cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shwetank <shwetan...@imaginea.com>
Subject Re: Signing SAML assertions for OWSM policies
Date Thu, 12 Apr 2012 04:48:14 GMT
On 11-04-2012 21:19, Shwetank wrote:
> On 11-04-2012 19:33, Colm O hEigeartaigh wrote:
>> You need to set SecurityConstants.SELF_SIGN_SAML_ASSERTION to "true"
>> in your configuration (and define the appropriate CallbackHandler and
>> crypto property tags):
>>
>> http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?view=markup

>>
>>
>> Colm.
>>
>> On Wed, Apr 11, 2012 at 2:40 PM, Shwetank<shwetank.s@imaginea.com>  
>> wrote:
>>> Hi
>>>
>>> Pardon me if i break a rule or two of mailing-list directives.
>>> I seek help on how to sign SAML 1.1 assertion with CXF 2.5.2 for
>>> holder-of-key confirmation method:
>>>
>>> a) an OWSM policy
>>> wss10_saml_hok_token_with_message_protection_service_policy is 
>>> applied to a
>>> test service
>>> b) the policy and wsdl look like following
>>>
>>> <?xml version="1.0"?>
>>> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"
>>> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
>>> xmlns:tns="http://owsm.test.wsa.bf.hs.com/"
>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" 
>>> name="POManagerService"
>>> targetNamespace="http://owsm.test.wsa.bf.hs.com/">
>>> <wsp:Policy
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> wsu:Id="POManagerPort_Fault_Policy"/>
>>> <wsp:Policy
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> wsu:Id="POManagerPort_Input_Policy">
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
>>> <sp:Header 
>>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
>>> <sp:Header Name="fmw-context"
>>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> <sp:Header Name="fmw-context"
>>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
>>> </sp:EncryptedParts>
>>> </wsp:Policy>
>>> <wsp:Policy
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> wsu:Id="POManagerPort_Output_Policy">
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> </sp:EncryptedParts>
>>> </wsp:Policy>
>>> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy"
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy"
>>> xmlns:orasp="http://schemas.oracle.com/ws/2006/01/securitypolicy"
>>> wsu:Id="wss10_saml_hok_token_with_message_protection_service_policy">
>>> <sp:AsymmetricBinding
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:InitiatorToken>
>>> <wsp:Policy>
>>> <sp:SamlToken
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

>>>
>>> <wsp:Policy>
>>> <sp:WssSamlV11Token10/>
>>> </wsp:Policy>
>>> </sp:SamlToken>
>>> </wsp:Policy>
>>> </sp:InitiatorToken>
>>> <sp:RecipientToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">

