AnsweredAssumed Answered

Help validating a signature and decrypting the response.

Question asked by IlayarajaThangavelu18000484 on Feb 5, 2018

we are getting a response from a provider who is signing and encrypting the response using our public certificate. Now we need to validate the signature and decrypt the response. I am using the (Non-SOAP) Decrypt Element assertion, but it does not work. The response is SOAP. Here is the format of the response

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soap11:Header xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

</xenc:EncryptionMethod>

<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference>

<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">*****</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</dsig:KeyInfo>

<xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<xenc:CipherValue>*****</xenc:CipherValue>

</xenc:CipherData>

<xenc:ReferenceList>

<xenc:DataReference URI="#G0x7fea890b7098-43D"/>

</xenc:ReferenceList>

</xenc:EncryptedKey>

<wsu:Timestamp wsu:Id="Timestamp-9f595e86-4295-40f8-a736-18e08e566b24" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsu:Created>2018-02-05T15:52:27Z</wsu:Created>

<wsu:Expires>2018-02-05T15:57:27Z</wsu:Expires>

</wsu:Timestamp>

<wsse:BinarySecurityToken wsu:Id="SecurityToken-d70c80e6-b4d4-449f-a99f-aa1309f718e9" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">****</wsse:BinarySecurityToken>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<Reference URI="#Id-097c48a6-0ea1-4f94-bab0-61ad2647e680">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<DigestValue>XhW8QuxhJSIqLgfM9BKO3HHjvFGFe+VJCUBQILJcYm4=</DigestValue>

</Reference>

<Reference URI="#Timestamp-9f595e86-4295-40f8-a736-18e08e566b24">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<DigestValue>u2CUKpeFi/QGzrw4IW9hGeYH/LNmEv3IglFKT/cL6Ks=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>*****</SignatureValue>

<KeyInfo>

<wsse:SecurityTokenReference xmlns="">

<wsse:Reference URI="#SecurityToken-d70c80e6-b4d4-449f-a99f-aa1309f718e9" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>

</KeyInfo>

</Signature>

</wsse:Security>

</soap11:Header>

<soapenv:Body wsu:Id="Id-097c48a6-0ea1-4f94-bab0-61ad2647e680" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<xenc:EncryptedData Id="G0x7fea890b7098-43D" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>

<xenc:CipherData>

<xenc:CipherValue>******</xenc:CipherValue>

</xenc:CipherData>

</xenc:EncryptedData>

</soapenv:Body>

</soapenv:Envelope>

 

 

The error that I get is KeyInfo not present. Although it is clearly present in the security header

Outcomes