webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  XML Xades with webMethods

    Posted 29 days ago
    Hi Folks, 
    I'm currently working on implementing a Java service within webMethods Integration Server that performs XML digital signatures using the XAdES standard. To achieve this, I chose to use the Digital Signature Services (DSS) libraries, developed and maintained by the European Commission (https://github.com/esig/dss)
    So far, I've integrated the DSS JARs and set up the service to:
    -Load a document (XML or binary)
    -Use a PKCS#12 keystore to access the signing certificate
    -Configure XAdESSignatureParameters (level, digest, packaging, etc.)
    Sign the document and save the output
    However, when invoking the service, I get the following error:
    Unable to instantiate default RevocationDataVerifier. Reason : SECURITY : unable to set attribute(s)! [http://javax.xml.XMLConstants/property/accessExternalDTD: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.; http://javax.xml.XMLConstants/property/accessExternalSchema: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized.]


    From my investigation, this seems to be related to an incompatibility between the XML parser (SAXParserFactory) used by Integration Server (specifically, Apache Xerces) and the security properties being set by the DSS library when initializing the RevocationDataVerifier.
    Solutions I've attempted
    -Basic XML security properties configuration:
    javaSystem.setProperty("javax.xml.accessExternalDTD", "all");
    System.setProperty("javax.xml.accessExternalSchema", "all");
    -Configuring the certificate verifier:
    javaCommonCertificateVerifier verifier = new CommonCertificateVerifier();
    verifier.setAlertOnMissingRevocationData(null);
    verifier.setAlertOnRevokedCertificate(null);
    verifier.setCheckRevocationForUntrustedChains(false);
    -Attempting to disable revocation checking:
    javaverifier.setOcspSource(null);
    verifier.setCrlSource(null);
    -Setting additional JVM properties:
    javaSystem.setProperty("jdk.xml.transform.enableExtensionFunctions", "true");
    System.setProperty("jdk.xml.xpathExprGrpLimit", "0");
    System.setProperty("jdk.xml.xpathExprOpLimit", "0");
    System.setProperty("jdk.xml.xpathTotalOpLimit", "0");
    None of these approaches have resolved the issue.
    Has anyone successfully implemented XML signatures using DSS libraries (or any others) in WebMethods ? Any suggestions on how to resolver these XML
    security property issues ?
    Thanks in advance for your help !


    ------------------------------
    Thibaut Volpoet
    ------------------------------


  • 2.  RE: XML Xades with webMethods

    Posted 28 days ago

    Did you try to use the package class loader?

    I explain how to enable it here https://jahntech.com/resources/blog/external-java-libraries-in-webmethods-integration-server/



    ------------------------------
    All the best,
    Christoph
    ------------------------------

    Original Message


  • 3.  RE: XML Xades with webMethods

    Posted 28 days ago

    Here is the feedback from IBM support on the subject:

    After reviewing your request, I can confirm that the Digital Signature Services (DSS) libraries are a third-party product maintained by the European Commission and are not supported by Software AG or IBM as part of WebMethods Integration Server. As this integration falls outside our official compatibility and support scope, we're unable to provide troubleshooting assistance for DSS itself.

    For help with DSS specific issues, such as the XML security property errors you're encountering, you will need to contact the DSS project's support channels or your DSS vendor representative. You may also find it helpful to post your question in the DSS GitHub forum or other community forums (for example, Stack Overflow or the Software AG Empower community), where others who have attempted similar XAdES implementations with webMethods can share their experiences and suggestions.

    If you have any questions relating to webMethods Integration Server's built-in XML signature capabilities or other supported features, please let us know; we would be happy to help.



    ------------------------------
    Thibaut Volpoet
    ------------------------------

    Original Message


  • 4.  RE: XML Xades with webMethods

    Posted 27 days ago

    While nobody wants to get that response, there isn't really much else they can do.

    Did you find some time to check the class loader setting for packages?



    ------------------------------
    All the best,
    Christoph
    ------------------------------

    Original Message


  • 5.  RE: XML Xades with webMethods

    Posted 14 hours ago

    Hi,

    We have successfully implemented the transformation to Xades format in Java specific.

    Thanks for help.



    ------------------------------
    Thibaut Volpoet
    ------------------------------

    Original Message


Related Content