Cannot make it works KeyInfo

307 views
Skip to first unread message

Sebastian Nocetti

unread,
Mar 5, 2020, 2:19:08 PM3/5/20
to wse-php
I need to generate something similar to (soapui referenced):

<soapenv:Envelope
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
<wsu:Timestamp wsu:Id="TS-8B870F75ED1D056F04158342997968034">
<wsu:Created>2020-03-05T17:39:39.680Z</wsu:Created>
<wsu:Expires>2020-03-05T20:26:19.680Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature Id="SIG-8B870F75ED1D056F04158342997966733"
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="inf soapenv xsd xsi"
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-8B870F75ED1D056F04158342997966732">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="inf xsd xsi"
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>iMtBz2gPU4wKWN4cErr8FIhZYjY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MUdIJlEuAbawBddYtJNboLPh89eTpvCxAOVLlmjy6493xPomujGWSZQQE6+pYTHsPqPXtHjWHTZN[\n]"
"IcFuuBTvMy7aMj31BUnBFPEDaWM7kUlDyLA7vLebqJ7FvzAkdtXUt7Gu/o7Ie+RdkFiNaEhdquVp[\n]"
"r+NSUbsy7ENWLXAuI38HlSdZ32Hfokc0HSYUvI6BSrlkEJ5TwnpKn4aoDIhkxV0gZTHvKH+cVQ7U[\n]"
"Tg7qytsxyC/MBGqYZC6aaKY3OR5fagCkqWGMwstnao7h6xXpvFUUgOH294xnqu2u+yFo3hRyRpVk[\n]"
"6OmUH1CNZyNJieWTvFXuZXmqKiLo8YWfj3OPTQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-8B870F75ED1D056F04158342997966730">
<wsse:SecurityTokenReference wsu:Id="STR-8B870F75ED1D056F04158342997966731">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Sebastian Nocetti,OU=Sistemas,O=Mayi,L=Bogota,ST=Bogota,C=CO</ds:X509IssuerName>
<ds:X509SerialNumber>1522148326</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-8B870F75ED1D056F04158342997966732"
<inf:consultaXml soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<in0 xsi:type="dto:ParametrosConsultaDTO"
<codigoInformacion xsi:type="soapenc:string"
</codigoInformacion>
<motivoConsulta xsi:type="soapenc:string"
</motivoConsulta>
<numeroIdentificacion xsi:type="soapenc:string"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">1023937366
</numeroIdentificacion>
<tipoIdentificacion xsi:type="soapenc:string"
</tipoIdentificacion>
</in0>
</inf:consultaXml>
</soapenv:Body>
</soapenv:Envelope>


But KeyInfo is not working as expected... some help?

Rob Richards

unread,
Mar 5, 2020, 2:39:45 PM3/5/20
to wse...@googlegroups.com, Sebastian Nocetti
Its not currently supported via the library but wouldnt be hard to add. If you look at the staticAdd509Cert method in the XMLSecurityDSig class (from xmlseclibs), you will see how it constructs an x509DataNode with the issuer name an serial number. you would just need to take that code and adapt it in a similar fashion like where WSSESoap is currently creating X509SubjectKeyIdentifier.

I might have time to port it in a couple weeks if you hit issues trying it.

Rob
--
You received this message because you are subscribed to the Google Groups "wse-php" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wse-php+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wse-php/524d6539-25a2-41a7-b112-f1897c06db0c%40googlegroups.com.


Sebastian Nocetti

unread,
Mar 5, 2020, 2:44:59 PM3/5/20
to Rob Richards, wse...@googlegroups.com
I have a .pfx file, it will work?

Rob Richards

unread,
Mar 5, 2020, 3:00:45 PM3/5/20
to wse...@googlegroups.com, Sebastian Nocetti
You just need to convert it to pem format.

To extract private key:
openssl pkcs12 -in <mykey.pfx> -nocerts -out <mykey.pem>

To extract public:
openssl pkcs12 -in <mykey.pfx> -nokeys -out <mycert.pem>

German Alzate

unread,
Aug 1, 2020, 9:25:26 AM8/1/20
to wse-php
Hola, te funcionó ?. Yo también estoy intentando conectarme con transunion.

Sebastian Nocetti

unread,
Aug 1, 2020, 10:18:44 AM8/1/20
to wse...@googlegroups.com
Si ya lo tengo andando, si querés escribirme y te paso el código . gnoc...@gmail.com.

--
You received this message because you are subscribed to the Google Groups "wse-php" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wse-php+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wse-php/edcaea72-44da-4e0e-91a7-0f102d9a3eceo%40googlegroups.com.

Germán Alzate

unread,
Aug 1, 2020, 11:42:21 AM8/1/20
to wse...@googlegroups.com
Hola, muchas gracias por tu ayuda, después de luchar varios días, también lo puse a funcionar.

Gracias.

To view this discussion on the web visit https://groups.google.com/d/msgid/wse-php/CAKg%3Dd7Hj8i6oxfk3UCjDFdExma6FZ23kQ5E7xPBLB3%3DWvi1M8w%40mail.gmail.com.

Daruin Herrera

unread,
Dec 1, 2020, 10:51:08 AM12/1/20
to wse-php
do you use certificates and security tokens? in your code

Juan Carlos Alvarez

unread,
Oct 20, 2022, 10:28:37 AM10/20/22
to wse-php
Hola gnoc, tengo que resolver algo similar a lo que hiciste aqui ...

Por un lado debo agregar el nodo id a signature:
<ds:Signature Id="SIG-8B870F75ED1D056F04158342997966733"
               xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

Y mas abajo en el body :

<soapenv:Body wsu:Id="id-8B870F75ED1D056F04158342997966732"

Deberia poner el mismo valor que el id de arriba (en este caso difieren en un caracter 3 y 2 al final).

Podrias compartir el codigo, para ver como agregar ese Id.

Gracias !

Reply all
Reply to author
Forward
0 new messages