How to view canonicalized SignedInfo node for generating SignatureValue?

Question

So I can successfully make a callout to a webservice using an X509 certificate as authentication via SoapUI as a test to validate my XML body and everything.&nbsp; Works great.
&nbsp;
However, when I try to perform the exact same callout from Salesforce (with the exact same XML payload) I get a different SignatureValue.
&nbsp;
Now my DigestValue is a perfect match, (which I thought would be the hard part), which tells me that the string I'm using to generate the SignatureValue is the issue.&nbsp; (Salesforce does not have a method to canonicalize internally so I must do so manually.)
&nbsp;
According to SC14N (https://www.cryptosys.net/sc14n/) the string I'm using is correct but I'd *love* to see exactly the string of the SignedInfo node that SoapUI is using itself.
&nbsp;
So, how can I see that?
&nbsp;
I found this thread:&nbsp;&nbsp;https://community.smartbear.com/t5/SoapUI-Open-Source/SoapUI-WS-Security-header/m-p/166755#M27209
&nbsp;
... and this one:&nbsp;&nbsp;https://community.smartbear.com/t5/SoapUI-Open-Source/How-is-SOAPUI-calculating-the-signature-value-withn-C14E-and/m-p/106742#M18437
&nbsp;
And they are both unanswered, but I'm crossing my fingers that someone can help me out.
&nbsp;
Thanks...
&nbsp;

jhunt · Answer

I don't know much about this stuff, but I had a dig around, and here's what I found:
&nbsp;

SoapUI uses wss4j. So check out the WSSecSignature class from that package.
Here's where SoapUI calls it. (ImprovedWSSecSignature extends WSSecSignature and doesn't change much).

&nbsp;
&nbsp;
&nbsp;

magua · Answer

I appreciate the response,&nbsp;JHunt&nbsp;, but I was hoping for a log or some way within SoapUI to actually view the canonicalized string used in generating the hashed value.
&nbsp;
Perhaps that could be logged as a feature request for future versions?&nbsp; I'm sure many would appreciate it, not just myself...
&nbsp;

jhunt · Answer

SoapUI only uses WSS4J to do create the Signature. As part of generating the signature, WSS4J does the canonicalization. SoapUI never sees the canonicalized version inside it's own code base.
&nbsp;
I put this script together by looking at how SoapUI prepares the request, and what WSS4J was doing internally.
import javax.xml.parsers.DocumentBuilderFactory
import org.apache.xml.security.c14n.Canonicalizer
import org.w3c.dom.Document
import org.xml.sax.InputSource

def request = context.testCase.testSteps["Test Request - login"].testRequest

Document doc = {
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance()
    dbf.setValidating(false)
    dbf.setNamespaceAware(true)
    return dbf.newDocumentBuilder()
        .parse(new InputSource(new StringReader(context.expand(request.requestContent))))
}()

Byte[] canonicalBytes = {
    org.apache.xml.security.Init.init()
    Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#")
        .canonicalizeSubtree(doc.documentElement)
}()

String canonicalBase64 = canonicalBytes.encodeBase64()
String canonicalXml = new String(canonicalBytes)
Create a new Groovy Script test step, put in the script and adjust line 7 with the name of your request. Hopefully I've not omitted any important steps in the preparation.

Forum Discussion

How to view canonicalized SignedInfo node for generating SignatureValue?

Recent Discussions

SoapUI 5.9.0 released

OS SoapUI: Can it connect and use Cosmos DB

"Clone interface" between projects not working

Related Content

How does SOAPUI calculate the SignatureValue for a SignedInfo section in SOAP header

Show the canonicalized message before computing digest value

signatureValue contains new line and returns error