R: Signature verification failed con client Ksoap

filippo Thu, 24 Mar 2005 09:07:59 -0800

Title: Nachricht

I forgotten info! The only encrypted process work properly.

The request and response with ksoap client is:

POST /WebModule1/services/Testinterface HTTP/1.1

connection: close

SOAPAction: ""

Content-Type: text/xml; charset=utf-8

Content-Length: 2270

User-Agent: kSOAP/2.0

Cache-Control: no-cache

Pragma: no-cache

Host: 192.168.0.10:8080

Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<soapenv:Header>

�� <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

�� <xenc:EncryptedKey>

�� <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

�� <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

�� <wsse:SecurityTokenReference>

�� <ds:X509IssuerSerial>

�� <ds:X509IssuerName>CN=dims</ds:X509IssuerName>

�� <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>

�� </ds:X509IssuerSerial>

�� </wsse:SecurityTokenReference>

�� </ds:KeyInfo>

�� <xenc:CipherData>

�� <xenc:CipherValue>OJ3S9MRG5n8gpbKZMN6j/cocD7kqhMbAevaoFfjO3bDSkBrWTK56m79whOjzTc0e7wWA4nJtxwfL

7ZqZJF9XUA==</xenc:CipherValue>

�� </xenc:CipherData>

�� <xenc:ReferenceList>

�� <xenc:DataReference URI="#EncDataId-8442367" />

�� </xenc:ReferenceList>

�� </xenc:EncryptedKey>

�� </wsse:Security>

</soapenv:Header>

�� <soapenv:Body wsu:Id="id-8442367" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

�� <xenc:EncryptedData Id="EncDataId-8442367" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

�� <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

�� <xenc:CipherData>

�� <xenc:CipherValue>G+E1bXxr+8jiwJ308vnGkPwxwsSut45N2l0NGfkvdlQar5qCFBzyRiesTMQK+08uWPGX71ODO1tE

vNySHc/7dttwSXpTQq5N/0T3ZvKgPCGv7Yd50Uo441E4MA+uBhfxKvun+eHd6+zy/4mXN8MmIO/n

rmUXyPhyADGY6xAXPO1mh1/bbQT749pcuHDZQCBKTzmm0VnQiOr0u4EfWAaMDlYuMmbmU5rmf0Sb

ID6e5gqmsY9EDRubWpVJOhJRq7F4da/UvPvKQH0JHTgwodnblyjKbMmgaoBr7Hq3BWljGh1hiUGQ

Gcj74vJp0c4cRNlfJPngoCC7gLbd4jamgz7suGlcHSCRX8HB/MdkpoEVCcTCriWu13ywJhYUZuX3

NcXTOEgk/jGM0i9iSdXHW1iRERf+56jRSRFkfZ/N/HqyNTZaHG72OckIJP4VLWDNn9pAtCw4skWr

186vqQHnstbvh11DG8Demw+KG6HM0/KoGcIAFqprpJkuQtJt8C8eq/hinUGhshgJLjPAcXLx1zlj

bbcwdSgV9n6hlUKUcTrpBzlNTq/RWhMh2HJ1acG1WvC6E93NyzZfiptYT0p2HB0ST+EE5w2Gi470

NCKXHAQeuj2AR4JQLMGX9pG8IOTfQ8OPUOEU+KamaNo=</xenc:CipherValue>

�� </xenc:CipherData>

�� </xenc:EncryptedData>

�� </soapenv:Body>

</soapenv:Envelope>

HTTP/1.1 200 OK

Content-Type: text/xml;charset=utf-8

Date: Thu, 24 Mar 2005 16:59:16 GMT

Server: Apache-Coyote/1.1

<?xml version="1.0" encoding="utf-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<soapenv:Body>

<ns1:getStringResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://wss.eguide.it">

Thanks

Ing. Filippo Aiello

---------------------------------------------

E-Guide S.R.L.

Via Pietro Bucci, Capannone C

Arcavacata di Rende (Cs)

Tel.: 0984/493180

Mob: +39.348.5240323

Fax: 0984/493057

E-mail: [EMAIL PROTECTED]

---------------------------

Da: Dittmann Werner [mailto:[EMAIL PROTECTED]
Inviato: gioved� 24 marzo 2005 16.24
A: 'filippo'; [email protected]
Cc: Gianluigi Brasili; Arnaldo Campanella; Adriana Pietramala
Oggetto: AW: Signature verification failed con client Ksoap

Filippo,

that's very hard to answer.

First of all, who produced the signature of the kSoap request?

Looking at the requests I can see that the digest values of the

Reference is the same in both cases. Also the Signature value

is the same in both cases.

This is a good sign...however, after the signature was produced ..

did some module modify the SOAP request, in particular between

the SignedInfo tags? With modifcation I also mean every type of

"pretty-printing" the XML after signing but before it was put on the wire.

When I look at the requests they have a different "layout", indents,

and so on. I once had a similar problem.

When computing the Signature value the xmlsec library takes

information that is between the SignedInfo tags, hashes and signs it.

Thus, if data is changed afterwards the signature check fails.

Be aware the blanks, newlines, tabs, that are inserted after

signing create additional XML DOM nodes during parsing

at the server side. These new nodes that hold the additional blanks,

newlines etc. now also go into the computation of hash values.

Thus - the receiver computes a hash that is not the same

that was computed by the sender.

Regards,

Werner

-----Urspr�ngliche Nachricht-----
Von: filippo [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 24. M�rz 2005 11:07
An: [email protected]
Cc: Gianluigi Brasili; Arnaldo Campanella; Adriana Pietramala
Betreff: Signature verification failed con client Ksoap
Wichtigkeit: Hoch

....

<some content removed/>

....

Ing. Filippo Aiello

---------------------------------------------

E-Guide S.R.L.

Via Pietro Bucci, Capannone C

Arcavacata di Rende (Cs)

Tel.: 0984/493180

Mob: +39.348.5240323

Fax: 0984/493057

E-mail: [EMAIL PROTECTED]

---------------------------

R: Signature verification failed con client Ksoap

Reply via email to