Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Android Security Discussions
Message from discussion How to create canonicalized XML for XML digital signature

View parsed - Show only message text

Date: Wed, 29 Feb 2012 20:32:29 -0800 (PST)
From: Pankaj <pank...@gmail.com>
To: android-security-discuss@googlegroups.com
Cc: Pankaj <pank...@gmail.com>
Message-ID: <33083201.6.1330576349078.JavaMail.geo-discussion-forums@pbcwg8>
In-Reply-To: <4F4E2EAF.8090103@telia.com>
References: <9e90a367-4c48-4aac-922d-6f59092fdec7@f5g2000yqm.googlegroups.com>
 <4F4E2EAF.8090103@telia.com>
Subject: Re: [android-security-discuss] How to create canonicalized XML for
 XML digital signature
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_4_2831915.1330576349072"

------=_Part_4_2831915.1330576349072
Content-Type: multipart/alternative; 
	boundary="----=_Part_5_15811901.1330576349072"

------=_Part_5_15811901.1330576349072
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

I had tried that but i am not able to reproduce the digest value which 
mention in my req xml :

<Reference URI="#_0">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
> </Reference> 

As per the W3C document Reference URI refer to element or ID which need to 
canonicalized. In my case ID is 

> <u:Timestamp u:Id="_0">
> <u:Created>2012-02-21T04:45:06.429Z</u:Created>
> <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
> </u:Timestamp>  

I had tried my level best to create the SHA1 digest of above message part 
to get digest value as per 
<DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue> 

As per my understanding we need to convert digest value to base64 which I 
am doing but I am not able to get close to the above value.

I had attach full XML req which is generated by using Visual Studio Client 
& which I had extracted using WireShark tool.

Thanks

On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:
>
> If you only need to create a cononicalized XML it is very simple.
> You do the canonicalization manually.
> It means eliminating whitespace between elements.
> Putting attributes in alphabetical order.
>
> When the signatures verifies you are done :-)
>
> Anders
>
> On 2012-02-28 07:38, Pankaj wrote:
> > I want to consume WCF web-service which uses X.509 certificate for
> > mutual authentication. I had imported certificates using keytools in
> > BKS keystore & able to use in android code. Now for mutual
> > authentication i need to create web-request which have message digest
> > & signature in it
> > 
> > <s:Header>
> > <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
> > <u:Timestamp u:Id="_0">
> > <u:Created>2012-02-21T04:45:06.429Z</u:Created>
> > <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
> > </u:Timestamp>
> > <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
> > ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
> > docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> > security-1.0#Base64Binary">
> > 
> MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
> > 
> MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
> > +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
> > +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
> > aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
> > 
> TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
> > fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
> > IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
> > </o:BinarySecurityToken>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
> > c14n#"/>
> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
> > sha1"/>
> > <Reference URI="#_0">
> > <Transforms>
> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > </Transforms>
> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> > <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
> > </Reference>
> > </SignedInfo>
> > <SignatureValue>
> > kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
> > qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
> > +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
> > </SignatureValue>
> > <KeyInfo>
> > <o:SecurityTokenReference>
> > <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
> > e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
> > </o:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </o:Security>
> > </s:Header>
> > 
> > But to create message digest we need perform XML canonicalization with
> > "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
> > not able to found any API or library which perform above task.
> > 
> > I had used xmlsec jar but I guess it is not supported by android and
> > also used all the option which I found after googling.
> > 
> > Please guide me how to call WCF web-service which involve X.509
> > certificate based mutual authentication.
> > 
>
>
On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:
>
> If you only need to create a cononicalized XML it is very simple.
> You do the canonicalization manually.
> It means eliminating whitespace between elements.
> Putting attributes in alphabetical order.
>
> When the signatures verifies you are done :-)
>
> Anders
>
> On 2012-02-28 07:38, Pankaj wrote:
> > I want to consume WCF web-service which uses X.509 certificate for
> > mutual authentication. I had imported certificates using keytools in
> > BKS keystore & able to use in android code. Now for mutual
> > authentication i need to create web-request which have message digest
> > & signature in it
> > 
> > <s:Header>
> > <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
> > <u:Timestamp u:Id="_0">
> > <u:Created>2012-02-21T04:45:06.429Z</u:Created>
> > <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
> > </u:Timestamp>
> > <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
> > ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
> > docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> > security-1.0#Base64Binary">
> > 
> MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
> > 
> MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
> > +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
> > +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
> > aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
> > 
> TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
> > fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
> > IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
> > </o:BinarySecurityToken>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
> > c14n#"/>
> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
> > sha1"/>
> > <Reference URI="#_0">
> > <Transforms>
> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > </Transforms>
> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> > <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
> > </Reference>
> > </SignedInfo>
> > <SignatureValue>
> > kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
> > qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
> > +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
> > </SignatureValue>
> > <KeyInfo>
> > <o:SecurityTokenReference>
> > <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
> > oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
> > e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
> > </o:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </o:Security>
> > </s:Header>
> > 
> > But to create message digest we need perform XML canonicalization with
> > "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
> > not able to found any API or library which perform above task.
> > 
> > I had used xmlsec jar but I guess it is not supported by android and
> > also used all the option which I found after googling.
> > 
> > Please guide me how to call WCF web-service which involve X.509
> > certificate based mutual authentication.
> > 
>
>
------=_Part_5_15811901.1330576349072
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

