Hi Colm,
Yeah, that sounds even easier. Thanks for the feedback, i’ll start working on
the patch and submit it when finished.
Cheers,
Hugo
> On 10 Oct 2016, at 18:02, Colm O hEigeartaigh wrote:
>
> Hi Hugo,
>
> The JSR-105 API in Java just takes a String as parameter, so I think it would
> be simpler just to add a new String property in XMLSecurityProperties which
> is taken as the KeyName value:
>
> https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String)
>
> Colm.
>
> On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers wrote:
> Hello,
>
> I’m working on a project that uses KeyName to identify the key used to verify
> or sign the signature. I’m using the santuario library through the
> XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName identifier
> is not supported for outgoing messages.
>
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: KeyName
> not supported.
>at
> org.apache.xml.security.stax.impl.processor.output.XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(XMLSignatureEndingOutputProcessor.java:146)
> ~[xmlsec-2.0.7.jar!/:2.0.7]
>
> So i’m looking to add some support for it. I’ve got a small proof of concept
> implementation ready but i ran into the problem that there is not clear
> definition of what should be in the KeyName. The project that i’m working on
> defined the contents of the KeyName as the SHA1 fingerprint of the
> certificate, but i’ve also seen and/or read about solution that use the CN or
> any other identifier.
>
> So i’m thinking of extending
> org.apache.xml.security.stax.ext.XMLSecurityProperties with a field
> identifying the method to use to generate the KeyName content. And then use
> that info in
> XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature() to
> build a KeyName KeyInfo token with the required contents.
>
> I’m looking for some feedback if that would be an acceptable solution.
>
> Cheers,
>
> Hugo
>
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com