Hello,

I’m working on a project that uses KeyName to identify the key used to verify 
or sign the signature. I’m using the santuario library through the 
XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier 
is not supported for outgoing messages. 

Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName not 
supported.
        at 
org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146)
 ~[xmlsec-2.0.7.jar!/:2.0.7]

So i’m looking to add some support for it. I’ve got a small proof of concept 
implementation ready but i ran into the problem that there is not clear 
definition of what should be in the KeyName. The project that i’m working on 
defined the contents of the KeyName as the SHA1 fingerprint of the certificate, 
but i’ve also seen and/or read about solution that use the CN or any other 
identifier.

So i’m thinking of extending 
org.apache.xml.security.stax.ext.XMLSecurityProperties with a field identifying 
the method to use to generate the KeyName content. And then use that info in 
XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to build 
a KeyName KeyInfo token with the required contents.

I’m looking for some feedback if that would be an acceptable solution.

Cheers,

Hugo


Reply via email to