Validating ds:Signature with X.509 Certificate

SOAP Web Service Tutorials - Herong's Tutorial Examples

∟Validating ds:Signature with X.509 Certificate

This section provides a tutorial example on how the SOAP message receiver should validate the digital signatures included in the ds:Signature elements. Digital signatures should be decrypted using public keys included in X.509 certificates passed in the wsse:BinarySecurityToken element.

Now let's take a closer look at the SOAP request message generated by SoapUI from the previous tutorial. The full request message listed below was copied from the "Raw" tab on the request screen. Note that extra line breaks are added for formatting purpose.

<soapenv:Envelope 
 xmlns:ser="http://www.herongyang.com/Service/" 
 xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01
    /oasis-200401-wss-wssecurity-secext-1.0.xsd"
 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01
    /oasis-200401-wss-wssecurity-utility-1.0.xsd"
 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
 >
<soapenv:Header>
 <wsse:Security>
  <wsse:BinarySecurityToken 
   EncodingType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-soap-message-security-1.0#Base64Binary"
   ValueType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-x509-token-profile-1.0#X509v3" 
   wsu:Id="X509-2F79CD0E07E6607321140352609015051">
MIIDIjCCAt6gAwIBAgIEZjRlNTALBgcqhkjOOAQDBQAwYjELMAkGA1UEBhMCVU4x
EDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15Q2l0eTEOMAwGA1UEChMFTXlP
cmcxDzANBgNVBAsTBk15VW5pdDEPMA0GA1UEAxMGSGVyb25nMB4XDTE0MDYyMzAx
NTc0OVoXDTE0MDkyMTAxNTc0OVowYjELMAkGA1UEBhMCVU4xEDAOBgNVBAgTB015
U3RhdGUxDzANBgNVBAcTBk15Q2l0eTEOMAwGA1UEChMFTXlPcmcxDzANBgNVBAsT
Bk15VW5pdDEPMA0GA1UEAxMGSGVyb25nMIIBtzCCASwGByqGSM44BAEwggEfAoGB
AP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6
MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E
+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeO
utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/
C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQA
AoGAKoaW7/qUTPzq8sV+2k7QTEWatwi383gecu2lDI/XPBsj+Yw29cE3NKOt4eU7
Wv9iLyIJJtnXvj6LqtR7z/oQ3l8w5POIjBeYgZsqI6HyfsmEKSOYoZZd96r3RHAj
HZ5/l1SLH9+E9HCSRSCJMQRC31GVobzEV2Pp4TA6Ufdq0EWjITAfMB0GA1UdDgQW
BBTWM7uRsyGOxz2DFxa9KzA5kX81DjALBgcqhkjOOAQDBQADMQAwLgIVAIf/Hk49
C4wxFfMc6tuHul2L9dHHAhUAhIEbBrqBKn9A99IXZtHFvE/uPbw=
  </wsse:BinarySecurityToken>
  <ds:Signature Id="SIG-2F79CD0E07E6607321140352609015155">
   <ds:SignedInfo>
    <ds:CanonicalizationMethod
     Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
     <ec:InclusiveNamespaces PrefixList="ser soapenv"/>
    </ds:CanonicalizationMethod>
    <ds:SignatureMethod 
     Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <ds:Reference URI="#id-2F79CD0E07E6607321140352609015154">
     <ds:Transforms>
      <ds:Transform 
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
       <ec:InclusiveNamespaces PrefixList="ser"/>
      </ds:Transform>
     </ds:Transforms>
     <ds:DigestMethod 
      Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <ds:DigestValue>+dmiLg4FAyul6dyl3bjbnHp8Ltc=</ds:DigestValue>
    </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue>
      UJAULZZZP74msDP377qxbT0tH8YoCUj9wgR9hEh4IsPz0Fk0QkmE9g==
   </ds:SignatureValue>
   <ds:KeyInfo Id="KI-2F79CD0E07E6607321140352609015052">
    <wsse:SecurityTokenReference
     wsu:Id="STR-2F79CD0E07E6607321140352609015053">
     <wsse:Reference URI="#X509-2F79CD0E07E6607321140352609015051"
      ValueType="http://docs.oasis-open.org/wss/2004/01
         /oasis-200401-wss-x509-token-profile-1.0#X509v3" 
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>
  </ds:Signature>
 </wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-2F79CD0E07E6607321140352609015154">
 <ser:HelloRequest>Hello</ser:HelloRequest>
</soapenv:Body>
</soapenv:Envelope>

