camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r975289 [2/2] - in /websites/production/camel/content: apache-spark.html cache/main.pageCache xml-security-component.html
Date Fri, 11 Dec 2015 17:19:38 GMT
Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Fri Dec 11 17:19:38 2015
@@ -179,7 +179,7 @@
       <to uri="xmlsecurity:verify://enveloping?keySelector=#selector" />
     <to uri="mock:result" />
 ]]></script>
-</div></div><p>For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. For the validation, the corresponding public key is necessary; you specify a key selector bean which provides this public key.</p><p>The key accessor bean must implement the <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java" rel="nofollow">KeyAccessor</a> interface. The package <code>org.apache.camel.component.xmlsecurity.api</code> contains the default implementation class <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java" rel="nofollow">DefaultKeyAccessor</a> which reads the private key from a Java keystore.</p><p>The key selector bean must implement the <a shape="re
 ct" class="external-link" href="http://docs.oracle.com/javase/6/docs/api/javax/xml/crypto/KeySelector.html" rel="nofollow">javax.xml.crypto.KeySelector</a> interface. The package <code>org.apache.camel.component.xmlsecurity.api</code> contains the default implementation class <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java" rel="nofollow">DefaultKeySelector</a> which reads the public key from a keystore.</p><p>In the example, the default signature algorithm <code><a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></code> is used. You can set the signature algorithm of your choice by the option <code>signatureAlgorithm</code> (see below). The signer endpoint creates an <strong>enveloping</strong> XML signature. If you want to create an <str
 ong>enveloped</strong> XML signature then you must specify the parent element of the Signature element; see option <code>parentLocalName</code> for more details.</p><p>For creating <strong>detached</strong> XML signatures, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements".</p><h3 id="XMLSecuritycomponent-CommonSigningandVerifyingOptions">Common Signing and Verifying Options</h3><p>There are options which can be used for both endpoints, signer and verifier.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>uriDereferencer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" clas
 s="external-link" href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/URIDereferencer.html" rel="nofollow">javax.xml.crypto.URIDereferencer</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>URI dereferencer. You can specify here your own URI dereferencer, if you want to restrict the dereferencing or have special requirements for dereferencing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>baseUri</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Base URI used in the URI dereferencer. Relative URIs are concatenated with the base URI.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>cryptoContextProperties</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Map&lt;String, ? extends Object&gt;</p></td><td c
 olspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Crypto context properties. See <code>javax.xml.crypto.XMLCryptoContext.setProperty(String, Object)</code>. The properties can depend on the provider. For example, the JDK provider "XMLDSig" has the property "org.jcp.xml.dsig.validateManifests" for enabling manifest validation. The following properties are set by default to the value <code>Boolean.TRUE</code> for the XML verifier: "<code>org.jcp.xml.dsig.validateManifests</code>", "<code>javax.xml.crypto.dsig.cacheReference</code>". If the option <code>secureValidation} is {{true</code> then additionally the properties "<code>org.apache.jcp.xml.dsig.secureValidation</code>" and "<code>org.jcp.xml.dsig.secureValidation</code>" are set to <code>Boolean.TRUE</code> for the XML verifier. If you want to switch these features off you must set the property values to <code>Boolean.FALSE</code>.</p></td></tr><tr><td colspan="1" rows
 pan="1" class="confluenceTd"><p>disallowDoctypeDecl</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether DTD DOCTYPE declarations shall be disallowed in the incoming XML message.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>omitXmlDeclaration</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether the XML declaration header shall be omitted in the output XML message.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>clearHeaders</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="conflue
 nceTd"><p>Indicator whether the XML signature message headers defined in <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureConstants.java" rel="nofollow">XmlSignatureConstants</a> shall be deleted at the end of the signer or verifier processing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">schemaResourceUri</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. Classpath to the XML Schema file. If set then the XML document is validated against the XML schema. Must be set in the case of detached signatures in order to determine the attributes of type ID. <span>This value can be overwritten by the header "<code>CamelXmlSignatureSchemaResourceUri</code>". <span>For further information, s
 </span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">outputXmlEncoding</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.15.0</strong>. Character encoding of the output XML document. If <code>null</code> then UTF-8 is used.</td></tr></tbody></table></div><h3 id="XMLSecuritycomponent-SigningOptions">Signing Options</h3><p>The signer endpoint has the following options.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" 
 rowspan="1" class="confluenceTd"><p>keyAccessor</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java" rel="nofollow">KeyAccessor</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Provides the signing key and the KeyInfo instance. There is an example implementation which uses a keystore, see <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java" rel="nofollow">DefaultKeyAccessor</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>addKeyInfoReference</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1
