You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by dm...@gmx.de on 2012/02/08 19:41:42 UTC

Verification (crypto:verify) does not remove CamelDigitalSignature header

Hello,
 
I'm using Camel 2.9.0 (Spring 3.0.6) with Java 1.6 on Tomcat 7. The following route successfully signs and verifies a message:
 
<route>
<from uri="direct:signMe"/>        
<to uri="crypto:sign://keystore?keystore=#signMe&amp;alias=signMe&amp;password=signMe" />
<log message="HEADER (SIGNATURE): ${headers}" />
<to uri="crypto:verify://keystore?keystore=#signMe&amp;alias=signMe" />
<log message="HEADER (VERIFICATION): ${headers}" />
<to uri="mock:result"/>
</route>  
 
However, the CamelDigitalSignature header is not removed after successful verification. Header after signature and after verification are completely identical. From looking at the clearMessageHeaders method in VerifyingProcessor, this header should be removed since this field is listed in DigitalSignatureProcessor, shouldn't it?
 
Regards, Dominik
-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

Re: Verification (crypto:verify) does not remove CamelDigitalSignature header

Posted by dm...@gmx.de.

Hi Hadrian,

Perfect, thanks a lot for your fast answer and the fix! Looking forward to the new release.

Regards, Dominik

-------- Original-Nachricht --------
> Datum: Wed, 08 Feb 2012 22:50:41 -0500
> Von: Hadrian Zbarcea <hz...@gmail.com>
> An: users@camel.apache.org
> Betreff: Re: Verification (crypto:verify) does not remove CamelDigitalSignature header

> Actually the crypto endpoints do have a clearHeaders option that was not 
> documents, but it didn't quite work either, both because the default 
> value was 'false' and a bug in the code.
> 
> I raised CAMEL-4996 [1] for that, fixed it and added a unit test. You 
> will be able to use it after the next release there is no workaround 
> available.
> 
> Cheers,
> Hadrian
> 
> [1] https://issues.apache.org/jira/browse/CAMEL-4996
> 
> 
> On 02/08/2012 01:41 PM, dms79@gmx.de wrote:
> > Hello,
> >
> > I'm using Camel 2.9.0 (Spring 3.0.6) with Java 1.6 on Tomcat 7. The
> following route successfully signs and verifies a message:
> >
> > <route>
> > <from uri="direct:signMe"/>
> > <to
> uri="crypto:sign://keystore?keystore=#signMe&amp;alias=signMe&amp;password=signMe" />
> > <log message="HEADER (SIGNATURE): ${headers}" />
> > <to uri="crypto:verify://keystore?keystore=#signMe&amp;alias=signMe" />
> > <log message="HEADER (VERIFICATION): ${headers}" />
> > <to uri="mock:result"/>
> > </route>
> >
> > However, the CamelDigitalSignature header is not removed after
> successful verification. Header after signature and after verification are
> completely identical. From looking at the clearMessageHeaders method in
> VerifyingProcessor, this header should be removed since this field is listed in
> DigitalSignatureProcessor, shouldn't it?
> >
> > Regards, Dominik
> 
> -- 
> Hadrian Zbarcea
> Principal Software Architect
> Talend, Inc
> http://coders.talend.com/
> http://camelbot.blogspot.com/

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

Re: Verification (crypto:verify) does not remove CamelDigitalSignature header

Posted by Hadrian Zbarcea <hz...@gmail.com>.

Actually the crypto endpoints do have a clearHeaders option that was not 
documents, but it didn't quite work either, both because the default 
value was 'false' and a bug in the code.

I raised CAMEL-4996 [1] for that, fixed it and added a unit test. You 
will be able to use it after the next release there is no workaround 
available.

Cheers,
Hadrian

[1] https://issues.apache.org/jira/browse/CAMEL-4996


On 02/08/2012 01:41 PM, dms79@gmx.de wrote:
> Hello,
>
> I'm using Camel 2.9.0 (Spring 3.0.6) with Java 1.6 on Tomcat 7. The following route successfully signs and verifies a message:
>
> <route>
> <from uri="direct:signMe"/>
> <to uri="crypto:sign://keystore?keystore=#signMe&amp;alias=signMe&amp;password=signMe" />
> <log message="HEADER (SIGNATURE): ${headers}" />
> <to uri="crypto:verify://keystore?keystore=#signMe&amp;alias=signMe" />
> <log message="HEADER (VERIFICATION): ${headers}" />
> <to uri="mock:result"/>
> </route>
>
> However, the CamelDigitalSignature header is not removed after successful verification. Header after signature and after verification are completely identical. From looking at the clearMessageHeaders method in VerifyingProcessor, this header should be removed since this field is listed in DigitalSignatureProcessor, shouldn't it?
>
> Regards, Dominik

-- 
Hadrian Zbarcea
Principal Software Architect
Talend, Inc
http://coders.talend.com/
http://camelbot.blogspot.com/