camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r933316 - in /websites/production/camel/content: cache/main.pageCache xml-security-component.html
Date Fri, 19 Dec 2014 07:19:15 GMT
Author: buildbot
Date: Fri Dec 19 07:19:14 2014
New Revision: 933316

Log:
Production update by buildbot for camel

Modified:
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/xml-security-component.html

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Fri Dec 19 07:19:14 2014
@@ -299,7 +299,7 @@
                 </SignedDataObjectProperties>
             </SignedProperties>
         &lt;/QualifyingProperties&gt;]]></script>
-</div></div><p>The properties of the XAdES-BES form are the same except
that the&#160;<span style="line-height: 1.4285715;"><code>SignaturePolicyIdentifier</code>
property is missing.&#160;</span></p><p><span style="line-height:
1.4285715;">You can configure the XAdES-BES/EPES properties via the bean&#160;<code><span>org.apache.camel.component.xmlsecurity.api.</span>XAdESSignatureProperties</code>
or&#160;<code>org.apache.camel.component.xmlsecurity.api.DefaultXAdESSignatureProperties.
<span>XAdESSignatureProperties</span></code><span>&#160;does support
all properties mentioned above except the&#160;</span></span><code><span
style="line-height: 1.4285715;">SigningCertificate&#160;</span></code><span
style="line-height: 1.4285715;">property. To get the&#160;<code><span>SigningCertificate&#160;</span></code><span>property,
you must overwrite either the method&#160;<code>XAdESSignatureProperties.getSigningCertificate()
</code>or<code>&#160;<span>XAdESSignatureProperties.</span>getSigni
 ngCertificateChain().&#160;</code>The class&#160;<code>DefaultXAdESSignatureProperties</code>&#160;overwrites
the method&#160;<code>getSigningCertificate()</code>&#160;and allows you
to specify the signing certificate via a keystore and alias. The following example shows all
parameters which you can specify, if you do not need certain parameters you can just omit
them.</span></span></p><div class="code panel pdl" style="border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>XAdES-BES/EPES
example in Java DSL</b></div><div class="codeContent panelContent pdl">
+</div></div><p>The properties of the XAdES-BES form are the same except
that the&#160;<span style="line-height: 1.4285715;"><code>SignaturePolicyIdentifier</code>
property is not p&#252;art of XAdES-BES.&#160;</span></p><p><span
style="line-height: 1.4285715;">You can configure the XAdES-BES/EPES properties via the
bean&#160;<code><span>org.apache.camel.component.xmlsecurity.api.</span>XAdESSignatureProperties</code>
or&#160;<code>org.apache.camel.component.xmlsecurity.api.DefaultXAdESSignatureProperties.
<span>XAdESSignatureProperties</span></code><span>&#160;does support
all properties mentioned above except the&#160;</span></span><code><span
style="line-height: 1.4285715;">SigningCertificate&#160;</span></code><span
style="line-height: 1.4285715;">property. To get the&#160;<code><span>SigningCertificate&#160;</span></code><span>property,
you must overwrite either the method&#160;<code>XAdESSignatureProperties.getSigningCertificate()
</code>or<code>&#160;<span>XAdESSignatureProper
 ties.</span>getSigningCertificateChain().&#160;</code>The class&#160;<code>DefaultXAdESSignatureProperties</code>&#160;overwrites
the method&#160;<code>getSigningCertificate()</code>&#160;and allows you
to specify the signing certificate via a keystore and alias. The following example shows all
parameters you can specify. If you do not need certain parameters you can just omit them.</span></span></p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;"><b>XAdES-BES/EPES Example in Java DSL</b></div><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
       Keystore keystore = ... // load a keystore
         DefaultKeyAccessor accessor = new DefaultKeyAccessor();
         accessor.setKeyStore(keystore);
@@ -313,7 +313,7 @@
         // signing certificate
         props.setKeystore(keystore));
         props.setAlias(&quot;cert_alias&quot;); // specify the alias of the signing
certificate in the keystore = signer key alias
-        props.setDigestAlgorithmForSigningCertificate(DigestMethod.SHA256);
+        props.setDigestAlgorithmForSigningCertificate(DigestMethod.SHA256); // possible values
for the algorithm are &quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;, &quot;http://www.w3.org/2001/04/xmlenc#sha256&quot;,
&quot;http://www.w3.org/2001/04/xmldsig-more#sha384&quot;, &quot;http://www.w3.org/2001/04/xmlenc#sha512&quot;,
default value is &quot;http://www.w3.org/2001/04/xmlenc#sha256&quot;
         props.setSigningCertificateURIs(Collections.singletonList(&quot;http://certuri&quot;));
  
