Question
· Feb 6, 2020

How could we add InclusiveNamespaces tag inside Signature, when we sign a message?‽‽

Hello,

We have the following code:

 

Method incorporarDocumento(request As EsquemasDatos.incorporarDocumentoRequest(REQUIRED=1)) As EsquemasDatos.documentoIncorporado(XMLNAME="return") [ Final, ProcedureBlock = 1, SoapBindingStyle = document, SoapBodyUse = literal, WebMethod ]
{
set ..MTOMRequired = 1 set ..SecurityOut.actor = "http://www.gobiernodecanarias.org/Platino/Authentication/1.0"
    set ..SecurityOut.mustUnderstand = "1"
    set ..SecurityNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili..."
        
//BINARY SECURITY TOKEN
    set x509alias = "certPlatinoPRE"
    //set x509alias = "pemp_open"
    set cred = ##class(%SYS.X509Credentials).GetByAlias(x509alias)
    set cert = ##class(%SOAP.Security.BinarySecurityToken).CreateX509Token(cred)     
    //SIGNATURE TOKEN
    set sig=##class(%XML.Security.Signature).CreateX509(cert)
    do sig.SetSignatureMethod($$$SOAPWSrsasha1)
    do sig.SetDigestMethod($$$SOAPWSrsasha1)
    //---     //ADD TOKENS
    do ..SecurityOut.AddToken(cert)
    do ..SecurityOut.AddElement(utoken)
do ..SecurityOut.AddElement(sig)  Quit ..WebMethod("incorporarDocumento").Invoke($this,"",.request)
}

 

We should be able to add the tag <InclusiveNamespaces> inside our <Signature>, for example:

 

How could we achieve that?
 

 

We have read:

https://cedocs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cl...

https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls...

https://www.w3.org/TR/xml-exc-c14n/#def-InclusiveNamespaces-PrefixList

https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls...

https://cedocs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cl...

Discussion (1)2
Log in or sign up to continue

I had similar problems with the digital signature classes provided with Caché solved by extending the classes and adding the missing properties. Once extended you could add and InclusiveNamespace property and populate it with anything you like. You may find that you have to extend the entire digital signature package or even copy the package to a new one so that you can add what you want.