[xsd-users] xmldsig# signatures

[Gerard O'Donnell]

Hello Boris,
my company is iGate, and we've been tasked with coding a web service client for an ebms system.
This isn't my area of expertise, so I'm struggling a bit.
I'm sending this from my Yahoo account BTW as I'm on vacation at the moment, my igate address is gerard.odonnell at igate.com.

As a first step, I've used XSD to generate serialisation classes for:
Soap 1.2          http://www.w3.org/2003/05/soap-envelope
Ebms                http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/
WS Security        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd, http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

Xmldsig            http://www.w3.org/2000/09/xmldsig#
A2C                    http://jcq.org.uk/a2c


These schemas use ##any elements - would I be right in saying that I need to modify the XSD files locally, and replace ##any with references to the elements that the web service will actually use?

So for Soap 1.2, I have added the ebms and wse namespaces into the Soap xs:schema, and replaced ##any with references to ebms and ws-security:


    <xs:complexType name="Header">
        <xs:sequence>
            <!-- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"  />  -->
            <xs:element ref="ebms:Messaging" minOccurs="1"/>
            <xs:element ref="wse:Security" minOccurs="1"/>
        </xs:sequence>
        <!-- <xs:anyAttribute namespace="##other" processContents="lax" /> -->
    </xs:complexType>

I've done this and can serialise & deserialise an example soap message for the web service:

<soap:Envelope xmlns:ebms="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" 
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
               xmlns:wse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
               xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
               xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0" 
               xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
               xmlns:soap="http://www.w3.org/2003/05/soap-envelope" 
               xmlns="http://www.w3.org/2003/05/soap-envelope" 
>
  <soap:Header>
    <ebms:Messaging id="_9ec96ed4d55e4b09870b580fb9b04a55" soap:mustUnderstand="true">
      <ebms:UserMessage>...</ebms:UserMessage>
    </ebms:Messaging>
    <wse:Security>
      <ds:Signature>
        <ds:SignedInfo Id="signedinfo">
          <ds:Reference URI="#_9ec96ed4d55e4b09870b580fb9b04a55">...</ds:Reference>
          <ds:Reference URI="#issuerSerial">...</ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>...</ds:SignatureValue>
        <ds:KeyInfo Id="issuerSerial">
          <wse:SecurityTokenReference>
            <ds:X509Data>...</ds:X509Data>
          </wse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wse:Security>
  </soap:Header>
  <soap:Body />
</soap:Envelope>


From there though I'm stuck - does CodeSynthesis offer any help with calculating the SignatureValue and DigestValues for xmldsig?
If we were to use something like Microsoft's CryptoXML API to populate the Signature, do the CodeSynthesis-generated serialisation classes allow us to insert that Signature into the Soap XML?

Thanks,
Ger O'Donnell
iGate
10 Lower Mount Street,
Dublin 2,
Ireland