jrihtarsic commented on PR #299:
URL:
https://github.com/apache/santuario-xml-security-java/pull/299#issuecomment-3858570085
@coheigea Before updating the code, I’d like to briefly discuss the
implementation approach.
The main change in this PR is the introduction of pre‑ and post‑signature
processor interfaces (see XMLSignature and SignatureProcessor).
The design is intentionally generic so it can support extensions like XAdES,
which adds metadata before signing and timestamps afterward. This approach also
enables more experimental use cases, such as recording hashes on a ledger and
placing verification ledger url as part of signature.
**My first question is whether the pre‑ and post‑signature processor
interfaces look acceptable to you, and whether you see any potential security
risks in this approach. From development perspective it would be a great
addition.**
Regarding XAdES
I suggest placing **XAdES in a separate extension module** rather than the
core xmlsec codebase—though I’m unsure about the best location. But If we keep
XAdES inside xmlsec, I have one question:
Should we continue using JAXB for building the XAdES structures, or should
we switch to custom DOM handlers to stay consistent with xmlsec’s internal XML
construction?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
