|
In order to understand this example, it is recommended that first you understand the previously seen example: XML Signature Generation
The time-stamp method is used by the time-stamp authority to endorse the signature's generation at a certain time. This request differs from the XML signature generation, in that, a time-stamp is generated using the ES-T value in the css:SignatureForm element.
Furthermore, you can see that, unlike the XML Signature Generation, example, this signature request includes the dss:EnvelopingSignature element. This element indicates to the system that the signature is to be generated using the enveloping signature format.
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-3028408921533382342"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-8310792901014443980">
<dss:SignRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" Profile="urn:safelayer:tws:dss:1.0:profiles:xades:1.0:sign" RequestID="Id-5578824232136329288">
<dss:OptionalInputs><dss:KeySelector><css:KeySelector><css:Name Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Dave, OU=Demo, O=TrustedX, C=ES</css:Name></css:KeySelector></dss:KeySelector><dss:EnvelopingSignature></dss:EnvelopingSignature><css:SignatureForm>urn:oasis:names:tc:dss:1.0:profiles:XAdES:forms:ES-T</css:SignatureForm></dss:OptionalInputs><dss:InputDocuments><dss:Document><dss:XMLData><trustedx Id="data"><example Id="node1">Simple xml file</example><description Id="node2" format="text">XMLDSig/XAdES TrustedX signatures</description></trustedx></dss:XMLData></dss:Document></dss:InputDocuments></dss:SignRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
In the response, you will also observe that, parallel to the signature, there are also some unsigned properties (xades:UnsignedProperties). The time-stamp that has been added by the TSA is stored inside these unsigned properties (xades:SignatureTimeStamp).
The inclusion in the signature request of the element that requests an enveloping signature, determined that the response would be an enveloping one, i.e. the response contains a signature (dsig:Signature) inside which the signed document is stored in one of the dsig:Object elements.
|
(1)