         // signing time
@@ -321,13 +321,14 @@
  
         // policy
         props.setSignaturePolicy(XAdESSignatureProperties.SIG_POLICY_EXPLICIT_ID);
-        // also the values XAdESSignatureProperties.SIG_POLICY_NONE and XAdESSignatureProperties.SIG_POLICY_IMPLIED
are possible
-        // then you must not specify any further policy parameters
+        // also the values XAdESSignatureProperties.SIG_POLICY_NONE (&quot;None&quot;),
and XAdESSignatureProperties.SIG_POLICY_IMPLIED (&quot;Implied&quot;)are possible,
default value is XAdESSignatureProperties.SIG_POLICY_EXPLICIT_ID (&quot;ExplicitId&quot;)
+        // For &quot;None&quot; and &quot;Implied&quot; you must not specify
any further policy parameters
         props.setSigPolicyId(&quot;urn:oid:1.2.840.113549.1.9.16.6.1&quot;);
-        props.setSigPolicyIdQualifier(&quot;OIDAsURN&quot;);
+        props.setSigPolicyIdQualifier(&quot;OIDAsURN&quot;); //allowed values are
empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; default value is
empty string
         props.setSigPolicyIdDescription(&quot;invoice version 3.1&quot;);
-        props.setSignaturePolicyDigestAlgorithm(DigestMethod.SHA256);
+        props.setSignaturePolicyDigestAlgorithm(DigestMethod.SHA256);// possible values for
the algorithm are &quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;, http://www.w3.org/2001/04/xmlenc#sha256&quot;,
&quot;http://www.w3.org/2001/04/xmldsig-more#sha384&quot;, &quot;http://www.w3.org/2001/04/xmlenc#sha512&quot;,
default value is http://www.w3.org/2001/04/xmlenc#sha256&quot;
         props.setSignaturePolicyDigestValue(&quot;Ohixl6upD6av8N7pEvDABhEL6hM=&quot;);
+        // you can add  qualifiers for the signature policy either by specifying text or
an XML fragment with the root element &quot;SigPolicyQualifier&quot; 
         props.setSigPolicyQualifiers(Arrays
             .asList(new String[] {
                 &quot;&lt;SigPolicyQualifier xmlns=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;SPURI&gt;http://test.com/sig.policy.pdf&lt;/SPURI&gt;&lt;SPUserNotice&gt;&lt;ExplicitText&gt;display
text&lt;/ExplicitText&gt;&quot;
@@ -342,7 +343,7 @@
         props.setSignatureProductionPlaceStateOrProvince(&quot;Bavaria&quot;);
  
         //role
-        // you can add claimed roles either by specifying simple text or an XML fragment
with the root element ClaimedRole 
+        // you can add claimed roles either by specifying text or an XML fragment with the
root element &quot;ClaimedRole&quot; 
         props.setSignerClaimedRoles(Arrays.asList(new String[] {&quot;test&quot;,
             &quot;&lt;a:ClaimedRole xmlns:a=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;TestRole&gt;TestRole&lt;/TestRole&gt;&lt;/a:ClaimedRole&gt;&quot;
}));
         props.setSignerCertifiedRoles(Collections.singletonList(new XAdESEncapsulatedPKIData(&quot;Ahixl6upD6av8N7pEvDABhEL6hM=&quot;,
@@ -352,18 +353,18 @@
         props.setDataObjectFormatDescription(&quot;invoice&quot;);
         props.setDataObjectFormatMimeType(&quot;text/xml&quot;);
         props.setDataObjectFormatIdentifier(&quot;urn:oid:1.2.840.113549.1.9.16.6.2&quot;);
-        props.setDataObjectFormatIdentifierQualifier(&quot;OIDAsURN&quot;);
+        props.setDataObjectFormatIdentifierQualifier(&quot;OIDAsURN&quot;); //allowed
values are empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; default
value is empty string
         props.setDataObjectFormatIdentifierDescription(&quot;identifier desc&quot;);
         props.setDataObjectFormatIdentifierDocumentationReferences(Arrays.asList(new String[]
{
             &quot;http://test.com/dataobject.format.doc.ref1.txt&quot;, &quot;http://test.com/dataobject.format.doc.ref2.txt&quot;
}));
  
