MuleSoft: Digitally Sign and Verify a Document

DZone 's Guide to

MuleSoft: Digitally Sign and Verify a Document

This article details a way to secure, sign, and verify a document to prove its originality.

· Integration Zone ·
Free Resource

Max created and stored a document in a public folder. He wants to share it with other staffers so he doesn't need to send it via email. However, someone, intentionally or not, modified the content without his authorization. Obviously, Max must take the responsibility for those changes.

To protect the document, then he thinks to digitally sign it, hoping the readers will be able to identify whether it is the original one.

In this article, Max will show how to implement that through a simple Mule project. It is started with a flow to generate a mockup document in XML, sign it with a digital signature, and finally, in another flow, the document will be verified to ensure its original content.

Before we start to create the project, install the Anypoint Enterprise Security first:

  1. Open menu Help >> Install New Software…
  2. Click Add.
  3. Fill the Name field with: Anypoint Enterprise Security.
  4. Fill the Location field with: http://security-update-site-1.6.s3.amazonaws.com.
  5. Click OK to finish the configuration.
  6. Select all security connector options, and finish the installation.
  7. A new Security  section will be displayed in the palette.

Image title

After that, let's create an empty project and create the first flow:

  1. Drag and drop the HTTP connector.
  2. Complete the Connector Configuration setting.
    • Click +.
    • Leave all default values.
    • Click OK.
  3. Complete the Basic Settings.
    • Set the Field with /generateDoc.
    • Set the Allowed Method with GET.
  4. Drag and drop Set Payload on Process.
  5. Replace its default value with the following script:
<PurchaseOrder><Item number="130046593231"><Description>Video Game</Description><Price>10.29</Price></Item><Buyer id="8492340"><Name>My Name</Name><Address><Street>One Network Drive</Street><Town>Burlington</Town><State>MA</State><Country>United States</Country><PostalCode>01803</PostalCode></Address></Buyer></PurchaseOrder>

Then continue to put the next message processor:

  1. Drag and drop the Signature connector.
  2. Complete the Connector Configuration setting.
    • Click +.
    • Set the Name with XML_Signature.
    • Set the Default Signer with XML_SIGNER.
  3. Set the Operation with Sign XML.
    • Leave the Input with its default value #[payload].
    • Set the Key with any value, e.g.: maxKey.
    • Finally, set the rest of four required fields:

Field Name


Canonicalization Algorithm

The algorithm Mule uses for XML canonicalization:

Digest Method Algorithm

The algorithm Mule uses to encrypt the digest:
SHA256 (Default)

Signature Method Algorithm

The algorithm Mule uses to protect the message from tampering:
RSA_SHA1 (Default)

Signature Type

Defines whether the signature applies to:
• data outside its containing document (DETACHED)
• a part of its containing document (ENVELOPED) (Default)
• data it contains within itself (ENVELOPING)

Next, put the final message processor in this flow:

  1. Drag and drop the File connector at the end of this flow.
  2. Set its Basic Setting as required.
    • Set the Path with any location, e.g.: src/main/resources/output.
    • Set the File Name/Pattern with any name or pattern, e.g.: doc.xml.

Image title

At this phase, we have created the first flow to generate a mockup document. In the next step, we will create another flow to verify the document.

  1. Drag and drop the File connector into the Canvas to initiate the new flow.
    • Set the Path field with src/main/resources/input.
    • Set the Move to Directory field with src/main/resources/output.
  2. Drag and drop the Byte Array to String transformer into the Process area.
  3. Drag and drop the Signature connector.
  4. Set the Connector Configuration to refer to the existing one.
  5. Set the Operation with Verify signature and leave all default values as is.
  6. Finally, put a Logger at the end of this flow.
  7. Set its value with any message, e.g.: XML Verified!

Image title

Now we have finished our simple project, and it is ready for testing. Run the project and open a browser to initiate the mockup document creation.

  1. Execute the URL e.g.: http://localhost:8081/generateDoc.
  2. This execution will return XML including the signature at the bottom of its content.
  3. You can find the newly create XML document in src/main/resources/output.

That is the first scenario for signing a document. And it is successfully signed. Next, we have to ensure that the document can be verified.

  1. Move that document into src/main/resources/input folder.
  2. Mule will read and move it to the src/main/resources/output folder.
  3. Look at the console/log message, and it's confirmed: XML Verified!

But wait, how if the document is modified by others?

  1. To simulate this issue, open the document in any text editor.
  2. Modify any value, e.g.: <Price>10.29</Price> replaced with <Price>15.29</Price>.
  3. Save and move it into src/main/resources/input folder.
  4. Mule will read and move it to src/main/resources/output folder.
  5. Validation will not proceed to the next processor.
  6. Look at the console/log message, Mule read the file but does not confirm that it is verified.

That is all! So, through this exercise, we have successfully secured a document and verified it. There are many other scenarios and connectors supported by Anypoint Enterprise Security. Feel free to improve this project and explore other possibilities which suit your purposes.

mulesoft, security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}