>>>
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10/>
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:RecipientToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic128/>
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Lax/>
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:IncludeTimestamp/>
>>> <sp:OnlySignEntireHeadersAndBody/>
>>> </wsp:Policy>
>>> </sp:AsymmetricBinding>
>>> <sp:Wss10 
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy/>
>>> </sp:Wss10>
>>> </wsp:Policy>
>>> <types>
>>> <xsd:schema>
>>> <xsd:import namespace="http://owsm.test.wsa.bf.hs.com/"
>>> schemaLocation="http://server:7001/testwebservice/POManagerPort?xsd=1"/> 
>>>
>>> </xsd:schema>
>>> </types>
>>> <message name="createOrder">
>>> <part name="parameters" element="tns:createOrder"/>
>>> </message>
>>> <message name="createOrderResponse">
>>> <part name="parameters" element="tns:createOrderResponse"/>
>>> </message>
>>> <portType name="POManager">
>>> <operation name="createOrder">
>>> <input message="tns:createOrder"/>
>>> <output message="tns:createOrderResponse"/>
>>> </operation>
>>> </portType>
>>> <binding name="POManagerPortBinding" type="tns:POManager">
>>> <soap:binding style="document"
>>> transport="http://schemas.xmlsoap.org/soap/http"/>
>>> <wsp:PolicyReference
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> URI="#wss10_saml_hok_token_with_message_protection_service_policy"
>>> wsdl:required="false"/>
>>> <operation name="createOrder">
>>> <soap:operation soapAction=""/>
>>> <input>
>>> <soap:body use="literal"/>
>>> <wsp:PolicyReference
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> URI="#POManagerPort_Input_Policy" wsdl:required="false"/>
>>> </input>
>>> <output>
>>> <soap:body use="literal"/>
>>> <wsp:PolicyReference
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> URI="#POManagerPort_Output_Policy" wsdl:required="false"/>
>>> </output>
>>> </operation>
>>> </binding>
>>> <service name="POManagerService">
>>> <port name="POManagerPort" binding="tns:POManagerPortBinding">
>>> <soap:address 
>>> location="http://server:7001/testwebservice/POManagerPort"/>
>>> <wsa:EndpointReference 
>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>> <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>> http://server:7001/testwebservice/POManagerPort
>>> </wsa:Address>
>>> <wsid:Identity
>>> xmlns:wsid="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
>>> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>>> <dsig:X509Data>
>>> <dsig:X509Certificate>
>>> ................
>>> </dsig:X509Certificate>
>>> <dsig:X509IssuerSerial>
>>> <dsig:X509IssuerName>
>>> .........
>>> </dsig:X509IssuerName>
>>> <dsig:X509SerialNumber>-....</dsig:X509SerialNumber>
>>> </dsig:X509IssuerSerial>
>>> <dsig:X509SubjectName>
>>> .......
>>> </dsig:X509SubjectName>
>>> </dsig:X509Data>
>>> </dsig:KeyInfo>
>>> </wsid:Identity>
>>> </wsa:EndpointReference>
>>> </port>
>>> </service>
>>> </definitions>
>>>
>>>
>>>
>>> c) following is message generated by cxf2.5.2 for this policy
>>>
>>> <?xml version="1.0"?>
>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>>> <soap:Header>
>>> <wsse:Security
>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

>>>
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> soap:mustUnderstand="1">
>>> <wsse:BinarySecurityToken
>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"

>>>
>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"

>>>
>>> wsu:Id="BC59F58138560D687613341497540725">MIIB+DCCAaICCQCbeQ7C1MJrOTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAkFQMQwwCgYDVQQHEwNIWUQxEDAOBgNVBAoTB3ByYW1hdGkxEDAOBgNVBAsTB3ByYW1hdGkxEjAQBgNVBAMTCXNvYWJwbS12bTEgMB4GCSqGSIb3DQEJARYRZW1haWxAcHJhbWF0aS5jb20wHhcNMTIwNDEwMTI1OTA0WhcNMTMwNDEwMTI1OTA0WjCBgjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAkFQMQwwCgYDVQQHEwNIWUQxEDAOBgNVBAoTB3ByYW1hdGkxEDAOBgNVBAsTB3ByYW1hdGkxEjAQBgNVBAMTCXNvYWJwbS12bTEgMB4GCSqGSIb3DQEJARYRZW1haWxAcHJhbWF0aS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1ZwvGTS5gxDgGjoHuaqY9dh26un58rF3YFpuNY6F9JROBooMmbEWAWlvN+kjrEBhoQhTMbnwp8Sa+sPxOI+b8QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAIlGPjJUTytuNsfeIy+dPFAT6XXN6sbiTTcFmhGUtP8q3XJRQCFlMKqFrWP/SVck8PPdH6fSO8EzOLLOYF5dkPQ==</wsse:BinarySecurityToken>

>>>
>>> <wsu:Timestamp wsu:Id="TS-1">
>>> <wsu:Created>2012-04-11T13:06:42.679Z</wsu:Created>
>>> <wsu:Expires>2012-04-11T13:11:42.679Z</wsu:Expires>
>>> </wsu:Timestamp>
>>> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>>> Id="EK-BC59F58138560D687613341497540724">
>>> <xenc:EncryptionMethod
>>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>> <wsse:SecurityTokenReference>
>>> <wsse:Reference URI="#BC59F58138560D687613341497540725"
>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

>>>
>>> </wsse:SecurityTokenReference>
>>> </ds:KeyInfo>
>>> <xenc:CipherData>
>>> <xenc:CipherValue>tUjFXfI6BPNO78XzWGThNnCvXloGK001IPwzMiEdz4XAuz86gaCCTJ5+KBVKTsMhGxXOVNaOWTeLo3VzMKYWPA==</xenc:CipherValue>