         //commitment
         props.setCommitmentTypeId(&quot;urn:oid:1.2.840.113549.1.9.16.6.4&quot;);
-        props.setCommitmentTypeIdQualifier(&quot;OIDAsURN&quot;);
+        props.setCommitmentTypeIdQualifier(&quot;OIDAsURN&quot;); //allowed values
are empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; default value
is empty string
         props.setCommitmentTypeIdDescription(&quot;description for commitment type ID&quot;);
         props.setCommitmentTypeIdDocumentationReferences(Arrays.asList(new String[] {&quot;http://test.com/commitment.ref1.txt&quot;,
             &quot;http://test.com/commitment.ref2.txt&quot; }));
-        // you can specify a commitment type qualifier either by simple text or an XML fragment
with root element CommitmentTypeQualifier
+        // you can specify a commitment type qualifier either by simple text or an XML fragment
with root element &quot;CommitmentTypeQualifier&quot;
         props.setCommitmentTypeQualifiers(Arrays.asList(new String[] {&quot;commitment
qualifier&quot;,
             &quot;&lt;c:CommitmentTypeQualifier xmlns:c=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;C&gt;c&lt;/C&gt;&lt;/c:CommitmentTypeQualifier&gt;&quot;
}));
  
@@ -375,7 +376,37 @@
                      .to(&quot;mock:result&quot;);
 
