OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-poc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: dsig and SOAP2.1

Thanks, Chris, for commenting on
the Via element excision for the
n-intermediary case, n>0.
Apparently Sid has decided that
the intermediaries in hl7
will not be using either
Via or TraceHeaderList at the
Vienna POC.

POCers, I am attaching a sample
signed ebxml header for examination
prior to the Maryland meeting
for participants in the hl7
scenario. We are using slightly
different Xpath transforms than
Chris; should be equivalent
effect though. This sample is
produced in a standalone header
signing environment, but by
Monday we should have it
integrated with our servlet
environment for the POC.
This output is based on the IBM
alphaworks xss4j code, using
straightforward, unhacked
template methods.

We are not using the Apache
SOAP4J 2.1 so can't comment about
its interaction issue.

To keep list traffic under control,
please send questions
to me and/or Jeff Turpin until
we find something of general interest.


-----Original Message-----
From: cferris@xtacy.East.Sun.COM [mailto:cferris@xtacy.East.Sun.COM]On
Behalf Of christopher ferris
Sent: Thursday, April 26, 2001 11:05 PM
To: ebxml-poc@lists.ebxml.org
Cc: Ralph Berwanger
Subject: dsig and SOAP2.1


If anyone is using SOAP2.1 and having difficulty
with the signature verification (as I was struggling
with until a few moments ago), the problem may lie
in the fact that the org.apache.soap.Envelope.marshall()
method is modifying the document instead of
simply writing it out from the DOM tree. Thus, the
digest would be significatly different when validating.

In any event, I have XMLDSig signing and validation working
in my MSH implementation which is built on Apache SOAP4J 2.1.

Note that the Message Service spec (0.98b and 0.99)
will need to be changed as regards to the XPath transform
specified (as will any use of DSig for the POC) such
that the XPath for the Envelope is as follows:

	    <Reference URI="">
		<Transforms>
		    <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                        <XPath
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
	not(ancestor-or-self::dsig:Signature[@Id=&apos;S1&apos;] or
            ancestor-or-self::eb:TraceHeaderList)
			</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue></DigestValue>
            </Reference>

If use of the Via element for multihop is used, then the XPath would
need to be:

	    <Reference URI="">
		<Transforms>
		    <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                        <XPath
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
	not(ancestor-or-self::dsig:Signature[@Id=&apos;S1&apos;] or
            ancestor-or-self::eb:TraceHeaderList or
ancestor-or-self::eb:Via)
			</XPath>
                    </Transform>
                </Transforms>
                <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue></DigestValue>
            </Reference>

The spec will need to be updated to reflect this change (probably the
latter example so as to capture the multihop use case) for the 1.0 version.

Cheers,

Chris

------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: ebxml-poc-request@lists.ebxml.org

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" xmlns:xlink="http://www.w3.org/1999/xlink">
<SOAP-ENV:Header>
<eb:MessageHeader eb:version="98.0" id="N001"> 
</eb:MessageHeader> 
<eb:TraceHeaderList eb:version="98.0" id="N002"> 
<eb:TraceHeader> 
</eb:TraceHeader> 
</eb:TraceHeaderList> 
<Signature Id="S1" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> 
<Reference URI=""> 
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> 
<XPath>/descendant-or-self::node()[not(ancestor-or-self::Signature) 
and not(ancestor-or-self::TraceHeaderList)]</XPath> 
</Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
<DigestValue>PLucZOwwFnI0FqFHVpbUOS05rb0=</DigestValue> 
</Reference> 
</SignedInfo>
<SignatureValue>
    abU6eP1AUvTgSPhSdF1BMtXHNV0TvN23WOBd+7BTBwCwRqKPYjfhMg==
  </SignatureValue>
  <KeyInfo>
    <KeyValue>
      <DSAKeyValue>
        <P>
          /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s
          ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT
          xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc=
        </P>
        <Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q>
        <G>
          9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFn
          Ej6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx
          vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSo=
        </G>
        <Y>
          Bt+PvxfCJkd7n0q3ImL8yLqfRNjOgX+iVdMFlGNE1PNK+Hzdsk8rOjjAgDKfg0+kJw
          7Sa/IaKk9KYY39io43xK14SLdDaiFsmSX5LuJwlt+zrtpklHUA6nqr7OgL12uCq1hW
          KBuiUnydC47mNuIihd0QafyoQpZX2hdT8De1+Ic=
        </Y>
      </DSAKeyValue>
    </KeyValue>
    <X509Data>
      <X509SubjectName>CN=Dale Moberg, OU=Unknown, O=Cyclone Commerce, L=Scottsdale, ST=AZ, C=US</X509SubjectName>
      <X509Certificate>
MIIDGDCCAtYCBDrkjmcwCwYHKoZIzjgEAwUAMHIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJBWjET
MBEGA1UEBxMKU2NvdHRzZGFsZTEZMBcGA1UEChMQQ3ljbG9uZSBDb21tZXJjZTEQMA4GA1UECxMH
VW5rbm93bjEUMBIGA1UEAxMLRGFsZSBNb2JlcmcwHhcNMDEwNDIzMjAxOTUxWhcNMDEwNzIyMjAx
OTUxWjByMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQVoxEzARBgNVBAcTClNjb3R0c2RhbGUxGTAX
BgNVBAoTEEN5Y2xvbmUgQ29tbWVyY2UxEDAOBgNVBAsTB1Vua25vd24xFDASBgNVBAMTC0RhbGUg
TW9iZXJnMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMe
P4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63
xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yy
krmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx
BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx
vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGABt+PvxfCJkd7n0q3ImL8yLqfRNjO
gX+iVdMFlGNE1PNK+Hzdsk8rOjjAgDKfg0+kJw7Sa/IaKk9KYY39io43xK14SLdDaiFsmSX5LuJw
lt+zrtpklHUA6nqr7OgL12uCq1hWKBuiUnydC47mNuIihd0QafyoQpZX2hdT8De1+IcwCwYHKoZI
zjgEAwUAAy8AMCwCFC8dHKy/7wiOQe8MO1r9PPKLVHPSAhQgySnrOqXsNFhFD/l2qPnTXtNIGg==
      </X509Certificate>
    </X509Data>
  </KeyInfo> 
</Signature> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body> 
<eb:Manifest eb:version="98.0" id="Mani01"> 
<eb:Reference xlink:href="cid://blahblahblah" xlink:role="http://ebxml.org/gci/invoice"> 
<eb:Schema eb:location="http://ebxml.org/gci/busdocs/invoice.dtd" eb:version="98.0"/> 
</eb:Reference> 
</eb:Manifest> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC