Hi all,
I have a question regarding computation of a signature for based on multiple
digest values. Would you there be a way to approach this problem in Bouncy
Castle.
For example, say if I have multiple XML elements that I would like to calculate
digest values for individually and then compute the signature based on the
digest values for the whole XML document. Would this be possible with bouncy
castle.
To provide an example I am trying to produce a WSSE security token to with a
signature based on the SignedInfo element as highlighted in yellow below.
<wsse:Security>
<wsse:BinarySecurityToken wsu:Id="Id-9dde0b830ffc4f82996d9b2bada06c56"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIIDKDCCAhSgAwIBAgIQrFS6uduwTI9G/PLSuVErxDAJBgUrDgMCHQUAMCYxJDAiBgNVBAMTG1N5bmNzb2Z0IEVudGVycHJpc2UgUm9vdCBDQTAeFw0xMzA1MTcyMjI0MjdaFw0zOTEyMzEyMzU5NTlaMCUxIzAhBgNVBAMTGmVudGVycHJpc2Uuc3luY3NvZnQuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWUoI9/+tQSh5lX110sl1q4WG18dUpC758tvx+sg065q4zmBdDp14Keoay6hzqKPQWAH1eDk5LOyHxI3MwK2qkRYRPdOOVXNMUetKKOsh8h1rJAzj4kVMaeiAHigx7eRElBfv4zhycv1hl2BiSp+OT+Z88ukO1cCCz8Ehkim746ZPtQXYQAofgkTRf1x8RmUN4/MfOIwm7Rq9LVjQz2a4bmajDhn1BuGN10odfr9Q8fy7R7Zrtw31+5c4rkMtB7vZGp6kafxqbTKYgR5TXn3RY3bhHyhoKT+tRhSHQjHmVlF5+flQiAnxRysnjiTEBjoAEfjlMFSWj0uHlKaqlY/BQIDAQABo1swWTBXBgNVHQEEUDBOgBBlOH56UNr6Z/sT51gI9rTMoSgwJjEkMCIGA1UEAxMbU3luY3NvZnQgRW50ZXJwcmlzZSBSb290IENBghAP8+VIW7eqiUrhf3ayIowlMAkGBSsOAwIdBQADggEBAIXSUVBD0LytaWb1qp2cLz8CGQYvWojpjPDth7FObMOelTKj08eqRYseZJPP4KFQveibCuW5ChODwLupYrmC3MiYCNg+4LMFBhdsSe/md5k2ZwW7VD/fdu6ipHtgJF7fJHHVuHqOW09krBhPxDS5lGyNjaPlbfz5cTNZRDAKNxHgqNFRKoL6uDWB9m0WnpSbg/vHRqB2rwhjq4XamKyo0ronoZMAWZGgE/BW1YZh7yCw6vQ8D4aaRTA7loIKEfEiuJxgwhS7kZ1zBq2P7e10qOcPSmD1s0OKc+sI70wihHgk+LK/FJnYhhy+YvHZyboF216UP2gTxbhpglbH8+E6FrI=</wsse:BinarySecurityToken>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">
</CanonicalizationMethod>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";>
</SignatureMethod>
<Reference URI="#Id-d54f5f1c1f9944d69bbc690bd24c6a5e">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";>
</DigestMethod>
<DigestValue>gVlvjh1yqrcorBrjTbbOxZOqUMA=</DigestValue>
</Reference>
<Reference URI="#ID0EID">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";>
</DigestMethod>
<DigestValue>BtaRNTFAgjR1Baf65qUPSmV+vvc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oR6HveOl+G9IkrhaLOf51XLDuLQa8kBn/WTbyjM0/ERr0vGAdHgSwBIZr29LRckGuC5ybKbiRSACCjunOBs5WmllL3hmThYl0cWXvdRuxUuBBHgISxr+661pRoxoJdWyuI4axmlOBXAdzy0cMkLpv01NP7HBluFnft2maA6X6QMEbh2Ecnm/4lz4BdxpN38/n+MFChsSrZs/zMkOLnlgWIRtajswTFL+cCtztnHOUlMoPRa50BeaKJbVrFIJuAlsOHxsqmXdmedL6g80MSNQyuN8z3WAlzO8AcfTbJYD6puYcmiq0TYGP9CvV5bdHrlgbHZlvZSw27zMkudZsz7rPA==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#Id-9dde0b830ffc4f82996d9b2bada06c56"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
</wsse:Reference>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
Would there be any support or examples I could find to complete this task with
Bouncy Castle?
This is a standard requirement for SWA.
Could any provide any insight here as it would be greatly appreciated.
Cheers,
Jean-Paul Berthelot | Developer
SyncSoft | Ground Floor, 19-23 Prospect Street | Box Hill Vic 3128 | Australia
T: +61 3 9236 1936 | M: 0432327799 | F: +61 3 9236 1999
E:
[email protected]<mailto:[email protected]>
| W: www.syncsoft.com.au<http://www.syncsoft.com.au>
***NOTICE***
This e-mail/facsimile may contain confidential or legally privileged material
and if you are not the intended recipient, you are advised that Synchronised
Software Pty Ltd does not consent to you reading or copying the material and
does not waive any confidentiality or legal privilege associated with it. This
e-mail/facsimile may also contain material which is protected by copyright and
if you are not the intended recipient, you are advised that Synchronised
Software Pty Ltd has not consented to your reproduction of the material and
there is no intention to provide you with an implied licence to exercise any of
the rights of the copyright owner or an authorised licensee. If you have
received this e-mail/facsimile in error, please advise Synchronised Software
Pty Ltd immediately by return e-mail/facsimile or by telephone on
61-3-9236-1900.
The recipient of this e-mail/facsimile is solely responsible for conducting
such tests and virus scanning as may be necessary, before using any attachment,
to ensure that the attachment does not contain any virus and that use of the
attached materials will in no way corrupt the recipient's data or systems or
those of any other person.
Please consider the environment before printing this message.