 " class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether a Reference element refering the KeyInfo element provided by the key accessor should be added to the XML signature.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>signatureAlgorithm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>signature algorithm consisting of a digest and encryption algorithm. The digest algorithm is used to calculate the digest of the SignedInfo element and the encryption algorithm is used to sign this digest. Possible values: <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#dsa-sha1" rel="nofollow">http://www.w3
 .org/2000/09/xmldsig#dsa-sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha384</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>digestAlgorithm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Digest algorithm for calculat
 ing the digest of the in-message body. If not specified then the digest algorithm of the signature algorithm is used. Possible values: <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha256" rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#sha384" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#sha384</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha512" rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>parentLocalName</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"
 ><p>Local name of the parent of the Signature element. The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. If this option and the option <code><span>parentXpath</span> are</code> null, then an enveloping XML signature is created. See also option <code>parentNamespace</code>. Alternatively you can specify the parent via the option <code><span>parentXpath.</span></code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>parentNamespace</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Namespace of the parent of the Signature element. See option <code>parentLocalName</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">parentXpath</td><td colspan="1" rowspan="1" class="confluenceTd">XPathFilterParameterSpec</td><td colspan="1" rowspan="1" class=
 "confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.15.0</strong>. XPath to the parent of the Signature element. <span>The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. <span> If this option and the option <span><code>parentLocalName</code> are</span></span><span> null, then an enveloping XML signature is created. <span>A</span><span>lternatively <span>you can specify the parent via the option <code>parentLocalName. </code>Example: <code>/p1:root/SecurityItem[last()] </code>This example will select the last sibling with the name <code>SecurityItem</code>. Such kind of selection is not possible with the option <span><code>parentLocalName</code>.</span></span></span></span></span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>canonicalizationMethod</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://docs.o
 racle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMethod.html" rel="nofollow">javax.xml.crypto.AlgorithmMethod</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>C14n</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List&lt;String&gt; inclusiveNamespacePrefixes) to create a canonicalization method.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>transformMethods</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List&lt;javax.xml.crypto.AlgorithmMethod&gt;</p></td><td colspa
 n="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option <code>parentLocalName</code>) also <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is added at position 0 of the list. Use methods in <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a> to create the transform methods.</p><p>The Camel header "<strong>CamelXmlSignatureTransformMethods</strong>" overwrites this option (since Camel 2.17.0). The header value must be of type string; you specify in a comma separa
 ted list the transform algorithms, for example "<a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315" rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>". In the header you cannot specify transform algorithms which need parameters, like <a shape="rect" class="external-link" href="http://www.w3.org/TR/1999/REC-xslt-19991116" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/TR/1999/REC-xslt-19991116</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2002/06/xmldsig-filter2" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/2002/06/xmldsig-filter2</a>, or <a shape="rect" class="external-link" href="http://www.w3.org/TR/1999/REC-xpath-19991116" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/TR/1999/REC-xpath-19991116</a>.</p></td></tr><tr><td colspan="1" rowspan="1" cl
 ass="confluenceTd"><p>prefixForXmlSignatureNamespace</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>ds</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Prefix for the XML signature namespace. If <code>null</code> is specified or an empty string then no prefix is used for the signature namespace.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentReferenceUri</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The URI of the reference to the signed content (in-message body). If <code>null</code> and we are in the enveloped XML signature case then the URI is set to "". If <code>null</code> and we are in the enveloping XML signature case then the URI is set to "generated_object_id" which means that the reference points to t
