Hi Pankaj, Please guide me or provide the code. I also have to consume the wcf soap webservices using x509 certificate. The webservice are deployed on http protocol. There is no ssl layer.
On Tuesday, February 28, 2012 12:08:23 PM UTC+5:30, Pankaj wrote: > > I want to consume WCF web-service which uses X.509 certificate for > mutual authentication. I had imported certificates using keytools in > BKS keystore & able to use in android code. Now for mutual > authentication i need to create web-request which have message digest > & signature in it > > <s:Header> > <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" > > s:mustUnderstand="1"> > <u:Timestamp u:Id="_0"> > <u:Created>2012-02-21T04:45:06.429Z</u:Created> > <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> > </u:Timestamp> > <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- > ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > > EncodingType="http:// > docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>"> > > > MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ > > > MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW > > > +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ > +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ > aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ > TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ > > > fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ > IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E > </o:BinarySecurityToken> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- > c14n#"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- > sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/> > <Reference URI="#_0"> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue> > kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ > qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA > +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= > </SignatureValue> > <KeyInfo> > <o:SecurityTokenReference> > <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > > URI="#uuid- > e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> > </o:SecurityTokenReference> > </KeyInfo> > </Signature> > </o:Security> > </s:Header> > > But to create message digest we need perform XML canonicalization with > "http://www.w3.org/2001/10/xml-exc-c14n#"; transform algorithm. I am > not able to found any API or library which perform above task. > > I had used xmlsec jar but I guess it is not supported by android and > also used all the option which I found after googling. > > Please guide me how to call WCF web-service which involve X.509 > certificate based mutual authentication. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/lZ2itZbq4bIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
