71 lines
3.0 KiB
HTML
71 lines
3.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Signature Header Handler</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h6><A NAME="wsspscsh">Signature Header Handler</A></h6>
|
|
|
|
|
|
<p>The Signature Header Handler (SHH) inserts a digital signature header into a SOAP envelope. You can
|
|
customize the SHH configuration with a configuration file. For example, you can specify a signing
|
|
policy and the key store file.</p>
|
|
|
|
<p>There are two signature configuration files:</p>
|
|
|
|
<ul>
|
|
<li>/QIBM/UserData/WebASE/ASE5/<em>instance_name</em>/installedApps/<em>node_name</em>/<br>
|
|
<em>ear_file_name</em>/soapsec.war/conf/sv-sign-config.xml</li>
|
|
<li>/QIBM/UserData/WebASE/ASE5/<em>instance_name</em>/installedApps/<em>node_name</em>/<br>
|
|
<em>ear_file_name</em>/soapsec.war/conf/cl-sign-config.xml</li>
|
|
</ul>
|
|
<p>where <em>ear_file_name</em> is the name of the Enterprise Archive (EAR) file that contains your
|
|
SOAP application. The soapsamples.ear file contains samples of these configuration files.</p>
|
|
|
|
<p>Here is an explanation of each configuration element in the Signature Header:</p>
|
|
|
|
<ul>
|
|
<li><strong>KeyStore</strong><br>
|
|
The KeyStore element specifies a keystore file that holds the signing key. In this example, the
|
|
type attribute indicates a key store type, and the jks attribute indicates Java<sup>(TM)</sup> Key
|
|
Store. The path attribute denotes a keystore file, and the storepass attribute is its store password.
|
|
<pre>
|
|
<KeyStore
|
|
type="jks"
|
|
path="key/SOAPserver"
|
|
storepass="server"
|
|
/>
|
|
</pre>
|
|
You can use the Key Management tool (iKeyman) to create a keystore file.</li>
|
|
|
|
<li><strong>Policy</strong><br>
|
|
The PublicKey element specifies the information that should be included in the <ds:KeyInfo>
|
|
element. With the current implementation, you must either include the complete certificate chain, or
|
|
omit <ds:KeyInfo>. When you omit <ds:KeyInfo>, the recipient must know the default key to
|
|
verify the signature.</li>
|
|
|
|
<li><strong>Template</strong><br>
|
|
The contents of the Template element specify all the details related to XML Signature, including
|
|
signature algorithms, digest algorithms, canonicalization algorithms, transform algorithms, the portion
|
|
of the SOAP envelope to be signed, and so forth.</li>
|
|
|
|
<li><strong>Object</strong><br>
|
|
The template can also have one or more Object elements for additional authentication information,
|
|
such as a timestamp.</li>
|
|
|
|
<li><strong>ValueOfTimestamp</strong><br>
|
|
This Signature Header Handler recognizes one special element type, ValueOfTimestamp, which is
|
|
replaced with a current time and date before being inserted into the signature.</li>
|
|
</ul>
|
|
|
|
<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>
|
|
</body>
|
|
</html>
|