Geek asks and answers

What bits of SOAP / WS-Security / WS-Addressing / etc do I need to send this message

EDIT: I think the only bit to understand is signing a message using the username token profile . Any pointers / hints / information on how to implement this would be great. I played with Visual Studio.Net 2003 with WSE 2 and the username token profile image, this means that this is the default, so my refusal is to use it, but it prefers to work on Linux, since this is the server that we have there is. Plus there is no WSE mono port. I get the impression that this is little used / out of date ...

I need to talk to the web service and get a sample below. I am trying to translate this into English ... or at least understand which bits of the WS security specifications I should look at to communicate with it.

I use Ruby / Savon for other WS calls, but it seems to only support basic WSSE username / password.

I see that this message has a Signature - but it is signed through an external file / certificate / code or I have enough details below to do the same signing inside my own code.

I do not see X509 or Cipher entries, which apparently implies that it is not done with such a certificate (in my naive understanding of this), so what is used to create the Signature - maybe just a simple message hash?

It also seems to be using some digest / message verification when I try to tweak the sample and resubmit it, discarding it as invalid - although, I think it might be due to the signature issue ...

I don’t think Savon supports this, and so I think I need to switch to JRuby and use the Java WS library, maybe Rampart with Axis2 or maybe Spring security . Any tips / tricks / good tutorials? I see it from IBM , but I think I need something higher level so that I can understand the "big picture"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <soap:Header>
    <wsa:Action wsu:Id="Id-6762c167-412b-4bf8-8839-518e9bc25da5">
    http://host/path/func</wsa:Action>
    <wsa:MessageID wsu:Id="Id-00bb0af8-232d-43a8-adbb-39f230599c56">
    uuid:2005639d-39b8-4df6-bf41-e18741c45291</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-c53a1dbe-244f-46a9-b656-883f4b06dcfe">
      <wsa:Address>
      http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To wsu:Id="Id-017877f6-e5a3-43ae-aa2b-4886adb7060c">
    http://host/path/func.asmx</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-1a38d0f9-077f-4e95-991b-fa899a171920">

        <wsu:Created>2011-03-14T15:00:09Z</wsu:Created>
        <wsu:Expires>2011-03-14T15:05:09Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      wsu:Id="SecurityToken-42ae32d2-f6ff-431e-9369-7696b44965e3">
        <wsse:Username>crypteduser</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
        cryptedpass</wsse:Password>
        <wsse:Nonce>fLSoqLm9kuOumxy39JRHaw==</wsse:Nonce>
        <wsu:Created>2011-03-14T15:00:09Z</wsu:Created>
      </wsse:UsernameToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
          <Reference URI="#Id-6762c167-412b-4bf8-8839-518e9bc25da5">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>SAYl5o1kh33HteOe0L7G6KIKqWg=</DigestValue>
          </Reference>
          <Reference URI="#Id-00bb0af8-232d-43a8-adbb-39f230599c56">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>//LMuFkNC1FO1/9A9W7l6o75Y2M=</DigestValue>
          </Reference>
          <Reference URI="#Id-c53a1dbe-244f-46a9-b656-883f4b06dcfe">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>9pgN7bU48UKi1UTnpOCikOnp2G0=</DigestValue>
          </Reference>
          <Reference URI="#Id-017877f6-e5a3-43ae-aa2b-4886adb7060c">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>lWZNjtSHfVtiZeOFZAosV868Uos=</DigestValue>
          </Reference>
          <Reference URI="#Timestamp-1a38d0f9-077f-4e95-991b-fa899a171920">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>H3nYPY6kfIWEIWQhpwaz8VKeQIM=</DigestValue>
          </Reference>
          <Reference URI="#Id-f95dfea2-3af8-4e95-8e60-141858db9532">

            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>uRTu+Hzxw+zdaTYgW0z+j35diIQ=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>
        Hdn2wxWhmr450pefMuc41o6GgOA=</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-42ae32d2-f6ff-431e-9369-7696b44965e3"
            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-f95dfea2-3af8-4e95-8e60-141858db9532">
    <func xmlns="http://host/path/">
      <xml_in>yucky xml inside xml...</xml_in>
    </func>
  </soap:Body>
</soap:Envelope>

Thanks a lot in advance for any tips / pointers you can give.

Regards, Chris

EDIT

... X509, , , . .

EDIT2

- , ... http://msdn.microsoft.com/en-us/library/ms824647.aspx

EDIT3

, - , , - . - ...

EDIT4

, .Net, , Ruby, - , ...

+3
1

, , .

Wsse: SecurityTokenReference ( ): http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

: 3.2

, :

Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

, - ?

Password_Digest = Base64 ( SHA-1 ( nonce + created + UsernameToken ) )
+1

More articles:


All Articles