Skip to content
Permalink
Browse files

PBLEID-10565. WS-security - fornorska onbehalfof til paavegneav. Fjer…

…na setning om timestamp/time-to-live.
  • Loading branch information...
oyri committed Dec 16, 2015
1 parent 3ef24cd commit 2630daff0e4049a0250e6a9923e30ae58e53a339
Showing with 54 additions and 56 deletions.
  1. +54 −56 ws-security/WebserviceSecurity.textile
@@ -27,9 +27,8 @@ Meldingen er kun signert på SOAP nivå, ikke kryptert.

h3. Timestamp

* Time-to-live skal være 120 sekunder
* Time-to-live skal være ?

På grunn av den korte Time-to-live så kreves det at alle aktører har servere med klokker synkronisert med "NTP":http://www.ntp.org/.

h3. BinarySecurityToken

@@ -51,62 +50,61 @@ Følgende elementer i SOAP meldingen signeres:



h3. eksempel
h3. Eksempel

Under kan er det lagt opp en et eksempel på en gyldig Webservice security header generert fra java klient biblioteket for sending av digital post:

<pre class="brush: xml; toolbar: false">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
env:mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-91E8B93BDD15EF51281450186010507155">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#TS-91E8B93BDD15EF51281450186010506150">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="wsse env"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>zSCH29Xx5af2hgqVciSA0VettSo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-91E8B93BDD15EF51281450186010506154">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>OH1VQPQXJVOq/nYPvb9WK3gXstA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
KQs6DCARRU3+fIaGisvf+ignKxugwsN+1bEHkDCDzvZ34UtE3QKJEUnG6INPXJ9fuwBc/P0NoctgtZsuG5lFMKAV/swqK0W77AdzEMrh/ZcFI67+nWf5UMErrCSqqIOA4eZLBcUO4oqi9uwvXCsLGA/+dmMUhpcVIMXnq90vz5ViVSqt49t3QiLcdGriTtHPUKX+ob0xlppROElEhsgk0iLSH/YDKkgmTfkKn9qQFzW8XI4XkMz3SIy/k6UjSt6CoKwNpqwtL6QIE445p3Q7hPCw45mC4l05FYJwnGcxGHZrrZNjBBmrEz3z8LELfar4Lz1ZTAMPPkccwC6wnbJyFA==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-91E8B93BDD15EF51281450186010506152">
<wsse:SecurityTokenReference wsu:Id="STR-91E8B93BDD15EF51281450186010506153">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
SERTIFIKAT-VERDI
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-91E8B93BDD15EF51281450186010506150">
<wsu:Created>2015-12-15T13:26:50.506Z</wsu:Created>
<wsu:Expires>2015-12-15T13:31:50.506Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<DifiSecurity xmlns="http://kontaktinfo.difi.no/wsdl/oppslagstjeneste-16-02">
<OnBehalfOf>991825827</OnBehalfOf>
</DifiSecurity>
</env:Header>
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
env:mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-244252673B3D355C931450257103397162">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#TS-244252673B3D355C931450257103397157">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="wsse env"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>n9zf4yS/8INARRo0ivLPzkv5oxc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-244252673B3D355C931450257103397161">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>9mpFuEMb2ZXDyDci15D5e0Ni6FI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
WmOS7fzEpE4mn50qgwahz9NxVb8ujMYN+160VdBWgXmKVpHLIqz2MJJJ34Et10+nvn+PGx6wIuZGylnQ9pZCN+RRSIE986sRgvoQ3ZeM0aLqasP3pGk+luOoesVN8sY+jLfyhRliuFgF3oyE/JrefJO9T7YR3UvXMjGg+5QqzP92CSkDplPlzMQa38BO1JKySfE9iF+5oewUEdExUBzuayzlm+EqqQLcpygkuSGfgbFdqQzDrEjHRfBlNZ44+JmmOCxpNYp8UWBAUOqso7qvfANIY5ieGJtKY6/yURe79gjptphhERDGAQNGtNfhf522JwEnEfXLPrDT2eNlNUzrmQ==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-244252673B3D355C931450257103397159">
<wsse:SecurityTokenReference wsu:Id="STR-244252673B3D355C931450257103397160">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
SERTIFIKAT-VERDI
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-244252673B3D355C931450257103397157">
<wsu:Created>2015-12-16T09:11:43.397Z</wsu:Created>
<wsu:Expires>2015-12-16T09:16:43.397Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<Oppslagstjenesten xmlns="http://kontaktinfo.difi.no/wsdl/oppslagstjeneste-16-02">
<PaaVegneAv>991825827</PaaVegneAv>
</Oppslagstjenesten>
</env:Header>
</pre>

0 comments on commit 2630daf

Please sign in to comment.
You can’t perform that action at this time.