I am handling all the generation via ICSF, and that's correct about sha1, it is only supported under CICS. That's not to say you can't write your own ICSF routines to generate that stuff without CICS help.
We use SOAPUI in the distributed environment to test webservice servers. The soapui shows you what is generated as far as the soap xml hash/digest and signature. It is base64 encoded, but that is easy to encode or decode on the mainframe. Once we get Soapui to work with the webservice then we code it on the mainframe and run the test there. The hash/digest comes out correct, but once you sign it on the mainframe the signature is different when compared to the one Soapui produced. It took us a while to figure out how to generate everything correctly on the mainframe side since we are talking to distributed servers. With the help of IBM and some other people we were finally able to figure it out, now we just need to the signature to work. IBM says the signature should be the same even if one is generated in EBCDIC or UTF-8, since the hash/digest is identical. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Donald J. Sent: Tuesday, October 28, 2014 3:13 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Cross Posted from CICS-l CICS Web Services and Digital Signatures According to Share document "CICS Identity and Security" from Pittsburgh 2014, only sha1 is supported on outbound signature? Just curious, how did you determine the same required signature was not produced? -- Donald J. dona...@4email.net On Tue, Oct 28, 2014, at 11:34 AM, Ward, Mike S wrote: > -----Original Message----- > From: Ward, Mike S > Sent: Monday, October 27, 2014 4:55 PM > To: cic...@listserv.uga.edu > Subject: CICS Web Services and Digital Signatures > > Hello all, I was wondering of anyone out here in CICS land is using > webservices and digital signatures using the following algorithms to > communicate as a requester to distributed webservices from the mainframe. > > DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; > > CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > > SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; > > > We have gotten the canonicalization method and the digest method to work > correctly. The only thing we couldn't get to work is the signature method > which is using PKCS#1 V1.5. > > We are using ICSF at CICSTS 4.2 level and ICSF V1.13 level. The signature > routines work they just don't produce the same required signature correctly. > > If anyone is working it and is willing to share either online or offline. It > will be appreciated. > > Thanks. > > > > > > > > ========================== > This email, and any files transmitted with it, is confidential and intended > solely for the use of the individual or entity to which it is addressed. If > you have received this email in error, please notify the system manager. This > message contains confidential information and is intended only for the > individual named. If you are not the named addressee, you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this message by mistake and delete > this e-mail from your system. If you are not the intended recipient, you are > notified that disclosing, copying, distributing or taking any action in > reliance on the contents of this information is strictly prohibited. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ========================== This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
