Hope you are doing well.
I am using wM9.8. KIndly share your thoughts on the below need.
I am the consumer of the webService, provider asked us to use 1 way SSL where as they shared public key with us and process the message. They asked us to send the signature as part of a string which is an input of webService. As per them they Sign the message with their private key and share the payLoad sting with us.
Steps followed to process the message at our side ( consumer side )
- Created a truststore with their given publidcertificate as part of IS admin
As part of flow service followed below steps
- used string.base64Decode service which takes string nad geneated byte
- used getCertificate service passing trustStoreAlias, certAlias which returns certificate deails in byte
- used verify service, mapping byte returned from step1 to signature field,data is mapped with byte of step1, detachedSignature to false
and as part of signerCertChain with output of step2.
Can someone suggest are the above steps are valid.