Hello,
I’m working on a project that uses KeyName to identify the key used to verify
or sign the signature. I’m using the santuario library through the
XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier
is not supported for outgoing messages.
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName not
supported.
at
org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146)
~[xmlsec-2.0.7.jar!/:2.0.7]
So i’m looking to add some support for it. I’ve got a small proof of concept
implementation ready but i ran into the problem that there is not clear
definition of what should be in the KeyName. The project that i’m working on
defined the contents of the KeyName as the SHA1 fingerprint of the certificate,
but i’ve also seen and/or read about solution that use the CN or any other
identifier.
So i’m thinking of extending
org.apache.xml.security.stax.ext.XMLSecurityProperties with a field identifying
the method to use to generate the KeyName content. And then use that info in
XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to build
a KeyName KeyInfo token with the required contents.
I’m looking for some feedback if that would be an acceptable solution.
Cheers,
Hugo
