*I'm trying to generate an XML-signature using Apache Camel Xml-Security component. My RouteBuilder and configuration looks like this: * / private void createRouteBuilders() throws Exception { /** * Sign XML with enveloping signature * * JndiRegistry is used to bind signature variables * * Key accessor = Use organisation X509Certificate * Signature algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256& * Canonicalization method = http://www.w3.org/2001/10/xml-exc-c14n# * Transform method = http://www.w3.org/2001/10/xml-exc-c14n# * Xades signature = defined in xadesProperties * * */ context.addRoutes(new RouteBuilder() { public void configure() throws Exception { //TODO: Handle exception from("direct:xml-signature") .convertBodyTo(String.class) .to("xmlsecurity:sign://enveloping?" + "keyAccessor=#accessor&" + "signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&" + "canonicalizationMethod=#canonicalizationMethod1&" + "transformMethods=#transformMethods&" + "properties=#xadesProperties") .convertBodyTo(Document.class); } }); }
private JndiRegistry createRegistry() throws Exception { JndiRegistry registry = new JndiRegistry(); registry.bind("accessor", getKeyAccessor(keyPair.getPrivate())); registry.bind("canonicalizationMethod1", getCanonicalizationMethod()); registry.bind("transformMethods", getTransformMethods()); registry.bind("xadesProperties", getXadesProperties()); return registry; } private XAdESSignatureProperties getXadesProperties() { XAdESSignatureProperties props = new XAdESSignatureProperties(); props.setNamespace("http://uri.etsi.org/01903/v1.3.2#"); props.setPrefix("xades"); props.setAddSigningTime(true); return props; } private AlgorithmMethod getCanonicalizationMethod() { return XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE); } private List<AlgorithmMethod> getTransformMethods() { ArrayList<AlgorithmMethod> transformMethods = new ArrayList<AlgorithmMethod>(); transformMethods.add(getCanonicalizationMethod()); return transformMethods; }/ *The resulting XML looks like this:* / <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="_78256618-6394-43fb-a551-45013f9df404"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#_d1e0da88-0f2e-4491-8817-7a6a9b566a86"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>KKcHfq+gpUlD9ltfvxUJC0DRLySRKeZqKebHrjxz1aI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#_42cbaaa6-2387-4991-b479-79f3aee1c4c6"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>g6DR+ETW13DssymC5AHS2CsPwUFAlBKQeTHH81b+w/c=</ds:DigestValue> </ds:Reference> <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#_f6ff95f0-42af-41f0-a4d7-37d9c7070bb6"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>w+s0PSrSzE1bfGZYt2U3mipZMYv+ETcdB6eK6DtqB48=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>JOxBA0/9+hoxI7azTMemZfijEF4BoOU1wMmdzYtTSQchxDxr2LerQswNG2/26ANVAmWgmvMnrd5a8yxJsUw9EbkpQfAaJXX+ccXWLQVLxFSKYOVZqOG0UR1uPRN/Gs9LYjpDYsdKHbWzycfaSiKwSvFFUxrdt40xev4YEHh0xMVDpUQwruXEOrSfw1ceWLpJYTrLWAPcM3Ynd1/lXfEPylUJhHZPZ38ALk6QopOJ4D5jqndvzzGnWyXF1n0YImFut4OeviD+pHujRga6I3BN16ADErtEJQaQOR6CAVDkQvaiC12qrPwTm3vD4k5zgdtkdYPWWexxl3IiRJlcqoVuSQ==</ds:SignatureValue> <ds:KeyInfo Id="_42cbaaa6-2387-4991-b479-79f3aee1c4c6"> <ds:X509Data> <ds:X509Certificate> </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> <ds:Object Id="_d1e0da88-0f2e-4491-8817-7a6a9b566a86"> </ds:Object> <ds:Object> <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#_78256618-6394-43fb-a551-45013f9df404"> <xades:SignedProperties Id="_f6ff95f0-42af-41f0-a4d7-37d9c7070bb6"> <xades:SignedSignatureProperties> <xades:SigningTime>2016-08-25T14:43:39+02:00</xades:SigningTime> </xades:SignedSignatureProperties> </xades:SignedProperties> </xades:QualifyingProperties> </ds:Object>/ * I want my chosen transform algorithm (Exclusive Canonicalization) to also apply on the KeyInfo and the SignedProperties objects. Is this possible? If it is, how do I achieve this? * -- View this message in context: http://camel.465427.n5.nabble.com/XML-Security-Is-it-possible-to-change-transform-algorithm-on-KeyInfo-object-and-SignedProperties-tp5786982.html Sent from the Camel - Users mailing list archive at Nabble.com.