 he Object element containing the in-message body. You can use this option to reference a specific part in your in-message body if you do not want to sign the complete in-message body. This value can be overwritten by the header "CamelXmlSignatureContentReferenceUri". Please be aware, if you want to use a value of an XML ID attribute (example: "#ID_value"), then you must provide the information about the ID attribute via a doctype definition contained in the input XML document. This option is ignored in the case of detached signature when the option <code>xpathsToIdAttributes </code>is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentReferenceType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Value of the type attribute of the content reference. This value can be overwritten by the header "<code>CamelXmlSigna
 tureContentReferenceType</code>"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>plainText</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether the in-message body contains plain text. Normally, the signature generator treats the incoming message body as XML. If the message body is plain text, then you must set this option to <code>true</code>. The value can be overwritten by the header "CamelXmlSignatureMessageIsPlainText".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>plainTextEncoding</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Only used when the option <code>plainText</code> is set to <code>true</code>. Then you can specify th
 e encoding of the plain text. If <code>null</code> then UTF-8 is used. The value can be overwritten by the header "<code>CamelXmlSignatureMessageIsPlainTextEncoding</code>".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>properties</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java" rel="nofollow">XmlSignatureProperties</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecur
 ity/api/XmlSignatureProperties.java" rel="nofollow">XmlSignatureProperties</a> interface.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentObjectId</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Value of the Id attribute of the Object element. Only used in the enveloping XML signature case. If <code>null</code> then a unique value is generated. Available as of <strong>2.12.2</strong></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">xpathsToIdAttributes</td><td colspan="1" rowspan="1" class="confluenceTd">List&lt;<span style="line-height: 1.4285715;">XPathFilterParameterSpec</span>&gt;</td><td colspan="1" rowspan="1" class="confluenceTd">empty list</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. List of XPATH expressions to ID attributes of elements to be signed.
  Used for the detached XML Signatures. Can only be used in combination with the option <code>schemaResourceUri</code><em>. </em><span>The value can be overwritten by the header "<code>CamelXmlSignatureXpathsToIdAttributes</code>". If the option <span><code>parentLocalNam</code><em>e</em> is set at the same time then an exception is thrown. The class <code>XPathFilterParameterSpec </code>has the package <code>javax.xml.crypto.dsig.spec</code>. For further information, s</span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">signatureId</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. Value of the Id attribute of the Signature element. If <code>null</code> then a unique Id is generated. If the value is the empty string ("") th
 en no Id attribute is added to the Signature element.</td></tr></tbody></table></div><h3 id="XMLSecuritycomponent-VerifyingOptions">Verifying Options</h3><p>The verifier endpoint has the following options.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>keySelector</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html" rel="nofollow">javax.xml.crypto.KeySelector</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Provides the 
 key for validating the XML signature. There is an example implementation which uses a keystore, see <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java" rel="nofollow">DefaultKeySelector</a>.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>xmlSignatureChecker</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java" rel="nofollow">XmlSignatureChecker</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This interface allows the application to check the XML signature before the validation is executed. This step is recommended in <a shape="rect" cl
 ass="external-link" href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed" rel="nofollow">http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>validationFailedHandler</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java" rel="nofollow">ValidationFailedHandler</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java" rel="nofollow">DefaultValidationFailedHandler</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Handles the different validation failed 
 situations. The default implementation throws specific exceptions for the different situations (All exceptions have the package name <code>org.apache.camel.component.xmlsecurity.api</code> and are a sub-class of <code>XmlSignatureInvalidException</code>. If the signature value validation fails, a <code>XmlSignatureInvalidValueException</code> is thrown. If a reference validation fails, a <code>XmlSignatureInvalidContentHashException</code> is thrown. For more detailed information, see the JavaDoc.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>xmlSignature2Message</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java" rel="nofollow">XmlSignature2Message</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href=
 "https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java" rel="nofollow">DefaultXmlSignature2Message</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Bean which maps the XML signature to the ouput-message after the validation. How this mapping should be done can be configured by the options <code>outputNodeSearchType</code>, <code>outputNodeSearch</code>, and <code>removeSignatureElements</code>. The default implementation offers three possibilities which are related to the three output node search types "Default", "ElementName", and "XPath". The default implementation determines a node which is then serialized and set to the body of the ouput message. If the search type is "ElementName" then the ouput node (which must be in this case an element) is determined by the local name and namespace defined in the search value (see option <code>outputNodeSearch</code>). 
