I want to parse an XML-DSIG file and it's content. I've read on wikipedia about it's structure and a little of RFC. But I can't figure out some things, let's say this is an example XML-DSIG I got:
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="urn:xml-dsig:transformation:v1.1"/>
<SignatureMethod Algorithm="some-algo"/>
<Reference URI="#KeyInfo">
<Transforms>
<Transform Algorithm="urn:xml-dsig:transformation:v1.1"/>
</Transforms>
<DigestMethod Algorithm="some-algo-256"/>
<DigestValue>some-hash-256</DigestValue>
</Reference>
<Reference URI="#Object">
<Transforms>
<Transform Algorithm="urn:xml-dsig:transformation:v1.1"/>
</Transforms>
<DigestMethod Algorithm="some-algo-256"/>
<DigestValue>some-hash-256</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>signature-value-in-base-64</SignatureValue>
<KeyInfo Id="KeyInfo">
<X509Data>
<X509Certificate>x509-cert-in-base-64</X509Certificate>
</X509Data>
</KeyInfo>
<Object Id="Object">
<Result>
...Initial XML I was signing...
</Result>
</Object>
</Signature>
My questions are:
If #KeyInfo is in <Reference> tag that means the <KeyInfo> section is being signed too? (Because wiki says "One or more Reference elements specify the resource being signed by URI reference"). That leads to the second question
If signature value signs both data in tags <KeyInfo> and <Object>, what is getting signed actually? Is it just hashes of these two parts of the xml that were computed and that are in <DigestValue> tag, or is it the whole tags starting from <KeyInfo and till </KeyInfo> closing tag with the data between it? (same question with <Object>).
Wiki doesn't specify such things and I got lost in RFC and can't find the answers to these questions.
Yes, the KeyInfo will be included in the signature.
The content of the SignedInfo element is what actually gets signed. It is first canonicalised using the specified transformation and then the bytes of that serialised element are fed into your chosen signature algorithm. The actual content (KeyInfo and Object) are included in the signature by the presence of the DigestValue elements in the SignedInfo rather than being signed directly. So it’s crucial that you verify that those hash values are correct during signature verification.
Related
I have the below error message when I run the query to inject an XML file into a table on Oracle.
Error report -
SQL Error: ORA-31061: XDB error: XML event error
ORA-19202: Error occurred in XML processing
In line 124110683 of orastream:
LPX-00225: end-element tag "title" does not match start-element tag "sue"
The query is
INSERT INTO TESTTABLE2 (xml_file)
(SELECT XMLTYPE(bfilename('EXPORT_DUMPS','WR_2007_20150123103151_DSSHPSH_0002.xml'), nls_charset_id('AL32UTF8')) from dual );
The XML content looks correct. Here the lines 124110601-150, but I don't see anything special at line 83, which should correspond to line 124110683 mentioned in the error message.
