This discussion is archived
2 Replies Latest reply: Jan 10, 2012 6:44 AM by 910084 RSS

XML Encryption - Apache Santuario(Java) with .Net Interop

801975 Newbie
Currently Being Moderated
The problem is simple.

Xml encrypted with Appache Santuario(Java) must make use of a specific Namespaces and Prefixes which .Net Decryption does not recognise and .Net Xml Encryption produces XML without the specified Namespaces and Prefixes which Appache Santurio does not recognise and thus does not decrypt. see XML below.

I need to send the Java Generated XML to a Server(.Net) Formatted in the .Net Encryption format and convert the files I receive from the Server which are in .Net Encrypted Format to the Appache Santurio Format. Does anyone know of a nice(elegant) way to do this? A code sample would be much appreciated.

Appache Santurio:

<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo>
<ds:KeyName>EDUPAC</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>iNbKL+X0lH3xFAfSWTdgjYa3BKCydLJg93yket/pyHTpjqVf3iSAF0U7UGbVwZrskS1lZIfEIRtc
hoHjz2cleUX643FV21H2iDGa17mlutm7eOuWMpLvwPOW88FKwRz5iAUXmk+h2Tkhoryg+VP4pPCv
qYE8CB0Hg010mSImEyo=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>tbDacvUwbO4Fk5yJ7e7kua6Go7/r9+n85sOrnaQcRmAw0gi5jawgW2P82JENCykqB/SwTT3Dc=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>

.Net Xml Encryption Produces:

<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>EDUPAC</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>TYfhXukvUICZezmCvyKPn1ggnJjEhdXKGWftMyewwX7aM8fbiBIahudgfyrQuk2KvqmD7HdFOi0o
jf9/4M0sUN7Xug8pf5DtTJpMD5ZX8R2M1PBSe7wA12U6l1FpKSrfzaaxIX2tOknLm9Fr+1ivffKL
6q+rIvemQn/vkLIjC+w=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>6GtVt51HkymI/R7NbyGcsCe5160fCpIktkI2+spAzL8a1BV0f8l5CIYUMMLrdEYuEn5C+XcHIjY=</CipherValue>
</CipherData>
</EncryptedData>
  • 1. Re: XML Encryption - Apache Santuario(Java) with .Net Interop
    odie_63 Guru
    Currently Being Moderated
    Hi,

    One way is to use XSL transformations.
    I tested both of these with Saxon XSL processor :

    From Apache to .NET :
    <?xml version="1.0" encoding="utf-8"?>  
    <xsl:stylesheet version="1.0" 
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
     xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#">  
     <xsl:output method="xml"/>  
     <xsl:template match="/">  
      <xsl:copy> 
       <xsl:apply-templates/> 
      </xsl:copy> 
     </xsl:template> 
     <xsl:template match="*">  
      <xsl:element name="{local-name()}" namespace="{namespace-uri()}">  
       <xsl:apply-templates select="@*|node()"/>  
      </xsl:element> 
     </xsl:template> 
     <xsl:template match="@*">  
      <xsl:attribute name="{local-name()}">  
       <xsl:value-of select="."/>  
      </xsl:attribute> 
     </xsl:template> 
    </xsl:stylesheet>
    From .NET to Apache :
    <?xml version="1.0" encoding="utf-8"?>  
    <xsl:stylesheet version="1.0" 
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
     xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#">  
     <xsl:output method="xml"/>
     <xsl:template match="/">  
      <xsl:copy> 
       <xsl:apply-templates/> 
      </xsl:copy> 
     </xsl:template> 
     <xsl:template match="*">
      <xsl:element name="{local-name(.)}">
       <xsl:apply-templates select="@*|node()"/>
      </xsl:element>
     </xsl:template>
     <xsl:template match="xenc:*">
      <xsl:element name="xenc:{local-name(.)}" namespace="{namespace-uri(.)}">
       <xsl:apply-templates select="@*|node()"/>
      </xsl:element>
     </xsl:template>
     <xsl:template match="ds:*">
      <xsl:element name="ds:{local-name(.)}" namespace="{namespace-uri(.)}">
       <xsl:apply-templates select="@*|node()"/>
      </xsl:element>
     </xsl:template>
     <xsl:template match="@*">
      <xsl:attribute name="{local-name()}">  
       <xsl:value-of select="."/>  
      </xsl:attribute> 
     </xsl:template> 
    </xsl:stylesheet>
    Hope that helps.
  • 2. Re: XML Encryption - Apache Santuario(Java) with .Net Interop
    910084 Newbie
    Currently Being Moderated
    I saw the xslt answer someone provided, but I'm wondering if that helped you or not, you didn't respond. Reason I'm asking is that I have what appears to be a similar problem and am still looking for an answer...

    I am generating a SAML assertion and signing it using santuario. I'm passing thae result to a .Net web server. The .Net server keeps saying the signature is invalid. We've tried to verify everything matches on both sides as carefully as possible. I've found other posts like yours stating that .Net seems to have trouble with the DS namespace added by santuario, but there's no way to strip the DS during the signing process. Problem is, you can't strip it after signing or you change the document and the signature is no longer valid, so xslt after signing wouldn't work, and xslt before signing wouldn't help because at that point the DS isn't there yet. Just curious if you ever found a fix for this.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points