You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@camel.apache.org by Franz Paul Forsthofer <em...@googlemail.com> on 2013/03/12 07:33:27 UTC

Contribution: Component XML Digital Signature

Hello,

I want to contribute a new component for XML Digital Signature. There
shall be two endpoints; the signer endpoint shall sign the body of the
in-message and create an XML digital signature in the out-message, the
verifier endpoint shall verify the XML signature contained in the body
of the in-message and return the signed content in the body of the
out-message.

The implementation shall be based on the JRE API for XML Digital
Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
which fulfills the requirements of the XML signature specification
(http://www.w3.org/TR/xmldsig-core/).

The first version shall support

·   RSA and DSA keys
·   enveloping signatures
·   X509Certificate element as children of the KeyInfo element
·   the canonicalization algorithms
            o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315
            o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
            o   http://www.w3.org/2001/10/xml-exc-c14n#" (needs
inclusive namespace prefix list, we should not support this algorithm
in the first implementation)
            o   http://www.w3.org/2001/10/xml-exc-c14n#WithComments
·   the transform algorithms
            o      <all cononicalization algorithms>
            o     http://www.w3.org/2000/09/xmldsig#base64

I have a few questions about the contribution:
·   Schall I add the new code to the maven project with
<groupId>org.apache.camel</groupId> and
<artifactId>camel-crypto</artifactId>?
·   There is already a crypto component for signing and verifying
non-XML messages
(http://camel.apache.org/crypto-digital-signatures.html).
          o   Shall I add the new endpoints to this component, like
                  §  crypto:signxml://<name>?<parameters>
                  §  crypto:verfyxml://<name>?<parameters>
          o   or shall I create a new component “cryptoxml”?
·   Shall I add the classes to the package org.apache.camel.component.crypto ?

Regards Franz

Re: Contribution: Component XML Digital Signature

Posted by Claus Ibsen <cl...@gmail.com>.

Hi

Welcome to the community.

Mind that Apache Camel supports JDK6+ so we cannot have components
currently that require JDK7+.
In case that API you wanna use is only avail in JDK7 onwards.

We have 2 crypto components

http://camel.apache.org/crypto
http://camel.apache.org/xmlsecurity-dataformat.html

Isn't your component more alike the existing xmlsecurity component from Camel?
Maybe that's the place where it fits the best?

I suggest to take a second look


On Tue, Mar 12, 2013 at 7:33 AM, Franz Paul Forsthofer
<em...@googlemail.com> wrote:
> Hello,
>
> I want to contribute a new component for XML Digital Signature. There
> shall be two endpoints; the signer endpoint shall sign the body of the
> in-message and create an XML digital signature in the out-message, the
> verifier endpoint shall verify the XML signature contained in the body
> of the in-message and return the signed content in the body of the
> out-message.
>
> The implementation shall be based on the JRE API for XML Digital
> Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
> which fulfills the requirements of the XML signature specification
> (http://www.w3.org/TR/xmldsig-core/).
>
> The first version shall support
>
> ·   RSA and DSA keys
> ·   enveloping signatures
> ·   X509Certificate element as children of the KeyInfo element
> ·   the canonicalization algorithms
>             o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315
>             o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>             o   http://www.w3.org/2001/10/xml-exc-c14n#" (needs
> inclusive namespace prefix list, we should not support this algorithm
> in the first implementation)
>             o   http://www.w3.org/2001/10/xml-exc-c14n#WithComments
> ·   the transform algorithms
>             o      <all cononicalization algorithms>
>             o     http://www.w3.org/2000/09/xmldsig#base64
>
> I have a few questions about the contribution:
> ·   Schall I add the new code to the maven project with
> <groupId>org.apache.camel</groupId> and
> <artifactId>camel-crypto</artifactId>?
> ·   There is already a crypto component for signing and verifying
> non-XML messages
> (http://camel.apache.org/crypto-digital-signatures.html).
>           o   Shall I add the new endpoints to this component, like
>                   §  crypto:signxml://<name>?<parameters>
>                   §  crypto:verfyxml://<name>?<parameters>
>           o   or shall I create a new component “cryptoxml”?
> ·   Shall I add the classes to the package org.apache.camel.component.crypto ?
>
> Regards Franz



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen