Re: [ebxmlms-develop] signed acknowledgments

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body>
Thanks for your contribution. We have added the patch to the latest CVS
source tree. -Patrick<br>
<br>
Gait Boxman wrote:<br>
<blockquote type="cite" cite="mid000e01c2fce8$e27beda0$9900a8c0@gaitlap">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta content="MSHTML 6.00.2800.1141" name="GENERATOR">
  <style></style>
  <div><font face="Arial" size="2">I don't set the envelope when doing
verification. But if you don't set it, it gets automatically set to
'dsa-sha1' since that is the default.</font></div>
  <div><font face="Arial" size="2">See diffs below to enable the
key-alg loading from the properties file.</font></div>
  <div><font size="2">
  <p>diff -r1.148 MessageServiceHandler.java</p>
  <p>727a728,729</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; private static String keyAlg = null;</p>
  <p>&gt; </p>
  </font><font size="2">
  <p>822a825</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; keyAlg = prop.get(Constants.PROPERTY_MSH_KEY_ALGORITHM);</p>
  </font><font size="2">
  <p>824c827,831</p>
  </font><font color="#ff0000" size="2">
  <p>&lt; if (keystorePath.equals("")) {</p>
  </font><font size="2">
  <p>---</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; if (keyAlg.equals("")) {</p>
  <p>&gt; keyAlg = null;</p>
  <p>&gt; }</p>
  <p>&gt; </p>
  <p>&gt; if (keystorePath.equals("")) {</p>
  </font><font size="2">
  <p>2425c2432,2433</p>
  </font><font color="#ff0000" size="2">
  <p>&lt; ackMessage.sign(keystoreAlias,
keystorePassword.toCharArray(),</p>
  </font><font size="2">
  <p>---</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; if( keyAlg == null ) {</p>
  <p>&gt; ackMessage.sign(keystoreAlias,
keystorePassword.toCharArray(),</p>
  </font><font size="2">
  <p>2426a2435,2439</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; }</p>
  <p>&gt; else {</p>
  <p>&gt; ackMessage.sign(keystoreAlias, keystorePassword.toCharArray(),</p>
  <p>&gt; keystore, keyAlg);</p>
  <p>&gt; }</p>
  <p>&nbsp;</p>
  <font size="2">
  <p>diff -r1.20 Constants.java</p>
  <p>196a197,202</p>
  </font><font color="#0000ff" size="2">
  <p>&gt; /**</p>
  <p>&gt; * Path to get key algorithm in configuration file</p>
  <p>&gt; */</p>
  <p>&gt; public static final String PROPERTY_MSH_KEY_ALGORITHM =</p>
  <p>&gt; "MSH/DigitalSignature/AckSign/Key/Algorithm";</p>
  <p>&gt; </p>
  </font></font></div>
  <blockquote dir="ltr"
 style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;">
    <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;">&nbsp;</div>
    <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;">-----
Original Message ----- </div>
    <div
 style="background: rgb(228, 228, 228) none repeat scroll 0%; -moz-background-clip: initial; -moz-background-inline-policy: initial; -moz-background-origin: initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>From:</b> <a
 title="kc...@ce..." href="mailto:kc...@ce...">Patrick Yee</a> </div>
    <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>To:</b> <a
 title="ebx...@li..."
 href="mailto:ebx...@li...">ebx...@li...</a> </div>
    <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Sent:</b>
Monday, April 07, 2003 10:41   AM</div>
    <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Subject:</b>
Re: [ebxmlms-develop] signed   acknowledgments</div>
    <div><br>
    </div>
    <div><font face="Tahoma" size="2">Yes, you can pass "dsa-sha1" or
"rsa-sha1" as   the algorithm parameter to the ebxmlMessage.sign()
function. And we missed   this option when signing acks. Adding a
property to trigger this behavious   sounds good.</font></div>
    <div>&nbsp;</div>
    <div><font face="Tahoma" size="2">Gait, for the verification, there
is no need to   set the algorithm. According to JavaDoc of the XML
security   library</font></div>
    <div><font face="Tahoma" size="2"><a
 href="http://nagoya.apache.org/gump/javadoc/xml-security/build/doc/html/api/org/apache/xml/security/signature/XMLSignature.html">http://nagoya.apache.org/gump/javadoc/xml-security/build/doc/html/api/org/apache/xml/security/signature/XMLSignature.html</a></font></div>
    <div>&nbsp;</div>
    <div><font face="Tahoma" size="2">We can omit the SignatureMethod
parameter when   constructing the XMLSignature object. Since we omit
that parameter, so setting   any value in envelope will have no effect.</font></div>
    <div>&nbsp;</div>
    <div><font face="Tahoma" size="2">BTW, how do you set the envelope
when doing   verification?</font></div>
    <div>&nbsp;</div>
    <div><font face="Tahoma" size="2">Regards, -Patrick</font></div>
    <div>&nbsp;</div>
    <blockquote dir="ltr"
 style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;">
      <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;">-----
Original Message ----- </div>
      <div
 style="background: rgb(228, 228, 228) none repeat scroll 0%; -moz-background-clip: initial; -moz-background-inline-policy: initial; -moz-background-origin: initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>From:</b> <a
 title="gai...@ti..." href="mailto:gai...@ti...">Gait Boxman</a> </div>
      <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>To:</b> <a
 title="ebx...@li..."
 href="mailto:ebx...@li...">ebx...@li...</a> </div>
      <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Sent:</b>
Friday, April 04, 2003 6:45     PM</div>
      <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Subject:</b>
Re: [ebxmlms-develop] signed     acknowledgments</div>
      <div><br>
      </div>
      <div><font face="Arial" size="2">Actually, with a bit of hacking
I got it to     work (I think). BC is used from apache...xml/security,
where the jce classes     are dynamically loaded from an Australian
ftp site to bypass US export     regulations. The trick was to pass
in&nbsp;the 'rsa-sha1'&nbsp;algorithm     parameter to the ebxmlMessage.sign
function. For acks, I added a property to     trigger this behaviour (
for signed messages, you can do it from the client     directly).
Funny thing is that verification occurs with the envelope set to    
dsa-sha1 :-), and still works fine. I guess that's because that
information     sits inside the <a class="moz-txt-link-freetext" href="ds:Signature">ds:Signature</a>, which is never signed
itself, and is not used     for the verification itself. I don't think
I got it quite right, yet, bit it     seems to work on the loopback...</font></div>
      <blockquote dir="ltr"
 style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;">
        <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;">-----
Original Message ----- </div>
        <div
 style="background: rgb(228, 228, 228) none repeat scroll 0%; -moz-background-clip: initial; -moz-background-inline-policy: initial; -moz-background-origin: initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>From:</b> <a
 title="rv...@ab..." href="mailto:rv...@ab...">Ronald van Kuijk</a> </div>
        <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>To:</b> <a
 title="ebx...@li..."
 href="mailto:%27e...@li...%27">'ebx...@li...'</a> </div>
        <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Sent:</b>
Friday, April 04, 2003 10:50       AM</div>
        <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Subject:</b>
RE: [ebxmlms-develop] signed       acknowledgments</div>
        <div><br>
        </div>
        <div><span class="413225408-04042003"><font face="Arial"
 color="#0000ff" size="2">from what i've seen the bouncycastle
libraries are used in the       signature process. The rsa algorithms
are probably not included due to       licensing restrictions.</font></span></div>
        <div><span class="413225408-04042003"></span>&nbsp;</div>
        <div><span class="413225408-04042003"><font face="Arial"
 color="#0000ff" size="2">But thats just a wild guess</font></span></div>
        <blockquote dir="ltr"
 style="border-left: 2px solid rgb(0, 0, 255); padding-left: 5px; margin-left: 5px; margin-right: 0px;">
          <div class="OutlookMessageHeader" dir="ltr" align="left"><font
 face="Tahoma" size="2">-----Oorspronkelijk bericht-----<br>
          <b>Van:</b> Gait Boxman         [<a class="moz-txt-link-freetext" href="mailto:gai...@ti...">mailto:gai...@ti...</a>]<br>
          <b>Verzonden:</b> vrijdag 4 april 2003         9:27<br>
          <b>Aan:</b> <a
 href="mailto:ebx...@li...">ebx...@li...</a><br>
          <b>Onderwerp:</b> Re: [ebxmlms-develop] signed acknowledgments<br>
          <br>
          </font></div>
          <div><font face="Arial" size="2">One more question: is the
limitation to DSA         signatures local to my machine (i.e. a setup
problem on my part), a         limitation from Hermes, or a limitation
from XMLDsig?</font></div>
          <div><font face="Arial" size="2">I seem to remember we were
able to use RSA         in the earlier days,&nbsp;and&nbsp;they&nbsp;certainly work
for         SSL...&nbsp;</font></div>
          <blockquote dir="ltr"
 style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;">
            <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;">-----
Original Message ----- </div>
            <div
 style="background: rgb(228, 228, 228) none repeat scroll 0%; -moz-background-clip: initial; -moz-background-inline-policy: initial; -moz-background-origin: initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>From:</b> <a
 title="gai...@ti..." href="mailto:gai...@ti...">Gait     
Boxman</a> </div>
            <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>To:</b> <a
 title="ebx...@li..."
 href="mailto:ebx...@li...">ebx...@li...</a> </div>
            <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Sent:</b>
Monday, March 31, 2003 1:56           PM</div>
            <div
 style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-stretch: normal; font-size-adjust: none;"><b>Subject:</b>
[ebxmlms-develop] signed           acknowledgments</div>
            <div><br>
            </div>
            <div><font face="Arial" size="2">Hi team, </font></div>
            <div>&nbsp;</div>
            <div><font face="Arial" size="2">per ebMS2, when signed
acknowledgments           are requested, the acknowledgment must
contain the digests of the           original (signed or unsigned)
message. AFAICT, this is currently not           implemented. Is there
an easy way to add it? I've tracked down signing           as far as
the Apache XML security libs, but I was hoping of an easier          
and faster way to add the digests than going through three levels of  
API's...</font></div>
            <div>&nbsp;</div>
            <div><font face="Arial" size="2">thnx, Gait.</font></div>
            <div>&nbsp;</div>
          </blockquote>
        </blockquote>
      </blockquote>
    </blockquote>
  </blockquote>
</blockquote>
</body>
</html>