Hey folks,

Hope this is the right place to ask this, but i’m working on an interface to a 
system with some specific requirements i haven’t figured out yet. I’ve got some 
of them covered so far (they use KeyName as key identifier for example), but i 
have a few remaining things i need to solve and i would like to know if those 
are possible to configure with the current version of the santuario library.

First of all their implementation expects the signature element to be the last 
element in the resulting xml document. See the example below, can this be done 
with a configuration?


Second they don’t accept Ids in the root and signature element and expect the 
Reference URI to be an empty string.

And they also seem to take offence at the '<dsig:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />’ transform being present.

Below it the complete signature as generated by my current configuration. 

If using the library indirectly from the CXF XmlSecOutInterceptor with the 
following configuration:

final SignatureProperties properties = new SignatureProperties();

/* 1. The entire XML message must be signed.
/* 2. For the purpose of generating the digest of the main message, the 
inclusive canonicalization algorithm must be used.
/* 3. For the purpose of generating the signature value, the exclusive 
canonicalization algorithm must be used.

/* 4. The syntax for an enveloped signature must be used.
 * 5. For hashing purposes the SHA256 algorithm must be used.

/* 6. For signature purposes the RSAWithSHA256 algorithm must be used. RSA keys 
must be 2,048 bits long.

/* 7. The public key must be referenced using a fingerprint of an X.509 
certificate. The fingerprint must be
 * calculated according to the following formula HEX(SHA-1(DER certificate)).

Looking for some pointer to get this done, if it is configuration that would be 
great. If this needs some modifications in the code i would be happy with some 
pointers in the right direction.



  <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; />
      <dsig:Reference URI="#G0f49a5bd-86ed-4e12-8146-57f584a5f6c1">
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
          <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
        <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; 
    <dsig:KeyInfo Id="Gf05095c8-a7ea-47bb-8d68-80f5481ea9e3">

Reply via email to