FAQ

[android-security-discuss] How to create canonicalized XML for XML digital signature

Pankaj
Feb 29, 2012 at 1:17 pm
I want to consume WCF web-service which uses X.509 certificate for
mutual authentication. I had imported certificates using keytools in
BKS keystore & able to use in android code. Now for mutual
authentication i need to create web-request which have message digest
& signature in it

<s:Header>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2012-02-21T04:45:06.429Z</u:Created>
<u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
security-1.0#Base64Binary">
MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
+Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
+nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
+dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>

But to create message digest we need perform XML canonicalization with
"http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
not able to found any API or library which perform above task.

I had used xmlsec jar but I guess it is not supported by android and
also used all the option which I found after googling.

Please guide me how to call WCF web-service which involve X.509
certificate based mutual authentication.

--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
reply

Search Discussions

11 responses

  • Pankaj Gupta at Feb 29, 2012 at 1:17 pm
    Hi,

    Please let me know how long it will take to get approval from moderators as
    it is very urgent for me.
    I need to inform whether it is possible or not.

    I have R&D on this and found below things :

    To create X.509 Mutual Authentication request we need to generate an XML
    signature by using below mention steps:



    · To generate an XML signature, the digest of
    the canonicalized target elements identified by references is computed.

    In simple terms, canonicalization is the generating of a physical
    representation of an XML document after performing a series of steps that
    the W3C specifications "Canonical XML <http://www.w3.org/TR/xml-c14n>"
    and "Exclusive
    XML Canonicalization <http://www.w3.org/TR/xml-exc-c14n/>" recommend. This
    physical representation of the XML data is used to determine whether two
    XML documents are identical. Even a slight variation in white spaces will
    result in a different hash for an XML document.

    The type of canonicalization performed on the target element or fragment is
    based on the transform algorithm defined under the
    respective Reference elements. The target elements identified by references
    are converted to a node set, and this node set is given as input to the
    canonicalizer.



    *Android don’t have any class or library through which we can
    canonicalized the XML.*

    * *

    · After* *canonicalized the XML, we generate digest of reference
    element.**

    · Then digest value is encrypted using the sender's private key to
    generate signature.**

    * *

    *Android don’t have support of following JAVA packages:*

    · javax.xml.crypto.dom<http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dom/package-summary.html>

    · javax.xml.crypto.dsig<http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/package-summary.html>

    · javax.xml.crypto.dsig.dom<http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/dom/package-summary.html>

    · javax.xml.crypto.dsig.keyinfo<http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/keyinfo/package-summary.html>

    · javax.xml.crypto.dsig.spec<http://java.sun.com/javase/6/docs/api/javax/xml/crypto/dsig/spec/package-summary.html>

    * *

    * *

    *Below are the reference URI :*

    http://java.sun.com/developer/technicalArticles/xml/dig_signatures/

    http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html

    http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/**

    http://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/samples/javax/xml/crypto/dsig/samples/GenEnveloped.java

    http://www.xml.com/pub/a/ws/2002/09/18/c14n.html?page=1

    http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/




    Thanks

    Pankaj Gupta
    On Tue, Feb 28, 2012 at 12:08 PM, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/

    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Anders Rundgren at Feb 29, 2012 at 1:57 pm
    If you only need to create a cononicalized XML it is very simple.
    You do the canonicalization manually.
    It means eliminating whitespace between elements.
    Putting attributes in alphabetical order.

    When the signatures verifies you are done :-)

    Anders
    On 2012-02-28 07:38, Pankaj wrote:
    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Pankaj at Mar 1, 2012 at 4:32 am
    I had tried that but i am not able to reproduce the digest value which
    mention in my req xml :

    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    As per the W3C document Reference URI refer to element or ID which need to
    canonicalized. In my case ID is
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    I had tried my level best to create the SHA1 digest of above message part
    to get digest value as per
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>

    As per my understanding we need to convert digest value to base64 which I
    am doing but I am not able to get close to the above value.

    I had attach full XML req which is generated by using Visual Studio Client
    & which I had extracted using WireShark tool.

    Thanks
    On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:

    If you only need to create a cononicalized XML it is very simple.
    You do the canonicalization manually.
    It means eliminating whitespace between elements.
    Putting attributes in alphabetical order.

