Hello Niklas,

can you point me in the spec https://www.w3.org/TR/xmldsig-core/ to the
part which allows to define transformations also for the KeyInfo element. I
could not find such kind of definition. If it is there in the specification
we might think about to include this into our camel processor.

This holds as well as for the SignedProperties element. See spec
http://www.etsi.org/deliver/etsi_ts%5C101900_101999%5C101903%5C01.04.02_60%5Cts_101903v010402p.pdf

Best Regards Franz

On Tue, Aug 30, 2016 at 10:34 AM, salkin <niklas.hokenst...@cargoit.se>
wrote:

> *I'm trying to generate an XML-signature using Apache Camel Xml-Security
> component. My RouteBuilder and configuration looks like this:
> *
> /
> private void createRouteBuilders() throws Exception {
>     /**
>      *  Sign XML with enveloping signature
>      *
>      *  JndiRegistry is used to bind signature variables
>      *
>      *  Key accessor = Use organisation X509Certificate
>      *  Signature algorithm =
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&;
>      *  Canonicalization method =  http://www.w3.org/2001/10/xml-exc-c14n#
>      *  Transform method = http://www.w3.org/2001/10/xml-exc-c14n#
>      *  Xades signature = defined in xadesProperties
>      *
>      * */
>     context.addRoutes(new RouteBuilder() {
>         public void configure() throws Exception {
>             //TODO: Handle exception
>             from("direct:xml-signature")
>             .convertBodyTo(String.class)
>             .to("xmlsecurity:sign://enveloping?"
>                     + "keyAccessor=#accessor&"
>                     +
> "signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&";
>                     + "canonicalizationMethod=#canonicalizationMethod1&"
>                     + "transformMethods=#transformMethods&"
>                     + "properties=#xadesProperties")
>             .convertBodyTo(Document.class);
>         }
>     });
> }
>
> private JndiRegistry createRegistry() throws Exception {
>     JndiRegistry registry = new JndiRegistry();
>
>     registry.bind("accessor", getKeyAccessor(keyPair.getPrivate()));
>     registry.bind("canonicalizationMethod1", getCanonicalizationMethod());
>     registry.bind("transformMethods", getTransformMethods());
>     registry.bind("xadesProperties", getXadesProperties());
>
>     return registry;
> }
>
> private XAdESSignatureProperties getXadesProperties() {
>     XAdESSignatureProperties props = new XAdESSignatureProperties();
>
>     props.setNamespace("http://uri.etsi.org/01903/v1.3.2#";);
>     props.setPrefix("xades");
>     props.setAddSigningTime(true);
>
>     return props;
> }
>
> private AlgorithmMethod getCanonicalizationMethod() {
>     return
> XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.
> EXCLUSIVE);
> }
>
> private List<AlgorithmMethod> getTransformMethods() {
>     ArrayList<AlgorithmMethod> transformMethods = new
> ArrayList<AlgorithmMethod>();
>     transformMethods.add(getCanonicalizationMethod());
>     return transformMethods;
> }/
>
> *The resulting XML looks like this:*
> /
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> Id="_78256618-6394-43fb-a551-45013f9df404">
> <ds:SignedInfo>
>     <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>     <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>     <ds:Reference URI="#_d1e0da88-0f2e-4491-8817-7a6a9b566a86">
>         <ds:Transforms>
>             <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>         </ds:Transforms>
>         <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <ds:DigestValue>KKcHfq+gpUlD9ltfvxUJC0DRLySRKeZqKebHr
> jxz1aI=</ds:DigestValue>
>     </ds:Reference>
>     <ds:Reference URI="#_42cbaaa6-2387-4991-b479-79f3aee1c4c6">
>         <ds:Transforms>
>             <ds:Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>         </ds:Transforms>
>         <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <ds:DigestValue>g6DR+ETW13DssymC5AHS2CsPwUFAlBKQeTH
> H81b+w/c=</ds:DigestValue>
>     </ds:Reference>
>     <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties";
> URI="#_f6ff95f0-42af-41f0-a4d7-37d9c7070bb6">
>         <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <ds:DigestValue>w+s0PSrSzE1bfGZYt2U3mipZMYv+ETcdB6eK6DtqB48=</ds:
> DigestValue>
>     </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>JOxBA0/9+hoxI7azTMemZfijEF4BoOU1wMmdzYt
> TSQchxDxr2LerQswNG2/26ANVAmWgmvMnrd5a8yxJsUw9EbkpQfAaJXX+
> ccXWLQVLxFSKYOVZqOG0UR1uPRN/Gs9LYjpDYsdKHbWzycfaSiKwSvFFUx
> rdt40xev4YEHh0xMVDpUQwruXEOrSfw1ceWLpJYTrLWAPcM3Ynd1/
> lXfEPylUJhHZPZ38ALk6QopOJ4D5jqndvzzGnWyXF1n0YImFut4OeviD+
> pHujRga6I3BN16ADErtEJQaQOR6CAVDkQvaiC12qrPwTm3vD4k5zgdtkdYPW
> Wexxl3IiRJlcqoVuSQ==</ds:SignatureValue>
> <ds:KeyInfo Id="_42cbaaa6-2387-4991-b479-79f3aee1c4c6">
>     <ds:X509Data>
>         <ds:X509Certificate>
>
>         </ds:X509Certificate>
>     </ds:X509Data>
> </ds:KeyInfo>
> <ds:Object Id="_d1e0da88-0f2e-4491-8817-7a6a9b566a86">
>
> </ds:Object>
> <ds:Object>
>     <xades:QualifyingProperties
> xmlns:xades="http://uri.etsi.org/01903/v1.3.2#";
> Target="#_78256618-6394-43fb-a551-45013f9df404">
>         <xades:SignedProperties Id="_f6ff95f0-42af-41f0-a4d7-
> 37d9c7070bb6">
>             <xades:SignedSignatureProperties>
>
> <xades:SigningTime>2016-08-25T14:43:39+02:00</xades:SigningTime>
>             </xades:SignedSignatureProperties>
>         </xades:SignedProperties>
>     </xades:QualifyingProperties>
> </ds:Object>/
> *
> I want my chosen transform algorithm (Exclusive Canonicalization) to also
> apply on the KeyInfo and the SignedProperties objects. Is this possible? If
> it is, how do I achieve this? *
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.
> com/XML-Security-Is-it-possible-to-change-transform-
> algorithm-on-KeyInfo-object-and-SignedProperties-tp5786982.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>

Reply via email to