AuthenticationSignatureInterceptor
This interceptor looks for a signature on an incoming XDI message, and invokes an instance of SignatureAuthenticator to authenticate the message.
- signatureAuthenticator: An instance of SignatureAuthenticator that can authenticate an XDI message based on the signature it contains.
- xdi2.messaging.target.interceptor.impl.authentication.signature.AuthenticationSignatureInterceptor
- xdi2.messaging.target.interceptor.impl.authentication.signature.SignatureAuthenticator
- xdi2.messaging.target.interceptor.impl.authentication.signature.StaticSignatureAuthenticator
- xdi2.messaging.target.interceptor.impl.authentication.signature.GraphSignatureAuthenticator
- xdi2.messaging.target.interceptor.impl.authentication.signature.DiscoverySignatureAuthenticator
This StaticSignatureAuthenticator can authenticate an XDI message using a statically configured list of sender addresses and public keys.
- publicKeys: The statically configured list of sender addresses and public keys.
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.AuthenticationSignatureInterceptor">
<property name="signatureAuthenticator">
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.StaticSignatureAuthenticator">
<property name="publicKeys">
<util:map>
<entry key="=!:uuid:bdf301fb-e70c-3958-bdf3-01fbe70c3958" value="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTWxuxMHHl4dyL9QHiYUcXl6Cin4FLPzlvwEB/iYANvMHSa3a1wUqlIxt/VSx5cFkw9NU0zrCUmr8DJUsksBZpyiTcgOlCpxM8DFEBNG7SKjGFFOwGGVYFLd/GYdflopUQ03eyj+azkSPQJX0lR4ML2Z2CmvfLkIhndqETZ/1CzQIDAQAB" />
</util:map>
</property>
</bean>
</property>
</bean>
This SignatureAuthenticator can authenticate an XDI message using a "public key graph", which contains sender addresses and public keys. This "public key graph" may be the same as the "registry graph" of the RegistryGraphMessagingTargetFactory.
- publicKeyGraph: The public key graph.
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.AuthenticationSignatureInterceptor">
<property name="signatureAuthenticator">
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.GraphSignatureAuthenticator">
<property name="publicKeyGraph" ref="registryGraph" />
</bean>
</property>
</bean>
(=!:uuid:bdf301fb-e70c-3958-bdf3-01fbe70c3958!1111)<$public><$key>/&/"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMDgbUwmD5+2ABP440nD0Rwj0nwNuut4PwwTtVvxeJZ4nrC8ORFijLEd7hzD/aPhgjxZTccR/Ve8vp9g5KbGmmdr+NhV1f+LUB4oA+q1tY1gSnYnCirhhsxSbuxIrs8nQRC6Z1i7Q1YqRsvDyn829kYm4NJCCCCO0IlHsqoC/KqwIDAQAB"
(=!:uuid:bdf301fb-e70c-3958-bdf3-01fbe70c3958!2222)<$public><$key>/&/"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB7Hag3CV6TjrtGc0pk6QPRN754kfUXOheUDUAFiMluzVQfqNT3Sp+8qlniZaItt6qpSTXm2+N93nWPnd0gJVf1M+XS/3F9fs0d6K7Fy6h2tx9sT3QKJXzc+KCdsNdn4Gb3/XYyNHoV8a7lP8ntcAXoGTpor8jJ9OfgKnGKjHUOwIDAQAB"
This SignatureAuthenticator can authenticate an XDI message by using the XDI discovery client to obtain a public key for the sender of the XDI message.
- xdiDiscoveryClient: The XDI discovery client.
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.AuthenticationSignatureInterceptor">
<property name="signatureAuthenticator">
<bean class="xdi2.messaging.target.interceptor.impl.authentication.signature.DiscoverySignatureAuthenticator">
<property name="xdiDiscoveryClient">
<bean class="xdi2.discovery.XDIDiscoveryClient"/>
</property>
</bean>
</property>
</bean>
(=!:uuid:1111/=!:uuid:2222)($do$if/$true){$msg}<$sig><$valid>/&/true
The StaticSignatureAuthenticator as well as the GraphSignatureAuthenticator are primarily meant for simple use cases. The DiscoverySignatureAuthenticator utilizes a distributed PKI system based on registries, discovery, and individual XDI authorities.
There is currently no mechanism for key revocation.
When using the DiscoverySignatureAuthenticator, the discovered public keys may be cached by the XDI discovery client.
This work is licensed under a Creative Commons Attribution 4.0 International License.
