Hi all, I've noticed there's no Clojure library for doing XML Digital signatures. So I'll probably put one out there, if I can completely solve this problem. Using Java's *XML Digital Signature API <http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html>*, I'm trying to get the source XML (*fig.1*) to look like a certain output ( *fig.2*). However, I'm getting stuck with another output (*fig.3*).
Now, XML Signatures come in 3 forms i) detached, ii) enveloping and iii) enveloped. But the XML in *fig.2* has the signature in the Header path [*soapenv:Envelope / soapenv:Header / wsse:Security*]. I imagine that's using XML Signature's XPath Reference Processing Model<http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel>. So I mainly want to put the xml Signature in the Header. But there are a lot of other things that need to get ironed out, in order to arrive at the XML in fig.2. - Using the Java API<http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html#wp511436>, how would I put the <soapenv:Signature> into the Header [*soapenv:Header / wsse:Security*] - Using the same API, into [*soapenv:Header / wsse:Security*] how would I add - [wsse:Security / wsse:BinarySecurityToken] ;; Binary Security Token Direct Reference - [wsu:Timestamp / ws:Created] - [wsu:Timestamp / ws:Expires] - <dg:Signature> (and child tags) are namespaced. Using the same API, how do I add the namespace and prefix (generated tags are not namespaced by default). - Is the <ds:Reference {URI}> attribute meaningful? (must it be populated). - Is it significant, the fact that <ds:SignedInfo> has 2 <ds:Reference> tags - [*ds:KeyInfo / wsse:SecurityTokenReference*] and [*ds:KeyInfo / wsse:SecurityTokenReference / wsse:Reference*] in fig.2 is different from [*KeyInfo / KeyValue / DSAKeyValue*] tags in fig.3. *Materials * <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:mod=' http://www.hewitt.com/hro/benefits/fndt/hasbro/model' xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/ '> <soapenv:Header></soapenv:Header> <soapenv:Body wsu:Id='id-3' xmlns:wsu=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> <mod:submitServiceRequest> <mod:userId>3XATH</mod:userId> <mod:serviceId>Genesys.addExceptionForAgent</mod:serviceId> <mod:inputXml></mod:inputXml> </mod:submitServiceRequest> </soapenv:Body> </soapenv:Envelope> fig.1 - source XML <?xml version="1.0 <http://www.w3.org/TR/REC-xml/>"?> <soapenv:Envelope xmlns:mod="http://www.hewitt.com/hro/benefits/fndt/hasbro/model"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-fubar">fubar</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-70"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>fubar</ds:DigestValue> </ds:Reference> <ds:Reference URI="#fubar"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>fubar=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> fubar </ds:SignatureValue> <ds:KeyInfo Id="fubar"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="fubar"> <wsse:Reference URI="#fubar" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-5"> <wsu:Created>fubar</wsu:Created> <wsu:Expires>fubar</wsu:Expires> </wsu:Timestamp> </wsse:Security></soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-70"> <mod:submitServiceRequest> <mod:userId>fubar</mod:userId> <mod:serviceId>fubar</mod:serviceId> <mod:inputXml> <![CDATA[<HA-TBA-INPUT> <HA-SIGNON> <CLNT-ID>fubar</CLNT-ID> <EE-ID>fubar</EE-ID> <MODEL-ID>fubar</MODEL-ID> <DTD-LBL-CD>fubar</DTD-LBL-CD> </HA-SIGNON> <SERVICE-REQUEST> <SERVICE-NAME>fubar</SERVICE-NAME> <SERVICE-INPUT> <PRSN-CDH> <TRNS-LBL-CD>fubar</TRNS-LBL-CD> <CDD-FLD-INTN-ID>fubar</CDD-FLD-INTN-ID> <EFBEGDT>fubar</EFBEGDT> <EFENDDT>fubar</EFENDDT> <CDD-FLD-VL-TX>fubar</CDD-FLD-VL-TX> <CDD-TS>fubar</CDD-TS> </PRSN-CDH> </SERVICE-INPUT> </SERVICE-REQUEST> </HA-TBA-INPUT>]]> </mod:inputXml> </mod:submitServiceRequest> </soapenv:Body> </soapenv:Envelope> fig.2. - The target (signed) XML we want to reach <?xml version="1.0 <http://www.w3.org/TR/REC-xml/>" encoding="UTF-8" standalone="no"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:mod="http://www.hewitt.com/hro/benefits/fndt/hasbro/model";>*<soapenv:Header/>* <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-3"> <mod:submitServiceRequest> <mod:userId></mod:userId> <mod:serviceId></mod:serviceId> <mod:inputXml/> </mod:submitServiceRequest> </soapenv:Body><Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>fubar</DigestValue> </Reference> </SignedInfo> <SignatureValue>fubar</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P>fubar</P> <Q>fubar</Q> <G>fubar</G> <Y>fubar</Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature> </soapenv:Envelope> *fig.3 - Signed XML as it currently exists * Anyone have expertise with this? Or even if there's a library out there. Thanks Tim Washington Interruptsoftware.com <http://interruptsoftware.com/> -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
