XML Digital Signature interoperability Issue between DataPower's XS40 and .NET Framework 1.1 and WSE 1.0SP1 - XML SOAP

This is a discussion on XML Digital Signature interoperability Issue between DataPower's XS40 and .NET Framework 1.1 and WSE 1.0SP1 - XML SOAP ; Guangxi Wu wrote: > It seems to me that the problem might be due to the different canonicalized > SignedInfo element in the two different tools (XS40 and .NET). Maybe, but there is an important annoying point which is that ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 21 to 22 of 22

XML Digital Signature interoperability Issue between DataPower's XS40 and .NET Framework 1.1 and WSE 1.0SP1

  1. Default Re: XML Digital Signature interoperability Issue between DataPower'sXS40 and .NET Framework 1.1 and WSE 1.0SP1

    Guangxi Wu wrote:
    > It seems to me that the problem might be due to the different canonicalized
    > SignedInfo element in the two different tools (XS40 and .NET).


    Maybe, but there is an important annoying point which is that the
    structure of your is invalid by itself.
    I'll think both .net and xs40 accept it noneless, but I tried to
    validate it with a third implementation libxmlsec that is complaining
    and requires some tuning.

    As Dsig is a feature implemented in the security related libray of
    dotnet, I'll restrict the follow-up to microsoft.public.dotnet.security
    and microsoft.public.dotnet.framework.webservices.enhancements and
    remove all the other groups from the post.

    The signature in your sample reference the data through a "#Body"
    reference, that is supposed to match the id in this tag <B:Body id="Body">.
    But the SOAP schema does not specify an id attribute to the Body
    element. So there is nothing here telling that this id is actually of
    type "ID", and that it should be taken into account in references.

    Note that the current soap security submission
    http://www.w3.org/TR/SOAP-dsig/ takes care of this by defining in the
    SOAP-SEC schema "<attribute name="id" type="ID"/>" and in the example it
    gives :
    <SOAP-ENV:Body
    xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"
    SOAP-SEC:id="Body">
    The id attribute is explicitly refered as being inside the SOAP-SEC
    namespace, so that the above definition applies and the type of the
    attribute is defined.

    So I had to add a minimal DTD for correct parsing by xmldev.
    I used that as a fast hack (certainly not a clean way to handle
    namespaces, but happens to work):
    <!DOCTYPE B:Envelope [
    <!ELEMENT B:Envelope (Header?, Body)>
    <!ELEMENT B:Header (Signature)>
    <!ELEMENT B:Body (#PCDATA)>
    <!ELEMENT B:Signature (#PCDATA)>
    <!ATTLIST B:Envelope name-space CDATA #REQUIRED encoding-style CDATA
    #REQUIRED>
    <!ATTLIST B:Body id ID #IMPLIED>
    <!ATTLIST B:Signature must-understand (0 | 1) #REQUIRED>
    ]>

  2. Default Re: XML Digital Signature interoperability Issue between DataPower'sXS40 and .NET Framework 1.1 and WSE 1.0SP1

    Rich Salz wrote:
    >>It's indeed a small world. I think we are working on the same issue with the
    >>same partner/customer.

    >
    > We are.
    > Thanks for the detailed summary. Whew!


    Rich, I posted a message <news:4027B40A.2070403@alussinan.org> that
    shows the xmlsec implementation does not validate the sample Guangxi
    posted either.

    Can you check if this is due to a difference in the result of the c14n
    normalisation of the SignedInfo node for xmlsec and what the XS40 XML
    gateway gives ?

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3

Similar Threads

  1. HELP !!! DIGITAL SIGNATURE CAPICOM
    By Application Development in forum DOTNET
    Replies: 1
    Last Post: 10-23-2007, 04:57 PM
  2. Digital signature for my VB6 app?
    By Application Development in forum basic.visual
    Replies: 8
    Last Post: 02-04-2007, 11:04 AM
  3. Digital signature
    By Application Development in forum Adobe Acrobat
    Replies: 0
    Last Post: 11-27-2006, 07:03 AM
  4. PDF digital signature
    By Application Development in forum Adobe Acrobat
    Replies: 4
    Last Post: 11-20-2006, 04:17 PM
  5. Digital Signature
    By Application Development in forum DOTNET
    Replies: 1
    Last Post: 10-30-2006, 10:09 AM