You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by Franz Paul Forsthofer <em...@googlemail.com> on 2013/03/11 08:40:31 UTC

New Contribution: Component XML Digital Signature

Hello,


I want to contribute a new component for XML Digital Signature. There
shall be two endpoints; the signer endpoint shall sign the body of the
in-message and create an XML digital signature in the out-message, the
verifier endpoint shall verify the XML signature contained in the body
of the in-message and return the signed content in the body of the
out-message.

The implementation shall be based on the JRE API for XML Digital
Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html)
which fulfills the requirements of the XML signature specification
(http://www.w3.org/TR/xmldsig-core/).

The first version shall support

·   RSA and DSA keys
·   enveloping signatures
·   X509Certificate element as children of the KeyInfo element
·   the canonicalization algorithms
            o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315
            o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
            o   http://www.w3.org/2001/10/xml-exc-c14n#" (needs
inclusive namespace prefix list, we should not support this algorithm
in the first implementation)
            o   http://www.w3.org/2001/10/xml-exc-c14n#WithComments
·   the transform algorithms
            o      <all cononicalization algorithms>
            o     http://www.w3.org/2000/09/xmldsig#base64

I have a few questions about the contribution:
·   Schall I add the new code to the maven project with
<groupId>org.apache.camel</groupId> and
<artifactId>camel-crypto</artifactId>?
·   There is already a crypto component for signing and verifying
non-XML messages
(http://camel.apache.org/crypto-digital-signatures.html).
          o   Shall I add the new endpoints to this component, like
                  §  crypto:signxml://<name>?<parameters>
                  §  crypto:verfyxml://<name>?<parameters>
          o   or shall I create a new component “cryptoxml”?
·   Shall I add the classes to the package org.apache.camel.component.crypto ?

Regards Franz

Re: New Contribution: Component XML Digital Signature

Posted by Christian Müller <ch...@gmail.com>.

Hello Franz!

Thanks for this contribution.
Could you please have a look at the Camel Crypto data format [1] and
component [2] and summarize what the addition would be? Does it make sense
to add this into the existing data format/component?

[1] http://camel.apache.org/crypto.html
[2] http://camel.apache.org/crypto-digital-signatures.html

Best,
Christian

On Mon, Mar 11, 2013 at 8:40 AM, Franz Paul Forsthofer <
emc2fpf@googlemail.com> wrote:

> Hello,
>
>
> I want to contribute a new component for XML Digital Signature. There
> shall be two endpoints; the signer endpoint shall sign the body of the
> in-message and create an XML digital signature in the out-message, the
> verifier endpoint shall verify the XML signature contained in the body
> of the in-message and return the signed content in the body of the
> out-message.
>
> The implementation shall be based on the JRE API for XML Digital
> Signature (
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html
> )
> which fulfills the requirements of the XML signature specification
> (http://www.w3.org/TR/xmldsig-core/).
>
> The first version shall support
>
> ·   RSA and DSA keys
> ·   enveloping signatures
> ·   X509Certificate element as children of the KeyInfo element
> ·   the canonicalization algorithms
>             o   http://www.w3.org/TR/2001/REC-xml-c14n-20010315
>             o
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>             o   http://www.w3.org/2001/10/xml-exc-c14n#" (needs
> inclusive namespace prefix list, we should not support this algorithm
> in the first implementation)
>             o   http://www.w3.org/2001/10/xml-exc-c14n#WithComments
> ·   the transform algorithms
>             o      <all cononicalization algorithms>
>             o     http://www.w3.org/2000/09/xmldsig#base64
>
> I have a few questions about the contribution:
> ·   Schall I add the new code to the maven project with
> <groupId>org.apache.camel</groupId> and
> <artifactId>camel-crypto</artifactId>?
> ·   There is already a crypto component for signing and verifying
> non-XML messages
> (http://camel.apache.org/crypto-digital-signatures.html).
>           o   Shall I add the new endpoints to this component, like
>                   §  crypto:signxml://<name>?<parameters>
>                   §  crypto:verfyxml://<name>?<parameters>
>           o   or shall I create a new component “cryptoxml”?
> ·   Shall I add the classes to the package
> org.apache.camel.component.crypto ?
>
> Regards Franz
>



--