[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Signing an XML document using XMLDSIG

From: Peter Connell <Peter.Connell@xxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Signing an XML document using XMLDSIG
Date: Thu, 9 Oct 2014 18:36:05 +0000

No, but you can call the classes from RPG

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Loek Maartens
Sent: Thursday, 9 October 2014 3:33 p.m.
To: HTTPAPI and FTPAPI Projects
Subject: Re: Signing an XML document using XMLDSIG

HI Theo,

It seems there are no takers, so I will tell what I have done to fix this;

I put the message to be signed, and put that on a data queue. I had a java guy write the java program based on the software from the bouncy castle (a real name) open source security software to do the cn-14 and digital singing. Then the signed message was put back to the response data queue, which I then send using httpapi. Besides the simple fact that you can not do this in RPG at all, the benefit of running it to a java signing server on the i has the benefit that after the first invocation the performance is really very good (at the time this was on a model 270).

The java expert was ready in a week, including the provision of test cases, and some performance testing. You just can not do this in RPGLE.

Kind regards,

Loek Maartens.

On 8-10-2014 4:24, Theo Kusters wrote:
>     Hi all,
>
>     We have a working SOAP based webservice consumer based on the HTTPAPI.
>
>     Now we have to extend this SOAP message with a digital signature using
>     the algorithm xmldsig#enveloped-signature. It should look like this:
>
>               <Signature xmlns="[1]http://www.w3.org/2000/09/xmldsig#";>
>                 <SignedInfo>
>
>     <CanonicalizationMethod Algorithm="[2]http://www.w3.org/TR/2001/REC-xml
>     -c14n-20010315"/>
>
>     <SignatureMethod Algorithm="[3]http://www.w3.org/2000/09/xmldsig#rsa-sh
>     a1"/>
>                   <Reference URI="">
>                     <Transforms>
>
>     <Transform Algorithm="[4]http://www.w3.org/2000/09/xmldsig#enveloped-si
>     gnature"/>
>                     </Transforms>
>
>     <DigestMethod Algorithm="[5]http://www.w3.org/2000/09/xmldsig#sha1"/>
>                     <DigestValue>...</DigestValue>
>                   </Reference>
>                 </SignedInfo>
>                 <SignatureValue>...</SignatureValue>
>                 <KeyInfo>
>                   <X509Data>
>                     <X509Certificate>...</X509Certificate>
>                   </X509Data>
>                 </KeyInfo>
>               </Signature>
>
>     This is really new stuff to me. After doing some research
>     ([6]http://www.di-mgt.com.au/xmldsig.html was very helpful) I think I
>     have to answer the following questions.
>
>       * How to create a canonical (C14n) XML?
>       * How to compute the Message digest?
>       * How to compute the Signature value?
>       * How do I retrieve/compute the information for the X509Certificate
>         tag?
>
>     What I really need now is a translation to RPG based tools or examples
>     how to set this up.
>
>     Any help would be appreciated.
>
>     Kind regards,
>
>     Theo
>
>     De informatie in dit e-mailbericht is vertrouwelijk. Het zonder
>     toestemming openbaar maken, kopieren, verspreiden of gebruiken is
>     verboden en kan onwettig zijn. Indien u dit bericht onterecht ontvangt,
>     gelieve de afzender hiervan onmiddellijk op de hoogte te stellen en het
>     gehele bericht uit uw systeem te verwijderen.
>
>     This e-mail is confidential. Any unauthorized disclosure, copying,
>     distribution or use is prohibited and may be unlawful. If you have
>     received this communication in error, please immediately notify the
>     sender and delete the entire communication from your system.
>
> References
>
>     1. http://www.w3.org/2000/09/xmldsig
>     2. http://www.w3.org/TR/2001/REC-xml-c14n-20010315
>     3. http://www.w3.org/2000/09/xmldsig#rsa-sha1
>     4. http://www.w3.org/2000/09/xmldsig#enveloped-signature
>     5. http://www.w3.org/2000/09/xmldsig#sha1
>     6. http://www.di-mgt.com.au/xmldsig.html
>
>
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -

#####################################################################################

This correspondence is for the named person's use only. It may 
contain confidential or legally privileged information, or both.
No confidentiality or privilege is waived or lost by any 
mistransmission. If you receive this correspondence in error, 
please immediately delete it from your system and notify the sender.
You must not disclose, copy or rely on any part of this correspondence
if you are not the intended recipient. Any views expressed in this 
message are those of the individual sender, except where the sender
expressly, and with authority, states them to be the views of
Veda. If you need assistance, please contact Veda :- 
Australia http://www.veda.com.au/contact-us  or New Zealand +64 9 367 6200
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Signing an XML document using XMLDSIG
  - From: Theo Kusters
- Re: Signing an XML document using XMLDSIG
  - From: Loek Maartens

Prev by Date: Re: Signing an XML document using XMLDSIG
Next by Date: RE: Bank Routing Number Validation Web Service
Previous by thread: Re: Signing an XML document using XMLDSIG
Next by thread: How to create a security certificates on HTTPAPI
Index(es):
- Date
- Thread