I had tried that but i am not able to reproduce the digest value which ment=
ion in my req xml :<div><br></div><div><span style=3D"line-height: 18px; ">=
&lt;Reference URI=3D"#_0"&gt;</span><br style=3D"line-height: 18px; "><span=
 style=3D"line-height: 18px; ">&gt; &lt;Transforms&gt;</span><br style=3D"l=
ine-height: 18px; "><span style=3D"line-height: 18px; ">&gt; &lt;Transform =
Algorithm=3D"</span><a href=3D"http://www.w3.org/2001/10/xml-exc-c14n#" tar=
get=3D"_blank" style=3D"border-style: initial; border-color: initial; line-=
height: 18px; ">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a><span style=
=3D"line-height: 18px; ">"/&gt;</span><br style=3D"line-height: 18px; "><sp=
an style=3D"line-height: 18px; ">&gt; &lt;/Transforms&gt;</span><br style=
=3D"line-height: 18px; "><span style=3D"line-height: 18px; ">&gt; &lt;Diges=
tMethod Algorithm=3D"</span><a href=3D"http://www.w3.org/2000/09/xmldsig#sh=
a1" target=3D"_blank" style=3D"border-style: initial; border-color: initial=
; line-height: 18px; ">http://www.w3.org/<wbr>2000/09/xmldsig#sha1</a><span=
 style=3D"line-height: 18px; ">"/&gt;</span><br style=3D"line-height: 18px;=
 "><span style=3D"line-height: 18px; ">&gt; &lt;DigestValue&gt;Soj1m/</span=
><wbr style=3D"line-height: 18px; "><span style=3D"line-height: 18px; ">E15=
7CempDHHC6c6gZBd1E=3D&lt;/</span><wbr style=3D"line-height: 18px; "><span s=
tyle=3D"line-height: 18px; ">DigestValue&gt;</span><br style=3D"line-height=
: 18px; "><span style=3D"line-height: 18px; ">&gt; &lt;/Reference&gt;</span=
>&nbsp;</div><div><br></div><div>As per the W3C document Reference URI refe=
r to element or ID which need to canonicalized. In my case ID is&nbsp;</div=
><div><br></div><div><span style=3D"border-style: initial; border-color: in=
itial; line-height: 18px; ">&gt; &lt;u:Timestamp u:Id=3D"_0"&gt;</span><br =
style=3D"line-height: 18px; "><span style=3D"border-style: initial; border-=
color: initial; line-height: 18px; ">&gt; &lt;u:Created&gt;2012-02-21T04:45=
:</span><wbr style=3D"line-height: 18px; "><span style=3D"border-style: ini=
tial; border-color: initial; line-height: 18px; ">06.429Z&lt;/u:Created&gt;=
</span><br style=3D"line-height: 18px; "><span style=3D"border-style: initi=
al; border-color: initial; line-height: 18px; ">&gt; &lt;u:Expires&gt;2012-=
02-21T04:50:</span><wbr style=3D"line-height: 18px; "><span style=3D"border=
-style: initial; border-color: initial; line-height: 18px; ">06.429Z&lt;/u:=
Expires&gt;</span><br style=3D"line-height: 18px; "><span style=3D"border-s=
tyle: initial; border-color: initial; line-height: 18px; ">&gt; &lt;/u:Time=
stamp&gt;</span>&nbsp;&nbsp;</div><div><br></div><div>I had tried my level =
best to create the SHA1 digest of above message part to get digest value as=
 per&nbsp;</div><div><span style=3D"border-style: initial; border-color: in=
itial; line-height: 18px; ">&lt;DigestValue&gt;Soj1m/</span><wbr style=3D"l=
ine-height: 18px; "><span style=3D"border-style: initial; border-color: ini=
