Hi,
I have a question about signature with WSS4J,
it is more a conceptual question than a technical one, hopefully someone can
clarify this to me as I'm a bit confused about it right now.
When a client signs a message, the header
gets the DigestValue with the signature and the KeyInfo with the certificate
used to sign the body (or any other tokens). The server receives the message,
validates the certificate in its keystore and verifies the
DigestValue.
My problem is the following, how does the
server know, assuming that the DigestValue is fine for that certificate, that
this certificate is in fact the one that the message had when was generated and
that nobody has changed both certificate and DigestValue at some
point?
Lets say that there are two clients that
access that server, both have a certificate created from the same root CA key.
If the server just checks if the certificate is in the keystore how can it
ensure that the signature and the certificate are really the ones sent by client
A? the message may have been intercepted by client B (which has as well a valid
certificate) who has just dropped the certificate and the DigestValue and
replaced them with his own certificate and generate a new valid DigestValue
after changing the body in whatever way they wanted! How can I detect this kind
of tampering? I know that the certificates carry information about their owners,
but I don't see any place in WSS4J where I can ask for that kind of
verification, which would sort this issue.
I know I could deal with this by having
different keystores with different root CA keys for every client, that would
require a different server per client though, in my case that is not an issue
but I cannot believe that the specification cannot deal with this, so probably
some of my assumptions are not right or I have missed some functionality in some
place.
Any
help?
Thanks,
Juan
