Loading ...
Sorry, an error occurred while loading the content.

Sending a serialized body

Expand Messages
  • Weidong Wang
    I asked this question before and was told that I will have to use the undocmented send_receive function. But there is better and easier way to return complex
    Message 1 of 2 , Jul 23, 2001
    • 0 Attachment
      I asked this question before and was told that I will have to use the undocmented send_receive function. But there is better and easier way to return complex data. That works fine.
       
      Now I have a real need. I need to put the body together, serialize it so that I can digitally sign it to get a signature. This signature is then put into the header part (the idea is to authenticate the sender and to ensure the integrity of the body).
       
      I suppose I can just return as normal (putting data in the return clause), hoping that the serializer will produce exactly the same body (otherwise the signature cannot be verified), or I will have to use the send_receive function to send the header and body.
       
      But there is no guarrantee that send_receive function will not change, so it is risky to use it.
       
      I would like to know what is the right way to do in this situation. Is there a way to use return and tell it to accep tthe body part as is?
       
      Weidong
       
       
       
    • Paul Kulchenko
      Hi, Weidong! Interesting question. First of all, send_receive function WILL NOT change anything inside the envelope by itself. At the same time, I would NOT
      Message 2 of 2 , Jul 24, 2001
      • 0 Attachment
        Hi, Weidong!

        Interesting question. First of all, send_receive function WILL NOT
        change anything inside the envelope by itself. At the same time, I
        would NOT advise you to sign whole Body of the SOAP message for a
        number of reasons. First of all, if you have a choice, sign the
        content only. If you do NOT have a choice, you can sign content with
        XML markup as a fragment, but to do this, you should do normalization
        and canonicalization transformations before signing and before
        checking signature. There is no guarantee that XML will be delivered
        in the same view as it's generated, so according to XML-signature
        spec [1] set of rules apply here. If you still want to sgn XML
        gragment, I would rather recommend you to generate that fragment with
        SOAP::Serializer->serialize() method if possible and then insert it
        as a parameter with: SOAP::Data->type(xml =>
        $what_was_generated_by_serializer). serialize() method will generate
        content, you sign it and insert as is using 'xml' pseudo-type along
        with headers that have this signature inside. Let me know whether it
        works for you. My answers can be slow, I'm still at the conference
        and have occasional access to my email.

        Best wishes, Paul.

        [1] http://www.w3.org/TR/xmldsig-core/

        --- Weidong Wang <wwang@...> wrote:
        > I asked this question before and was told that I will have to use
        > the undocmented send_receive function. But there is better and
        > easier way to return complex data. That works fine.
        >
        > Now I have a real need. I need to put the body together, serialize
        > it so that I can digitally sign it to get a signature. This
        > signature is then put into the header part (the idea is to
        > authenticate the sender and to ensure the integrity of the body).
        >
        > I suppose I can just return as normal (putting data in the return
        > clause), hoping that the serializer will produce exactly the same
        > body (otherwise the signature cannot be verified), or I will have
        > to use the send_receive function to send the header and body.
        >
        > But there is no guarrantee that send_receive function will not
        > change, so it is risky to use it.
        >
        > I would like to know what is the right way to do in this situation.
        > Is there a way to use return and tell it to accep tthe body part as
        > is?
        >
        > Weidong
        >
        >
        >
        >


        __________________________________________________
        Do You Yahoo!?
        Make international calls for as low as $.04/minute with Yahoo! Messenger
        http://phonecard.yahoo.com/
      Your message has been successfully submitted and would be delivered to recipients shortly.