Hi Hugo, The JSR-105 API in Java just takes a String as parameter, so I think it would be simpler just to add a new String property in XMLSecurityProperties which is taken as the KeyName value:
https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String) Colm. On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers <trip...@gmail.com> wrote: > Hello, > > I’m working on a project that uses KeyName to identify the key used to > verify or sign the signature. I’m using the santuario library through the > XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName > identifier is not supported for outgoing messages. > > Caused by: org.apache.xml.security.exceptions.XMLSecurityException: > KeyName not supported. > at org.apache.xml.security.stax.impl.processor.output. > XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature( > XMLSignatureEndingOutputProcessor.java:146) ~[xmlsec-2.0.7.jar!/:2.0.7] > > So i’m looking to add some support for it. I’ve got a small proof of > concept implementation ready but i ran into the problem that there is not > clear definition of what should be in the KeyName. The project that i’m > working on defined the contents of the KeyName as the SHA1 fingerprint of > the certificate, but i’ve also seen and/or read about solution that use the > CN or any other identifier. > > So i’m thinking of extending > org.apache.xml.security.stax.ext.XMLSecurityProperties > with a field identifying the method to use to generate the KeyName content. > And then use that info in XMLSignatureEndingOutputProcessor. > createKeyInfoStructureForSignature() to build a KeyName KeyInfo token > with the required contents. > > I’m looking for some feedback if that would be an acceptable solution. > > Cheers, > > Hugo > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