    When the signatures verifies you are done :-)

    Anders
    On 2012-02-28 07:38, Pankaj wrote:
    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.

    On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:

    If you only need to create a cononicalized XML it is very simple.
    You do the canonicalization manually.
    It means eliminating whitespace between elements.
    Putting attributes in alphabetical order.

    When the signatures verifies you are done :-)

    Anders
    On 2012-02-28 07:38, Pankaj wrote:
    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/nJyO8mAKJWQJ.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Anders Rundgren at Mar 2, 2012 at 5:53 am
    Pankaj,
    Note that the digest depends on that all data is static if you want
    to get the same result.

    The timestamp object would need its xmlns as well in order to be canonicalized.
    It is tricky to find out what to do but when you are know it is
    trivial to produce canonicalized XML.

    Anders

    On 2012-03-01 05:32, Pankaj wrote:
    I had tried that but i am not able to reproduce the digest value which mention in my req xml :

    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    As per the W3C document Reference URI refer to element or ID which need to canonicalized. In my case ID is
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    I had tried my level best to create the SHA1 digest of above message part to get digest value as per
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>

    As per my understanding we need to convert digest value to base64 which I am doing but I am not able to get close to the above value.

    I had attach full XML req which is generated by using Visual Studio Client & which I had extracted using WireShark tool.

    Thanks

    On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:

    If you only need to create a cononicalized XML it is very simple.
    You do the canonicalization manually.
    It means eliminating whitespace between elements.
    Putting attributes in alphabetical order.

    When the signatures verifies you are done :-)

    Anders
    On 2012-02-28 07:38, Pankaj wrote:
    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message->
    security-1.0#Base64Binary">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- <http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- <http://www.w3.org/2000/09/xmldsig#rsa->
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.

    On Wednesday, 29 February 2012 19:27:03 UTC+5:30, Anders Rundgren wrote:

    If you only need to create a cononicalized XML it is very simple.
    You do the canonicalization manually.
    It means eliminating whitespace between elements.
    Putting attributes in alphabetical order.

    When the signatures verifies you are done :-)

    Anders
    On 2012-02-28 07:38, Pankaj wrote:
    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message->
    security-1.0#Base64Binary">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- <http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- <http://www.w3.org/2000/09/xmldsig#rsa->
    sha1"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/ <http://docs.oasis-open.org/wss/2004/01/>
    oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/nJyO8mAKJWQJ.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Pankaj at Mar 2, 2012 at 9:23 am
    Thanks for the reply.

    I had resolved the issue. Initially I am not adding xmlns value in
    timestamp.
    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/M00UYc0YoKcJ.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Murali Jahagirdar at Jan 15, 2014 at 3:37 am
    Dear Pankaj,

    Good to know that you have resolved XML Digital signature issue for your
    android requirements.

    Please let us know how you resolved XML Digital Signature for Android?
    Did you use any specific Crypto library for android ?

    I am also stuck with similar issue, My need is to digitally sign XML doc
    as per W3C for my Android aadhar authentication client.

    I am using xmlsec.jar, i am unable use some of XMLSignature factory
    class's method's like getInstance(), error i am getting is

    VFY: unable to find class referenced in signature
    (Ljavax/xml/crypto/dsig/XMLSignatureFactory;)
    01-11 17:15:02.204: I/dalvikvm(998): Could not find method
    javax.xml.crypto.dsig.XMLSignatureFactory.getKeyInfoFactory, referenced
    from method com.startek.fm210.DigitalSigner.getKeyInfo.

    Thanks
    Murali

    Thanks
    Murali

    On Friday, March 2, 2012 2:53:32 PM UTC+5:30, Pankaj wrote:

    Thanks for the reply.

    I had resolved the issue. Initially I am not adding xmlns value in
    timestamp.
    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscribe@googlegroups.com.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    Visit this group at http://groups.google.com/group/android-security-discuss.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Anders Rundgren at Jan 15, 2014 at 6:39 am

    On 2014-01-15 04:34, Murali Jahagirdar wrote:
    Dear Pankaj,
    Unless you are constrained by a server implementation you may consider using Secure JSON instead.
    The code becomes a fraction of its XML counterpart and canonicalization is a true no-brainer.

    https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcs.html
    https://code.google.com/p/openkeystore/source/browse/library/trunk/src/org/webpki/json
    http://webpki.org/downloads/secure-json-4-android-v1.00.zip

    Personally I have given up on XML since Google never bothered about supporting a validating parser.
    The JSON library above can support validation in a very simple way which for most (not too complicated) systems.

