Signed parts methods using the WSSSignPart API

You can configure the signed parts information for the generator binding using the WSS API. The algorithms include the digest and transform methods.

You can protect message integrity by configuring signed parts and key information. Integrity refers to digital signature while confidentiality refers to encryption. Integrity decreases the risk of data modification when you transmit data across a network.

Methods

Methods that are used for the signed parts include the:
Digest method
Sets the digest algorithm method.
Transform algorithm
Sets the transform algorithm method.

Digest algorithms

The digest method algorithm specified within the element is used in the element. WebSphere® Application Server supports the following pre-configured algorithms:

Table 1. Signed parts digest methods. The methods are used for the signed parts.
Digest method Description
WSSSignPart.SHA1 (the default value) A URI of the digest algorithm, SHA1: http://www.w3.org/2000/09/xmldsig#sha1
WSSSignPart.SHA256 A URI of the digest algorithm, SHA256: http://www.w3.org/2001/04/xmlenc#sha256
WSSSignPart.SHA512 A URI of the digest algorithm, SHA256: http://www.w3.org/2001/04/xmlenc#sha512

Transform algorithms

The transform method algorithm specified within the element is used in the element. WebSphere Application Server supports the following pre-configured algorithms:

Table 2. Signed parts transform methods. The methods are used for the signed parts.
Digest method Description
WSSSignPart.TRANSFORM_ENVELOPED_SIGNATURE A URI of the transform algorithm, enveloped signature: http://www.w3.org/2000/09/xmldsig#enveloped-signature
WSSSignPart.TRANSFORM_STRT10 A URI of the transform algorithm, STR-Transform: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
WSSSignPart.TRANSFORM_EXC_C14N (the default value) A URI of the transform algorithm, Exc-C14N: http://www.w3.org/2001/10/xml-exc-c14n#
WSSSignPart.TRANSFORM_XPATH2_FILTER A URI of the transform algorithm, XPath2 filter: http://www.w3.org/2002/06/xmldsig-filter2

The transform algorithm is specified within the <Transform> element and specifies the transform algorithm for the signed part.

For the WSS APIs, WebSphere Application Server does not support the following transform algorithms:
  • http://www.w3.org/TR/1999/REC-xpath-19991116
  • http://www.w3.org/2002/07/decrypt#XML

Example

The following example provides sample WSS API code for specifying the signature and signed parts, setting the signing key and adding the STR-Transform transform algorithm as signed parts:

	  //get the message context
	  Object msgcontext = getMessageContext();
	  
	  //generate WSSFactory instance 
	  WSSFactory factory = WSSFactory.getInstance();		
	  	  
	  //generate WSSGenerationContext instance 
	  WSSGenerationContext gencont = factory.newWSSGenerationContext();
		
	  //generate callback handler
	  X509GenerateCallbackHandler callbackHandler = new 
         X509GenerateCallbackHandler(
			  "",
			  "dsig-sender.ks",
			  "jks", 
			  "client".toCharArray(), 
			  "soaprequester", 
			  "client".toCharArray(), 
			  "CN=SOAPRequester, OU=TRL, O=IBM, ST=Kanagawa, C=JP", 
			  null);
	  
	  //generate the security token used to the signature  
	  SecurityToken token = factory.newSecurityToken(X509Token.class, 
        callbackHandler);

	  //generate WSSSignature instance
	  WSSSignature sig = factory.newWSSSignature(token);
	  
	  //set the part specified by WSSSignPart  
	  WSSSignPart sigPart = factory.newWSSSignPart();

	  //set the part specified by WSSSignPart
	  sigPart.setSignPart(WSSSignature.BODY);

	  //set the digest method specified by WSSSignPart 
	  sigPart.setDigestMethod(WSSSignPart.SHA256);

	  //set the transform method specified by WSSSignPart  
	  sigPart.addTransform(WSSSignPart.TRANSFORM_STRT10);

	  //set the part specified by WSSSignPart 
	  sig.addSignPart(sigPart);
	  
	  //add the WSSSignature to the WSSGenerationContext  
	  gencont.add(sig);
		
	  //generate the WS-Security header  
	  gencont.process(msgcontext);



Related tasks
Adding signed parts using the WSSSignPart API
Verifying consumer signing information to protect message integrity using WSS APIs
Related reference
Digital signing methods using the WSSSignature API
Signature verification methods using the WSSVerification API
Choosing the verify parts methods using the WSSVerifyPart API
Reference topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 3:36:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-express-iseries&topic=rwbs_wsssignpartalgorithms
File name: rwbs_wsssignpartalgorithms.html