Dear Pankaj, Good to know that you have resolved XML Digital signature issue for your android requirements.
Please let us know how you resolved XML Digital Signature for Android? Did you use any specific Crypto library for android ? I am also stuck with similar issue, My need is to digitally sign XML doc as per W3C for my Android aadhar authentication client. I am using xmlsec.jar, i am unable use some of XMLSignature factory class's method's like getInstance(), error i am getting is VFY: unable to find class referenced in signature (Ljavax/xml/crypto/dsig/XMLSignatureFactory;) 01-11 17:15:02.204: I/dalvikvm(998): Could not find method javax.xml.crypto.dsig.XMLSignatureFactory.getKeyInfoFactory, referenced from method com.startek.fm210.DigitalSigner.getKeyInfo. Thanks Murali Thanks Murali On Friday, March 2, 2012 2:53:32 PM UTC+5:30, Pankaj wrote: > > Thanks for the reply. > > I had resolved the issue. Initially I am not adding xmlns value in > timestamp. > > On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote: >> >> I want to consume WCF web-service which uses X.509 certificate for >> mutual authentication. I had imported certificates using keytools in >> BKS keystore & able to use in android code. Now for mutual >> authentication i need to create web-request which have message digest >> & signature in it >> >> <s:Header> >> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" >> >> s:mustUnderstand="1"> >> <u:Timestamp u:Id="_0"> >> <u:Created>2012-02-21T04:45:06.429Z</u:Created> >> <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> >> </u:Timestamp> >> <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- >> ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" >> >> EncodingType="http:// >> docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- >> security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>"> >> >> >> MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ >> >> >> MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW >> >> >> +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ >> +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ >> aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ >> TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ >> >> >> fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ >> IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E >> </o:BinarySecurityToken> >> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >> <SignedInfo> >> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- >> c14n#"/> >> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- >> sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/> >> <Reference URI="#_0"> >> <Transforms> >> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> </Transforms> >> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> >> <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> >> </Reference> >> </SignedInfo> >> <SignatureValue> >> kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ >> qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA >> +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= >> </SignatureValue> >> <KeyInfo> >> <o:SecurityTokenReference> >> <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" >> >> URI="#uuid- >> e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> >> </o:SecurityTokenReference> >> </KeyInfo> >> </Signature> >> </o:Security> >> </s:Header> >> >> But to create message digest we need perform XML canonicalization with >> "http://www.w3.org/2001/10/xml-exc-c14n#"; transform algorithm. I am >> not able to found any API or library which perform above task. >> >> I had used xmlsec jar but I guess it is not supported by android and >> also used all the option which I found after googling. >> >> Please guide me how to call WCF web-service which involve X.509 >> certificate based mutual authentication. > > > On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote: >> >> I want to consume WCF web-service which uses X.509 certificate for >> mutual authentication. I had imported certificates using keytools in >> BKS keystore & able to use in android code. Now for mutual >> authentication i need to create web-request which have message digest >> & signature in it >> >> <s:Header> >> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" >> >> s:mustUnderstand="1"> >> <u:Timestamp u:Id="_0"> >> <u:Created>2012-02-21T04:45:06.429Z</u:Created> >> <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> >> </u:Timestamp> >> <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- >> ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" >> >> EncodingType="http:// >> docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- >> security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>"> >> >> >> MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ >> >> >> MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW >> >> >> +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ >> +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ >> aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ >> TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ >> >> >> fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ >> IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E >> </o:BinarySecurityToken> >> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >> <SignedInfo> >> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- >> c14n#"/> >> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- >> sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/> >> <Reference URI="#_0"> >> <Transforms> >> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> </Transforms> >> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> >> <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> >> </Reference> >> </SignedInfo> >> <SignatureValue> >> kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ >> qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA >> +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= >> </SignatureValue> >> <KeyInfo> >> <o:SecurityTokenReference> >> <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ >> oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" >> >> URI="#uuid- >> e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> >> </o:SecurityTokenReference> >> </KeyInfo> >> </Signature> >> </o:Security> >> </s:Header> >> >> But to create message digest we need perform XML canonicalization with >> "http://www.w3.org/2001/10/xml-exc-c14n#"; transform algorithm. I am >> not able to found any API or library which perform above task. >> >> I had used xmlsec jar but I guess it is not supported by android and >> also used all the option which I found after googling. >> >> Please guide me how to call WCF web-service which involve X.509 >> certificate based mutual authentication. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
