| Excerpt |
|---|
To ensure messages are transmitted, untampered signature based authentication is used. |
...
To authenticate a message a signature is required and a set of trusted certificates. The former is described in the following section, the latter is obtained from RepositorySettings as certificates having either an OperationPermission or the InfrastructurePermission MessageSigner. Further more restrictions on which component IDs are allowed to use a certificate may be imposed. If a certificate have has a non-empty AllowedCertificateUsers list, the components ID must be present in that list for the message to be authenticated.
Components participating in a Bit Repository where RequireMessageAuthentication in RepositorySettings have been set to true is required to:
...
The message signature is calculated on the message xml interpreted as a utf-8-encoded byte stream and transmitted, base 64-encoded, in the message header org.bitrepository.messages.signature.
Signature generation and verification
...