Hello, I’m working on a project that uses KeyName to identify the key used to verify or sign the signature. I’m using the santuario library through the XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier is not supported for outgoing messages.
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName not supported. at org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146) ~[xmlsec-2.0.7.jar!/:2.0.7] So i’m looking to add some support for it. I’ve got a small proof of concept implementation ready but i ran into the problem that there is not clear definition of what should be in the KeyName. The project that i’m working on defined the contents of the KeyName as the SHA1 fingerprint of the certificate, but i’ve also seen and/or read about solution that use the CN or any other identifier. So i’m thinking of extending org.apache.xml.security.stax.ext.XMLSecurityProperties with a field identifying the method to use to generate the KeyName content. And then use that info in XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to build a KeyName KeyInfo token with the required contents. I’m looking for some feedback if that would be an acceptable solution. Cheers, Hugo