[xsd-users] xmldsig# signatures
Gerard O'Donnell
gerard_odonnell at yahoo.co.uk
Thu Feb 20 08:31:27 EST 2014
Hello Boris,
my company is iGate, and we've been tasked with coding a web service client for an ebms system.
This isn't my area of expertise, so I'm struggling a bit.
I'm sending this from my Yahoo account BTW as I'm on vacation at the moment, my igate address is gerard.odonnell at igate.com.
As a first step, I've used XSD to generate serialisation classes for:
Soap 1.2 http://www.w3.org/2003/05/soap-envelope
Ebms http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/
WS Security http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd, http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Xmldsig http://www.w3.org/2000/09/xmldsig#
A2C http://jcq.org.uk/a2c
These schemas use ##any elements - would I be right in saying that I need to modify the XSD files locally, and replace ##any with references to the elements that the web service will actually use?
So for Soap 1.2, I have added the ebms and wse namespaces into the Soap xs:schema, and replaced ##any with references to ebms and ws-security:
<xs:complexType name="Header">
<xs:sequence>
<!-- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> -->
<xs:element ref="ebms:Messaging" minOccurs="1"/>
<xs:element ref="wse:Security" minOccurs="1"/>
</xs:sequence>
<!-- <xs:anyAttribute namespace="##other" processContents="lax" /> -->
</xs:complexType>
I've done this and can serialise & deserialise an example soap message for the web service:
<soap:Envelope xmlns:ebms="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns="http://www.w3.org/2003/05/soap-envelope"
>
<soap:Header>
<ebms:Messaging id="_9ec96ed4d55e4b09870b580fb9b04a55" soap:mustUnderstand="true">
<ebms:UserMessage>...</ebms:UserMessage>
</ebms:Messaging>
<wse:Security>
<ds:Signature>
<ds:SignedInfo Id="signedinfo">
<ds:Reference URI="#_9ec96ed4d55e4b09870b580fb9b04a55">...</ds:Reference>
<ds:Reference URI="#issuerSerial">...</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="issuerSerial">
<wse:SecurityTokenReference>
<ds:X509Data>...</ds:X509Data>
</wse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wse:Security>
</soap:Header>
<soap:Body />
</soap:Envelope>
From there though I'm stuck - does CodeSynthesis offer any help with calculating the SignatureValue and DigestValues for xmldsig?
If we were to use something like Microsoft's CryptoXML API to populate the Signature, do the CodeSynthesis-generated serialisation classes allow us to insert that Signature into the Soap XML?
Thanks,
Ger O'Donnell
iGate
10 Lower Mount Street,
Dublin 2,
Ireland
More information about the xsd-users
mailing list