tial; line-height: 18px; ">E157CempDHHC6c6gZBd1E=3D&lt;/</span><wbr style=
=3D"line-height: 18px; "><span style=3D"border-style: initial; border-color=
: initial; line-height: 18px; ">DigestValue&gt;</span>&nbsp;</div><div><br>=
</div><div>As per my understanding we need to convert digest value to base6=
4 which I am doing but I am not able to get close to the above value.</div>=
<div><br></div><div>I had attach full XML req which is generated by using V=
isual Studio Client &amp; which I had extracted using WireShark tool.</div>=
<div><br></div><div>Thanks<br><br>On Wednesday, 29 February 2012 19:27:03 U=
TC+5:30, Anders Rundgren  wrote:<blockquote class=3D"gmail_quote" style=3D"=
margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;=
">If you only need to create a cononicalized XML it is very simple.<br>You =
do the canonicalization manually.<br>It means eliminating whitespace betwee=
n elements.<br>Putting attributes in alphabetical order.<p>When the signatu=
res verifies you are done :-)</p><p>Anders</p><p>On 2012-02-28 07:38, Panka=
j wrote:<br>&gt; I want to consume WCF web-service which uses X.509 certifi=
cate for<br>&gt; mutual authentication. I had imported certificates using k=
eytools in<br>&gt; BKS keystore &amp; able to use in android code. Now for =
mutual<br>&gt; authentication i need to create web-request which have messa=
ge digest<br>&gt; &amp; signature in it<br>&gt; <br>&gt; &lt;s:Header&gt;<b=
r>&gt; &lt;o:Security xmlns:o=3D"<a href=3D"http://docs.oasis-open.org/wss/=
2004/01/" target=3D"_blank">http://docs.oasis-<wbr>open.org/wss/2004/01/</a=
><br>&gt; oasis-200401-wss-wssecurity-<wbr>secext-1.0.xsd" s:mustUnderstand=
=3D"1"&gt;<br>&gt; &lt;u:Timestamp u:Id=3D"_0"&gt;<br>&gt; &lt;u:Created&gt=
;2012-02-21T04:45:<wbr>06.429Z&lt;/u:Created&gt;<br>&gt; &lt;u:Expires&gt;2=
012-02-21T04:50:<wbr>06.429Z&lt;/u:Expires&gt;<br>&gt; &lt;/u:Timestamp&gt;=
<br>&gt; &lt;o:BinarySecurityToken u:Id=3D"uuid-e35f5271-3c4e-47c7-<br>&gt;=
 ba34-8d995e414ba3-1" ValueType=3D"<a href=3D"http://docs.oasis-open.org/ws=
s/2004/01/" target=3D"_blank">http://docs.oasis-<wbr>open.org/wss/2004/01/<=
/a><br>&gt; oasis-200401-wss-x509-token-<wbr>profile-1.0#X509v3" EncodingTy=
pe=3D"http://<br>&gt; <a href=3D"http://docs.oasis-open.org/wss/2004/01/oas=
is-200401-wss-soap-message-" target=3D"_blank">docs.oasis-open.org/wss/2004=
/<wbr>01/oasis-200401-wss-soap-<wbr>message-</a><br>&gt; security-1.0#Base6=
4Binary"&gt;<br>&gt; MIICbzCCAdygAwIBAgIQfjyZ229iN4<wbr>tAbV0fiYiVyTAJBgUrD=
gMCHQUAMD8x<wbr>PTA7BgNVBAMTNGNsaWVudC5iNTRiYT<wbr>FkN2U2NzY0ZDdkOWRiMDA3YT=
gyNmM5<wbr>ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMT<wbr>IwMjE2MTY0MjI1WhcNMzkxMjMxMjM=
1<wbr>OTU5WjA/<br>&gt; MT0wOwYDVQQDEzRjbGllbnQuYjU0Ym<wbr>ExZDdlNjc2NGQ3ZDl=
kYjAwN2E4MjZj<wbr>OWRhOTcuY2xvdWRhcHAubmV0MIGfMA<wbr>0GCSqGSIb3DQEBAQUAA4GN=
ADCBiQKB<wbr>gQDRW<br>&gt; +<wbr>Di90XDGulLybdBboUlOilxvbcnfow+<wbr>NhoNW80=