<citedWork>PHYSICAL REVIEW B</citedWork>
<doi>10.1103/PhysRevB.68.020403</doi>
</reference>
<reference>
<uid>WOS:000236477800002</uid>
<citedAuthor>Erdinc, A</citedAuthor>
<year>2006</year>
<page>6</page>
<volume>301</volume>
<citedTitle>Multicritical behavior of the antiferromagnetic Blume-Emery-Griffiths model with the repulsive biquadratic coupling in an external magnetic field</citedTitle>
<citedWork>JOURNAL OF MAGNETISM AND MAGNETIC MATERIALS</citedWork>
<doi>10.1016/j.jmmm.2005.06.002</doi>
</reference>
<reference>
<uid>WOS:000236631400004</uid>
<citedAuthor>Keskin, M</citedAuthor>
<year>2006</year>
<page>116</page>
<volume>353</volume>
<citedTitle>Multicritical phase diagrams of the antiferromagnetic spin-3/2 Blume-Capel model</citedTitle>
<citedWork>PHYSICS LETTERS A</citedWork>
<doi>10.1016/j.physleta.2005.12.079</doi>
</reference>
<reference>
<uid>WOS:000237000300021</uid>
<citedAuthor>Keskin, M</citedAuthor>
<year>2006</year>
<page>263</page>
<volume>364</volume>
<citedTitle>Multicritical behavior of the antiferromagnetic spin-3/2 Blume-Emery-Griffiths model</citedTitle>
<citedWork>PHYSICA A-STATISTICAL MECHANICS AND ITS APPLICATIONS</citedWork>
<doi>10.1016/j.physa.2005.08.077</doi>
</reference>
<reference>
<uid>WOS:000255098600003.7</uid>
<citedAuthor>BACKHICH A</citedAuthor>
<year>2001</year>
<page>249</page>
<volume>13</volume>
<citedWork>J PHYS CONDENS MATT</citedWork>
</reference>
<reference>
<uid>WOS:000246760500003.15</uid>
<citedAuthor>KIKUCHI R</citedAuthor>
<year>1979</year>
<citedWork>UNPUB CRYSTALS STAT</citedWork>
</reference>
</references>
<addresses count="2">
<address_name>
<address_spec addr_no="1">
<full_address>Erciyes Univ, Inst Sci, TR-38039 Kayseri, Turkey</full_address>
<organizations count="1">
<organization>Erciyes Univ</organization>
</organizations>
<suborganizations count="1">
<suborganization>Inst Sci</suborganization>
</suborganizations>
<city>Kayseri</city>
<country>Turkey</country>
<zip location="BC">TR-38039</zip>
</address_spec>
</address_name>
<address_name>
<address_spec addr_no="2">
<full_address>Erciyes Univ, Dept Phys, TR-38039 Kayseri, Turkey</full_address>
<organizations count="1">
<organization>Erciyes Univ</organization>
</organizations>
<suborganizations count="1">
<suborganization>Dept Phys</suborganization>
</suborganizations>
<city>Kayseri</city>
<country>Turkey</country>
<zip location="BC">TR-38039</zip>
</address_spec>
</address_name>
</addresses>
<category_info>
<headings count="1">
<heading>Science & Technology</heading>
</headings>
<subheadings count="1">
<subheading>Physical Sciences</subheading>
</subheadings>
<subjects count="4">
<subject ascatype="traditional">Chemistry, Physical</subject>
<subject ascatype="traditional">Physics, Multidisciplinary</subject>
<subject ascatype="extended">Chemistry</subject>
<subject ascatype="extended">Physics</subject>
</subjects>
</category_info>
<keywords count="4">
<keyword>spin-3/2 Blume-Emery-Griffiths model</keyword>
<keyword>cluster variation method</keyword>
<keyword>thermal variations of order parameters</keyword>
<keyword>phase diagrams</keyword>
</keywords>
<abstracts count="1">
<abstract>
<abstract_text count="1">
<p>The critical behaviour of the ferromagnetic spin-3/2 Blume-Emery-Griffiths model with repulsive biquadratic coupling in the absence and presence of an external magnetic field is studied by using the lowest approximation of the cluster variation method, which is identical with the mean-field approximation. Thermal variations of the order parameters are investigated for different values of the interaction parameters and the external magnetic field. The complete phase diagrams of the system are calculated in the (kT /J, K / J), (kT /J, D / J) and (kT /J, H / J) planes. Five new phase diagram topologies are obtained, which are either absent from previous approaches or have gone unnoticed. A detailed discussion and comparison of the phase diagrams is made.</p>
</abstract_text>
</abstract>
</abstracts>
</fullrecord_metadata>
<item xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="itemType_wos">
