0 Replies Latest reply on Oct 6, 2017 4:20 AM by mohanrajank27121458

    XML signature through Digital Certificate

    mohanrajank27121458 Level 1

      Folks,

       

      I am trying to signature the SOAP request through digital certificates. It is provided by client.

      I installed the certificates in both key-stores JAVA and ColdFusion cacerts(\lib\security\cacerts). I verified by key-store get instance. In addition, I followed two different approaches.

      METHOD 1

      I am using the cfhttp tag for send request and this tag has clientCert and clientCertPassword attributes. So I wrote the code like,

       

      <cfhttp url="#arguments.endpoint#" method="POST" result="local.result" clientcertpassword="#variables.constants.keyStorePassword#" clientcert="D:/ColdFusion2016/jre1.8.0_131/lib/security/sign.pkcs12">
      <cfhttpparam type="header" name="Accept-Encoding" value="gzip,deflate" />
      <cfhttpparam type="header" name="SOAPAction" value="#arguments.soapAction#" />
      <cfhttpparam type="header" name="Content-Type" value="text/xml;charset=UTF-8" />
      <cfhttpparam type="xml" value="#toString(xmlParse( arguments.soapEnvelope ))#" />

      </cfhttp>

       

       

      It is returning 'Server Authentication failed' response.

       

       

      METHOD 2

       

       

      Meanwhile, I try to sign the XML through ColdFusion way to import .jar files. I am struggling, while setting the Signature Algorithm in JAR files code is below.

      local.WSSecSignature.setSignatureAlgorithm(local.WSConstants.RSA);

       

       

      Here I am unable to set signature algorithm due to the setSignatureAlgorithm() parameter is supporting the datatype as string (URI). but our client certificates is mention the signature algorithm as  "SHA512withRSA" (Cross algorithm). Also the local.WSConstants is not providing the any URI for "SH512withRSA" algorithm.

       

      Certificate Details:

           Signature Algorithm : SHA512withRSA

           Extension : .p12, pkcs12 and crt.

           Protocol   : TLSV1.2

       

      Please some one provide your suggestion about it. Am I make anythings as wrong?