uNjmGQiQpxP0oNnYT7RKJ<br>&gt; +nP3+<wbr>sZxUfRfazLgvOTFn0F9SIFQ9T4I5LN<wbr>=
FMHhDfExoT0k/<br>&gt; aeF870Euy07BiwF7eXw6toSv1dKwKa<wbr>vq20szbIr/NeabIEDS=
/GzKY6P0/<br>&gt; TOQfwIDAQABo3QwcjBwBgNVHQEEaTB<wbr>ngBCNb6YOYI3RBR64WvVUj=
QtPoUEwP<wbr>zE9MDsGA1UEAxM0Y2xpZW50LmI1NGJ<wbr>hMWQ3ZTY3NjRkN2Q5ZGIwMDdhOD=
I2Y<wbr>zlkYTk3LmNsb3VkYXBwLm5ldIIQfjy<wbr>Z229iN4tAbV0fiYiVyTAJBgUrDgMCH<w=
br>QUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8<wbr>aYYrYRQwU4lrBKlI0CnrkcZwQGPmRx<wbr>dk=
iET9D91kcN/<br>&gt; fmq90nj1F5FZoqhzeT1moqGKXKT9HR<wbr>X8j6Ln1QDhsr+0JfgJW9=
/<br>&gt; IFaQI14xKwr8bw4+<wbr>DxIyp0IMpSw9biULmIQ1QuTzfKDEow<wbr>lcQhsik+E=
<br>&gt; &lt;/o:BinarySecurityToken&gt;<br>&gt; &lt;Signature xmlns=3D"<a h=
ref=3D"http://www.w3.org/2000/09/xmldsig#" target=3D"_blank">http://www.w3.=
org/2000/<wbr>09/xmldsig#</a>"&gt;<br>&gt; &lt;SignedInfo&gt;<br>&gt; &lt;C=
anonicalizationMethod Algorithm=3D"<a href=3D"http://www.w3.org/2001/10/xml=
-exc-" target=3D"_blank">http://www.w3.org/<wbr>2001/10/xml-exc-</a><br>&gt=
; c14n#"/&gt;<br>&gt; &lt;SignatureMethod Algorithm=3D"<a href=3D"http://ww=
w.w3.org/2000/09/xmldsig#rsa-" target=3D"_blank">http://www.w3.org/<wbr>200=
0/09/xmldsig#rsa-</a><br>&gt; sha1"/&gt;<br>&gt; &lt;Reference URI=3D"#_0"&=
gt;<br>&gt; &lt;Transforms&gt;<br>&gt; &lt;Transform Algorithm=3D"<a href=
=3D"http://www.w3.org/2001/10/xml-exc-c14n#" target=3D"_blank">http://www.w=
3.org/<wbr>2001/10/xml-exc-c14n#</a>"/&gt;<br>&gt; &lt;/Transforms&gt;<br>&=
gt; &lt;DigestMethod Algorithm=3D"<a href=3D"http://www.w3.org/2000/09/xmld=
sig#sha1" target=3D"_blank">http://www.w3.org/<wbr>2000/09/xmldsig#sha1</a>=
"/&gt;<br>&gt; &lt;DigestValue&gt;Soj1m/<wbr>E157CempDHHC6c6gZBd1E=3D&lt;/<=
wbr>DigestValue&gt;<br>&gt; &lt;/Reference&gt;<br>&gt; &lt;/SignedInfo&gt;<=
br>&gt; &lt;SignatureValue&gt;<br>&gt; kqsIYUc3uYoQpuWVWYOio4KcGpon+<wbr>3w=
DDhsAzVgZVljQxEhF7z1JS/<br>&gt; qzw9ELYCn2JbYIkWMtEeYfXRtPvjrP<wbr>M1fjJiqb=
XSKq7jHEeVtMQnOytAHRL1<wbr>ZFA<br>&gt; +<wbr>dLq4spJQR7uYnmJ1lmgQnu1kYcteSm=
<wbr>D29Xm5e5dPUnz4yap3p7zC4=3D<br>&gt; &lt;/SignatureValue&gt;<br>&gt; &lt=
;KeyInfo&gt;<br>&gt; &lt;o:SecurityTokenReference&gt;<br>&gt; &lt;o:Referen=
ce ValueType=3D"<a href=3D"http://docs.oasis-open.org/wss/2004/01/" target=
=3D"_blank">http://docs.oasis-<wbr>open.org/wss/2004/01/</a><br>&gt; oasis-=
200401-wss-x509-token-<wbr>profile-1.0#X509v3" URI=3D"#uuid-<br>&gt; e35f52=
71-3c4e-47c7-ba34-<wbr>8d995e414ba3-1"/&gt;<br>&gt; &lt;/o:SecurityTokenRef=
erence&gt;<br>&gt; &lt;/KeyInfo&gt;<br>&gt; &lt;/Signature&gt;<br>&gt; &lt;=
/o:Security&gt;<br>&gt; &lt;/s:Header&gt;<br>&gt; <br>&gt; But to create me=
ssage digest we need perform XML canonicalization with<br>&gt; "<a href=3D"=
http://www.w3.org/2001/10/xml-exc-c14n#" target=3D"_blank">http://www.w3.or=
g/2001/10/<wbr>xml-exc-c14n#</a>" transform algorithm. I am<br>&gt; not abl=
e to found any API or library which perform above task.<br>&gt; <br>&gt; I =
had used xmlsec jar but I guess it is not supported by android and<br>&gt; =