<ids avail="Y">171UI</ids>
<bib_id>62 (3-4): 127-139 MAR-APR 2007</bib_id>
<bib_pagecount type="Journal">124</bib_pagecount>
<reprint_contact>
<address_spec addr_no="1">
<full_address>Erciyes Univ, Inst Sci, TR-38039 Kayseri, Turkey</full_address>
<organizations count="1">
<organization>Erciyes Univ</organization>
</organizations>
<suborganizations count="1">
<suborganization>Inst Sci</suborganization>
</suborganizations>
<city>Kayseri</city>
<country>Turkey</country>
<zip location="BC">TR-38039</zip>
</address_spec>
<names count="1">
<name addr_no="1" reprint="Y" role="author" seq_no="1">
<display_name>Ali Pinar, M.</display_name>
<full_name>Ali Pinar, M.</full_name>
<wos_standard>Pinar, MA</wos_standard>
<first_name>M.</first_name>
<last_name>Ali Pinar</last_name>
<email_addr>keskin#erciyes.edu.tr</email_addr>
</name>
</names>
</reprint_contact>
<keywords_plus count="5">
<keyword>MULTICRITICAL PHASE-DIAGRAMS</keyword>
<keyword>RECURSION METHOD</keyword>
<keyword>ISING-MODEL</keyword>
<keyword>LATTICE</keyword>
<keyword>FIELD</keyword>
</keywords_plus>
</item>
</static_data>
<dynamic_data>
<cluster_related>
<identifiers>
<identifier type="accession_no" value="171UI"/>
<identifier type="issn" value="0932-0784"/>
</identifiers>
</cluster_related>
</dynamic_data>
</REC>
I have no problems with other lighter XML files. This one is almost of 5 GB.
We are running the: ''Oracle Database 11g Enterprise Edition 11.2.0.4.0 64bit Production''
Does anyone knows where the problem could be?
Thanks.
I want to remove the category listing in the category view from my magento site. I got the top menu and the sidebar one is redundant.
This was dispaly in left sidebar using this code
<reference name="left">
<block type="catalog/navigation" name="catalog.leftnav" template="catalog/navigation/left_nav.phtml" />
</reference>
So remove using local.xml
<default>
<reference name="left">
<remove name="catalog.leftnav">
</reference>
</default>
Or then add catalog/layer_view block where you want to, but change the name
<block type="catalog/layer_view" name="yourname.catalog.leftnav" template="catalog/layer/view.phtml"/>
Take the tripservice wsdl from this link In this wsdl, I replaced the from element with the below(added nillable as true and added min length and max length restriction).
<xs:element minOccurs="0" name="from" nillable="true">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<xs:maxLength value="12"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
Now in my vb.net client i invoked the service by adding service reference, wsdl saved to a local folder.
Dim objproxy As New Tripservice.TripPriceServiceFacadeClient
Dim gh As New Tripservice.trip
gh.adults = 9
gh.duration = 8
gh.rooms = 8
gh.to = "p"
objproxy.getTripPrice(gh)
It will throw end point not found exception, however i am interested in the request xml that is going. I enabled the trace and found that the below request is generated.
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getTripPrice xmlns="http://trip.price.service">
<trip xmlns="">
<adults>9</adults>
<duration>8</duration>
<from xsi:nil="true"/>
<rooms>8</rooms>
<to>p</to>
</trip>
</getTripPrice>
</s:Body>
</s:Envelope>
The element from xsi:nil="true" is generated, even though i am not touching the element in my vb.net code to generate the request. The element is optional as per the wsdl(min occurs = 0). How can i send a request without the from element name, even passed in the request?
You can't; it is interesting to find out why you changed it to nillable; in doing that, the way .NET code generation works, you leave it no way to know whether it should marshall the tag or not; typically, an optional string that is null is not marshalled. An optional (minOccurs=0) and nillable wouldn't work since there is no "set" indicator (JAXB has it or use to have it) to keep trace whether the user code set the value, null or not null.
I'm quiet new to WCF world.
I've been looking and trying to understand the WSDL file being generated by WCF. the reason I'm looking is that our clients with Java and PHP are having issue importing the WSDL.
