Support for C14N Canonicalization Algorithm in WS Security Module of IS 8.2 SP2

Hi All
This is with reference to a custom WS Security implementation at our end which we are trying to replace with standard WSSecurity Module of Integration Server 8.2 SP2.Our partner requires us to send soap messages initialized with the parameters canonicalizationMethod=C14N_EXCL_OMIT_COMMENTS, keyIdentifierType=ISSUER_SERIAL but SAG webMethods documentation says there is no support for C14N Canonicalization Algorithm.Does anyone know if there is a way to achieve above in 8.2 SP2.

Regards
Anuj

Hi Anuj and all,
has anyone yet achieved to implement the c14n method on the webMethods platform. Any hint would be appreciated…
Frank

apache offer c14n api in
http://santuario.apache.org/
you may want to drop their jars under the lib dir in WM to test it out. pls update how it goes.

Hi Frank
Basically webMethods have support for canonicalization to the extent the underlying xml security library supports it and the underlying security implementation has been taken from Apache.

In my case I tried with a custom policy file provided by the communicating partner as none of the webMethods provided out of the box policies were sufficient for my requirement.

For more information you can refer to the details of SR which I raised to SAG.

https://empower.softwareag.com/sl24sec/SecuredServices/KCFullTextASP/viewing/view.asp?KEY=482948-6141211&DSN=PIVOTAL&DST=SR&HL=1&QUERY=C14N|Canonicalization&SessionID=732495585

Regards
Anuj

Hi,

so far I’ve loaded the xmlsec-1.5.6.jar to C:\SoftwareAG\IntegrationServer\lib\jars and then tried to use the c14n method in a java service, however the compile of the service fails with the error

C:\SoftwareAG\IntegrationServer\packages\c14n\code\source\c14n.java:62: cannot find symbol symbol : constructor ByteArrayInputStream(java.lang.Object) location: class java.io.ByteArrayInputStream Document doc = documentBuilder.parse(new ByteArrayInputStream(node));

My java code:
import com.wm.data.*;
import com.wm.app.b2b.server.ServiceException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

public final class canonDirect_SVC
{
public static final void canonDirect(IData pipeline) throws ServiceException {
org.apache.xml.security.Init.init();

	DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
	
	dfactory.setNamespaceAware(true);
	dfactory.setValidating(true);
	
	DocumentBuilder documentBuilder = null;
	try {
		documentBuilder = dfactory.newDocumentBuilder();
	} catch (ParserConfigurationException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	}
	
	// this is to throw away all validation warnings
	documentBuilder.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
	
	String myString = "<start>Hello</start>";
	ByteArrayInputStream stream = new ByteArrayInputStream(myString.getBytes());	
	Document doc = null;
	try {
		doc = documentBuilder.parse(stream);
	} catch (SAXException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	} catch (IOException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	}

Any idea what I could be missing here ?

Hi Frank/Others,

were you able to implement C14N in wM. Can you please share your comments.

Even I am trying to implement the same on webMethods 7. Any comments/suggestion is highly appreciated.

I was able to implement C14N myself :slight_smile:

Hi.

I saw it was implemented this weekend on Tundra too: https://github.com/Permafrost/Tundra#tundraxmlcanonicalize

How does it compare with yours?

Best Regards.

Hi,

Yes you are right this was added weekend.

My project requirement was to implement Exclusive XML Canonicalization 1.0 With Comments algorithm and I did the same with a simple JAVA service and it working as expected on wM 7.

Myself and Lachlan had a discussion offline in regards to this subject and he found it to be a good candidate for Tundra. I gave him the required details (Apache Santuario XML Security library). In addition, he has implemented the below algorithm :

Canonical XML Version 1.0
Canonical XML Version 1.0 With Comments
Canonical XML Version 1.1
Canonical XML Version 1.1 With Comments
Exclusive Canonical XML Version 1.0
Exclusive Canonical XML Version 1.0 With Comments

For more information refer: http://www.w3.org/standards/techs/xmlc14n#w3c_all