    I'm currently working on a JavaScript version which is designed to be usable with W3C's WebCrypto:
    https://code.google.com/p/openkeystore/source/browse/javascript/trunk/dist/libjson.js

    Cheers
    Anders
    Good to know that you have resolved XML Digital signature issue for your android requirements.

    Please let us know how you resolved XML Digital Signature for Android? Did you use any specific Crypto library for android ?

    I am also stuck with similar issue, My need is to digitally sign XML doc as per W3C for my Android aadhar authentication client.

    I am using xmlsec.jar, i am unable use some of XMLSignature factory class's method's like getInstance(), error i am getting is

    VFY: unable to find class referenced in signature (Ljavax/xml/crypto/dsig/XMLSignatureFactory;)
    01-11 17:15:02.204: I/dalvikvm(998): Could not find method javax.xml.crypto.dsig.XMLSignatureFactory.getKeyInfoFactory, referenced from method com.startek.fm210.DigitalSigner.getKeyInfo.

    Thanks
    Murali

    Thanks
    Murali


    On Friday, March 2, 2012 2:53:32 PM UTC+5:30, Pankaj wrote:

    Thanks for the reply.

    I had resolved the issue. Initially I am not adding xmlns value in timestamp.

    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- <http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.


    On Tuesday, 28 February 2012 12:08:23 UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- <http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscribe@googlegroups.com.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    Visit this group at http://groups.google.com/group/android-security-discuss.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscribe@googlegroups.com.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    Visit this group at http://groups.google.com/group/android-security-discuss.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Sumit gulati at Oct 5, 2012 at 5:03 pm
    Hi Pankaj,

    Please guide me or provide the code. I also have to consume the wcf soap
    webservices using x509 certificate. The webservice are deployed on http
    protocol. There is no ssl layer.
    On Tuesday, February 28, 2012 12:08:23 PM UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/lZ2itZbq4bIJ.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Balram kola at Nov 28, 2012 at 6:24 pm
    hi all,

             i am also stuck up at doing xml signature part in our
    application....i too did R&D more than one week to implement XML digital
    signature in our application i.e. Adhaar Authentication...but i was
    unsuccessful... i tried with JNI-NDK but i didnt get libxmlsec library for
    android platform.. i got the openssl library which is part of the
    libxmlsec..but i didnt get complete libxmlsec library for android... i got
    xmlsec "c" source code but i dont know how to create "Android.mk" file from
    that "c" source..can any one provide me "libxmlsec" library for android..or
    any guidance to resolve this...
    On Friday, 5 October 2012 12:58:30 UTC+3, sumit gulati wrote:

    Hi Pankaj,

    Please guide me or provide the code. I also have to consume the wcf soap
    webservices using x509 certificate. The webservice are deployed on http
    protocol. There is no ssl layer.
    On Tuesday, February 28, 2012 12:08:23 PM UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW

    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n#" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/kDEBN9aOcU4J.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Brian Carlstrom at Nov 28, 2012 at 7:37 pm
    If you just have questions about building native code, I think you want to
    ask on android-ndk:
    https://groups.google.com/forum/?fromgroups#!forum/android-ndk

    -bri

    On Tue, Nov 27, 2012 at 10:27 PM, balram kola wrote:

    hi all,

    i am also stuck up at doing xml signature part in our
    application....i too did R&D more than one week to implement XML digital
    signature in our application i.e. Adhaar Authentication...but i was
    unsuccessful... i tried with JNI-NDK but i didnt get libxmlsec library for
    android platform.. i got the openssl library which is part of the
    libxmlsec..but i didnt get complete libxmlsec library for android... i got
    xmlsec "c" source code but i dont know how to create "Android.mk" file from
    that "c" source..can any one provide me "libxmlsec" library for android..or
    any guidance to resolve this...