The receiver of this request should validate the X.509 certificate first:

Parse out the content, "MIIDIjCCAt6gAwIB...99IXZtHFvE/uPbw=", of "wsse:BinarySecurityToken" element into a string: x509String.
Decode the Base64 string, x509String, to a byte sequence: x509Bytes, which represents an X.509 v3 certificate.
Verify that the certificate's expiration date is not passed.
Verify that the certificate's owner is the expected SOAP message sender.
Verify that the certificate's issuer is a trusted entity.
Verify that the certificate's serial number or fingerprint is not listed in CRL (Certificate Revocation List) by the issuer.
Retrieve the issuer's public key stored in receiver's trusted keystore.
Verify the certificate's signature with the issuer's public key.
If all verifications pass, then the message sender is authenticated, and the certificate is valid.

The receiver of this request should then validate the DSA-SHA1 signature. The first step is to retrieve the original digest encrypted in signature:

Parse out the content, "UJAULZZZP74msDP3...IsPz0Fk0QkmE9g==" of "ds:Signature/ds:SignatureValue" element into a string: signatureString.
Decode the Base64 string, signatureString, to a byte sequence: signatureBytes.
Parse out the attribute value of "ds:Signature/ds:KeyInfo/wsse:SecurityTokenReference/wsse:Reference[@URI]" to a string: keyReference. Trim off the leading "#" character from keyReference.
Use keyReference to match the security token element with "wsse:BinarySecurityToken[@wsu:Id]=keyReference", and parse the token element content to a string: x509String.
Decode the Base64 string, x509String, to a byte sequence: x509Bytes, which represents an X.509 v3 certificate.
Validate the certificate, x509Bytes, as described above.
Retrieve the public key from the certificate, x509Bytes, and save it as a byte sequence: publicKey.
Determine the encryption algorithm used in the signature by looking at the "ds:Signature/ds:SignedInfo/ds:SignatureMethod[@Algorithm]" attribute value, "http://www.w3.org/2000/09/xmldsig#dsa-sha1". Signature method "#dsa-sha1" means that the DSA encryption algorithm was used in the signature.
Decrypt the signature, signatureBytes, with the public key, publicKey, using the DSA algorithm, and save the result to a byte sequence: originalDigestBytes.

The second step is for the receiver to recalculate the digest to see it matches originalDigestBytes or not:

Parse out the attribute value of "ds:Signature/ds:SignedInfo/ds:SignatureMethod/ds:Reference[@URI]" to a string: msgReference. Trim off the leading "#" character from msgReference.
Use msgReference to match a message element with "[@wsu:Id]=msgReference", and parse the message element to a DOM object: msgNode.
Determine the serialization algorithm used in the signature by looking at the "ds:Signature/ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform[@Algorithm]" attribute value, "http://www.w3.org/2001/10/xml-exc-c14n#".
Serialize msgNode with "http://www.w3.org/2001/10/xml-exc-c14n#" algorithm and save the result to a byte sequence: msgBytes
Calculate the digest of msgBytes using the SHA1 algorithm and save the result to a byte sequence: calculatedDigestBytes
If calculatedDigestBytes matches originalDigestBytes, then the signature is valid.

Last update: 2014.

Table of Contents

About This Book

Introduction to Web Service

Introduction to SOAP (Simple Object Access Protocol)

SOAP Message Structure

SOAP Message Transmission and Processing

SOAP Data Model

SOAP Encoding

SOAP RPC Presentation

SOAP Properties Model

SOAP Message Exchange Patterns