Mantis - Resin
Viewing Issue Advanced Details
1793 minor always 06-11-07 09:48 06-17-07 17:37
ferg  
ferg  
normal  
closed  
fixed  
none    
none 3.1.2  
0001793: Hessian security
(rep by Serge Merzliakov)

     As a newcomer, I don't know much about Hessian (my day job requires WS-Security, SOAP and the orthodox SOA stack...) but I have got the samples working and like the simplicity very much. Are there any plans to encrypt messages or some other message level security (this excludes SSL) ? I know this strays into the WS-Security space (and we don't wan't to reinvent the WS-* wheel) but it would be a compelling argument for serious evaluation in most firms considering SOA.

Notes
(0002055)
ferg   
06-17-07 17:37   
hessian/3c{20,21,30,31,32}

A) Encryption:

X509Encryption envelope = new com.caucho.hessian.security.X509Encryption();
X509Certificate cert = ...;
envelope.setCertificate(cert);

OutputStream out = ...;
Hessian2Output out = new Hessian2Output(out);

out = envelope.wrap(out);

// use normal Hessian2Output methods to write data

out.close();


B) Decryption:

X509Encryption envelope = new com.caucho.hessian.security.X509Encryption();
X509Certificate cert = ...;
envelope.setCertificate(cert);
PrivateKey key = ...;
envelope.setPrivateKey(key);

InputStream is = ...;
Hessian2Input in = new Hessian2Input(in);

in = envelope.unwrap(in);

// use normal Hessian2Input methods to read data

in.close();


C) Signature:

X509Signature envelope = new com.caucho.hessian.security.X509Signature();
X509Certificate cert = ...;
envelope.setCertificate(cert);
PrivateKey key = ...;
envelope.setPrivateKey(key);

OutputStream out = ...;
Hessian2Output out = new Hessian2Output(out);

out = envelope.wrap(out);

// use normal Hessian2Output methods to write data

out.close();


D) Signature Validation:

X509Signature envelope = new com.caucho.hessian.security.X509Signature();
X509Certificate cert = ...;
envelope.setCertificate(cert);

InputStream is = ...;
Hessian2Input in = new Hessian2Input(in);

in = envelope.unwrap(in);

// use normal Hessian2Input methods to read data

in.close(); // validation occurs during the close()