    On Friday, 5 October 2012 12:58:30 UTC+3, sumit gulati wrote:

    Hi Pankaj,

    Please guide me or provide the code. I also have to consume the wcf soap
    webservices using x509 certificate. The webservice are deployed on http
    protocol. There is no ssl layer.
    On Tuesday, February 28, 2012 12:08:23 PM UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-**open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-**secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
    s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:**06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:**06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-**open.org/wss/2004/01/

    oasis-200401-wss-x509-token-**profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    EncodingType="http://
    docs.oasis-open.org/wss/2004/**01/oasis-200401-wss-soap-**message-
    security-1.0#Base64Binary<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">

    MIICbzCCAdygAwIBAgIQfjyZ229iN4**tAbV0fiYiVyTAJBgUrDgMCHQUAMD8x**
    PTA7BgNVBAMTNGNsaWVudC5iNTRiYT**FkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5**
    ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMT**IwMjE2MTY0MjI1WhcNMzkxMjMxMjM1**OTU5WjA/

    MT0wOwYDVQQDEzRjbGllbnQuYjU0Ym**ExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZj**
    OWRhOTcuY2xvdWRhcHAubmV0MIGfMA**0GCSqGSIb3DQEBAQUAA4GNADCBiQKB**gQDRW
    +**Di90XDGulLybdBboUlOilxvbcnfow+**NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+**sZxUfRfazLgvOTFn0F9SIFQ9T4I5LN**FMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKa**vq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTB**ngBCNb6YOYI3RBR64WvVUjQtPoUEwP**
    zE9MDsGA1UEAxM0Y2xpZW50LmI1NGJ**hMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2Y**
    zlkYTk3LmNsb3VkYXBwLm5ldIIQfjy**Z229iN4tAbV0fiYiVyTAJBgUrDgMCH**
    QUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8**aYYrYRQwU4lrBKlI0CnrkcZwQGPmRx**dkiET9D91kcN/

    fmq90nj1F5FZoqhzeT1moqGKXKT9HR**X8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+**DxIyp0IMpSw9biULmIQ1QuTzfKDEow**lcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/**09/xmldsig#<http://www.w3.org/2000/09/xmldsig#>">

    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/**2001/10/xml-exc-<http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/**2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/**2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n#>"/>

    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/**2000/09/xmldsig#sha1<http://www.w3.org/2000/09/xmldsig#sha1>"/>

    <DigestValue>Soj1m/**E157CempDHHC6c6gZBd1E=</**DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+**3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrP**M1fjJiqbXSKq7jHEeVtMQnOytAHRL1**ZFA
    +**dLq4spJQR7uYnmJ1lmgQnu1kYcteSm**D29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-**open.org/wss/2004/01/
    oasis-200401-wss-x509-token-**profile-1.0#X509v3<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>"
    URI="#uuid-
    e35f5271-3c4e-47c7-ba34-**8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/**xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n#>"
    transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.
    --
    You received this message because you are subscribed to the Google Groups
    "Android Security Discussions" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/android-security-discuss/-/kDEBN9aOcU4J.

    To post to this group, send email to
    android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to
    android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/android-security-discuss?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Anders Rundgren at Nov 29, 2012 at 6:09 am
    The core problem is that Google have deceived to not support XML DOM
    processing including XSD (Schemas) in spite of being a part of Java
    since version 5.

    I have ported Xerces and parts of XLMSec to Android which shows that
    it is technically not a problem at least:

    http://code.google.com/p/openkeystore/source/browse/trunk/android.mod

    I do use XML Dsig but not WS Security.

    Anyway, *creating* XML signatures does *not* require any fancy library.
    You just create a normalized string and that's it!
    Use the standard JDK to verify that you did it right before moving the code to Android.

    Anders
    On 2012-11-28 07:27, balram kola wrote:
    hi all,

    i am also stuck up at doing xml signature part in our application....i too did R&D more than one week to implement XML digital signature in our application i.e. Adhaar Authentication...but i was unsuccessful... i tried with JNI-NDK but i didnt get libxmlsec library for android platform.. i got the openssl library which is part of the libxmlsec..but i didnt get complete libxmlsec library for android... i got xmlsec "c" source code but i dont know how to create "Android.mk" file from that "c" source..can any one provide me "libxmlsec" library for android..or any guidance to resolve this...