 ]]></script>
-</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of <code>QualifyingProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of <code>SignedDataObjectProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="co
 nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of&#160; <code>SignedSignatureProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd"><span>for the value of the </span><code>Encoding</code><span>
element of the </span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">&#160;overwrites the XAdES namespace parameter value</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><c
 ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">overwrites
the XAdES prefix parameter value</td></tr></tbody></table></div><h4
id="XMLSecuritycomponent-Limitations">Limitations</h4><ul><li>No support
for signature form XAdES-T and XAdES-C</li><li>Only signer part implemented.</li><li>No
support&#160;for the '<code>QualifyingPropertiesReference</code>' element
(see section 6.3.2 of spec).</li><li>No support for the <code>Transforms</code>
element contained in the&#160;<code>SignaturePolicyId</code> element contained
in the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No
support of the <code>CounterSignature</code> element --&gt; no support for
the&#160;<code>UnsignedProperties</code> element</li><li>At most
one <code>DataObjectFormat</code> element. More than one <code>DataObjectFormat
</code>element makes no sense &#160;because we have only one data object whic
 h is signed (this is the incoming message body to the XML signer endpoint).</li><li>At
most one <code>CommitmentTypeIndication</code> element. More than one <code>CommitmentTypeIndication</code>element
makes no sense &#160;because we have only one data object which is signed (this is the
incoming message body to the XML signer endpoint).</li><li><p>A <code>CommitmentTypeIndication</code>
element contains always the <code>AllSignedDataObjects</code> element. The <code>ObjectReference</code>
element within <code>CommitmentTypeIndication</code>&#160; element is not
supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code>
element is not supported</li><li>The<code> IndividualDataObjectsTimeStamp</code>
element is not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See
Also</h3><ul><li><a shape="rect" class="external-link" href="http://www.w3.org/TR/xmldsig-bestpractices/"
rel="nofollow">Best Practices</a></li></ul></div>
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>XAdES-BES/EPES
Example in Spring XML</b></div><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[  
...
+   &lt;from uri=&quot;direct:xades&quot; /&gt;
+            &lt;to
+                uri=&quot;xmlsecurity:sign://xades?keyAccessor=#accessorRsa&amp;amp;properties=#xadesProperties&quot;
/&gt;
+            &lt;to uri=&quot;mock:result&quot; /&gt;
+   ...
+   &lt;bean id=&quot;xadesProperties&quot;
+        class=&quot;org.apache.camel.component.xmlsecurity.api.XAdESSignatureProperties&quot;&gt;
+        &lt;!-- For more properties see the the previous Java DSL example. 
+             If you want to have a signing certificate then use the bean class DefaultXAdESSignatureProperties
(see the previous Java DSL example). --&gt;
+        &lt;property name=&quot;signaturePolicy&quot; value=&quot;ExplicitId&quot;
/&gt;
+        &lt;property name=&quot;sigPolicyId&quot; value=&quot;http://www.test.com/policy.pdf&quot;
/&gt;
+        &lt;property name=&quot;sigPolicyIdDescription&quot; value=&quot;factura&quot;
/&gt;
+        &lt;property name=&quot;signaturePolicyDigestAlgorithm&quot; value=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;
/&gt;
+        &lt;property name=&quot;signaturePolicyDigestValue&quot; value=&quot;Ohixl6upD6av8N7pEvDABhEL1hM=&quot;
/&gt;
+        &lt;property name=&quot;signerClaimedRoles&quot; ref=&quot;signerClaimedRoles_XMLSigner&quot;
/&gt;
+        &lt;property name=&quot;dataObjectFormatDescription&quot; value=&quot;Factura
electrónica&quot; /&gt;
+        &lt;property name=&quot;dataObjectFormatMimeType&quot; value=&quot;text/xml&quot;
/&gt;
+    &lt;/bean&gt;
+    &lt;bean class=&quot;java.util.ArrayList&quot; id=&quot;signerClaimedRoles_XMLSigner&quot;&gt;
+        &lt;constructor-arg&gt;
+            &lt;list&gt;
+                &lt;value&gt;Emisor&lt;/value&gt;
+                &lt;value&gt;&amp;lt;ClaimedRole
+                    xmlns=&amp;quot;http://uri.etsi.org/01903/v1.3.2#&amp;quot;&amp;gt;&amp;lt;test
+                    xmlns=&amp;quot;http://test.com/&amp;quot;&amp;gt;test&amp;lt;/test&amp;gt;&amp;lt;/ClaimedRole&amp;gt;&lt;/value&gt;
+            &lt;/list&gt;
+        &lt;/constructor-arg&gt;
+    &lt;/bean&gt;]]></script>
+</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of <code>QualifyingProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of <code>SignedDataObjectProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="co
 nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">for the 'Id' attribute value of&#160; <code>SignedSignatureProperties</code>
element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd"><span>for the value of the </span><code>Encoding</code><span>
element of the </span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">&#160;overwrites the XAdES namespace parameter value</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><c
 ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">overwrites
the XAdES prefix parameter value</td></tr></tbody></table></div><h4
id="XMLSecuritycomponent-LimitationswithregardtoXAdESversion1.4.2">Limitations with regard
to XAdES version 1.4.2</h4><ul><li>No support for signature form XAdES-T
and XAdES-C</li><li>Only signer part implemented. Verifier part currently not
available.</li><li>No support&#160;for the '<code>QualifyingPropertiesReference</code>'
element (see section 6.3.2 of spec).</li><li>No support for the <code>Transforms</code>
element contained in the&#160;<code>SignaturePolicyId</code> element contained
in the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No
support of the <code>CounterSignature</code> element --&gt; no support for
the&#160;<code>UnsignedProperties</code> element</li><li>At most
one <code>DataObjectFormat</code> element. More than o
 ne <code>DataObjectFormat </code>element makes no sense &#160;because we
have only one data object which is signed (this is the incoming message body to the XML signer
endpoint).</li><li>At most one <code>CommitmentTypeIndication</code>
element. More than one <code>CommitmentTypeIndication</code>element makes no sense
&#160;because we have only one data object which is signed (this is the incoming message
body to the XML signer endpoint).</li><li><p>A <code>CommitmentTypeIndication</code>
element contains always the <code>AllSignedDataObjects</code> element. The <code>ObjectReference</code>
element within <code>CommitmentTypeIndication</code>&#160; element is not
supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code>
element is not supported</li><li>The<code> IndividualDataObjectsTimeStamp</code>
element is not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See
Also</h3><ul><li><a shape="rect" class="external-link" href="http://www.w3.org/TR/xmldsig-bestprac
 tices/" rel="nofollow">Best Practices</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message