ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportDigital Signature with multiple signed parts

Post new topicReply to topic
Digital Signature with multiple signed parts View previous topic :: View next topic
Author Message
Campbell
PostPosted: Sun Jan 03, 2021 9:18 pm Post subject: Digital Signature with multiple signed parts Reply with quote

Novice

Joined: 18 Feb 2013
Posts: 11

Hi,

I am using IIB 10.0.0.15 on z/os and need to digitally sign the message body and ws-addressing fields in a SOAP message.

I have frequently used policysets to digitally sign the body of a message in IIB so i know how to do that and I read the manual and believe I worked out how to sign the various parts however the final SOAP message doesnt come out how i would expect and I am wondering if there is a specific way I need to set the policyset and policysetbinding in order to change that.

Normally when i sign a message (using something other than IIB) where more than one part needs to be signed I add that part as a reference. Each reference has a calculated digest and a single digital signature is created like this:

Code:

<Security>
    <BinarySecurityToken>[Raw client certificate]
    </BinarySecurityToken>
   <Signature>
      <SignedInfo>
         <CanonicalizationMethod></CanonicalizationMethod>
         <SignatureMethod/>
         <Reference URI="#1">
                                various stuff....
         </ds:Reference>
         <Reference URI="#2">
                                various stuff....
         </ds:Reference>
         <Reference URI="#3">
                                various stuff....
         </ds:Reference>
         <Reference URI="#4">
                                various stuff....
         </ds:Reference>
      </ds:SignedInfo>
   <ds:SignatureValue>[Generated hash]</ds:SignatureValue>
   <ds:KeyInfo Id="whatever">
                various stuff...
   </ds:KeyInfo>
</ds:Signature>


However what i am actually getting is very different. I get a binary security token entry for each part i am signing (they all use the same token so it is just the same one repeated) then i get a full signature element for each part that contains just one reference.

The way i did it was to define an alias in the SOAPRequest node for each part in the ws-extensions tab then refer to them in the MessagePart/Aliases section of the policyset. Then in the policysetbinding I added them into the Message Part Policy/Message Part Signature policies.

Since it asks for a sequence i tried setting them to unique values and also setting them the same in case this would put them into the same signature but it did not.

Can anyone that has done this succesfully point me in the right direction?

Thanks
Cam
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportDigital Signature with multiple signed parts
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.