I am working on an integration which requires signing and encryption of the xml payload before passing it into the request content.
I am using java to sign and encrypt the xml document and this is what I get
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<xenc:CipherData>
<xenc:CipherValue>I1ik...</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>tTYZZ.....Vtl1WwQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
Using the above payload the response is 401 Status code and the below xml
<?xml version="1.0" encoding="UTF-8"?>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Recipient="name:">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<dsig:KeyInfo>
<dsig:KeyName/>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>*Named certificate '' not found*</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>*Named certificate '' not found*</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
Which certificate exactly is this named certificate and how do I add this detail to my encrypted payload
// Sign the XML
org.apache.xml.security.Init.init();
ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Element root = xmlDoc.getDocumentElement();
XMLSignature sig = new XMLSignature(xmlDoc, "file:", XMLSignature.ALGO_ID_SIGNATURE_RSA);
root.appendChild(sig.getElement());
Transforms transforms = new Transforms(xmlDoc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
KeyInfo info = sig.getKeyInfo();
X509Data x509data = new X509Data(xmlDoc);
x509data.add(new XMLX509IssuerSerial(xmlDoc,signCert));
x509data.add(new XMLX509Certificate(xmlDoc, signCert));
info.add(x509data);
sig.sign(privateSignKey);
// Encrypt the XML
String jceAlgorithmName = "DESede";
KeyGenerator keyGenerator = KeyGenerator.getInstance(jceAlgorithmName);
Key symmetricKey = keyGenerator.generateKey();
String algorithmURI = XMLCipher.RSA_v1dot5;
XMLCipher keyCipher = XMLCipher.getInstance(algorithmURI);
keyCipher.init(XMLCipher.WRAP_MODE, publicEncryptKey);
EncryptedKey encryptedKey = keyCipher.encryptKey(xmlDoc, symmetricKey);
Element rootElement = xmlDoc.getDocumentElement();
algorithmURI = XMLCipher.TRIPLEDES;
XMLCipher xmlCipher = XMLCipher.getInstance(algorithmURI);
xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = new KeyInfo(xmlDoc);
keyInfo.add(encryptedKey);
encryptedData.setKeyInfo(keyInfo);
xmlCipher.doFinal(xmlDoc, rootElement, false);
Issues Resolved API required a query parameter of client id.