Describes how messages requesting operation on a collection is are checked against the permission model.
Permissions
The permissions are defined on a pr. certificate basis for each operation or set of operations. See RepositorySettings for detailes model.
To authorise an operation, the request must be signed in order to identify the certificate and which operations it is allowed to perform.
Signing messages
All messages in the system must be signed to ensure that the senders of the messages are who they claim they are and that the messages have not been tampered with.
Because messages are exchanged encapsulated in XML, there are two well defined ways to handle signing of the messages. One is XML Signatures, the other - and somewhat simpler - is Cryptographic Message Syntax - also known as PKCS#7. As one of the objectives is to prevent message tampering, there is no need for the granularity of XML Signatures. Therefore Cryptographic Message Syntax - or CMS for short - is chosen for signing and optionally encrypting messages. The identity of the signer is embedded in the public certificate
The hash algorithm for the generation of the message hash is SHA512. The signing certificate is excluded from the signature to reduce the size.
The message signature is calculated on the message xml interpreted as a utf-8-encoded byte stream and transmitted, base 64-encoded, in the message header org.bitrepository.messages.signature
Signature generation and verification
To generate a signature openssl can be used:
openssl smime -sign -md sha512 -binary -nocerts -noattr -in message -out new.sig -outform der -inkey pkey.pem -signer cert.pem
Where:
- message is a file with the message to create a signature for
- new.sig is a file containing the signature
- pkey.pem is a file containing the signers private key
- cert.pem is a file containing the signers certificate
To verify a signature with openssl the following can be used:
openssl smime -verify -in new.sig -inform der -noverify -content message -certfile cert.pem
Where:
- message is a file with the message to create a signature for
- new.sig is a file containing the signature (binary data, not base64 encoded)
- cert.pem is a file containing the signers certificate (ID of the certificate used for signing can be extracted from the signature it self. This can be used to obtain the signing certificate from the components trust).