You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by Franz Paul Forsthofer <em...@googlemail.com> on 2013/03/12 07:33:27 UTC
Contribution: Component XML Digital Signature
Hello,
I want to contribute a new component for XML Digital Signature. There
shall be two endpoints; the signer endpoint shall sign the body of the
in-message and create an XML digital signature in the out-message, the
verifier endpoint shall verify the XML signature contained in the body
of the in-message and return the signed content in the body of the
out-message.
The implementation shall be based on the JRE API for XML Digital
Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
which fulfills the requirements of the XML signature specification
(http://www.w3.org/TR/xmldsig-core/).
The first version shall support
· RSA and DSA keys
· enveloping signatures
· X509Certificate element as children of the KeyInfo element
· the canonicalization algorithms
o http://www.w3.org/TR/2001/REC-xml-c14n-20010315
o http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
o http://www.w3.org/2001/10/xml-exc-c14n#" (needs
inclusive namespace prefix list, we should not support this algorithm
in the first implementation)
o http://www.w3.org/2001/10/xml-exc-c14n#WithComments
· the transform algorithms
o <all cononicalization algorithms>
o http://www.w3.org/2000/09/xmldsig#base64
I have a few questions about the contribution:
· Schall I add the new code to the maven project with
<groupId>org.apache.camel</groupId> and
<artifactId>camel-crypto</artifactId>?
· There is already a crypto component for signing and verifying
non-XML messages
(http://camel.apache.org/crypto-digital-signatures.html).
o Shall I add the new endpoints to this component, like
§ crypto:signxml://<name>?<parameters>
§ crypto:verfyxml://<name>?<parameters>
o or shall I create a new component “cryptoxml”?
· Shall I add the classes to the package org.apache.camel.component.crypto ?
Regards Franz
Re: Contribution: Component XML Digital Signature
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
Welcome to the community.
Mind that Apache Camel supports JDK6+ so we cannot have components
currently that require JDK7+.
In case that API you wanna use is only avail in JDK7 onwards.
We have 2 crypto components
http://camel.apache.org/crypto
http://camel.apache.org/xmlsecurity-dataformat.html
Isn't your component more alike the existing xmlsecurity component from Camel?
Maybe that's the place where it fits the best?
I suggest to take a second look
On Tue, Mar 12, 2013 at 7:33 AM, Franz Paul Forsthofer
<em...@googlemail.com> wrote:
> Hello,
>
> I want to contribute a new component for XML Digital Signature. There
> shall be two endpoints; the signer endpoint shall sign the body of the
> in-message and create an XML digital signature in the out-message, the
> verifier endpoint shall verify the XML signature contained in the body
> of the in-message and return the signed content in the body of the
> out-message.
>
> The implementation shall be based on the JRE API for XML Digital
> Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
> which fulfills the requirements of the XML signature specification
> (http://www.w3.org/TR/xmldsig-core/).
>
> The first version shall support
>
> · RSA and DSA keys
> · enveloping signatures
> · X509Certificate element as children of the KeyInfo element
> · the canonicalization algorithms
> o http://www.w3.org/TR/2001/REC-xml-c14n-20010315
> o http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
> o http://www.w3.org/2001/10/xml-exc-c14n#" (needs
> inclusive namespace prefix list, we should not support this algorithm
> in the first implementation)
> o http://www.w3.org/2001/10/xml-exc-c14n#WithComments
> · the transform algorithms
> o <all cononicalization algorithms>
> o http://www.w3.org/2000/09/xmldsig#base64
>
> I have a few questions about the contribution:
> · Schall I add the new code to the maven project with
> <groupId>org.apache.camel</groupId> and
> <artifactId>camel-crypto</artifactId>?
> · There is already a crypto component for signing and verifying
> non-XML messages
> (http://camel.apache.org/crypto-digital-signatures.html).
> o Shall I add the new endpoints to this component, like
> § crypto:signxml://<name>?<parameters>
> § crypto:verfyxml://<name>?<parameters>
> o or shall I create a new component “cryptoxml”?
> · Shall I add the classes to the package org.apache.camel.component.crypto ?
>
> Regards Franz
--
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen