Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.openliberty.wsc
Class WSFMessageSigner

java.lang.Object
  extended by org.openliberty.wsc.WSFMessageSigner

public class WSFMessageSigner
extends java.lang.Object

This class is used to sign an ID-* message. 

543 6.3.2. Message Integrity rules for senders and receivers

544 This section only applies if SOAP message security is used for a message bound to SOAP (i.e., is a "SOAP-bound-ID-*
545 message") according to the Liberty SOAP Binding (v2.0) [LibertySOAPBinding].

546 In this case the sender MUST create a single  contained in the  header and this
547 signature MUST reference all of the message components required to be signed.

548 In particular, this signature MUST reference the SOAP Body element (the element itself), the security token associated
549 with the signature, and all headers in the message that have been defined in the Liberty SOAP Bindings specification,
550 including both required and optional header blocks [LibertySOAPBinding].

551 An example security token is a  element conveyed in the  header.

552 The wsu:Timestamp header in the wsse:Security header block, the wsa:MessageID, wsa:RelatesTo, sb:Framework,
553 sb:Sender and sb:InvocationIdentity header blocks are examples of header elements that would be referenced in a
554 signature.

555 Note that care must be taken when constructing elements contained in Reference Parameters in Endpoint References,
556 as these will be promoted to SOAP header blocks. Effort should be taken to avoid conflicting or duplicate id attributes,
557 for example by using techniques to generate ids where it is highly likely that they are unique.
558 If the message is signed the sender MUST include the resultant XML signature in a  element as a
559 child of the  header.

560 The  element MUST refer to the subject confirmation key with a  element.

561 The  element MUST include a  element so that the subject
562 confirmation key can be located within the  header. The inclusion of the reference SHOULD
563 adhere to the guidance specified in section 3.4.2 of [wss-saml11] (section 3.3.2 of [wss-saml]).

Author:
asa

Constructor Summary
WSFMessageSigner()
           
 
Method Summary
 org.w3c.dom.Element sign(WSFMessage message)
          Takes the requestEnvelope, signs the elements that have been specified in WSFMessage.getSignatureIds(), and returns a signed root element
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

WSFMessageSigner

public WSFMessageSigner()
Method Detail

sign

public org.w3c.dom.Element sign(WSFMessage message)
                         throws java.lang.Exception
Takes the requestEnvelope, signs the elements that have been specified in WSFMessage.getSignatureIds(), and returns a signed root element

TODO: This method needs to be reworked so that it adds the proper IDs to the header and body elements before signing this would take the burden from the creators of the message and also make it easier to insure that IDs are unique. It would also have the effect of keeping the message sizes smaller, and faster if a UUID is used to identify elements that are referenced by the signature.

Parameters:
message -
Returns:
Throws:
java.lang.Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD