You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by buko <bu...@gmail.com> on 2018/05/06 05:45:42 UTC
Get the XML Signature byte[] at write time
It seems like when I’m reading a signed XML document I can register a SecurityEventListener:
InboundXMLSec inboundXmlSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader reader = inboundXmlSec.processInMessage(xmlStreamReader, null, eventListener);
The SecurityEventListener will get SecurityEvent callbacks and one of the callbacks is a SignatureValueSecurityEvent [1] which would let me retrieve the actual signature bytes hat are base64’d into the document.
I would really like to retrieve the XML Signature byte[] at write time. That is after I call XMLStreamWriter.close() I really need to know what XML signature ended up in the doc. I could read the doc back in but this seems very wasteful with Stax. Is there any way to retrieve the signature byte[] at write time? Can I register a SecurityEventListener to be invoked by the outbound processing chain?
[1] https://santuario.apache.org/Java/api/org/apache/xml/security/stax/securityEvent/SignatureValueSecurityEvent.html
RE: Get the XML Signature byte[] at write time
Posted by buko <bu...@gmail.com>.
Please take a look at https://github.com/apache/santuario-java/pull/10
It’s a very small change but it solves the problem quite nicely. It took a while to poke through the code and this seems to have very small impact.
From: buko
Sent: Sunday, May 6, 2018 12:45 PM
To: dev@santuario.apache.org
Subject: Get the XML Signature byte[] at write time
It seems like when I’m reading a signed XML document I can register a SecurityEventListener:
InboundXMLSec inboundXmlSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader reader = inboundXmlSec.processInMessage(xmlStreamReader, null, eventListener);
The SecurityEventListener will get SecurityEvent callbacks and one of the callbacks is a SignatureValueSecurityEvent [1] which would let me retrieve the actual signature bytes hat are base64’d into the document.
I would really like to retrieve the XML Signature byte[] at write time. That is after I call XMLStreamWriter.close() I really need to know what XML signature ended up in the doc. I could read the doc back in but this seems very wasteful with Stax. Is there any way to retrieve the signature byte[] at write time? Can I register a SecurityEventListener to be invoked by the outbound processing chain?
[1] https://santuario.apache.org/Java/api/org/apache/xml/security/stax/securityEvent/SignatureValueSecurityEvent.html