Link to home
Start Free TrialLog in
Avatar of LEONEL ROCHA
LEONEL ROCHAFlag for Uruguay

asked on

Cannot verify the signature of the body of a SOAP message with wsse security

I have a problem with wsse-security in the following soap message:

Open in new window

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:ws="http://ws.comercio.epagos.antel.com.uy/">
    <env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-6BFCDA479413AF1F3C1684353389178236" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDhTCCAm2gAwIBAgIEdgPR4zANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVWTETMBE..........nlgYOADptIrHdlsQ7FjvKLtxfQgwNkSpyyl8u+2RYedFW+17gvyk7eZTQjnoeTi+6cKnqdngBFWD8pKcVjr36jmIXNeTX1SKAgvHRp80sY1n1LuYRHTQIzyuR/0/AyG14TY68qAGFyjX1TORaE=</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-6BFCDA479413AF1F3C1684353389178240">
                <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env env ws"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    <ds:Reference URI="#id-6BFCDA479413AF1F3C1684353389178239" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ws"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1oM+NV4vtHWEUDoE1nVrqFbGnvk=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">pPYqr22MzUke5/N+mkEzy4uPGTMpXIjZQRtvmdMn21BpCUWOaMxysC9ThU.....cJ3Cj2iA/ETK7Y+o7+FJ2ffyrb2Ozv1lSxZJg==</ds:SignatureValue>
                <ds:KeyInfo Id="KI-6BFCDA479413AF1F3C1684353389178237" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference wsu:Id="STR-6BFCDA479413AF1F3C1684353389178238" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                        <wsse:Reference URI="#X509-6BFCDA479413AF1F3C1684353389178236" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:From xmlns:wsa="http://www.w3.org/2005/08/addressing">
            <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing">urn:antel:mdm:system:epagos</wsa:Address>
        </wsa:From>
        <wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing">urn:antel:mdm:system:mgap:notificarTransaccion</wsa:Action>
        <wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing">urn:antel:mdm:system:epagos:mgap</wsa:To>
        <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing">3dca63ff-878d-46fa-a2ad-ddad2fb3c88d</wsa:MessageID>
        <wsa:RelatesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">3dca63ff-878d-46fa-a2ad-ddad2fb3c88d</wsa:RelatesTo>
    </env:Header>
    <env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-6BFCDA479413AF1F3C1684353389178239" xmlns:env="http://www.w3.org/2003/05/soap-envelope">
        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-6BFCDA479413AF1F3C1684353389177235" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
                    <wsse:Reference URI="#EK-6BFCDA479413AF1F3C1684353389177233" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">AG8rGH7SHAfQL4nIq50EgnVd9onC/GRwJXUsobK/pxG/O5LlLBoIhcbi7sqQaWFAtu......XOTt+6JQ7UZajb5CuffI5fG4ZQbbgA</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </env:Body>
</env:Envelope>

Open in new window

The decryption of the body is solved. What I can't do is verify the signature. I have something wrong in my code or I am missing information:


            Dim xmlDoc As New XmlDocument()
            xmlDoc.PreserveWhitespace = True             xmlDoc.LoadXml(plainXML)             Dim signedXml As New SignedXml(xmlDoc)             Dim nodeList As XmlNodeList = xmlDoc.GetElementsByTagName("ds:Signature")             If nodeList.Count <= 0 Then                 Throw New CryptographicException("No signature was found in the document.")             End If             signedXml.LoadXml(CType(nodeList(0), XmlElement))             isValid = signedXml.CheckSignature()

Open in new window

Thanks in advance

LR

ASKER CERTIFIED SOLUTION
Avatar of Noah
Noah
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LEONEL ROCHA

ASKER

I agree with your code, Noah. Tha fact is that my client is using Apache WSS4J to implement security in his web services and I should develop another web service with the same technology to receive notifications. The truth is that we are developing with visual basic .net and not with java. I haven't found any DLL that does that job.