You can configure the signed parts information for the generator binding using the WSS API. The algorithms include the digest and transform methods.
You can protect message integrity by configuring signed parts and key information. Integrity refers to digital signature while confidentiality refers to encryption. Integrity decreases the risk of data modification when you transmit data across a network.
The digest method algorithm specified within the element is used in the element. WebSphere® Application Server supports the following pre-configured algorithms:
Digest method | Description |
---|---|
WSSSignPart.SHA1 (the default value) | A URI of the digest algorithm, SHA1: http://www.w3.org/2000/09/xmldsig#sha1 |
WSSSignPart.SHA256 | A URI of the digest algorithm, SHA256: http://www.w3.org/2001/04/xmlenc#sha256 |
WSSSignPart.SHA512 | A URI of the digest algorithm, SHA256: http://www.w3.org/2001/04/xmlenc#sha512 |
The transform method algorithm specified within the element is used in the element. WebSphere Application Server supports the following pre-configured algorithms:
Digest method | Description |
---|---|
WSSSignPart.TRANSFORM_ENVELOPED_SIGNATURE | A URI of the transform algorithm, enveloped signature: http://www.w3.org/2000/09/xmldsig#enveloped-signature |
WSSSignPart.TRANSFORM_STRT10 | A URI of the transform algorithm, STR-Transform: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform |
WSSSignPart.TRANSFORM_EXC_C14N (the default value) | A URI of the transform algorithm, Exc-C14N: http://www.w3.org/2001/10/xml-exc-c14n# |
WSSSignPart.TRANSFORM_XPATH2_FILTER | A URI of the transform algorithm, XPath2 filter: http://www.w3.org/2002/06/xmldsig-filter2 |
The transform algorithm is specified within the <Transform> element and specifies the transform algorithm for the signed part.
The following example provides sample WSS API code for specifying the signature and signed parts, setting the signing key and adding the STR-Transform transform algorithm as signed parts:
//get the message context
Object msgcontext = getMessageContext();
//generate WSSFactory instance
WSSFactory factory = WSSFactory.getInstance();
//generate WSSGenerationContext instance
WSSGenerationContext gencont = factory.newWSSGenerationContext();
//generate callback handler
X509GenerateCallbackHandler callbackHandler = new
X509GenerateCallbackHandler(
"",
"dsig-sender.ks",
"jks",
"client".toCharArray(),
"soaprequester",
"client".toCharArray(),
"CN=SOAPRequester, OU=TRL, O=IBM, ST=Kanagawa, C=JP",
null);
//generate the security token used to the signature
SecurityToken token = factory.newSecurityToken(X509Token.class,
callbackHandler);
//generate WSSSignature instance
WSSSignature sig = factory.newWSSSignature(token);
//set the part specified by WSSSignPart
WSSSignPart sigPart = factory.newWSSSignPart();
//set the part specified by WSSSignPart
sigPart.setSignPart(WSSSignature.BODY);
//set the digest method specified by WSSSignPart
sigPart.setDigestMethod(WSSSignPart.SHA256);
//set the transform method specified by WSSSignPart
sigPart.addTransform(WSSSignPart.TRANSFORM_STRT10);
//set the part specified by WSSSignPart
sig.addSignPart(sigPart);
//add the WSSSignature to the WSSGenerationContext
gencont.add(sig);
//generate the WS-Security header
gencont.process(msgcontext);