Could anyone please kindly help me with following queries:
- <xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="http://localhost:13818/WCFService2/Service.svc?xsd=xsd0" namespace="http://tempuri.org/" />
<xsd:import schemaLocation="http://localhost:13818/WCFService2/Service.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
<xsd:import schemaLocation="http://localhost:13818/WCFService2/Service.svc?xsd=xsd2" namespace="http://schemas.datacontract.org/2004/07/EvalServiceLibrary" />
</xsd:schema>
Query 1
Based on what condition is above import schemalocation tags gets generated? Is it based on number of data contracts and members or somethingelse (what is it?)
- <wsdl:message name="IEvalService_SubmitEval_InputMessage">
<wsdl:part name="parameters" element="tns:SubmitEval" />
</wsdl:message>
- <wsdl:message name="IEvalService_SubmitEval_OutputMessage">
<wsdl:part name="parameters" element="tns:SubmitEvalResponse" />
</wsdl:message>
Query 2:
I don't have any message name IEvalService_SubmitEval_InputMessage. How is above being generated? Also what is part name and element?
<wsdl:portType name="IEvalService">
- <wsdl:operation name="SubmitEval">
<wsdl:input wsaw:Action="http://tempuri.org/IEvalService/SubmitEval" message="tns:IEvalService_SubmitEval_InputMessage" />
<wsdl:output wsaw:Action="http://tempuri.org/IEvalService/SubmitEvalResponse" message="tns:IEvalService_SubmitEval_OutputMessage" />
</wsdl:operation>
</wsdl:portType>
Query 3:
could yo uplease tell me what is "tns:IEvalService_SubmitEval_InputMessage" on above wsdl snippet?
Fianally:
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org
/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org
/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
is thre any way to remove the above unnecessary namespace from WCF code? I only know how to change the namespace.
Thank you heaps.
This part depends on number of assemblies involved. The first line represents your service assembly, second line is always included - that some MS predefined elements (but still valid interoperable XSD) and the third line is probably library with your data contracts.
The default pattern is ServiceContractName_OperationContractName_X where X is either InputMessage or OutputMessage to differ between request and response. Part defines content of the message and element is reference to XSD scheme - that element will be defined in first or second schema import from your first question.
tns probably stands for target namespace - it is a prefix of elements defined in your WSDL document. It is just reference to message defined in your second question.
With default stuff no. You would probably need custom encoder.
What errors do your clients have when importing the WSDL? All these parts are valid.
I'm using ksoap2-Android on an Android project to upload a file. It's not working.
First of all, my wsdl looks like this:
<xsd:element name="Op1RequestType">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="date" type="xsd:dateTime"/>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="imgFile"
type="tns:Attachment"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
And "tns:Attachment" is defined like this:
<xsd:complexType name="Attachment">
<xsd:sequence>
<xsd:element name="file" type="xsd:base64Binary"/>
<xsd:element name="filename" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
I'm creating a SoapSerializationEnvelope and adding in the property with name date and the value as the string representation of the current date. This works successfully, even if I don't add a file (note the minOccurs="0"). However, when I try to add a file, it fails horribly:
First, I make a representative of the Attachment type by creating a SoapObject which has the properties file and filename, of types byte[].class and String.class respectively.
Then I add these objects to a generic Vector (to represent the multiplicity of the imgFile item) and attach the Vector as a property to the envelope. This creates a SOAP message successfully, and the response from the server raises an exception (because it's an error message, instead of a proper response, because somehow my input isn't good...):
WARN/System.err(438): SoapFault - faultcode: 'soapenv:Server'
faultstring:'org.apache.axis2.databinding.ADBException: Unexpected subelement imgFile'
faultactor: 'null' detail: org.kxml2.kdom.Node#4676b8a0
Okay, so what am I doing wrong? Is there a way to see the request SOAP envelope that I am sending?
I can see the request SOAP envelope by calling getRequest() on the SoapSerializationEnvelope. This allowed me to see that the vector object actually places each (file, filename) pair into an <item></item> tag, which broke the format. I now am inserting multiple items in succession as the wsdl demands.