axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Geuer-Pollmann <geuer-pollm...@nue.et-inf.uni-siegen.de>
Subject Re: XML Security Job Offer: Axis Connector
Date Thu, 17 Jan 2002 10:06:17 GMT
Hi Ted,

I give an example: I create an enveloping Signature (signing the _complete_ 
message) and retrieve the signed contents (message without Signature where 
message means a byte[] array) after verification. Retrieval of the signed 
contents means a call inside the security package.

--- Client ---

Instead of signing the SOAP body using the call

bodyElem.setAttributeNS(
    SOAPSECNS,
    SOAPSECprefix + ":" + "id", "Body");
sig.addDocument("#Body");

you sign the complete Document using the empty URI "" and you add an 
Enveloped-Signature-Transform. In that case, you do not need to 'tag' the 
body with the SOAP-SEC:id="Body" attribute.

Transforms transforms = new Transforms(doc);
transforms.addTransform(
    Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
sig.addDocument("", transforms);

--- Server ---

boolean verify = sig.checkSignatureValue(sig.getKeyInfo().getPublicKey());
if (!verify) {
   // discard this SOAP request, it's not authenticated !!!
   throw new RuntimeException("Someone messed with our message");
}
// OK, we have a valid signature, but we don't know what was signed.
// The signed bytes are here:

byte[] completeSOAPmessage = sig.getSignedInfo().getSignedContentItem(i)
ByteArrayInputStream bais = new ByteArrayInputStream(completeSOAPmessage);
Document signedDoc = documentFactory.parse(bais);
// now create a new SOAP message hereof



Regards,
Christian





--On Mittwoch, 16. Januar 2002 15:44 -0800 "Theodore W. Leung" 
<twleung@sauria.com> wrote:

> So it sounds like we need to expand our functionality to allow passing
> in the transform that is to be used.  I can envision wanting to sign the
> entire envelope for full security, and I can image wanting to sign just
> pieces of the message.
>
> On Tue, 2002-01-15 at 16:02, Christian Geuer-Pollmann wrote:
>> Ted,
>>
>> the second option depends on what you sign. XML Signature has defferent
>> concepts of signature types, namely enveloped, enveloping and detached
>> signatures.
>>
>> If you put the signature into the SOAP header and this signature signs
>> the  complete body, you have a detached signature which means that the
>> signature  and the signed contents are not in any
>> parent-child-relationship. If you  retrieve the signed contents, you do
>> not get the complete SOAP msg but only  the body.
>
> When you say "retreive the signed contents" here, do you mean calling
> some API in xml-security like XMLSignature#getObjectItem()- or are you
> just stating that the body is the only thing that has been signed.
>
>> If you do not sign the body (using "#Body" and no transforms) but the
>> complete document (using the URI="" and an
>> enveloped-signature-Transform),  the signature is child (inside) of the
>> signed contents. The enveloped  signature transform removes the
>> signature from the document prior to  verification (a signature can't
>> sign itself). In that case, you simply have  to retrieve the signed
>> contents and re-parse to create a new - and now  authenticated and
>> non-repudiatable - SOAP message.
>
> In this case, it again sounds like I need to call some xml-security API
> (maybe XMLSignature#getElement()) to get the signed contents after
> verification.
>
> Am I on the right track here?
>
> Ted
>
>> Christian
>>
>>
>> --On Dienstag, 15. Januar 2002 11:08 -0800 "Theodore W. Leung"
>> <twleung@sauria.com> wrote:
>>
>> > Dims, Christian,
>> >
>> > I didn't get to work much on the code yesterday, and my day is shot
>> > today.  I should have time to work on this tomorrow.  Sorry for the
>> > delay.
>> >
>> > About the second option you mention here -- the new document should
>> > contain the body without the signature right?   I'm concerned about the
>> > performance impact of all the conversion between Axis' message
>> > representation and the DOM.
>> >
>> > Ted
>> >
>> >
>> > On Tue, 2002-01-15 at 09:16, Davanum Srinivas wrote:
>> >> Christian,
>> >>
>> >> I definitely agree with you that verify is not enough...Yes, the
>> >> sample should implement "Best Practice(s)" related to how the
>> >> xml-security code should be used. Am happy to accept patches on
>> >> behalf of the Axis team :) The sooner we can get the full automated
>> >> tests of Axis running with Signed Messages the better.
>> >>
>> >> Thanks,
>> >> dims
>> >>
>> >> --- Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
>> >> wrote:
>> >> > Hi dims,
>> >> >
>> >> > one thing about signed SOAP messages. The xml-security project
>> >> > allows you  to sign and verify 'resources'. It allows to to request
>> >> > (after you called  'verify()') to find out _what_ bytes have been
>> >> > signed. Now the problem (not  a problem for unit testing but for
>> >> > people who really rely on that):
>> >> >
>> >> > If you get a SOAP message with a Signature, you verify that the
>> >> > signature  is valid and then you start processing, you shoot
>> >> > yourself into the knee  because you did not check _what_ was
>> >> > signed. Imagine you want your server  only to process messages
>> >> > whose complete Body has been signed by the client.  Then you must
>> >> > check that the Body was signed and nothing unimportant just  to
>> >> > create a valid Signature. Maybe the discussion on the XML Signature
>> >> > Mailing list clarifies this [1].
>> >> >
>> >> > Note: This is OK for unit testing but for a real-world-Scenario,
>> >> > there must  be more than simply XMLSIgnature.verify(). This 'more'
>> >> > can be
>> >> >
>> >> > - is the URI of the signed Resource the Body and is there no
>> >> > transform which deleted 'bad' nodes from the document.
>> >> > - Get the bytes from the Signature object and re-parse them into a
>> >> > new document and use THIS new document which contains the pure Body
>> >> > for further  processing (this second option is - from my point of
>> >> > view - the better and  more reliable one).
>> >> >
>> >> >
>> >> > Regards,
>> >> > Christian
>> >> >
>> >> > [1]
>> >> > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/001
>> >> > 3.h tml
>> >> >
>> >> > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/000
>> >> > 6.h tml
>> >> >
>> >> > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/thr
>> >> > ead .html
>> >> >
>> >> >
>> >> > --On Montag, 14. Januar 2002 06:31 -0800 Davanum Srinivas
>> >> > <dims@yahoo.com>  wrote:
>> >> >
>> >> > > Thanks Ted...Checked in the Patches, please cross-check.
>> >> > >
>> >> > > Also,
>> >> > > Can you please add a Client Side Handler? So that all messages
are
>> >> > > "automatically" signed? One Objective is to be able to run the
>> >> > > whole automated test suite with this Handler switched on to see
>> >> > > if anything breaks in either xml-security code or in xml-axis's
>> >> > > code. This will also enable an Admin type person to ensure that
>> >> > > SOAP messages are automatically signed as the Handlers can be
>> >> > > specified as a setup task without needing to modify sources.
>
>
>






Mime
View raw message