failed to apply it to my actual example.
From what I can see the problem is with setting the correct
--id-attr
parameter.
Can someone please advise on how to verify (and then later also sign)
wss SOAP XML which looks like the example here:
https://pastebin.com/5Q3mUtNJ
Thanks!
Davor.
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
