You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Franz Paul Forsthofer <em...@googlemail.com> on 2013/03/11 08:40:31 UTC
New Contribution: Component XML Digital Signature
Hello,
I want to contribute a new component for XML Digital Signature. There
shall be two endpoints; the signer endpoint shall sign the body of the
in-message and create an XML digital signature in the out-message, the
verifier endpoint shall verify the XML signature contained in the body
of the in-message and return the signed content in the body of the
out-message.
The implementation shall be based on the JRE API for XML Digital
Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
which fulfills the requirements of the XML signature specification
(http://www.w3.org/TR/xmldsig-core/).
The first version shall support
· RSA and DSA keys
· enveloping signatures
· X509Certificate element as children of the KeyInfo element
· the canonicalization algorithms
o http://www.w3.org/TR/2001/REC-xml-c14n-20010315
o http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
o http://www.w3.org/2001/10/xml-exc-c14n#" (needs
inclusive namespace prefix list, we should not support this algorithm
in the first implementation)
o http://www.w3.org/2001/10/xml-exc-c14n#WithComments
· the transform algorithms
o <all cononicalization algorithms>
o http://www.w3.org/2000/09/xmldsig#base64
I have a few questions about the contribution:
· Schall I add the new code to the maven project with
<groupId>org.apache.camel</groupId> and
<artifactId>camel-crypto</artifactId>?
· There is already a crypto component for signing and verifying
non-XML messages
(http://camel.apache.org/crypto-digital-signatures.html).
o Shall I add the new endpoints to this component, like
§ crypto:signxml://<name>?<parameters>
§ crypto:verfyxml://<name>?<parameters>
o or shall I create a new component “cryptoxml”?
· Shall I add the classes to the package org.apache.camel.component.crypto ?
Regards Franz
Re: New Contribution: Component XML Digital Signature
Posted by Christian Müller <ch...@gmail.com>.
Hello Franz!
Thanks for this contribution.
Could you please have a look at the Camel Crypto data format [1] and
component [2] and summarize what the addition would be? Does it make sense
to add this into the existing data format/component?
[1] http://camel.apache.org/crypto.html
[2] http://camel.apache.org/crypto-digital-signatures.html
Best,
Christian
On Mon, Mar 11, 2013 at 8:40 AM, Franz Paul Forsthofer <
emc2fpf@googlemail.com> wrote:
> Hello,
>
>
> I want to contribute a new component for XML Digital Signature. There
> shall be two endpoints; the signer endpoint shall sign the body of the
> in-message and create an XML digital signature in the out-message, the
> verifier endpoint shall verify the XML signature contained in the body
> of the in-message and return the signed content in the body of the
> out-message.
>
> The implementation shall be based on the JRE API for XML Digital
> Signature (
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html
> )
> which fulfills the requirements of the XML signature specification
> (http://www.w3.org/TR/xmldsig-core/).
>
> The first version shall support
>
> · RSA and DSA keys
> · enveloping signatures
> · X509Certificate element as children of the KeyInfo element
> · the canonicalization algorithms
> o http://www.w3.org/TR/2001/REC-xml-c14n-20010315
> o
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
> o http://www.w3.org/2001/10/xml-exc-c14n#" (needs
> inclusive namespace prefix list, we should not support this algorithm
> in the first implementation)
> o http://www.w3.org/2001/10/xml-exc-c14n#WithComments
> · the transform algorithms
> o <all cononicalization algorithms>
> o http://www.w3.org/2000/09/xmldsig#base64
>
> I have a few questions about the contribution:
> · Schall I add the new code to the maven project with
> <groupId>org.apache.camel</groupId> and
> <artifactId>camel-crypto</artifactId>?
> · There is already a crypto component for signing and verifying
> non-XML messages
> (http://camel.apache.org/crypto-digital-signatures.html).
> o Shall I add the new endpoints to this component, like
> § crypto:signxml://<name>?<parameters>
> § crypto:verfyxml://<name>?<parameters>
> o or shall I create a new component “cryptoxml”?
> · Shall I add the classes to the package
> org.apache.camel.component.crypto ?
>
> Regards Franz
>
--