 If the search type is "XPath" then the output node is determined by the XPath specified in the search value (in this case the ouput node can be of type "Element", "TextNode" or "Document"). If the output node search type is "Default" then the following rules apply: In the enveloped XML signature case (there is a reference with URI="" and transform "http://www.w3.org/2000/09/xmldsig#enveloped-signature"), the incoming XML document without the Signature element is set to the output message body. In the non-enveloped XML signature case, the message body is determined from a referenced Object; this is explained in more detail in chapter "Output Node Determination in Enveloping XML Signature Case".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>outputNodeSearchType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>"Default"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Determi
 nes the type of the search of the output node. See option <code>xmlSignature2Message</code>. The default implementation <code>DefaultXmlSignature2Message</code> supports the three search types "Default", "ElementName", and "XPath".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>outputNodeSearch</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Object</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Search value of the output node search. The type depends on the search type. For the default search implementation <code>DefaultXmlSignature2Message</code> the following values can be supplied. If the search type is "Default", then the search value is not used. If the search type is "ElementName", then the search value contains the namespace and local name of the output element. The namespace must be embraced in brackets. If the search type is "XPath", the search value contains an i
 nstance of <code>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</code> which represents an XPath. You can create such an instance via the method <code><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a></code><code>.getXpathFilter(String xpath, Map&lt;String, String&gt; namespaceMap)</code>. The XPath determines the output node which can be of type Element, TextNode, or Document.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>removeSignatureElements</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator for removing Signature elements in the output message in the enveloped XML signature case. Used in the <code>XmlSignatu
 re2Message</code> instance. The default implementation does use this indicator for the two search types "ElementName" and "XPath".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>secureValidation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Enables secure validation. If true then secure validation is enabled - see <a shape="rect" class="external-link" href="http://santuario.apache.org/java150releasenotes.html">here</a> for more information.</p></td></tr></tbody></table></div><h4 id="XMLSecuritycomponent-OutputNodeDeterminationinEnvelopingXMLSignatureCase">Output Node Determination in Enveloping XML Signature Case</h4><p>After the validation the node is extracted from the XML signature document which is finally returned to the output-message body. In the enveloping XML signature case, the default implementatio
 n <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java" rel="nofollow">DefaultXmlSignature2Message</a> of <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java" rel="nofollow">XmlSignature2Message</a> does this for the node search type "Default" in the following way (see option <code>xmlSignature2Message</code>):</p><p>First an Object reference is determined:</p><ul><li>Only same document references are taken into account (URI must start with '#')</li><li>Also indirect same document references to an object via manifest are taken into account.</li><li>The resulting number of Object references must be 1.</li></ul><p>Then, the Object is dereferenced and the Object must only contain one XML e
 lement. This element is returned as output node.</p><p>This does mean that the enveloping XML signature must have either the structure</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. For the validation, the corresponding public key is necessary; you specify a key selector bean which provides this public key.</p><p>The key accessor bean must implement the <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java" rel="nofollow">KeyAccessor</a> interface. The package <code>org.apache.camel.component.xmlsecurity.api</code> contains the default implementation class <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java" rel="nofollow">DefaultKeyAccessor</a> which reads the private key from a Java keystore.</p><p>The key selector bean must implement the <a shape="re
 ct" class="external-link" href="http://docs.oracle.com/javase/6/docs/api/javax/xml/crypto/KeySelector.html" rel="nofollow">javax.xml.crypto.KeySelector</a> interface. The package <code>org.apache.camel.component.xmlsecurity.api</code> contains the default implementation class <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java" rel="nofollow">DefaultKeySelector</a> which reads the public key from a keystore.</p><p>In the example, the default signature algorithm <code><a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></code> is used. You can set the signature algorithm of your choice by the option <code>signatureAlgorithm</code> (see below). The signer endpoint creates an <strong>enveloping</strong> XML signature. If you want to create an <str
