getting a .Net xmldsig to work with a Java base Web Service

  • Thread starter Thread starter kscott
  • Start date Start date
K

kscott

By Defalt .Net produces the following X509 Subject Name:

X509SubjectName>[email protected], CN=MyName, OU=E-mail Address Not
Validated, OU=MBA SISAC Medium Assurance Individual Certificate,
OU=Terms of use at www.verisign.com/repository/rpa-mba, O=Electronic
Data Systems, L=Plano, S=Texas, C=US</X509SubjectName>

However a Java base system is expecting the following:

X509SubjectName>[email protected], CN=MyName, OU=E-mail Address Not
Validated, OU=MBA SISAC Medium Assurance Individual Certificate,
OU=Terms of use at www.verisign.com/repository/rpa-mba, O=Electronic
Data Systems, L=Plano, ST=Texas, C=US</X509SubjectName>

Is their an clean way to get .Net to use ST instead of S?

Here is a sample of my current C# code:

X509Store store = new X509Store("My",StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2 x509Cert2 =store.Certificates.Find
(X509FindType.FindBySubjectName, "MyName", false)[0];
X509Certificate publicCert=x509Cert2;
KeyInfoX509Data kdata=new KeyInfoX509Data(publicCert);
kdata.AddSubjectName(x509Cert2.Subject);
KeyInfo keyinfo=new KeyInfo();
SignedXml sxml=new SignedXml(inputDoc);
sxml.KeyInfo=keyinfo;
sxml.ComputeSignature();



Thanks,
 
By Defalt .Net produces the following X509 Subject Name:

X509SubjectName>[email protected], CN=MyName, OU=E-mail Address Not
Validated, OU=MBA SISAC Medium Assurance Individual Certificate,
OU=Terms of use atwww.verisign.com/repository/rpa-mba, O=Electronic
Data Systems, L=Plano, S=Texas, C=US</X509SubjectName>

However a Java base system is expecting the following:

X509SubjectName>[email protected], CN=MyName, OU=E-mail Address Not
Validated, OU=MBA SISAC Medium Assurance Individual Certificate,
OU=Terms of use atwww.verisign.com/repository/rpa-mba, O=Electronic
Data Systems, L=Plano, ST=Texas, C=US</X509SubjectName>

Is their an clean way to get .Net to use ST instead of S?

Here is a sample of my current C# code:

X509Store store = new X509Store("My",StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2 x509Cert2 =store.Certificates.Find
(X509FindType.FindBySubjectName, "MyName", false)[0];
X509Certificate publicCert=x509Cert2;
KeyInfoX509Data kdata=new KeyInfoX509Data(publicCert);
kdata.AddSubjectName(x509Cert2.Subject);
KeyInfo keyinfo=new KeyInfo();
SignedXml sxml=new SignedXml(inputDoc);
sxml.KeyInfo=keyinfo;
sxml.ComputeSignature();

Thanks,
Click to expand...

Well, the one with S= is non-compliant and should be treated as a
bug. The RFC 2511 standard requires one of these:

C (country)
L (locality)
ST (state or province)
O (organization)
OU (organizational unit)
CN (common name)
STREET (street address)
E (E-mail address).
 
Back
Top