Highlighted

XML signature through Digital Certificate

New Here ,
Oct 06, 2017

Copy link to clipboard

Copied

Folks,

I am trying to signature the SOAP request through digital certificates. It is provided by client.

I installed the certificates in both key-stores JAVA and ColdFusion cacerts(\lib\security\cacerts). I verified by key-store get instance. In addition, I followed two different approaches.

METHOD 1

I am using the cfhttp tag for send request and this tag has clientCert and clientCertPassword attributes. So I wrote the code like,

<cfhttp url="#arguments.endpoint#" method="POST" result="local.result" clientcertpassword="#variables.constants.keyStorePassword#" clientcert="D:/ColdFusion2016/jre1.8.0_131/lib/security/sign.pkcs12">
<cfhttpparam type="header" name="Accept-Encoding" value="gzip,deflate" />
<cfhttpparam type="header" name="SOAPAction" value="#arguments.soapAction#" />
<cfhttpparam type="header" name="Content-Type" value="text/xml;charset=UTF-8" />
<cfhttpparam type="xml" value="#toString(xmlParse( arguments.soapEnvelope ))#" />

</cfhttp>

It is returning 'Server Authentication failed' response.

METHOD 2​

Meanwhile, I try to sign the XML through ColdFusion way to import .jar files. I am struggling, while setting the Signature Algorithm in JAR files code is below.

local.WSSecSignature.setSignatureAlgorithm(local.WSConstants.RSA);

Here I am unable to set signature algorithm due to the setSignatureAlgorithm() parameter is supporting the datatype as string (URI). but our client certificates is mention the signature algorithm as  "SHA512withRSA" (Cross algorithm). Also the local.WSConstants is not providing the any URI for "SH512withRSA" algorithm.

Certificate Details:

     Signature Algorithm : SHA512withRSA

     Extension : .p12, pkcs12 and crt.

     Protocol   : TLSV1.2

Please some one provide your suggestion about it. Am I make anythings as wrong?

Views

285

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

XML signature through Digital Certificate

New Here ,
Oct 06, 2017

Copy link to clipboard

Copied

Folks,

I am trying to signature the SOAP request through digital certificates. It is provided by client.

I installed the certificates in both key-stores JAVA and ColdFusion cacerts(\lib\security\cacerts). I verified by key-store get instance. In addition, I followed two different approaches.

METHOD 1

I am using the cfhttp tag for send request and this tag has clientCert and clientCertPassword attributes. So I wrote the code like,

<cfhttp url="#arguments.endpoint#" method="POST" result="local.result" clientcertpassword="#variables.constants.keyStorePassword#" clientcert="D:/ColdFusion2016/jre1.8.0_131/lib/security/sign.pkcs12">
<cfhttpparam type="header" name="Accept-Encoding" value="gzip,deflate" />
<cfhttpparam type="header" name="SOAPAction" value="#arguments.soapAction#" />
<cfhttpparam type="header" name="Content-Type" value="text/xml;charset=UTF-8" />
<cfhttpparam type="xml" value="#toString(xmlParse( arguments.soapEnvelope ))#" />

</cfhttp>

It is returning 'Server Authentication failed' response.

METHOD 2​

Meanwhile, I try to sign the XML through ColdFusion way to import .jar files. I am struggling, while setting the Signature Algorithm in JAR files code is below.

local.WSSecSignature.setSignatureAlgorithm(local.WSConstants.RSA);

Here I am unable to set signature algorithm due to the setSignatureAlgorithm() parameter is supporting the datatype as string (URI). but our client certificates is mention the signature algorithm as  "SHA512withRSA" (Cross algorithm). Also the local.WSConstants is not providing the any URI for "SH512withRSA" algorithm.

Certificate Details:

     Signature Algorithm : SHA512withRSA

     Extension : .p12, pkcs12 and crt.

     Protocol   : TLSV1.2

Please some one provide your suggestion about it. Am I make anythings as wrong?

Views

286

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 06, 2017 0

Have something to add?

Join the conversation