Signature Header Handler

The Signature Header Handler (SHH) inserts a digital signature header into a SOAP envelope. You can customize the SHH configuration with a configuration file. For example, you can specify a signing policy and the key store file.

There are two signature configuration files:

• /QIBM/UserData/WebAS5/Base/instance_name/installedApps/ear_file_name/soapsec.war/conf/sv-sign-config.xml
• /QIBM/UserData/WebAS5/Base/instance_name/installedApps/ear_file_name/soapsec.war/conf/cl-sign-config.xml

where ear_file_name is the name of the Enterprise Archive (EAR) file that contains your SOAP application. The soapsamples.ear file contains samples of these configuration files.

Here is an explanation of each configuration element in the Signature Header:

• KeyStore
  The KeyStore element specifies a keystore file that holds the signing key. In this example, the type attribute indicates a key store type, and the jks attribute indicates Java^(TM) Key Store. The path attribute denotes a keystore file, and the storepass attribute is its store password.

   
  <KeyStore
     type="jks"
     path="key/SOAPserver"
     storepass="server"
  />
    

  Use he Key Management tool (iKeyman) to create a keystore file.
• Policy
  The PublicKey element specifies the information that should be included in the <ds:KeyInfo> element. With the current implementation, either include the complete certificate chain, or omit <ds:KeyInfo>. When you omit <ds:KeyInfo>, the recipient must know the default key to verify the signature.
• Template
  The contents of the Template element specify all the details related to XML Signature, including signature algorithms, digest algorithms, canonicalization algorithms, transform algorithms, the portion of the SOAP envelope to be signed, and so forth.
• Object
  The template can also have one or more Object elements for additional authentication information, such as a timestamp.
• ValueOfTimestamp
  This Signature Header Handler recognizes one special element type, ValueOfTimestamp, which is replaced with a current time and date before being inserted into the signature.