also used all the option which I found after googling.<br>&gt; <br>&gt; Ple=
ase guide me how to call WCF web-service which involve X.509<br>&gt; certif=
icate based mutual authentication.<br>&gt; </p><p></p><p></p><p></p><p></p>=
</blockquote></div><br>On Wednesday, 29 February 2012 19:27:03 UTC+5:30, An=
ders Rundgren  wrote:<blockquote class=3D"gmail_quote" style=3D"margin: 0;m=
argin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">If you on=
ly need to create a cononicalized XML it is very simple.<br>You do the cano=
nicalization manually.<br>It means eliminating whitespace between elements.=
<br>Putting attributes in alphabetical order.<p>When the signatures verifie=
s you are done :-)</p><p>Anders</p><p>On 2012-02-28 07:38, Pankaj wrote:<br=
>&gt; I want to consume WCF web-service which uses X.509 certificate for<br=
>&gt; mutual authentication. I had imported certificates using keytools in<=
br>&gt; BKS keystore &amp; able to use in android code. Now for mutual<br>&=
gt; authentication i need to create web-request which have message digest<b=
r>&gt; &amp; signature in it<br>&gt; <br>&gt; &lt;s:Header&gt;<br>&gt; &lt;=
o:Security xmlns:o=3D"<a href=3D"http://docs.oasis-open.org/wss/2004/01/" t=
arget=3D"_blank">http://docs.oasis-<wbr>open.org/wss/2004/01/</a><br>&gt; o=
asis-200401-wss-wssecurity-<wbr>secext-1.0.xsd" s:mustUnderstand=3D"1"&gt;<=
br>&gt; &lt;u:Timestamp u:Id=3D"_0"&gt;<br>&gt; &lt;u:Created&gt;2012-02-21=
T04:45:<wbr>06.429Z&lt;/u:Created&gt;<br>&gt; &lt;u:Expires&gt;2012-02-21T0=
4:50:<wbr>06.429Z&lt;/u:Expires&gt;<br>&gt; &lt;/u:Timestamp&gt;<br>&gt; &l=
t;o:BinarySecurityToken u:Id=3D"uuid-e35f5271-3c4e-47c7-<br>&gt; ba34-8d995=
e414ba3-1" ValueType=3D"<a href=3D"http://docs.oasis-open.org/wss/2004/01/"=
 target=3D"_blank">http://docs.oasis-<wbr>open.org/wss/2004/01/</a><br>&gt;=
 oasis-200401-wss-x509-token-<wbr>profile-1.0#X509v3" EncodingType=3D"http:=
//<br>&gt; <a href=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401-w=
ss-soap-message-" target=3D"_blank">docs.oasis-open.org/wss/2004/<wbr>01/oa=
sis-200401-wss-soap-<wbr>message-</a><br>&gt; security-1.0#Base64Binary"&gt=
;<br>&gt; MIICbzCCAdygAwIBAgIQfjyZ229iN4<wbr>tAbV0fiYiVyTAJBgUrDgMCHQUAMD8x=
<wbr>PTA7BgNVBAMTNGNsaWVudC5iNTRiYT<wbr>FkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5<wbr>=
ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMT<wbr>IwMjE2MTY0MjI1WhcNMzkxMjMxMjM1<wbr>OTU5W=
jA/<br>&gt; MT0wOwYDVQQDEzRjbGllbnQuYjU0Ym<wbr>ExZDdlNjc2NGQ3ZDlkYjAwN2E4Mj=
Zj<wbr>OWRhOTcuY2xvdWRhcHAubmV0MIGfMA<wbr>0GCSqGSIb3DQEBAQUAA4GNADCBiQKB<wb=
r>gQDRW<br>&gt; +<wbr>Di90XDGulLybdBboUlOilxvbcnfow+<wbr>NhoNW80uNjmGQiQpxP=
0oNnYT7RKJ<br>&gt; +nP3+<wbr>sZxUfRfazLgvOTFn0F9SIFQ9T4I5LN<wbr>FMHhDfExoT0=
k/<br>&gt; aeF870Euy07BiwF7eXw6toSv1dKwKa<wbr>vq20szbIr/NeabIEDS/GzKY6P0/<b=
r>&gt; TOQfwIDAQABo3QwcjBwBgNVHQEEaTB<wbr>ngBCNb6YOYI3RBR64WvVUjQtPoUEwP<wb=
r>zE9MDsGA1UEAxM0Y2xpZW50LmI1NGJ<wbr>hMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2Y<wbr>zlk=