>>>
>>> </xenc:CipherData>
>>> <xenc:ReferenceList>
>>> <xenc:DataReference URI="#ED-3"/>
>>> </xenc:ReferenceList>
>>> </xenc:EncryptedKey>
>>> <saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> AssertionID="_BC59F58138560D687613341496647771"
>>> IssueInstant="2012-04-11T13:07:44.551Z" Issuer="www.oracle.com"
>>> MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType">
>>> <saml1:Conditions NotBefore="2012-04-11T13:07:44.838Z"
>>> NotOnOrAfter="2012-04-11T13:12:44.838Z"/>
>>> <saml1:AttributeStatement>
>>> <saml1:Subject>
>>> <saml1:NameIdentifier
>>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>>> NameQualifier="www.oracle.com">weblogic</saml1:NameIdentifier>
>>> <saml1:SubjectConfirmation>
>>> <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml1:ConfirmationMethod>

>>>
>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>> <ds:X509Data>
>>> <ds:X509Certificate>........................</ds:X509Certificate>
>>> </ds:X509Data>
>>> </ds:KeyInfo>
>>> </saml1:SubjectConfirmation>
>>> </saml1:Subject>
>>> <saml1:Attribute AttributeName="subject-role"
>>> AttributeNamespace="http://custom-ns">
>>> <saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
>>> xsi:type="xs:string">system-user</saml1:AttributeValue>
>>> </saml1:Attribute>
>>> </saml1:AttributeStatement>
>>> </saml1:Assertion>
>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-2">
>>> <ds:SignedInfo>
>>> <ds:CanonicalizationMethod
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> <ds:SignatureMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>> <ds:Reference URI="#TS-1">
>>> <ds:Transforms>
>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> </ds:Transforms>
>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>> <ds:DigestValue>/LPHR8sX+ptPaN8+iZYQxYwffG8=</ds:DigestValue>
>>> </ds:Reference>
>>> <ds:Reference URI="#Id-26930486">
>>> <ds:Transforms>
>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> </ds:Transforms>
>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>> <ds:DigestValue>ej9eQZSJOyVu6TgV8MO/exfxCeA=</ds:DigestValue>
>>> </ds:Reference>
>>> </ds:SignedInfo>
>>> <ds:SignatureValue>uBvdcZ7jkAty14s0tdMKGvI4z1lCbWDo2RQEWjJ9t6z9vASoB98l4NeshQz96JWDqpGFgb4wd93/f9ra0Y68xA==</ds:SignatureValue>

>>>
>>> <ds:KeyInfo Id="KI-BC59F58138560D687613341497504882">
>>> <wsse:SecurityTokenReference
>>> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"

>>>
>>> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"

>>>
>>> wsu:Id="STR-BC59F58138560D687613341497504923">
>>> <wsse:KeyIdentifier
>>> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_BC59F58138560D687613341496647771</wsse:KeyIdentifier>

>>>
>>> </wsse:SecurityTokenReference>
>>> </ds:KeyInfo>
>>> </ds:Signature>
>>> </wsse:Security>
>>> </soap:Header>
>>> <soap:Body
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

>>>
>>> wsu:Id="Id-26930486">
>>> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 
>>> Id="ED-3"
>>> Type="http://www.w3.org/2001/04/xmlenc#Content">
>>> <xenc:EncryptionMethod
>>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>> <wsse:SecurityTokenReference
>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

>>>
>>> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"

>>>
>>> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">

>>>
>>> <wsse:Reference URI="#EK-BC59F58138560D687613341497540724"/>
>>> </wsse:SecurityTokenReference>
>>> </ds:KeyInfo>
>>> <xenc:CipherData>
>>> <xenc:CipherValue>.............................</xenc:CipherValue>
>>> </xenc:CipherData>
>>> </xenc:EncryptedData>
>>> </soap:Body>
>>> </soap:Envelope>
>>>
>>>
>>> d) and i receive following error from OWSM (oracle web services 
>>> manager)
>>>
>>> Policy compliance failure: Header/Element
>>> NS=urn:oasis:names:tc:SAML:1.0:assertion; LocalName=Assertion must 
>>> be signed
>>> [WSM_PolicyName:
>>> oracle/wss10_saml_hok_token_with_message_protection_service_policy] The
>>> signed message elements or parts do not comply with the policy.
>>>
>>>
>>> i seek help to understand which part of the message is not being 
>>> signed..and
>>> why..or how could i sign it.
>>> am using the SamlCallbackHandler (supplied with tests) to add 
>>> attributes
>>>
>>> following is the callbackhandler code if that may help
>>>
>>> ///////////////////////////////////////////////////////////////////////////////

