Yii Framework Forum

How to calculate Digest Value in SOAP/XML?


(Sriramjano) #1

After searching over internet, I have tried to generate digest value using following two methods:

shasum filename.txt | cut -f 1 -d ' ' | xxd -r -p | base64
openssl dgst -binary filename.txt | openssl enc -base64

I have used “SignatureValue” to create digest value, but shows incorrect value. My doubt is, which value of this SOAP/XML message would be used to calculate digest value? and any problem in my digest value calculation method??.

Below is my SOAP/XML message,

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
        xmlns:a="http://www.w3.org/2005/08/addressing"
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <s:Header>
            <bcbs:transactionUUID xmlns:bcbs="http://services.bcbssc.com">bca5d273-d676-4a62-84a9-f065916c31d4</bcbs:transactionUUID>
            <a:Action s:mustUnderstand="1" u:Id="_2">EEEEEEEEE</a:Action>
            <a:MessageID u:Id="_3">urn:uuid:a724c450-4e6c-4e03-967a-9223963303f2</a:MessageID>
            <a:ReplyTo u:Id="_4">
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <a:To s:mustUnderstand="1" u:Id="_5">some url</a:To>
            <o:Security s:mustUnderstand="1"
                xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <u:Timestamp u:Id="uuid-cc5bd1c5-72e6-4d68-a309-14e4e0bd04bc-6704">
                    <u:Created>2018-09-14T08:27:15.602Z</u:Created>
                    <u:Expires>2018-09-14T08:32:15.602Z</u:Expires>
                </u:Timestamp>
                <o:BinarySecurityToken
                    u:Id="uuid-4a32f614-b3e4-42da-8895-fc82f521ccf1-1134866"
                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"></o:BinarySecurityToken>
                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <SignedInfo>
                        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                        <Reference URI="#_1">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>111111111111111111111111111111</DigestValue>
                        </Reference>
                        <Reference URI="#_2">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>222222222222222222222222222222</DigestValue>
                        </Reference>
                        <Reference URI="#_3">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>333333333333333333333333333333</DigestValue>
                        </Reference>
                        <Reference URI="#_4">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>444444444444444444444444444444</DigestValue>
                        </Reference>
                        <Reference URI="#_5">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>555555555555555555555555555555</DigestValue>
                        </Reference>
                        <Reference URI="#uuid-cc5bd1c5-72e6-4d68-a309-14e4e0bd04bc-6704">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>666666666666666666666666666666666</DigestValue>
                        </Reference>
                    </SignedInfo>
                    <SignatureValue>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                    </SignatureValue>
                    <KeyInfo>
                        <o:SecurityTokenReference>
                            <o:Reference
                                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                                URI="#uuid-4a32f614-b3e4-42da-8895-fc82f521ccf1-1134866" />
                        </o:SecurityTokenReference>
                    </KeyInfo>
                </Signature>
            </o:Security>
        </s:Header>
        <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        </s:Body>
    </s:Envelope>