YTk3LmNsb3VkYXBwLm5ldIIQfjy<wbr>Z229iN4tAbV0fiYiVyTAJBgUrDgMCH<wbr>QUAA4GBA=
G5v1DZmXQKcaxNzz2VYDZ8<wbr>aYYrYRQwU4lrBKlI0CnrkcZwQGPmRx<wbr>dkiET9D91kcN/=
<br>&gt; fmq90nj1F5FZoqhzeT1moqGKXKT9HR<wbr>X8j6Ln1QDhsr+0JfgJW9/<br>&gt; I=
FaQI14xKwr8bw4+<wbr>DxIyp0IMpSw9biULmIQ1QuTzfKDEow<wbr>lcQhsik+E<br>&gt; &l=
t;/o:BinarySecurityToken&gt;<br>&gt; &lt;Signature xmlns=3D"<a href=3D"http=
://www.w3.org/2000/09/xmldsig#" target=3D"_blank">http://www.w3.org/2000/<w=
br>09/xmldsig#</a>"&gt;<br>&gt; &lt;SignedInfo&gt;<br>&gt; &lt;Canonicaliza=
tionMethod Algorithm=3D"<a href=3D"http://www.w3.org/2001/10/xml-exc-" targ=
et=3D"_blank">http://www.w3.org/<wbr>2001/10/xml-exc-</a><br>&gt; c14n#"/&g=
t;<br>&gt; &lt;SignatureMethod Algorithm=3D"<a href=3D"http://www.w3.org/20=
00/09/xmldsig#rsa-" target=3D"_blank">http://www.w3.org/<wbr>2000/09/xmldsi=
g#rsa-</a><br>&gt; sha1"/&gt;<br>&gt; &lt;Reference URI=3D"#_0"&gt;<br>&gt;=
 &lt;Transforms&gt;<br>&gt; &lt;Transform Algorithm=3D"<a href=3D"http://ww=
w.w3.org/2001/10/xml-exc-c14n#" target=3D"_blank">http://www.w3.org/<wbr>20=
01/10/xml-exc-c14n#</a>"/&gt;<br>&gt; &lt;/Transforms&gt;<br>&gt; &lt;Diges=
tMethod Algorithm=3D"<a href=3D"http://www.w3.org/2000/09/xmldsig#sha1" tar=
get=3D"_blank">http://www.w3.org/<wbr>2000/09/xmldsig#sha1</a>"/&gt;<br>&gt=
; &lt;DigestValue&gt;Soj1m/<wbr>E157CempDHHC6c6gZBd1E=3D&lt;/<wbr>DigestVal=
ue&gt;<br>&gt; &lt;/Reference&gt;<br>&gt; &lt;/SignedInfo&gt;<br>&gt; &lt;S=
ignatureValue&gt;<br>&gt; kqsIYUc3uYoQpuWVWYOio4KcGpon+<wbr>3wDDhsAzVgZVljQ=
xEhF7z1JS/<br>&gt; qzw9ELYCn2JbYIkWMtEeYfXRtPvjrP<wbr>M1fjJiqbXSKq7jHEeVtMQ=
nOytAHRL1<wbr>ZFA<br>&gt; +<wbr>dLq4spJQR7uYnmJ1lmgQnu1kYcteSm<wbr>D29Xm5e5=
dPUnz4yap3p7zC4=3D<br>&gt; &lt;/SignatureValue&gt;<br>&gt; &lt;KeyInfo&gt;<=
br>&gt; &lt;o:SecurityTokenReference&gt;<br>&gt; &lt;o:Reference ValueType=
=3D"<a href=3D"http://docs.oasis-open.org/wss/2004/01/" target=3D"_blank">h=
ttp://docs.oasis-<wbr>open.org/wss/2004/01/</a><br>&gt; oasis-200401-wss-x5=
09-token-<wbr>profile-1.0#X509v3" URI=3D"#uuid-<br>&gt; e35f5271-3c4e-47c7-=
ba34-<wbr>8d995e414ba3-1"/&gt;<br>&gt; &lt;/o:SecurityTokenReference&gt;<br=
>&gt; &lt;/KeyInfo&gt;<br>&gt; &lt;/Signature&gt;<br>&gt; &lt;/o:Security&g=
t;<br>&gt; &lt;/s:Header&gt;<br>&gt; <br>&gt; But to create message digest =
we need perform XML canonicalization with<br>&gt; "<a href=3D"http://www.w3=
.org/2001/10/xml-exc-c14n#" target=3D"_blank">http://www.w3.org/2001/10/<wb=
r>xml-exc-c14n#</a>" transform algorithm. I am<br>&gt; not able to found an=
y API or library which perform above task.<br>&gt; <br>&gt; I had used xmls=
ec jar but I guess it is not supported by android and<br>&gt; also used all=
 the option which I found after googling.<br>&gt; <br>&gt; Please guide me =
how to call WCF web-service which involve X.509<br>&gt; certificate based m=
utual authentication.<br>&gt; </p><p></p><p></p><p></p><p></p></blockquote>
------=_Part_5_15811901.1330576349072--