>>>
>>> public void handle(Callback[] callbacks) throws IOException,
>>> UnsupportedCallbackException {
>>>     for (int i = 0; i<  callbacks.length; i++)
>>>       if ((callbacks[i] instanceof SAMLCallback)) {
>>>         SAMLCallback callback = (SAMLCallback)callbacks[i];
>>>         if (this.saml2) {
>>>           callback.setSamlVersion(SAMLVersion.VERSION_20);
>>>         }
>>>         callback.setIssuer("www.oracle.com");
>>>         String subjectName = "weblogic";
>>>         String subjectQualifier = "www.oracle.com";
>>>
>>>         SubjectBean subjectBean = new SubjectBean(subjectName,
>>> subjectQualifier, this.confirmationMethod);
>>>
>>>         if
>>> (("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(this.confirmationMethod))

>>>
>>> ||
>>> ("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key".equals(this.confirmationMethod)))

>>>
>>> {
>>>           try
>>>           {
>>>             KeyInfoBean keyInfo = createKeyInfo();
>>>             subjectBean.setKeyInfo(keyInfo);
>>>           } catch (Exception ex) {
>>>             throw new IOException("Problem creating KeyInfo: " +
>>> ex.getMessage());
>>>           }
>>>         }
>>>
>>>         callback.setSubject(subjectBean);
>>>
>>>         AttributeStatementBean attrBean = new AttributeStatementBean();
>>>         attrBean.setSubject(subjectBean);
>>>
>>>         AttributeBean attributeBean = new AttributeBean();
>>>         if (this.saml2) {
>>>           attributeBean.setQualifiedName("subject-role");
>>>         } else {
>>>           attributeBean.setSimpleName("subject-role");
>>>           attributeBean.setQualifiedName("http://custom-ns");
>>>         }
>>>
>>>   
>>> attributeBean.setAttributeValues(Collections.singletonList("system-user"));
>>>         
>>> attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
>>>
>>>   
>>> callback.setAttributeStatementData(Collections.singletonList(attrBean)); 
>>>
>>>       }
>>>   }
>>>
>>>   protected KeyInfoBean createKeyInfo() throws Exception
>>>   {
>>>     Crypto crypto = CryptoFactory.getInstance("signature.properties");
>>>
>>>     CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
>>>     cryptoType.setAlias("myprivate");
>>>     X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
>>>
>>>     KeyInfoBean keyInfo = new KeyInfoBean();
>>>     keyInfo.setCertificate(certs[0]);
>>>     keyInfo.setCertIdentifer(KeyInfoBean.CERT_IDENTIFIER.X509_CERT);
>>>
>>>     return keyInfo;
>>>   }
>>>
>>> //////////////////////////////////////////////////////////////////////////////

>>>
>>>
>>>
>>
>>
> i did use that as well..but that would rather add a certificate to 
> Signature..and nothing else is the motive because we are claiming to 
> use a self signed certificate for sending message.
> however, the problem here is with response not containing any 
> certificate.
> please help me understand what keystore/truststore configuration would 
> it require (if that is the problem at all). for now i have configured 
> a custom identity/trust using a certificate/private key which i 
> generated adding myself as a CA.
> Please suggest what more would it need..
>
> thanks for replying!


oops!!sorry!...no, the problem is not with " response not containing any 
certificate." ..i messed up another problem into this in last update.
this is just about assertion not being signed.

Policy compliance failure: Header/Element 
NS=urn:oasis:names:tc:SAML:1.0:assertion; LocalName=Assertion must be 
signed

please suggest!

Mime
View raw message