RSA signature did not verify
1,161 views
Skip to first unread message
Milind Bhadange
Apr 1, 2013, 10:14:59 AM4/1/13
to xmlse...@googlegroups.com
Hi,
I am getting XML parser error as:
Response
HTTP/1.1 100 Continue X-Note: Proxy Ack HTTP/1.1 500 Internal Server Error Content-Type: text/xml Connection: close <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Body> <env:Fault> <faultcode>XML Parse Error</faultcode> <faultstring>*RSA signature did not verify*</faultstring> <faultactor>ADP Secure Web Services Gateway</faultactor></env:Fault></env:Body></env:Envelope>
Following are the code example using xmlseclib:
<?php
$xml = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.enterprise.com">
<soapenv:Body>
<ws:calculateDocumentRequest xmlns="http://ws.enterprise.com" xmlns:ws="http://ws.enterprise.com">
<ws:secrtySbj>
<ws:usrname>SOAPAPI@enterprise</ws:usrname>
<ws:pswrd>newYear2012</ws:pswrd>
</ws:secrtySbj>
<ws:doc>
..
..
..
..
..
</ws:doc>
</ws:calculateDocumentRequest>
</soapenv:Body>
</soapenv:Envelope>';
$doc = new DOMDocument();
$doc->formatOutput = false;
$doc->preserveWhiteSpace = false;
$doc->loadXML($xml);
<soapenv:Body>
<ws:calculateDocumentRequest xmlns="http://ws.enterprise.com" xmlns:ws="http://ws.enterprise.com">
<ws:secrtySbj>
<ws:usrname>SOAPAPI@enterprise</ws:usrname>
<ws:pswrd>newYear2012</ws:pswrd>
</ws:secrtySbj>
<ws:doc>
..
..
..
..
..
</ws:doc>
</ws:calculateDocumentRequest>
</soapenv:Body>
</soapenv:Envelope>';
$doc = new DOMDocument();
$doc->formatOutput = false;
$doc->preserveWhiteSpace = false;
$doc->loadXML($xml);
$objDSig = new XMLSecurityDSig(TRUE);
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
/* load private key */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
/* load private key */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
$objDSig->sign($objKey, $doc->documentElement);
/* Add associated public key */
$objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
$objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
$objDSig->appendSignature($doc->firstChild->firstChild->firstChild);
$request = $doc->saveXML();
$host = 'https://host.com/';
$login = 'user';
$passwd = 'a1234567';
$process = curl_init($host);
$additionalHeaders = array('SOAPAction' => 'http://ws.enterprise.com/calculateDocument');
curl_setopt($process, CURLOPT_HTTPHEADER, $additionalHeaders);
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_USERPWD, $login . ":" . $passwd);
curl_setopt($process, CURLOPT_VERBOSE, 1) ;
curl_setopt($process, CURLOPT_STDERR, fopen(dirname(__FILE__) . "/headers.txt", "w+"));
curl_setopt($process, CURLOPT_TIMEOUT, 300);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_SSLVERSION, 3);
curl_setopt($process, CURLOPT_POSTFIELDS, $request);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($process, CURLOPT_CAINFO, $Ccert);
curl_setopt($process, CURLOPT_SSLCERT, $Cpem);
curl_setopt($process, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($process, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
echo curl_error($process);
curl_close($process);
$request = $doc->saveXML();
$host = 'https://host.com/';
$login = 'user';
$passwd = 'a1234567';
$process = curl_init($host);
$additionalHeaders = array('SOAPAction' => 'http://ws.enterprise.com/calculateDocument');
curl_setopt($process, CURLOPT_HTTPHEADER, $additionalHeaders);
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_USERPWD, $login . ":" . $passwd);
curl_setopt($process, CURLOPT_VERBOSE, 1) ;
curl_setopt($process, CURLOPT_STDERR, fopen(dirname(__FILE__) . "/headers.txt", "w+"));
curl_setopt($process, CURLOPT_TIMEOUT, 300);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_SSLVERSION, 3);
curl_setopt($process, CURLOPT_POSTFIELDS, $request);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($process, CURLOPT_CAINFO, $Ccert);
curl_setopt($process, CURLOPT_SSLCERT, $Cpem);
curl_setopt($process, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($process, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
echo curl_error($process);
curl_close($process);
?>
Can anybody has any idea about what is wrong with the request?
Regards,
Milind
Rob Richards
Apr 2, 2013, 4:43:41 AM4/2/13
to xmlse...@googlegroups.com, Milind Bhadange
I would bet it's due to signing the
wrong element.
Take a look at the signSoapDoc() method from my wse-php library:
http://code.google.com/p/wse-php/source/browse/soap-wsse.php#197
Rob
Take a look at the signSoapDoc() method from my wse-php library:
http://code.google.com/p/wse-php/source/browse/soap-wsse.php#197
Rob
--
You received this message because you are subscribed to the Google Groups "xmlseclibs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xmlseclibs+...@googlegroups.com.
To post to this group, send email to xmlse...@googlegroups.com.
Visit this group at http://groups.google.com/group/xmlseclibs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Milind Bhadange
Apr 2, 2013, 5:38:47 AM4/2/13
to xmlse...@googlegroups.com
Hi Rob,
Thanks for reply.
