Re: [xmlsec] How to sign a SOAP message?

Mon, 06 Jun 2022 06:31:31 -0700 

Hi Hristo,

First, I highly recommend reading the actual XMLDSig spec:

https://www.w3.org/TR/xmldsig-core1/

Second, I think you will find the following example to be helpful:

https://github.com/lsh123/xmlsec/blob/master/examples/sign3.c

Last but not least, make sure to read section 3.2 from the FAQ
since you likely run into this in your project:

https://www.aleksey.com/xmlsec/faq.html

Best,

Aleksey

On 6/5/22 6:16 AM, Hristo Konstantinov wrote:
Hello! I’m trying to sign a simple soap message. The message looks like this: 

<?xml version="1.0" encoding="utf-8"?>

<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/";>

<e:Header />
<e:Body>
              <Data>someData</Data>
</e:Body>

</e:Envelope>
By no means I’m an expert in network stuff (I’m only a beginner and a hobby programmer). As far as I understand, the result should look something like: 

<?xml version="1.0" encoding="utf-8"?>

<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/";>

<e:Header>
          <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>

          …..

                  <Reference URI="#signedContent">

          ……

         </Signature>
</e:Header>
<e:Body id="signedContent"
              <Data>someData</Data>
</e:Body>

</e:Envelope>
So to my understanding the signature goes into the header, and the signature reference points to the body. I’ve put the signature node into the header by calling 

xmlAddChild(xmlDocGetRootElement(doc)->children, signNode);
However I don’t know how to tell the library to sign the body. Do I have to place the id attribute in the body by myself, or should I let the library do it? The library isn’t very well documented (or maybe the functions make sense, but not for someone like me). Which functions do I need to call next (I’m using the x509 example as a basis). Probably I should create the reference node like this: xmlNodePtr refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha256Id, 

        NULL, (const xmlChar*)"signedContent”, NULL);
…but I’m not very sure at all. I see that there are other functions like xmlSecTmplReferenceAddTransform (the examples call this with xmlSecTransformEnvelopedId, but I don’t need enveloped, perhaps I should call it with something else?). 
Sorry for the dumb question again!

Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows


_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to