Hi Colm, Yeah, that sounds even easier. Thanks for the feedback, i’ll start working on the patch and submit it when finished.
Cheers, Hugo > On 10 Oct 2016, at 18:02, Colm O hEigeartaigh <cohei...@apache.org> wrote: > > Hi Hugo, > > The JSR-105 API in Java just takes a String as parameter, so I think it would > be simpler just to add a new String property in XMLSecurityProperties which > is taken as the KeyName value: > > https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String) > > Colm. > > On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers <trip...@gmail.com> wrote: > Hello, > > I’m working on a project that uses KeyName to identify the key used to verify > or sign the signature. I’m using the santuario library through the > XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier > is not supported for outgoing messages. > > Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName > not supported. > at > org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146) > ~[xmlsec-2.0.7.jar!/:2.0.7] > > So i’m looking to add some support for it. I’ve got a small proof of concept > implementation ready but i ran into the problem that there is not clear > definition of what should be in the KeyName. The project that i’m working on > defined the contents of the KeyName as the SHA1 fingerprint of the > certificate, but i’ve also seen and/or read about solution that use the CN or > any other identifier. > > So i’m thinking of extending > org.apache.xml.security.stax.ext.XMLSecurityProperties with a field > identifying the method to use to generate the KeyName content. And then use > that info in > XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to > build a KeyName KeyInfo token with the required contents. > > I’m looking for some feedback if that would be an acceptable solution. > > Cheers, > > Hugo > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
