XML Security - Is it possible to change transform algorithm on KeyInfo-object and SignedProperties?

Tue, 30 Aug 2016 01:34:53 -0700 

*I'm trying to generate an XML-signature using Apache Camel Xml-Security
component. My RouteBuilder and configuration looks like this:
*
/
private void createRouteBuilders() throws Exception {
    /**
     *  Sign XML with enveloping signature
     *  
     *  JndiRegistry is used to bind signature variables
     *  
     *  Key accessor = Use organisation X509Certificate
     *  Signature algorithm =
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&;
     *  Canonicalization method =  http://www.w3.org/2001/10/xml-exc-c14n#
     *  Transform method = http://www.w3.org/2001/10/xml-exc-c14n#
     *  Xades signature = defined in xadesProperties
     *  
     * */
    context.addRoutes(new RouteBuilder() {
        public void configure() throws Exception {
            //TODO: Handle exception
            from("direct:xml-signature")
            .convertBodyTo(String.class)
            .to("xmlsecurity:sign://enveloping?"
                    + "keyAccessor=#accessor&"
                    +
"signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&";
                    + "canonicalizationMethod=#canonicalizationMethod1&"
                    + "transformMethods=#transformMethods&"
                    + "properties=#xadesProperties")
            .convertBodyTo(Document.class);
        }
    });
}

private JndiRegistry createRegistry() throws Exception {
    JndiRegistry registry = new JndiRegistry();

    registry.bind("accessor", getKeyAccessor(keyPair.getPrivate()));
    registry.bind("canonicalizationMethod1", getCanonicalizationMethod());
    registry.bind("transformMethods", getTransformMethods());
    registry.bind("xadesProperties", getXadesProperties());

    return registry;
}

private XAdESSignatureProperties getXadesProperties() {
    XAdESSignatureProperties props = new XAdESSignatureProperties();

    props.setNamespace("http://uri.etsi.org/01903/v1.3.2#";);
    props.setPrefix("xades");
    props.setAddSigningTime(true);

    return props;
}

private AlgorithmMethod getCanonicalizationMethod() {
    return
XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
}

private List<AlgorithmMethod> getTransformMethods() {
    ArrayList<AlgorithmMethod> transformMethods = new
ArrayList<AlgorithmMethod>();
    transformMethods.add(getCanonicalizationMethod());
    return transformMethods;
}/

*The resulting XML looks like this:*
/
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="_78256618-6394-43fb-a551-45013f9df404">
<ds:SignedInfo>
    <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <ds:Reference URI="#_d1e0da88-0f2e-4491-8817-7a6a9b566a86">
        <ds:Transforms>
            <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
       
<ds:DigestValue>KKcHfq+gpUlD9ltfvxUJC0DRLySRKeZqKebHrjxz1aI=</ds:DigestValue>
    </ds:Reference>
    <ds:Reference URI="#_42cbaaa6-2387-4991-b479-79f3aee1c4c6">
        <ds:Transforms>
            <ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        </ds:Transforms>
        <ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
       
<ds:DigestValue>g6DR+ETW13DssymC5AHS2CsPwUFAlBKQeTHH81b+w/c=</ds:DigestValue>
    </ds:Reference>
    <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties";
URI="#_f6ff95f0-42af-41f0-a4d7-37d9c7070bb6">
        <ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
       
<ds:DigestValue>w+s0PSrSzE1bfGZYt2U3mipZMYv+ETcdB6eK6DtqB48=</ds:DigestValue>
    </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JOxBA0/9+hoxI7azTMemZfijEF4BoOU1wMmdzYtTSQchxDxr2LerQswNG2/26ANVAmWgmvMnrd5a8yxJsUw9EbkpQfAaJXX+ccXWLQVLxFSKYOVZqOG0UR1uPRN/Gs9LYjpDYsdKHbWzycfaSiKwSvFFUxrdt40xev4YEHh0xMVDpUQwruXEOrSfw1ceWLpJYTrLWAPcM3Ynd1/lXfEPylUJhHZPZ38ALk6QopOJ4D5jqndvzzGnWyXF1n0YImFut4OeviD+pHujRga6I3BN16ADErtEJQaQOR6CAVDkQvaiC12qrPwTm3vD4k5zgdtkdYPWWexxl3IiRJlcqoVuSQ==</ds:SignatureValue>
<ds:KeyInfo Id="_42cbaaa6-2387-4991-b479-79f3aee1c4c6">
    <ds:X509Data>
        <ds:X509Certificate>
            
        </ds:X509Certificate>
    </ds:X509Data>
</ds:KeyInfo>
<ds:Object Id="_d1e0da88-0f2e-4491-8817-7a6a9b566a86">
    
</ds:Object>
<ds:Object>
    <xades:QualifyingProperties
xmlns:xades="http://uri.etsi.org/01903/v1.3.2#";
Target="#_78256618-6394-43fb-a551-45013f9df404">
        <xades:SignedProperties Id="_f6ff95f0-42af-41f0-a4d7-37d9c7070bb6">
            <xades:SignedSignatureProperties>
               
<xades:SigningTime>2016-08-25T14:43:39+02:00</xades:SigningTime>
            </xades:SignedSignatureProperties>
        </xades:SignedProperties>
    </xades:QualifyingProperties>
</ds:Object>/
*
I want my chosen transform algorithm (Exclusive Canonicalization) to also
apply on the KeyInfo and the SignedProperties objects. Is this possible? If
it is, how do I achieve this? *



--
View this message in context: 
http://camel.465427.n5.nabble.com/XML-Security-Is-it-possible-to-change-transform-algorithm-on-KeyInfo-object-and-SignedProperties-tp5786982.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Reply via email to