Re: KeyName support in santuario

2016-10-11 Thread Hugo Trippaers 
Hi Colm,

Yeah, that sounds even easier. Thanks for the feedback, i’ll start working on 
the patch and submit it when finished.

Cheers,

Hugo

> On 10 Oct 2016, at 18:02, Colm O hEigeartaigh  wrote:
> 
> Hi Hugo,
> 
> The JSR-105 API in Java just takes a String as parameter, so I think it would 
> be simpler just to add a new String property in XMLSecurityProperties which 
> is taken as the KeyName value:
> 
> https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String)
> 
> Colm.
> 
> On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers  wrote:
> Hello,
> 
> I’m working on a project that uses KeyName to identify the key used to verify 
> or sign the signature. I’m using the santuario library through the 
> XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier 
> is not supported for outgoing messages.
> 
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName 
> not supported.
>at 
> org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146)
>  ~[xmlsec-2.0.7.jar!/:2.0.7]
> 
> So i’m looking to add some support for it. I’ve got a small proof of concept 
> implementation ready but i ran into the problem that there is not clear 
> definition of what should be in the KeyName. The project that i’m working on 
> defined the contents of the KeyName as the SHA1 fingerprint of the 
> certificate, but i’ve also seen and/or read about solution that use the CN or 
> any other identifier.
> 
> So i’m thinking of extending 
> org.apache.xml.security.stax.ext.XMLSecurityProperties with a field 
> identifying the method to use to generate the KeyName content. And then use 
> that info in 
> XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to 
> build a KeyName KeyInfo token with the required contents.
> 
> I’m looking for some feedback if that would be an acceptable solution.
> 
> Cheers,
> 
> Hugo
> 
> 
> 
> 
> 
> -- 
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com

Re: KeyName support in santuario

2016-10-10 Thread Colm O hEigeartaigh 
Hi Hugo,

The JSR-105 API in Java just takes a String as parameter, so I think it
would be simpler just to add a new String property in XMLSecurityProperties
which is taken as the KeyName value:

https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String)

Colm.

On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers  wrote:

> Hello,
>
> I’m working on a project that uses KeyName to identify the key used to
> verify or sign the signature. I’m using the santuario library through the
> XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName
> identifier is not supported for outgoing messages.
>
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
> KeyName not supported.
> at org.apache.xml.security.stax.impl.processor.output.
> XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(
> XMLSignatureEndingOutputProcessor.java:146) ~[xmlsec-2.0.7.jar!/:2.0.7]
>
> So i’m looking to add some support for it. I’ve got a small proof of
> concept implementation ready but i ran into the problem that there is not
> clear definition of what should be in the KeyName. The project that i’m
> working on defined the contents of the KeyName as the SHA1 fingerprint of
> the certificate, but i’ve also seen and/or read about solution that use the
> CN or any other identifier.
>
> So i’m thinking of extending 
> org.apache.xml.security.stax.ext.XMLSecurityProperties
> with a field identifying the method to use to generate the KeyName content.
> And then use that info in XMLSignatureEndingOutputProcessor.
> createKeyInfoStructureForSignature() to build a KeyName KeyInfo token
> with the required contents.
>
> I’m looking for some feedback if that would be an acceptable solution.
>
> Cheers,
>
> Hugo
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com