Re: [WSS4J] XML-Signature with signer certificate - how to?

["G.MADHUSUDAN" <ma...@recipio.net>]

Le mer 25/02/2004 à 07:11, Nachiappan Narayanan a écrit :
> All,
>  
>  Im exploring on XML-Signature. The default KeyIdentifier Type is
> WSConstants.ISSUER_SERIAL
> This format sends the Key Information as follows:
>  
>    <ds:KeyInfo Id="id-610399">
>     <wsse:SecurityTokenReference>
>      <ds:X509IssuerSerial>
>       <ds:X509IssuerName>CN=Nithya Mani</ds:X509IssuerName>
>       <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
>      </ds:X509IssuerSerial>
>     </wsse:SecurityTokenReference>
>    </ds:KeyInfo>
>    
>  Here, the tag <wsse:SecurityTokenReference>.... is it proprietary to
> WSS4J? 
>  

This tag is defined in the WS-Security spec - see
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/

The X509 certificate is included as a Binary Security Token.
See the example in the above spec.

Madhusudan,G.


>  
>  
>  
>  I want to send the Sender/Signer's Public Key along with the SOAP
> Request as follows:
>  
>        <dsig:KeyInfo>
>        
>        <dsig:X509Data>
>  
>           <dsig:X509SubjectName>CN=Nithya Mani, OU=Roxer, O=Infravio,
> L=Chennai, ST=TN, C=IN</dsig:X509SubjectName>
>  
>           <dsig:X509Certificate>
>  
>            
> MIIEqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMC
>  
>            
> SUUxDzANBgNVBAgTBkR1YmxpbjERMA8GA1UEBxMIRHVibGluIDQxFDASBgNV
>  
>            
> BAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQLExhSZXNlYXJjaCBBbmQgRGV2ZWxv
>  
>            
> cG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBDQSBTZWxmIFNpZ25lZCBSb290MB4X
>  
>            
> DTAzMDcwMjE2MTU1NloXDTEzMDYyOTE2MTU1NlowgYAxCzAJBgNVBAYTAklF
>  
>            
> MQ8wDQYDVQQIEwZEdWJsaW4xETAPBgNVBAcTCER1YmxpbiA0MRQwEgYDVQQK
>  
>            
> EwtWb3JkZWwgTHRkLjEhMB8GA1UECxMYUmVzZWFyY2ggQW5kIERldmVsb3Bt
>  
>            
> ZW50MRQwEgYDVQQDEwtTYW1wbGUgVXNlcjCCASIwDQYJKoZIhvcNAQEBBQAD
>  
>            
> ggEPADCCAQoCggEBALo5Y51NZy++4//SabaNmBuVpDZwAKdCgn8MQ6CnSdS3
>  
>            
> 5Hhg7Qs3FzKzX+N55/wmLh9A3ON10VTqMZw3qGDQMM28wZWIMrsq1eqUoe56
>  
>            
> s2whA/vHsU20uyfdprFCWqfVjYG5u9xUfqhFTd/pTJ54Ue5meivAMt2hnolH
>  
>            
> osJ+RDqnI2sB2T9+V6MmPCDPG1q3tnlVriQ3Ze/4f3DDdr/vOJEZeLZfq3Es
>  
>            
> GXoR8o5DJfyBp/x9mkrBtmWj0CjdGUJw85MXlUaWP7kan9nAZPfRYDg/gg10
>  
>            
> L36MbBlnK0Bgqm8VJ/5jo7bm95LPbF4EdrDuImDgO8kHGVx/0q7ie/OeKTUC
>  
>            
> AwEAAaOCARswggEXMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
>  
>            
> U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRl4c0FfIzcF1S3
>  
>            
> UDjbmXu7X+duATCBvAYDVR0jBIG0MIGxgBSMFNQiJRrpUiLgYM2vM74gLA/7
>  
>            
> Q6GBlaSBkjCBjzELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjERMA8G
>  
>            
> A1UEBxMIRHVibGluIDQxFDASBgNVBAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQL
>  
>            
> ExhSZXNlYXJjaCBBbmQgRGV2ZWxvcG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBD
>  
>            
> QSBTZWxmIFNpZ25lZCBSb290ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQCyCwQu
>  
>            
> GElQ4JlAgYujLDI9ZyCKw6hqadYEiQUX+wG5lIIUAX8lPn5P+ncoWBI6DFtt
>  
>            
> EGlKVeaIsf5xpY5Xfzwh+auLUqghc++R8xRpW611ISrp7iQS1clgiKwbCT5B
>  
>            
> jHIgZT16s44XXRXK+d93DGyn8gXzkICNDxiXgSwS3yDW7ibsUmEZfT+TlJef
>  
>            
> 4GjuGPRyZ35eNsGgOMHdmyHxOFntgSV3NtVRHqwLFAIm8EFwI5/YR5x9MB7L
>  
>            
> 9nJdwf6IS3Lp4fweteBY8kOJ7ekd+hB5hOvZnID1/qI5b4jhQ+Z0Dz0jtym5
>  
>             P4Lh2TqGntQDlpL5zzX4b1cXXTid1XluWoT/
>  
>           </dsig:X509Certificate>
>  
>         </dsig:X509Data>
>  
>       </dsig:KeyInfo>
>  
>  
>  In order to do so, what type of KeyIdentifier should i set to the
> WSSignEnvelope Object?
>  
> Regards,
> Nachiappan.N
>  
>