------=_Part_4_2831915.1330576349072
Content-Type: application/xml; name=req.xml
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="req.xml"
X-Attachment-Id: da72905d-cb04-485d-a801-2213c7d9a7d9

PHM6RW52ZWxvcGUgeG1sbnM6cz0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvc29hcC9lbnZl
bG9wZS8iIHhtbG5zOnU9Imh0dHA6Ly9kb2NzLm9hc2lzLW9wZW4ub3JnL3dzcy8yMDA0LzAxL29h
c2lzLTIwMDQwMS13c3Mtd3NzZWN1cml0eS11dGlsaXR5LTEuMC54c2QiPjxzOkhlYWRlcj48bzpT
ZWN1cml0eSBzOm11c3RVbmRlcnN0YW5kPSIxIiB4bWxuczpvPSJodHRwOi8vZG9jcy5vYXNpcy1v
cGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktc2VjZXh0LTEu
MC54c2QiPjx1OlRpbWVzdGFtcCB1OklkPSJfMCI+PHU6Q3JlYXRlZD4yMDEyLTAyLTIxVDA0OjQ1
OjA2LjQyOVo8L3U6Q3JlYXRlZD48dTpFeHBpcmVzPjIwMTItMDItMjFUMDQ6NTA6MDYuNDI5Wjwv
dTpFeHBpcmVzPjwvdTpUaW1lc3RhbXA+PG86QmluYXJ5U2VjdXJpdHlUb2tlbiB1OklkPSJ1dWlk
LWUzNWY1MjcxLTNjNGUtNDdjNy1iYTM0LThkOTk1ZTQxNGJhMy0xIiBWYWx1ZVR5cGU9Imh0dHA6
Ly9kb2NzLm9hc2lzLW9wZW4ub3JnL3dzcy8yMDA0LzAxL29hc2lzLTIwMDQwMS13c3MteDUwOS10
b2tlbi1wcm9maWxlLTEuMCNYNTA5djMiIEVuY29kaW5nVHlwZT0iaHR0cDovL2RvY3Mub2FzaXMt
b3Blbi5vcmcvd3NzLzIwMDQvMDEvb2FzaXMtMjAwNDAxLXdzcy1zb2FwLW1lc3NhZ2Utc2VjdXJp
dHktMS4wI0Jhc2U2NEJpbmFyeSI+TUlJQ2J6Q0NBZHlnQXdJQkFnSVFmanlaMjI5aU40dEFiVjBm
aVlpVnlUQUpCZ1VyRGdNQ0hRVUFNRDh4UFRBN0JnTlZCQU1UTkdOc2FXVnVkQzVpTlRSaVlURmtO
MlUyTnpZMFpEZGtPV1JpTURBM1lUZ3lObU01WkdFNU55NWpiRzkxWkdGd2NDNXVaWFF3SGhjTk1U
SXdNakUyTVRZME1qSTFXaGNOTXpreE1qTXhNak0xT1RVNVdqQS9NVDB3T3dZRFZRUURFelJqYkds
bGJuUXVZalUwWW1FeFpEZGxOamMyTkdRM1pEbGtZakF3TjJFNE1qWmpPV1JoT1RjdVkyeHZkV1Jo
Y0hBdWJtVjBNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURSVytEaTkwWERH
dWxMeWJkQmJvVWxPaWx4dmJjbmZvdytOaG9OVzgwdU5qbUdRaVFweFAwb05uWVQ3UktKK25QMytz
WnhVZlJmYXpMZ3ZPVEZuMEY5U0lGUTlUNEk1TE5GTUhoRGZFeG9UMGsvYWVGODcwRXV5MDdCaXdG
N2VYdzZ0b1N2MWRLd0thdnEyMHN6YklyL05lYWJJRURTL0d6S1k2UDAvVE9RZndJREFRQUJvM1F3
Y2pCd0JnTlZIUUVFYVRCbmdCQ05iNllPWUkzUkJSNjRXdlZValF0UG9VRXdQekU5TURzR0ExVUVB
eE0wWTJ4cFpXNTBMbUkxTkdKaE1XUTNaVFkzTmpSa04yUTVaR0l3TURkaE9ESTJZemxrWVRrM0xt
TnNiM1ZrWVhCd0xtNWxkSUlRZmp5WjIyOWlONHRBYlYwZmlZaVZ5VEFKQmdVckRnTUNIUVVBQTRH
QkFHNXYxRFptWFFLY2F4Tnp6MlZZRFo4YVlZcllSUXdVNGxyQktsSTBDbnJrY1p3UUdQbVJ4ZGtp
