Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] Sending a serialized body

Expand Messages
  • Paul Kulchenko
    Hi, Weidong! Interesting question. First of all, send_receive function WILL NOT change anything inside the envelope by itself. At the same time, I would NOT
    Message 1 of 2 , Jul 24, 2001
    • 0 Attachment
      Hi, Weidong!

      Interesting question. First of all, send_receive function WILL NOT
      change anything inside the envelope by itself. At the same time, I
      would NOT advise you to sign whole Body of the SOAP message for a
      number of reasons. First of all, if you have a choice, sign the
      content only. If you do NOT have a choice, you can sign content with
      XML markup as a fragment, but to do this, you should do normalization
      and canonicalization transformations before signing and before
      checking signature. There is no guarantee that XML will be delivered
      in the same view as it's generated, so according to XML-signature
      spec [1] set of rules apply here. If you still want to sgn XML
      gragment, I would rather recommend you to generate that fragment with
      SOAP::Serializer->serialize() method if possible and then insert it
      as a parameter with: SOAP::Data->type(xml =>
      $what_was_generated_by_serializer). serialize() method will generate
      content, you sign it and insert as is using 'xml' pseudo-type along
      with headers that have this signature inside. Let me know whether it
      works for you. My answers can be slow, I'm still at the conference
      and have occasional access to my email.

      Best wishes, Paul.

      [1] http://www.w3.org/TR/xmldsig-core/

      --- Weidong Wang <wwang@...> wrote:
      > I asked this question before and was told that I will have to use
      > the undocmented send_receive function. But there is better and
      > easier way to return complex data. That works fine.
      >
      > Now I have a real need. I need to put the body together, serialize
      > it so that I can digitally sign it to get a signature. This
      > signature is then put into the header part (the idea is to
      > authenticate the sender and to ensure the integrity of the body).
      >
      > I suppose I can just return as normal (putting data in the return
      > clause), hoping that the serializer will produce exactly the same
      > body (otherwise the signature cannot be verified), or I will have
      > to use the send_receive function to send the header and body.
      >
      > But there is no guarrantee that send_receive function will not
      > change, so it is risky to use it.
      >
      > I would like to know what is the right way to do in this situation.
      > Is there a way to use return and tell it to accep tthe body part as
      > is?
      >
      > Weidong
      >
      >
      >
      >


      __________________________________________________
      Do You Yahoo!?
      Make international calls for as low as $.04/minute with Yahoo! Messenger
      http://phonecard.yahoo.com/
    Your message has been successfully submitted and would be delivered to recipients shortly.