ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <ruchith.ferna...@gmail.com>
Subject Re: SignatureConfirmation with handler chaining
Date Tue, 08 Nov 2005 14:24:51 GMT
Hi Werner,

Great !!!.
Thanks a lot for the information.

This is the scenario I'm concerned with: We have to create a session
key (K), encrypt it with the service's public key (create an encrypted
key with the key identifier being 'ThumbprintSHA1'). Then K is used to
do hmac-sha1 of all headers and body - this is the first signaure.
Then we have to sign (rsa-sha1) the first signature with the client's
public key using a direct reference to the certificate. The only
blocker I seem to have with this scenario is that we can't seem to do
the first signature. I'll attach the sample msg that is expected by
the service (Indigo) that I'm trying to interoperate with.

Thanks
Ruchith

On 11/8/05, Dittmann, Werner <werner.dittmann@siemens.com> wrote:
> Ruchith,
>
> a specific handling for handler chaining is not necessary
> anymore. Ut's handled transparently in the SignatureConfirmation
> code inside WSS4JHandler. Thus you may go on testing it
> with Axis 2
>
> Regards,
> Werner
>
> > -----Urspr√ľngliche Nachricht-----
> > Von: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> > Gesendet: Freitag, 4. November 2005 14:58
> > An: Ruchith Fernando
> > Cc: wss4j-dev@ws.apache.org
> > Betreff: Re: SignatureConfirmation with handler chaining
> >
> > Ruchith,
> >
> > need to look at what was wrong when doing chaining. I'll check
> > my internal testcases and give you some info tomorrow.
> >
> > Regards,
> > Werner
> >
> > Ruchith Fernando wrote:
> > > Hi Werner,
> > >
> > > If possible, can you please give me some points as to what
> > we need to
> > > do to get sig-confirmation working with handler chaining in
> > Axis 1.x.
> > >
> > > I'm trying to do the same with Axis2 security module.
> > >
> > >
> > >>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first
> > impl of SignatureConfirmation :
> > >>
> > >>If anybody is going to test this _and_ uses the handler chaining
> > >>feature of WSS4J pls ask for additional info. In this case one
> > >>specific modification in the WSDD files may be required.
> > >
> > >
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 9/6/05, Werner Dittmann <Werner.Dittmann@t-online.de> wrote:
> > >
> > >>All,
> > >>
> > >>with the next checkin a first step of the SIgnatureConfirmation
> > >>feature of WSS 1.1 is done.
> > >>
> > >>Because of some open issues with the spec this first implementation
> > >>assumes:
> > >>
> > >>- generate SignatureConfirmation for every Signature of every
> > >>  wsse:Security header of the request - there my be several
> > >>  wsse:Security headers in one request (with different actor/role)
> > >>
> > >>- place all SignatureConfirmation elements together in one
> > >>  wsse:Security header of the response. This because it is not
> > >>  necessary that the wsse:Security headers have a one-to-one
> > >>  relationship with the request headers.
> > >>
> > >>- do not sign SignatureConfirmation yet - here are IMHO
> > some open issues
> > >>  in the spec
> > >>
> > >>- do not encrypt even if the Signature block of the request was
> > >>  encrypted. I doubt if such an encryption makes sense.
> > >>
> > >>To enable and test this feature you need to download the source
> > >>from SVN (trunk head), set the variable
> > "enableSignatureConfirmation"
> > >>to "true" (for the time being it set to "false" by default).
> > >>
> > >>If anybody is going to test this _and_ uses the handler chaining
> > >>feature of WSS4J pls ask for additional info. In this case one
> > >>specific modification in the WSDD files may be required.
> > >>
> > >>Regards,
> > >>Werner
> > >>
> > >>
> > >>
> > >>
> > >>------------------------------------------------------------
> > ---------
> > >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > Ruchith
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>


--
Ruchith

Mime
View raw message