I have try with your suggestion, but still giving same error:
Response
HTTP/1.1 100 Continue X-Note: Proxy Ack HTTP/1.1 500 Internal Server Error Content-Type: text/xml Connection: close <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Body> <env:Fault> <faultcode>XML Parse Error</faultcode> <faultstring>*RSA signature did not verify*</faultstring> <faultactor>ADP Secure Web Services Gateway</faultactor></env:Fault></env:Body></env:Envelope>
Below is my code:
<?php
require('soap-wsa.php');
require('wsa.php');
require('wsa.php');
define('PRIVATE_KEY', 'privkey.pem');
define('CERT_FILE', 'mycert.pem');
$xml = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.enterprise.com">
<soapenv:Body>
<ws:calculateDocumentRequest xmlns="http://ws.enterprise.com" xmlns:ws="http://ws.enterprise.com">
<ws:secrtySbj>
<ws:usrname>SOAPAPI@service</ws:usrname>
<ws:pswrd>newYear2012</ws:pswrd>
</ws:secrtySbj>
<ws:doc>
..
..
..
..
</ws:doc>
<ws:rsltLvl>1</ws:rsltLvl>
<ws:isAudit>true</ws:isAudit>
<ws:rsltLvl>1</ws:rsltLvl>
<ws:isAudit>true</ws:isAudit>
</ws:calculateDocumentRequest>
</soapenv:Body>
</soapenv:Envelope>';
</soapenv:Body>
</soapenv:Envelope>';
$dom = new DOMDocument();
$dom->loadXML($xml);
$dom->loadXML($xml);
$objWSA = new WSASoap($dom);
$dom = $objWSA->getDoc();
$objWSSE = new WSSESoap($dom);
$objWSSE->addUserToken('user@service', 'a1234567');
/* Sign all headers to include signing the WS-Addressing headers */
$objWSSE->signAllHeaders = TRUE;
$objWSSE->addUserToken('user@service', 'a1234567');
/* Sign all headers to include signing the WS-Addressing headers */
$objWSSE->signAllHeaders = TRUE;
$objWSSE->addTimestamp();
/* create new XMLSec Key using RSA SHA-1 and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
/* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
$objKey->loadKey(PRIVATE_KEY, TRUE);
$objKey->loadKey(PRIVATE_KEY, TRUE);
/* Sign the message - also signs appropraite WS-Security items */
$objWSSE->signSoapDoc($objKey);
$objWSSE->signSoapDoc($objKey);
/* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
$objWSSE->attachTokentoSig($token);
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
$objWSSE->attachTokentoSig($token);
$request = $objWSSE->saveXML();
//header('content-type:text/xml');
$host = 'https://sstuatws.adp.com/';
$Cpem = dirname(__FILE__) . '/cert.pem';
$Ccert = dirname(__FILE__) . '/cer.crt';
//header('content-type:text/xml');
$host = 'https://sstuatws.adp.com/';
$Cpem = dirname(__FILE__) . '/cert.pem';
$Ccert = dirname(__FILE__) . '/cer.crt';
$login = 'user@service';
$passwd = 'a1234567';
$process = curl_init($host);
//$additionalHeaders = array('SOAPAction' => 'http://ws.enterprise.com/calculateDocument');
//curl_setopt($process, CURLOPT_HTTPHEADER, $additionalHeaders);
//curl_setopt($process, CURLOPT_HTTPHEADER, $additionalHeaders);
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_USERPWD, $login . ":" . $passwd);
curl_setopt($process, CURLOPT_VERBOSE, 1) ;
curl_setopt($process, CURLOPT_STDERR, fopen(dirname(__FILE__) . "/headers.txt", "w+"));
curl_setopt($process, CURLOPT_TIMEOUT, 300);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_SSLVERSION, 3);
curl_setopt($process, CURLOPT_POSTFIELDS, $request);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($process, CURLOPT_CAINFO, $Ccert);
curl_setopt($process, CURLOPT_SSLCERT, $Cpem);
curl_setopt($process, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($process, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
echo curl_error($process);
curl_close($process);
curl_setopt($process, CURLOPT_USERPWD, $login . ":" . $passwd);
curl_setopt($process, CURLOPT_VERBOSE, 1) ;
curl_setopt($process, CURLOPT_STDERR, fopen(dirname(__FILE__) . "/headers.txt", "w+"));
curl_setopt($process, CURLOPT_TIMEOUT, 300);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_SSLVERSION, 3);
curl_setopt($process, CURLOPT_POSTFIELDS, $request);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($process, CURLOPT_CAINFO, $Ccert);
curl_setopt($process, CURLOPT_SSLCERT, $Cpem);
curl_setopt($process, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($process, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
echo curl_error($process);
curl_close($process);
//echo '<h2>Response</h2><pre>' . htmlspecialchars($return, ENT_QUOTES) . '</pre>';
//header('content-type: text/xml');
//echo $request;
//echo $return;
echo '<h2>Request</h2><pre>' . htmlspecialchars($request, ENT_QUOTES) . '</pre>';
echo '<h2>Response</h2><pre>' . htmlspecialchars($return, ENT_QUOTES) . '</pre>';
//header('content-type: text/xml');
//echo $request;
//echo $return;
echo '<h2>Request</h2><pre>' . htmlspecialchars($request, ENT_QUOTES) . '</pre>';
echo '<h2>Response</h2><pre>' . htmlspecialchars($return, ENT_QUOTES) . '</pre>';
?>
Let me know if anything is wrong with this code.
Regards,
Milind
Rob Richards
Apr 23, 2013, 12:11:26 PM4/23/13
to xmlse...@googlegroups.com
Take out at least the call to addUserToken as it looks like you already have this set in the raw soap message you assign to the $xml variable. See what happens after that. Without the service provider helping with some detailed information on why it failed you need to basically work through the problem like we are doing.
Rob
$login = 'u...@service';
Reply all
Reply to author
Forward
0 new messages