RVQ5RDkxa2NOL2ZtcTkwbmoxRjVGWm9xaHplVDFtb3FHS1hLVDlIUlg4ajZMbjFRRGhzciswSmZn
Slc5L0lGYVFJMTR4S3dyOGJ3NCtEeEl5cDBJTXBTdzliaVVMbUlRMVF1VHpmS0RFb3dsY1Foc2lr
K0U8L286QmluYXJ5U2VjdXJpdHlUb2tlbj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3Lncz
Lm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhv
ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxT
aWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz
aWcjcnNhLXNoYTEiLz48UmVmZXJlbmNlIFVSST0iI18wIj48VHJhbnNmb3Jtcz48VHJhbnNmb3Jt
IEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9U
cmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw
LzA5L3htbGRzaWcjc2hhMSIvPjxEaWdlc3RWYWx1ZT5Tb2oxbS9FMTU3Q2VtcERISEM2YzZnWkJk
MUU9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVl
Pmtxc0lZVWMzdVlvUXB1V1ZXWU9pbzRLY0dwb24rM3dERGhzQXpWZ1pWbGpReEVoRjd6MUpTL3F6
dzlFTFlDbjJKYllJa1dNdEVlWWZYUnRQdmpyUE0xZmpKaXFiWFNLcTdqSEVlVnRNUW5PeXRBSFJM
MVpGQStkTHE0c3BKUVI3dVlubUoxbG1nUW51MWtZY3RlU21EMjlYbTVlNWRQVW56NHlhcDNwN3pD
ND08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxvOlNlY3VyaXR5VG9rZW5SZWZlcmVuY2U+PG86
UmVmZXJlbmNlIFZhbHVlVHlwZT0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3NzLzIwMDQv
MDEvb2FzaXMtMjAwNDAxLXdzcy14NTA5LXRva2VuLXByb2ZpbGUtMS4wI1g1MDl2MyIgVVJJPSIj
dXVpZC1lMzVmNTI3MS0zYzRlLTQ3YzctYmEzNC04ZDk5NWU0MTRiYTMtMSIvPjwvbzpTZWN1cml0
eVRva2VuUmVmZXJlbmNlPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48L286U2VjdXJpdHk+PC9zOkhl
YWRlcj48czpCb2R5PjxJbml0aWF0ZUF1dGhlbnRpY2F0aW9uIHhtbG5zPSJodHRwOi8vdGVtcHVy
aS5vcmcvIj48YXV0aFJlcXVlc3QgeG1sbnM6YT0iaHR0cDovL3NjaGVtYXMuZGF0YWNvbnRyYWN0
Lm9yZy8yMDA0LzA3L1dDRlNlcnZpY2VXZWJSb2xlMSIgeG1sbnM6aT0iaHR0cDovL3d3dy53My5v
cmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiPjxhOkF1dGhVc2VyUmVxdWVzdD48YTpBdXRoZW50
aWNhdGlvbkNvZGU+NDQ1NTY2NjwvYTpBdXRoZW50aWNhdGlvbkNvZGU+PGE6Q2VsbFBob25lPjYy
NjYxNzA3MzM8L2E6Q2VsbFBob25lPjwvYTpBdXRoVXNlclJlcXVlc3Q+PC9hdXRoUmVxdWVzdD48
L0luaXRpYXRlQXV0aGVudGljYXRpb24+PC9zOkJvZHk+PC9zOkVudmVsb3BlPg==
------=_Part_4_2831915.1330576349072--

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google