You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Nachiappan Narayanan <Na...@infravio.com> on 2004/02/25 07:11:54 UTC
XML-Signature with signer certificate - how to?
All,
Im exploring on XML-Signature. The default KeyIdentifier Type is WSConstants.ISSUER_SERIAL
This format sends the Key Information as follows:
<ds:KeyInfo Id="id-610399">
<wsse:SecurityTokenReference>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Nithya Mani</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
Here, the tag <wsse:SecurityTokenReference>.... is it proprietary to WSS4J?
I want to send the Sender/Signer's Public Key along with the SOAP Request as follows:
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509SubjectName>CN=Nithya Mani, OU=Roxer, O=Infravio, L=Chennai, ST=TN, C=IN</dsig:X509SubjectName>
<dsig:X509Certificate>
MIIEqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMC
SUUxDzANBgNVBAgTBkR1YmxpbjERMA8GA1UEBxMIRHVibGluIDQxFDASBgNV
BAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQLExhSZXNlYXJjaCBBbmQgRGV2ZWxv
cG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBDQSBTZWxmIFNpZ25lZCBSb290MB4X
DTAzMDcwMjE2MTU1NloXDTEzMDYyOTE2MTU1NlowgYAxCzAJBgNVBAYTAklF
MQ8wDQYDVQQIEwZEdWJsaW4xETAPBgNVBAcTCER1YmxpbiA0MRQwEgYDVQQK
EwtWb3JkZWwgTHRkLjEhMB8GA1UECxMYUmVzZWFyY2ggQW5kIERldmVsb3Bt
ZW50MRQwEgYDVQQDEwtTYW1wbGUgVXNlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALo5Y51NZy++4//SabaNmBuVpDZwAKdCgn8MQ6CnSdS3
5Hhg7Qs3FzKzX+N55/wmLh9A3ON10VTqMZw3qGDQMM28wZWIMrsq1eqUoe56
s2whA/vHsU20uyfdprFCWqfVjYG5u9xUfqhFTd/pTJ54Ue5meivAMt2hnolH
osJ+RDqnI2sB2T9+V6MmPCDPG1q3tnlVriQ3Ze/4f3DDdr/vOJEZeLZfq3Es
GXoR8o5DJfyBp/x9mkrBtmWj0CjdGUJw85MXlUaWP7kan9nAZPfRYDg/gg10
L36MbBlnK0Bgqm8VJ/5jo7bm95LPbF4EdrDuImDgO8kHGVx/0q7ie/OeKTUC
AwEAAaOCARswggEXMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRl4c0FfIzcF1S3
UDjbmXu7X+duATCBvAYDVR0jBIG0MIGxgBSMFNQiJRrpUiLgYM2vM74gLA/7
Q6GBlaSBkjCBjzELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjERMA8G
A1UEBxMIRHVibGluIDQxFDASBgNVBAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQL
ExhSZXNlYXJjaCBBbmQgRGV2ZWxvcG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBD
QSBTZWxmIFNpZ25lZCBSb290ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQCyCwQu
GElQ4JlAgYujLDI9ZyCKw6hqadYEiQUX+wG5lIIUAX8lPn5P+ncoWBI6DFtt
EGlKVeaIsf5xpY5Xfzwh+auLUqghc++R8xRpW611ISrp7iQS1clgiKwbCT5B
jHIgZT16s44XXRXK+d93DGyn8gXzkICNDxiXgSwS3yDW7ibsUmEZfT+TlJef
4GjuGPRyZ35eNsGgOMHdmyHxOFntgSV3NtVRHqwLFAIm8EFwI5/YR5x9MB7L
9nJdwf6IS3Lp4fweteBY8kOJ7ekd+hB5hOvZnID1/qI5b4jhQ+Z0Dz0jtym5
P4Lh2TqGntQDlpL5zzX4b1cXXTid1XluWoT/
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
In order to do so, what type of KeyIdentifier should i set to the WSSignEnvelope Object?
Regards,
Nachiappan.N
Re: [WSS4J] XML-Signature with signer certificate - how to?
Posted by "G.MADHUSUDAN" <ma...@recipio.net>.
Le mer 25/02/2004 à 07:11, Nachiappan Narayanan a écrit :
> All,
>
> Im exploring on XML-Signature. The default KeyIdentifier Type is
> WSConstants.ISSUER_SERIAL
> This format sends the Key Information as follows:
>
> <ds:KeyInfo Id="id-610399">
> <wsse:SecurityTokenReference>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=Nithya Mani</ds:X509IssuerName>
> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
> Here, the tag <wsse:SecurityTokenReference>.... is it proprietary to
> WSS4J?
