Breaking the Kubernetes Kill Chain: Host Path Mount
Step2sales deptsendswarehouse
1. SENIOR PROJECT 2007-2008
(Step#2 of the ekoSign project)
6. Sales Department Applies the Policy
and Sends Order to the Warehouse
Developing Application that Uses XML
Signatures
Project team members
Hüseyin Çakır, Mehmet Mesut Özışık, Yılmaz Kaya
Abstract: Second step of the application which is sales department applies the policy and sends order to
the warehouse. This phase includes XML document signatures, encryption of informations at XML, verifying
XML signatures and decrypting encrypted XML data.
Keywords: Sales Department Applies the Policy and Sends Order to the Warehouse, XML Signature and
Encryption.
http://groups.google.com/group/digitalsignature
digitalsignature@googlegroups.com
PRINT DATE: 05/06/08
1
2. 6.1 Introduction
This documentation is related with the construction phase of the project. Sales department applies
the policy and sends order to the warehouse is one of the parts of construction phases and the series
of iterations of the system are implemented and an executable release of the step is developed. The
implementation of this step is built according to the use case diagrams and use case by text. Figure
6.1 shows the steps of the unified process and which step the project plan paper belongs to.
Inception
1.Introduction
2.Project Plan
3.Basic Concepts
Elaboration
4.Scenario
Construction
Transition
5.CSorder
6.SDSorderW
Figure 6.1 Steps of Unified Process.
6.2 Sales Department Applies the Policy and Sends Order to the Warehouse
SD receives an order from customer indicating that 1500 units of product worth of 100000$ are
needed on 21.02.2008 at 10:00. SD will decide whether the order will be sent to Management or
Warehouse. The decision will be made according to the company policy (Figure 6.2).
As a sample company policy, company sales department is authorized to sign the order costs which
are below 50.000$ whereas company management can sign order costs above 50.000$. So the
orders lower than 50.000$ must be directly sent to the warehouse (Table 6.1).
Figure 6.2 Scenario.
2
3. SIGNATURES: CUSTOMER, SALES DEPARTMENT
1500 units of product worth of 40000$ are needed on 21.02.2008 at 10:00.
XML DOCUMENT THAT CUSTOMER SENDS TO THE SALES DEPARTMENT: A sample XML includes
customer's
signature,
sales
department
signature
and
encrypted
order
information.
<order>
<!-ENCRYPTED ORDER INFORMATION-->
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Encrypted Order Information
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>rsaKey</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>caNz99cfG2m3K89ZjQGdVOd0h9IHlM</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>jVBxmk0xD03811OJVsnmTBxl0l8Z/fez6JZaWRgeKVDhQ94Pb</CipherValue>
</CipherData>
</EncryptedData>
<!-SALES DEPARTMENT MESSAGE-->
<salesDept Id="s">1500 units of product is required.</salesDept>
<management Id="m" />
<!-SIGNATURE OF CUSTOMER-->
Signature#1: Customer
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#c">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>VSh4kpOimvsxdy2hpfnozUZrL+Q=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ScVHcqcvXt3/mfB6CVKOGG5DcFvt/30Cc9Lw</SignatureValue>
</Signature>
Signature#2: Sales Dept.
<!-SIGNATURE OF SALES DEPARTMENT-->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#s">
<Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>cLYt4vVedV3M6Pu+/WX1uuf/K58=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>IRIhYrEwZKQcJikufCfnL0st1l7SBrZtxsq+jaJ8jP/l3yiv1MkeAkzmp</SignatureValue>
</Signature>
</order>
Table 6.1 Sales Department Sends Sample XML Order to Warehouse.
3
4. 6.3 Use Case Diagram of Sales Department Sends Order
Figure 6.3 represents Sales Department sending the document according to the company policy
and Use case text of the diagram is shown in Figure 6.4.
Figure 6.3 Use Case Diagram of Sales Department Applies Policy.
Use Case Title
:Sales Department Applies Policy
Primary Actor
:Sales Department
Precondition
:Sales Department must validate the previous signatures
Success Guarantee :Company Policy applied and order sent to the authorized
department
Trigger
:Sales Department receives order from customer
Main Success Scenario:
1. Page loaded to the sales department staff computer.
2. Sales department staff applies the company policy.
3. According to the policy the order either sent to warehouse or management.
Figure 6.4 Use Case by Text for Sales Department Sends Order.
4
5. 6.4 Class Diagram of Sales Department Applies Policy and Sends Order
This step uses six classes which are “signature”, “verifySignature”, “encryption”, “decryption”,
“customer” and “order”(Figure 6.5).
“signature” class includes a method “SignXml” that sign XML document and attach the signature
to the document in a <Signature> element. The method creates an cryptographic signing key, adds
the key to a secure key container, and then uses the key to digitally sign an XML document. The
key can then be retrieved to verify the XML digital signature, or be used to sign another XML
document.
“encryption” class has a method “Encrypt” that encrypts an XML element using two keys. It
generates a cryptographic public/private key pair and saves the key pair to a secure key container.
The method then creates a separate session key using a cryptographic algorithm. The method uses
the session key to encrypt the XML document and then uses the public key to encrypt the session
key. Finally, the method saves the encrypted session key and the encrypted XML data to the XML
document within a new <EncryptedData> element.
“customer” class stores two different attributes and “order” class that stores four different attributes
that is used to get data from the user interface. This class's attributes encrypted by “Encryption”
class that uses “encrypt” method to safely send data to the Company Sales Department.
Figure 6.5 Class Diagram of Sales Department Receives Order and Applies Policy .
5
6. 6.5 Sequence & Collaboration Diagrams of Sales Department Sends Order to the
Warehouse
Sequence Diagram shows the interactions between objects to perform critical pieces of use case
behavior in time-ordered manner. Sequence Diagram for Step#2 of the project developed in Figure
6.6 is developed from the class diagram in Figure 6.5.
Figure 6.6 Sequence Diagram of Sales Department Sends Order to the Warehouse.
6
7. Collaboration Diagram that shows the interactions between objects to perform critical pieces of the
use case behavior is developed in Figure 6.7.
Figure 6.7 Collaboration Diagram of Sales Department Sends Order to the Warehouse.
7
8. 6.6 User Interfaces
Figure 6.8 represents an interface that is used by sales department staff to view new orders to the
company.
Figure 6.8 Sales Department Interface for Displaying Orders Received.
8