    On Friday, 5 October 2012 12:58:30 UTC+3, sumit gulati wrote:

    Hi Pankaj,

    Please guide me or provide the code. I also have to consume the wcf soap webservices using x509 certificate. The webservice are deployed on http protocol. There is no ssl layer.

    On Tuesday, February 28, 2012 12:08:23 PM UTC+5:30, Pankaj wrote:

    I want to consume WCF web-service which uses X.509 certificate for
    mutual authentication. I had imported certificates using keytools in
    BKS keystore & able to use in android code. Now for mutual
    authentication i need to create web-request which have message digest
    & signature in it

    <s:Header>
    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>" s:mustUnderstand="1">
    <u:Timestamp u:Id="_0">
    <u:Created>2012-02-21T04:45:06.429Z</u:Created>
    <u:Expires>2012-02-21T04:50:06.429Z</u:Expires>
    </u:Timestamp>
    <o:BinarySecurityToken u:Id="uuid-e35f5271-3c4e-47c7-
    ba34-8d995e414ba3-1" ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" EncodingType="http://
    docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
    security-1.0#Base64Binary <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>">
    MIICbzCCAdygAwIBAgIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAMD8xPTA7BgNVBAMTNGNsaWVudC5iNTRiYTFkN2U2NzY0ZDdkOWRiMDA3YTgyNmM5ZGE5Ny5jbG91ZGFwcC5uZXQwHhcNMTIwMjE2MTY0MjI1WhcNMzkxMjMxMjM1OTU5WjA/
    MT0wOwYDVQQDEzRjbGllbnQuYjU0YmExZDdlNjc2NGQ3ZDlkYjAwN2E4MjZjOWRhOTcuY2xvdWRhcHAubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRW
    +Di90XDGulLybdBboUlOilxvbcnfow+NhoNW80uNjmGQiQpxP0oNnYT7RKJ
    +nP3+sZxUfRfazLgvOTFn0F9SIFQ9T4I5LNFMHhDfExoT0k/
    aeF870Euy07BiwF7eXw6toSv1dKwKavq20szbIr/NeabIEDS/GzKY6P0/
    TOQfwIDAQABo3QwcjBwBgNVHQEEaTBngBCNb6YOYI3RBR64WvVUjQtPoUEwPzE9MDsGA1UEAxM0Y2xpZW50LmI1NGJhMWQ3ZTY3NjRkN2Q5ZGIwMDdhODI2YzlkYTk3LmNsb3VkYXBwLm5ldIIQfjyZ229iN4tAbV0fiYiVyTAJBgUrDgMCHQUAA4GBAG5v1DZmXQKcaxNzz2VYDZ8aYYrYRQwU4lrBKlI0CnrkcZwQGPmRxdkiET9D91kcN/
    fmq90nj1F5FZoqhzeT1moqGKXKT9HRX8j6Ln1QDhsr+0JfgJW9/
    IFaQI14xKwr8bw4+DxIyp0IMpSw9biULmIQ1QuTzfKDEowlcQhsik+E
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
    <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc- <http://www.w3.org/2001/10/xml-exc->
    c14n#"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
    sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>"/>
    <Reference URI="#_0">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>"/>
    <DigestValue>Soj1m/E157CempDHHC6c6gZBd1E=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>
    kqsIYUc3uYoQpuWVWYOio4KcGpon+3wDDhsAzVgZVljQxEhF7z1JS/
    qzw9ELYCn2JbYIkWMtEeYfXRtPvjrPM1fjJiqbXSKq7jHEeVtMQnOytAHRL1ZFA
    +dLq4spJQR7uYnmJ1lmgQnu1kYcteSmD29Xm5e5dPUnz4yap3p7zC4=
    </SignatureValue>
    <KeyInfo>
    <o:SecurityTokenReference>
    <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-x509-token-profile-1.0#X509v3 <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>" URI="#uuid-
    e35f5271-3c4e-47c7-ba34-8d995e414ba3-1"/>
    </o:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </o:Security>
    </s:Header>

    But to create message digest we need perform XML canonicalization with
    "http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n#>" transform algorithm. I am
    not able to found any API or library which perform above task.

    I had used xmlsec jar but I guess it is not supported by android and
    also used all the option which I found after googling.

    Please guide me how to call WCF web-service which involve X.509
    certificate based mutual authentication.

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/kDEBN9aOcU4J.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Related Discussions