>
This tag is defined in the WS-Security spec - see
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
The X509 certificate is included as a Binary Security Token.
See the example in the above spec.
Madhusudan,G.
>
>
>
> I want to send the Sender/Signer's Public Key along with the SOAP
> Request as follows:
>
> <dsig:KeyInfo>
>
> <dsig:X509Data>
>
> <dsig:X509SubjectName>CN=Nithya Mani, OU=Roxer, O=Infravio,
> L=Chennai, ST=TN, C=IN</dsig:X509SubjectName>
>
> <dsig:X509Certificate>
>
>
> MIIEqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMC
>
>
> SUUxDzANBgNVBAgTBkR1YmxpbjERMA8GA1UEBxMIRHVibGluIDQxFDASBgNV
>
>
> BAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQLExhSZXNlYXJjaCBBbmQgRGV2ZWxv
>
>
> cG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBDQSBTZWxmIFNpZ25lZCBSb290MB4X
>
>
> DTAzMDcwMjE2MTU1NloXDTEzMDYyOTE2MTU1NlowgYAxCzAJBgNVBAYTAklF
>
>
> MQ8wDQYDVQQIEwZEdWJsaW4xETAPBgNVBAcTCER1YmxpbiA0MRQwEgYDVQQK
>
>
> EwtWb3JkZWwgTHRkLjEhMB8GA1UECxMYUmVzZWFyY2ggQW5kIERldmVsb3Bt
>
>
> ZW50MRQwEgYDVQQDEwtTYW1wbGUgVXNlcjCCASIwDQYJKoZIhvcNAQEBBQAD
>
>
> ggEPADCCAQoCggEBALo5Y51NZy++4//SabaNmBuVpDZwAKdCgn8MQ6CnSdS3
>
>
> 5Hhg7Qs3FzKzX+N55/wmLh9A3ON10VTqMZw3qGDQMM28wZWIMrsq1eqUoe56
>
>
> s2whA/vHsU20uyfdprFCWqfVjYG5u9xUfqhFTd/pTJ54Ue5meivAMt2hnolH
>
>
> osJ+RDqnI2sB2T9+V6MmPCDPG1q3tnlVriQ3Ze/4f3DDdr/vOJEZeLZfq3Es
>
>
> GXoR8o5DJfyBp/x9mkrBtmWj0CjdGUJw85MXlUaWP7kan9nAZPfRYDg/gg10
>
>
> L36MbBlnK0Bgqm8VJ/5jo7bm95LPbF4EdrDuImDgO8kHGVx/0q7ie/OeKTUC
>
>
> AwEAAaOCARswggEXMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
>
>
> U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRl4c0FfIzcF1S3
>
>
> UDjbmXu7X+duATCBvAYDVR0jBIG0MIGxgBSMFNQiJRrpUiLgYM2vM74gLA/7
>
>
> Q6GBlaSBkjCBjzELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjERMA8G
>
>
> A1UEBxMIRHVibGluIDQxFDASBgNVBAoTC1ZvcmRlbCBMdGQuMSEwHwYDVQQL
>
>
> ExhSZXNlYXJjaCBBbmQgRGV2ZWxvcG1lbnQxIzAhBgNVBAMTGlZvcmRlbCBD
>
>
> QSBTZWxmIFNpZ25lZCBSb290ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQCyCwQu
>
>
> GElQ4JlAgYujLDI9ZyCKw6hqadYEiQUX+wG5lIIUAX8lPn5P+ncoWBI6DFtt
>
>
> EGlKVeaIsf5xpY5Xfzwh+auLUqghc++R8xRpW611ISrp7iQS1clgiKwbCT5B
>
>
> jHIgZT16s44XXRXK+d93DGyn8gXzkICNDxiXgSwS3yDW7ibsUmEZfT+TlJef
>
>
> 4GjuGPRyZ35eNsGgOMHdmyHxOFntgSV3NtVRHqwLFAIm8EFwI5/YR5x9MB7L
>
>
> 9nJdwf6IS3Lp4fweteBY8kOJ7ekd+hB5hOvZnID1/qI5b4jhQ+Z0Dz0jtym5
>
> P4Lh2TqGntQDlpL5zzX4b1cXXTid1XluWoT/
>
> </dsig:X509Certificate>
>
> </dsig:X509Data>
>
> </dsig:KeyInfo>
>
>
> In order to do so, what type of KeyIdentifier should i set to the
> WSSignEnvelope Object?
>
> Regards,
> Nachiappan.N
>
>