On 2014-01-15 04:34, Murali Jahagirdar wrote: > Dear Pankaj, > Unless you are constrained by a server implementation you may consider using Secure JSON instead. The code becomes a fraction of its XML counterpart and canonicalization is a true no-brainer.
https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcs.html https://code.google.com/p/openkeystore/source/browse/library/trunk/src/org/webpki/json http://webpki.org/downloads/secure-json-4-android-v1.00.zip Personally I have given up on XML since Google never bothered about supporting a validating parser. The JSON library above can support validation in a very simple way which for most (not too complicated) systems. I'm currently working on a JavaScript version which is designed to be usable with W3C's WebCrypto: https://code.google.com/p/openkeystore/source/browse/javascript/trunk/dist/libjson.js Cheers Anders > Good to know that you have resolved XML Digital signature issue for your > android requirements. > > Please let us know how you resolved XML Digital Signature for Android? Did > you use any specific Crypto library for android ? > > I am also stuck with similar issue, My need is to digitally sign XML doc as > per W3C for my Android aadhar authentication client. > > I am using xmlsec.jar, i am unable use some of XMLSignature factory class's > method's like getInstance(), error i am getting is > > VFY: unable to find class referenced in signature > (Ljavax/xml/crypto/dsig/XMLSignatureFactory;) > 01-11 17:15:02.204: I/dalvikvm(998): Could not find method > javax.xml.crypto.dsig.XMLSignatureFactory.getKeyInfoFactory, referenced from > method com.startek.fm210.DigitalSigner.getKeyInfo. > > Thanks > Murali > > Thanks > Murali > > > On Friday, March 2, 2012 2:53:32 PM UTC+5:30, Pankaj wrote: > > Thanks for the reply. > > I had resolved the issue. Initially I am not adding xmlns value in > timestamp. > > On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote: > > I want to consume WCF web-service which uses X.509 certificate for > mutual authentication. I had imported certificates using keytools in > BKS keystore & able to use in android code. Now for mutual > authentication i need to create web-request which have message digest > & signature in it > > <s:Header> > <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-wssecurity-secext-1.0.xsd > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" > s:mustUnderstand="1"> > <u:Timestamp u:Id="_0"> > <u:Created>2012-02-21T04:45:06.429Z</u:Created> > <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> > </u:Timestamp> > <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- > ba34-8d995e414ba3-1" > ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3 > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > EncodingType="http:// > docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > security-1.0#Base64Binary > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>"> > > MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ > > MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW > +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ > +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ > aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ > > TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ > fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ > IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E > </o:BinarySecurityToken> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig# > <http://www.w3.org/2000/09/xmldsig#>"> > <SignedInfo> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- > <http://www.w3.org/2001/10/xml-exc-> > c14n#"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- > sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/> > <Reference URI="#_0"> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > <http://www.w3.org/2001/10/xml-exc-c14n#>"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > <http://www.w3.org/2000/09/xmldsig#sha1>"/> > <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue> > kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ > qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA > +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= > </SignatureValue> > <KeyInfo> > <o:SecurityTokenReference> > <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3 > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > URI="#uuid- > e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> > </o:SecurityTokenReference> > </KeyInfo> > </Signature> > </o:Security> > </s:Header> > > But to create message digest we need perform XML canonicalization with > "http://www.w3.org/2001/10/xml-exc-c14n# > <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am > not able to found any API or library which perform above task. > > I had used xmlsec jar but I guess it is not supported by android and > also used all the option which I found after googling. > > Please guide me how to call WCF web-service which involve X.509 > certificate based mutual authentication. > > > On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote: > > I want to consume WCF web-service which uses X.509 certificate for > mutual authentication. I had imported certificates using keytools in > BKS keystore & able to use in android code. Now for mutual > authentication i need to create web-request which have message digest > & signature in it > > <s:Header> > <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-wssecurity-secext-1.0.xsd > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" > s:mustUnderstand="1"> > <u:Timestamp u:Id="_0"> > <u:Created>2012-02-21T04:45:06.429Z</u:Created> > <u:Expires>2012-02-21T04:50:06.429Z</u:Expires> > </u:Timestamp> > <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7- > ba34-8d995e414ba3-1" > ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3 > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > EncodingType="http:// > docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > security-1.0#Base64Binary > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>"> > > MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/ > > MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW > +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ > +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/ > aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/ > > TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/ > fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/ > IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E > </o:BinarySecurityToken> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig# > <http://www.w3.org/2000/09/xmldsig#>"> > <SignedInfo> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- > <http://www.w3.org/2001/10/xml-exc-> > c14n#"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- > sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/> > <Reference URI="#_0"> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > <http://www.w3.org/2001/10/xml-exc-c14n#>"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > <http://www.w3.org/2000/09/xmldsig#sha1>"/> > <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue> > kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/ > qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA > +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4= > </SignatureValue> > <KeyInfo> > <o:SecurityTokenReference> > <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-x509-token-profile-1.0#X509v3 > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" > URI="#uuid- > e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/> > </o:SecurityTokenReference> > </KeyInfo> > </Signature> > </o:Security> > </s:Header> > > But to create message digest we need perform XML canonicalization with > "http://www.w3.org/2001/10/xml-exc-c14n# > <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am > not able to found any API or library which perform above task. > > I had used xmlsec jar but I guess it is not supported by android and > also used all the option which I found after googling. > > Please guide me how to call WCF web-service which involve X.509 > certificate based mutual authentication. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
