[xmlsec] Timestamp and Reference URI

Aleksey Sanin aleksey at aleksey.com
Thu Sep 6 03:19:26 PDT 2007 

You create a template with two references and just sign it :)
Hint: to create a template, simply remove DigestValue and
SignatureValue content :)

Aleksey

mahmoud wrote:
> Hi Aleksey,
> 
> i want to sign my XML-Message with x509 and put a timestamp to the 
> header. Also i want to sign just the timestamp and the body (like the 
> wss from Apache-AXIS). I want to use your lib but i don't know how to 
> sign just 2 Parts and make a reference for them in the signature like this:
> 
> soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> - <soapenv:Header>
> - <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>   <wsse:BinarySecurityToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
> wsu:Id="CertId-5398314">MIIDajCCAxSgAwIBAgIBKzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMQ4wDAYDVQQHEwVFc3NlbjEMMAoGA1UEChMDVFNJMQwwCgYDVQQLEwNUU0kxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA3MjAxMTI2MTVaFw0xNzA3MTcxMTI2MTVaMGoxCzAJBgNVBAYTAkRFMQowCAYDVQQIEwFCMQ8wDQYDVQQHEwZCZXJsaW4xFTATBgNVBAoTDEZsZXhmb24gR21iSDEMMAoGA1UECxMDRFNMMRkwFwYDVQQDExBNYWhtb3VkIEVsIERhb3VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AYzj7C3MeHroLsbP0tlO9pUtgkYrs2qlrjWHoPSMfYn0s8mv1g/KSTG83kZvsH9l3a2DgAol4abNSK7XLKVsUSsxJDgJV6xejN4dx7GcJjxIvUKPxtKeptU7pkhLxQOYfg4OuHTjD5TTMPrqaxmwNPEo7QRRvI5A7Rv+VaLA4HgorhX+6EoguLhUuhFrjqag3CJTa3JeKTF5tz9euIdvx/53+ULjGvSCxCLz8abqNPLAR6j8BUqmI9iPnwkyslG364k6QhdmhlAWXR0/R8J2+lNhWz78QIc9zQTCepfVp5y/9msLF7OYoUmYDGgf0HIv43h/OLJcaZgMnEnNUg19wIDAQABo4HrMIHoMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ9py+EbHAoR/LhEX2fx9QIvfm24TCBjQYDVR0jBIGFMIGCgBSbd/5bKwuXMTzHXyKvTeub/IE6OqFfpF0wWzELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05S 
> VzEOMAwGA1UEBxMFRXNzZW4xDDAKBgNVBAoTA1RTSTEMMAoGA1UECxMDVFNJMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQDJpL3Hev69jzANBgkqhkiG9w0BAQUFAANBADffCQnJwEcdaBtOu86GicEcMGrGLg7yTF6QoXaa43qiFhrs9oDkmLr0Z9B0D5vdq3ztBU5XXxnHqXWLWdNZ57A=</wsse:BinarySecurityToken> 
> 
> - <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
> Id="Signature-6504030">
> - <ds:SignedInfo>
>   <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>   <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> - <ds:Reference URI="#Timestamp-27535250">
> - <ds:Transforms>
>   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>   </ds:Transforms>
>   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>   <ds:DigestValue>8jNGFeIQpXdFPxgPHeCj7i77cxo=</ds:DigestValue>
>   </ds:Reference>
> - <ds:Reference URI="#id-8949356">
> - <ds:Transforms>
>   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>   </ds:Transforms>
>   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>   <ds:DigestValue>POniW5uYnA3py8dCm1iu8Yr0pac=</ds:DigestValue>
>   </ds:Reference>
>   </ds:SignedInfo>
>   
> <ds:SignatureValue>AiHlclEZneLXRCJ3qa5g0QJ/UvDv7DUwDnpbbtH3df1zPOkDkEzoDu94+eSCDJjGx1NF0ZUx/IXE 
> /3cfkHjBK/AfxRj72DCcgrEGUkyx27LM2eR2MjdbPZu8sXX4XhAmH0sGJLz+QHO0PqAkByKfKB+V 
> 2EhU+RrUmAIDEtf8QFMhwSWwovk7MhZIESZ5U8VJVxvhz204zE9pcgBsY/LqRrH7lWupzd+TGu4k 
> Fgp7TpZoy/31CebcGlNR18DCeTwPkTkPBCJRSvEFZjbfvzR6vd1XH4BET/rwPd6n4NKLLwqoooiB 
> ALKtxQg/ns+MowGQYsyfk5+3IkaGO9fJwd44MA==</ds:SignatureValue>
> - <ds:KeyInfo Id="KeyId-22507120">
> - <wsse:SecurityTokenReference 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
> wsu:Id="STRId-28678543">
>   <wsse:Reference URI="#CertId-5398314" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
> />
>   </wsse:SecurityTokenReference>
>   </ds:KeyInfo>
>   </ds:Signature>
> - <wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
> wsu:Id="Timestamp-27535250">
>   <wsu:Created>2007-08-10T12:11:37Z</wsu:Created>
>   <wsu:Expires>2007-08-10T12:16:37Z</wsu:Expires>
>   </wsu:Timestamp>
>   </wsse:Security>
>   </soapenv:Header>
> - <soapenv:Body 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
> wsu:Id="id-8949356">
> - <ns1:execute 
> xmlns:ns1="http://www.telekom.de/t-com/resaleDSL/webservices" 
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
>   <xmldata xsi:type="xsd:string"><?xml version="1.0" encoding="UTF-8"?> 
> some text</xmldata>
>   </ns1:execute>
>   </soapenv:Body>
>   </soapenv:Envelope>
> 
> 
> thank you for any help!!!
> 
> max pade
> 
> ------------------------------------------------------------------------
> Yahoo! Clever < 
> http://de.rd.yahoo.com/evt=48210/*http://de.answers.yahoo.com/;_ylc=X3oDMTEyYTEwYzVhBF9TAzIxMTQ3MTgxOTAEc2VjA21haWwEc2xrA3RhZ2xpbmU-> 
> - Der einfachste Weg, Fragen zu stellen und Wissenswertes mit Anderen zu 
> teilen.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list