I am using SignedXml class to sign and verify soap xml documents. We are not
using WSE at this point. When I sign a soap document and send it to my
trading partner, they can verify the document without any problem. However
when they send me the signed soap document, I am not able to verify it. But
they can take their signed document and can verify it without any problem.
They are using Apache Xml Security Suite (v 1.0.4).
One thing we noticed is that SignedXml class does not add any prefix to the
Signature element. But the Apache suite adds it. However both namespace
values are pointing to same uri.
We are totally lost at this point. Any help is greatly appreciated.
Here is my code:
string filePath = @"C:\Signed.xml ";
// Create a SignedXml.
XmlDocument doc = new XmlDocument();
doc.Load(filePa th);
SignedXml signedXml = new SignedXml(doc);
// Load the XML.
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Loa d(new XmlTextReader(f ilePath));
XmlNodeList nodeList = xmlDocument.Get ElementsByTagNa me("ds:Signatur e");
signedXml.LoadX ml((XmlElement) nodeList[0]);
if (signedXml.Chec kSignature())
{
Console.WriteLi ne("Signature check OK");
}
else
{
Console.WriteLi ne("Signature check FAILED");
}
Here is the example of signed document (some parts are modified for security
and abbreviated for brevity reasons):
<soapenv:Envelo pe soapenv:actor=" some-uri" soapenv:mustUnd erstand="1"
xmlns:soapenv=" http://schemas.xmlsoap .org/soap/envelope/"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header ><ns1:Test1 xmlns:ns1="ns1"/> <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInf o>
<ds:Canonicaliz ationMethod
Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMe thod Algorithm="http ://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transform s>
<ds:Transform Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMetho d Algorithm="http ://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue >Iq02JTwtu7Bpya wiiGcSz8EI6Gc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureVa lue> *** Value **** </ds:SignatureVal ue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certifi cate> *** Certificate *** </ds:X509Certific ate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue >
<ds:Modulus> *** Modulus *** </ds:Modulus>
<ds:Exponent>** * Exponent *** </ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></soapenv:Header>
<soapenv:Body Id="Body"><ns2: Test2 xmlns:ns2="ns2" > </soapenv:Body>
</soapenv:Envelop e>
Thanks.
Raghu/..
using WSE at this point. When I sign a soap document and send it to my
trading partner, they can verify the document without any problem. However
when they send me the signed soap document, I am not able to verify it. But
they can take their signed document and can verify it without any problem.
They are using Apache Xml Security Suite (v 1.0.4).
One thing we noticed is that SignedXml class does not add any prefix to the
Signature element. But the Apache suite adds it. However both namespace
values are pointing to same uri.
We are totally lost at this point. Any help is greatly appreciated.
Here is my code:
string filePath = @"C:\Signed.xml ";
// Create a SignedXml.
XmlDocument doc = new XmlDocument();
doc.Load(filePa th);
SignedXml signedXml = new SignedXml(doc);
// Load the XML.
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Loa d(new XmlTextReader(f ilePath));
XmlNodeList nodeList = xmlDocument.Get ElementsByTagNa me("ds:Signatur e");
signedXml.LoadX ml((XmlElement) nodeList[0]);
if (signedXml.Chec kSignature())
{
Console.WriteLi ne("Signature check OK");
}
else
{
Console.WriteLi ne("Signature check FAILED");
}
Here is the example of signed document (some parts are modified for security
and abbreviated for brevity reasons):
<soapenv:Envelo pe soapenv:actor=" some-uri" soapenv:mustUnd erstand="1"
xmlns:soapenv=" http://schemas.xmlsoap .org/soap/envelope/"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header ><ns1:Test1 xmlns:ns1="ns1"/> <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInf o>
<ds:Canonicaliz ationMethod
Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMe thod Algorithm="http ://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transform s>
<ds:Transform Algorithm="http ://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMetho d Algorithm="http ://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue >Iq02JTwtu7Bpya wiiGcSz8EI6Gc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureVa lue> *** Value **** </ds:SignatureVal ue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certifi cate> *** Certificate *** </ds:X509Certific ate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue >
<ds:Modulus> *** Modulus *** </ds:Modulus>
<ds:Exponent>** * Exponent *** </ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></soapenv:Header>
<soapenv:Body Id="Body"><ns2: Test2 xmlns:ns2="ns2" > </soapenv:Body>
</soapenv:Envelop e>
Thanks.
Raghu/..
Comment