How do I generate an XML SignatureValue



I am attempting to sign a soap request. The rest of the document is valid, but the SignatureValue I end up with is not what is expected. I learned Soap and signing over the past few days, so the most likely situation is I misunderstood the inputs or the order of operations when it comes to this algorithm.


Here's the request, minus the username/password obviously. Sorry for the chunk of code. Soap requests take a lot of elements to get the full picture:



<soapenv:Envelope xmlns:real="http://ift.tt/1mnnrvR" xmlns:wsu="http://ift.tt/Hm2joJ" xmlns:soapenv="http://ift.tt/sVJIaE">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://ift.tt/LRW8Ij" xmlns:ds="http://ift.tt/uq6naF">
      <ds:Signature>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://ift.tt/y9fQ1c"/>
          <ds:SignatureMethod Algorithm="http://ift.tt/zf1Wx4"/>
          <ds:Reference URI="#id-65BB4C5D722C51E896140612427983429">
            <ds:Transforms>
              <ds:Transform Algorithm="http://ift.tt/11kTCUR">
                <ds:InclusiveNamespaces PrefixList="real soapenv wsu" xmlns="http://ift.tt/11kTCUR"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://ift.tt/yuvO4a"/>
            <ds:DigestValue>YIjV+XTiwlkXLG4yMhwuxXeHGYE=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>OplmHJ6fpJNEcCwm58BIkM8r+sU6bsYS6DiRN+wtHkf4Aw0JFwHvbM/0noEFcVNWwVcfMMeHoidkCGVERNnWtt5e43ifIIyI1XxBaV/w3jastS8jgCxM9AXdfJKUm8Q+3pqFuaNnOAQnQPZ1FWUJh8hMWMtQNW5XRwP/+xpfSvI0lFUygy9VOZcjbYHLqadftkvmObDvN9Kg59oKYVuIRrwBeTquP/oJsdV/ni9Bu1deLSNxON4YtNU1JdGGnIkaZWbaMXVY+w9W6LBgLKoAZrKW6zi8NgtJRdSwFUOGA1eXcN82p69xgeoWg4GQd1bXYFu405hiNMuAQe98yg6s9g==</ds:SignatureValue>
        <ds:KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:KeyIdentifier EncodingType="http://ift.tt/14yUvuM" ValueType="http://ift.tt/11idNQV">MIIFMDCCBBigAwIBAgIQSWtHiOJhlIGXXlVQfuGvMzANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwNjAzMDAwMDAwWhcNMTgwNjAzMjM1OTU5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcUBkF1c3RpbjEbMBkGA1UEChQSUHJlZGljdGl2ZSBTY2llbmNlMQswCQYDVQQLFAJJVDEiMCAGA1UEAxQZd3d3LnByZWRpY3RpdmVzY2llbmNlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9enbBiootY6sgYUkWThtCaWIUZKPtERx2m2btgAmwlB4ZG550uXmoxWKwwb9UqIlQiUfWdTQFD3GWD5Tiq/yN/toLimRXlcYt1CiJwIeUhdBQdrHB6KHEv2KUyCEnxBwRldEkHrxSKSbHpXLacl3OZixiRzyEMCuHYxhLbATNKRVmGyXmDYNDA4Nu4jj6LVzI7026bMGEAPbar93mhWV/lVmO6IKkQnck3s4pKqsnqQ/nl7+Vl8ftk6KbvAQ4U1xm+hr3zYwZiD+40xCFqMfRLE9uA4kTD2oMBKLIk9SXxjJmPOwS63PticE/gYEqLrristHjwxzrHI57sOMsnfC8CAwEAAaOCAXIwggFuMCQGA1UdEQQdMBuCGXd3dy5wcmVkaWN0aXZlc2NpZW5jZS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NkLnN5bWNiLmNvbS9zZC5jcmwwZQYDVR0gBF4wXDBaBgpghkgBhvhFAQc2MEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkWF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQNRFwWU0TBgn4dIKsl9AFj2L55pTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZC5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zZC5zeW1jYi5jb20vc2QuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQBDZN0azh5pvzLUdEYO/iosv566nEoNBoRZ0mh7hdEMFphPQIIhFohklpB0Uf6NfhM5I79qrtOQ1b3gHLH1KyhW9zSL3ZcQINPKlfR9aPXVFcGM/0WlensbTAlFQUvFMexDvPqf1h3gp5knDffTLyTD1Ybw4h6jTQngJJm5BAWck8V7KHb5Q69utnPAfwTSblPpNIl2yzC5wIpSuvVD2ghW6h+abBLSXC54wAWzZnHJ5PBeWn0vZb/pXHszrk8TPd6xZmjF9N+UoKoqnn5lJZZja1XntPkIgGP9LAAlOaYIAP1hyWTWuYYoKjgGyjbfVEdjGB3qhV2eCPhZRjj0JWG6</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsse:UsernameToken>
        <wsse:Username/>
        <wsse:Password type="http://ift.tt/1aTA7XU"/>
        <wsse:Nonce EncodingType="http://ift.tt/14yUvuM">rDR41po8gfpi5g9cNpYWWk5easQ=</wsse:Nonce>
        <wsu:Created>2014-08-06T15:06:43.387246</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body Id="id-65BB4C5D722C51E896140612427983429">
    <real:processMultiVerbatimDocument>
      <processMultiVerbatimDocumentRequest>
        <projectName/>
        <modelName/>
        <responseLevel/>
        <save/>
        <verbatimSet>
          <verbatim/>
        </verbatimSet>
        <limitByWordRank>true</limitByWordRank>
        <includeNRelations>false</includeNRelations>
      </processMultiVerbatimDocumentRequest>
    </real:processMultiVerbatimDocument>
  </soapenv:Body>
</soapenv:Envelope>


My understanding is with the algorithm states as follows:



  1. Grab the included namespaces.

  2. Run the C14N algorithm on them to normalize things like order and spacing

  3. Hash them using sha1, then convert to base64. That's the DigestValue

  4. Import my RSA private key (not shown) and create a signer object using Crypto.Signature.PKCS1_v1_5

  5. Call signer.sign(DigestValue). That's the SignatureValue


When using SoapUI, I get a different SignatureValue than it. SoapUI is correct, whereas mine is clearly wrong, but I don't know where to start debugging. If anyone's been through this before, help would be much appreciated!


Thanks


Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)