I’m try to generate the digest value for a Soap signing, let me explain it
I have the following xml signature (this should be my result)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:srv="...">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-A9D96CB86647A0D4FC1673631078676136">
<wsu:Created>2023-02-02T19:11:30.780Z</wsu:Created>
<wsu:Expires>2023-02-02T19:12:00.780Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature Id="SIG-14C9D524EF6E12B1C61675365090921410" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="soapenv srv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#TS-A9D96CB86647A0D4FC1673631078676136">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse soapenv srv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>7UyPvxTBuetBFmJ3rLhKWwUDadF2vsPYMeVsvl5WS5E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
[...]
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body></soapenv:Body>
</soapenv:Envelope>
I trying to generate this, using the Timestamp
<ds:DigestValue>7UyPvxTBuetBFmJ3rLhKWwUDadF2vsPYMeVsvl5WS5E=</ds:DigestValue>
I know the following:
- I need to sign the timestamp (Element, not content)
- I need to use RSA-SHA1 with my RSA private key
- Apply SHA256 to the result, and finally convert it to BASE64
<wsu:Timestamp wsu:Id="TS-A9D96CB86647A0D4FC1673631078676136">
<wsu:Created>2023-02-02T19:11:30.780Z</wsu:Created>
<wsu:Expires>2023-02-02T19:12:00.780Z</wsu:Expires>
</wsu:Timestamp>
but when I send it, the server responds the following
Signature verification failed: Core validity=false Signed info validity=false Signed info
message='SignatureValue mismatched.' Ref[0](validity=false message='Digest value mismatch:
calculated: bD55KG25aJxqkvQBe/ZTK1oYEafW3gfyf7okFy40yF0='
uri='#TS-A9D96CB86647A0D4FC1673631078676136' type='null')
Does anyone know how I have to encrypt this content? I read somewhere that I need to apply ‘xml-exc-c14n’ canonicalization, it’s correct? How would the result be after apply the canonicalization?
PD. This is my function to test, I’m using javascript
function encryptRsaSha1(privateKey) {
const message = `<wsu:Timestamp wsu:Id="TS-A9D96CB86647A0D4FC1673631078676136">
<wsu:Created>2023-02-02T19:11:30.780Z</wsu:Created>
<wsu:Expires>2023-02-02T19:12:00.780Z</wsu:Expires>
</wsu:Timestamp>`
const sign = crypto.createSign('RSA-SHA1');
sign.update(message.replace(/n/g, ''));
sign.end();
const signature = sign.sign(privateKey);
const hash = crypto.createHash('sha256').update(signature).digest('base64');
console.log("Signature: ", hash);
return hash
}
Thanks!
I tried to sign the content in different way, with/without new lines, with/without namespaces, the element, the content, etc.