|
In order to understand this example, it is recommended that first you understand the previously seen example: X.509 Certificate Validation.
Unlike the certificate validation example, to produce a signature, we use the dss:signrequest element, as its name indicates. In turn, this element contains all the necessary elements, such as ds:keyselector, whose ds:keyname element indicates the hash of the signer certificate used to produce the signature.
The type of advanced signature used is also specified (in the css:signatureform element); in this case it is an ES-BES basic electronic signature.
And finally, the dss:inputdocuments element indicates that the following request produces the signature for the base64 data in the dss:base64Data element; this data could be in the form of a document, a text file or any other type of file.
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-4620928475408410222"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-8982718651796313349">
<dss:SignRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" Profile="urn:safelayer:tws:dss:1.0:profiles:cmspkcs7sig:1.0:sign" RequestID="Id-8608560019037335155">
<dss:OptionalInputs><dss:KeySelector><ds:KeyInfo><ds:KeyName>OZ2TqG3hRs8Us0o31K0adALV5lc=</ds:KeyName></ds:KeyInfo></dss:KeySelector><dss:SignatureType>urn:ietf:rfc:3369</dss:SignatureType><css:SignatureForm>urn:oasis:names:tc:dss:1.0:profiles:XAdES:forms:BES</css:SignatureForm></dss:OptionalInputs><dss:InputDocuments><dss:Document><dss:Base64Data>DQpQRVJNSVNJT04gTk9USUNFIEFORCBESVNDTEFJTUVSDQoNCg0KVGhpcyBXZWIgU2l0ZSBjb250YWlucyBjZXJ0YWluIGRvd25sb2FkYWJsZSBzb2Z0d2FyZS4gVGhpcyBzb2Z0d2FyZSANCmlzIGNvcHlyaWdodGVkIGFuZCB0aGUgY29weXJpZ2h0ZXIgY2xhaW1zIGFsbCBleGNsdXNpdmUgcmlnaHRzIHRvIA0Kc3VjaCBzb2Z0d2FyZS4gVGhlIGNvcHlyaWdodCBvd25lciBvZiB0aGUgc29mdHdhcmUgdGhhdCB5b3UgDQpkb3dubG9hZCB0aHJvdWdoIHRoaXMgc2l0ZSBtYXkgYmUgaW5kaWNhdGVkIGluIHRoZSBhY2NvbXBhbnlpbmcgDQpyZWFkLW1lIGZpbGUgYW5kIGluIHRoZSBhY2NvbXBhbnlpbmcgc291cmNlIGNvZGUgYXMgd2VsbCBhcyBpbiB0aGUgDQphcmVhIG9mIHRoaXMgV2ViIFNpdGUgZnJvbSB3aGljaCB0aGUgc29mdHdhcmUgaXMgZG93bmxvYWRlZC4gDQoNClBlcm1pc3Npb24gdG8gdXNlLCBjb3B5LCBtb2RpZnkgYW5kIGRpc3RyaWJ1dGUgdGhpcyBzb2Z0d2FyZSBhbmQgDQppdHMgc291cmNlIGNvZGUgZm9yIG5vbiBjb21tZXJjaWFsIHB1cnBvc2VzIGFuZCB3aXRob3V0IGZlZSBpcyANCmhlcmVieSBncmFudGVkLCBwcm92aWRlZCB0aGF0IHRoZSBuYW1lIG9mIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgDQpyZWxhdGVkIGNvbnRyaWJ1dG9ycyBub3QgYmUgdXNlZCBpbiBhZHZlcnRpc2luZyBvciBwdWJsaWNpdHkgDQpwZXJ0YWluaW5nIHRvIGRpc3RyaWJ1dGlvbiBvZiB0aGUgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYywgDQp3cml0dGVuIHByaW9yIHBlcm1pc3Npb24uIFRoZSBjb3B5cmlnaHQgb3duZXIgYW5kIGNvbnRyaWJ1dG9ycyANCm1ha2VzIG5vIHJlcHJlc2VudGF0aW9ucyBhYm91dCB0aGUgc3VpdGFiaWxpdHkgb2YgdGhpcyBzb2Z0d2FyZSBmb3IgDQphbnkgcHVycG9zZS4gSXQgaXMgcHJvdmlkZWQgImFzIGlzIiB3aXRob3V0IGV4cHJlc3Mgb3IgaW1wbGllZCANCndhcnJhbnR5Lg0KDQpUaGUgY29weXJpZ2h0IG93bmVyIGFuZCBpdHMgY29udHJpYnV0b3JzIGRpc2NsYWltIGFsbCB3YXJyYW50aWVzIA0Kd2l0aCByZWdhcmQgdG8gdGhpcyBzb2Z0d2FyZSwgaW5jbHVkaW5nIGFsbCBpbXBsaWVkIHdhcnJhbnRpZXMgb2YgDQptZXJjaGFudGFiaWxpdHkgYW5kIGZpdG5lc3MuIEluIG5vIGV2ZW50IHNoYWxsIHRoZSBhdXRob3IgYW5kIHRoZSANCmNvbnRyaWJ1dG9ycyBiZSBsaWFibGUgZm9yIGFueSBzcGVjaWFsLCBpbmRpcmVjdCBvciBjb25zZXF1ZW50aWFsIA0KZGFtYWdlcyBvciBhbnkgZGFtYWdlcyB3aGF0c29ldmVyIHJlc3VsdGluZyBmcm9tIGxvc3Mgb2YgdXNlLCBkYXRhIA0Kb3IgcHJvZml0cywgd2hldGhlciBpbiBhbiBhY3Rpb24gb2YgY29udHJhY3QsIG5lZ2xpZ2VuY2Ugb3Igb3RoZXIgDQp0b3J0dW91cyBhY3Rpb24sIGFyaXNpbmcgb3V0IG9mIG9yIGluIGNvbm5lY3Rpb24gd2l0aCB0aGUgdXNlIG9yIA0KcGVyZm9ybWFuY2Ugb2YgdGhpcyBzb2Z0d2FyZS4NCg==</dss:Base64Data></dss:Document></dss:InputDocuments></dss:SignRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
In order to understand this example, we recommended that you first understand the previously seen example: X.509 Certificate Validation.
Through the dss:Base64Signature element, the response request returns a detached signature in Base64 format. The signature is of the urn:ietf:rfc:3369 format, i.e. it is a CMS signature.
|
(1)