 ong>enveloped</strong> XML signature then you must specify the parent element of the Signature element; see option <code>parentLocalName</code> for more details.</p><p>For creating <strong>detached</strong> XML signatures, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements".</p><h3 id="XMLSecuritycomponent-CommonSigningandVerifyingOptions">Common Signing and Verifying Options</h3><p>There are options which can be used for both endpoints, signer and verifier.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>uriDereferencer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" clas
 s="external-link" href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/URIDereferencer.html" rel="nofollow">javax.xml.crypto.URIDereferencer</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>URI dereferencer. You can specify here your own URI dereferencer, if you want to restrict the dereferencing or have special requirements for dereferencing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>baseUri</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Base URI used in the URI dereferencer. Relative URIs are concatenated with the base URI.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>cryptoContextProperties</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Map&lt;String, ? extends Object&gt;</p></td><td c
 olspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Crypto context properties. See <code>javax.xml.crypto.XMLCryptoContext.setProperty(String, Object)</code>. The properties can depend on the provider. For example, the JDK provider "XMLDSig" has the property "org.jcp.xml.dsig.validateManifests" for enabling manifest validation. The following properties are set by default to the value <code>Boolean.TRUE</code> for the XML verifier: "<code>org.jcp.xml.dsig.validateManifests</code>", "<code>javax.xml.crypto.dsig.cacheReference</code>". If the option <code>secureValidation} is {{true</code> then additionally the properties "<code>org.apache.jcp.xml.dsig.secureValidation</code>" and "<code>org.jcp.xml.dsig.secureValidation</code>" are set to <code>Boolean.TRUE</code> for the XML verifier. If you want to switch these features off you must set the property values to <code>Boolean.FALSE</code>.</p></td></tr><tr><td colspan="1" rows
 pan="1" class="confluenceTd"><p>disallowDoctypeDecl</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether DTD DOCTYPE declarations shall be disallowed in the incoming XML message.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>omitXmlDeclaration</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether the XML declaration header shall be omitted in the output XML message.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>clearHeaders</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="conflue
 nceTd"><p>Indicator whether the XML signature message headers defined in <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureConstants.java" rel="nofollow">XmlSignatureConstants</a> shall be deleted at the end of the signer or verifier processing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">schemaResourceUri</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. Classpath to the XML Schema file. If set then the XML document is validated against the XML schema. Must be set in the case of detached signatures in order to determine the attributes of type ID. <span>This value can be overwritten by the header "<code>CamelXmlSignatureSchemaResourceUri</code>". <span>For further information, s
 </span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed Elements". <span> The schema is also necessary in the case of enveloped signature with a reference URI to an ID attribute (see Signing Option '</span><span>contentReferenceUri').</span></span></span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">outputXmlEncoding</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.15.0</strong>. Character encoding of the output XML document. If <code>null</code> then UTF-8 is used.</td></tr></tbody></table></div><h3 id="XMLSecuritycomponent-SigningOptions">Signing Options</h3><p>The signer endpoint has the following options.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Typ
 e</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>keyAccessor</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java" rel="nofollow">KeyAccessor</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Provides the signing key and the KeyInfo instance. There is an example implementation which uses a keystore, see <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java" rel="nofollow">DefaultKeyAccessor</a></p></td></tr><tr
 ><td colspan="1" rowspan="1" class="confluenceTd"><p>addKeyInfoReference</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether a Reference element refering the KeyInfo element provided by the key accessor should be added to the XML signature.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>signatureAlgorithm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>signature algorithm consisting of a digest and encryption algorithm. The digest algorithm is used to calculate the digest of the SignedInfo element and the encrypti
 on algorithm is used to sign this digest. Possible values: <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#dsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#dsa-sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha384</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>digestAlgorithm</p></td><td colspan="1" rowspan="1" class="confluenceTd">
 <p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Digest algorithm for calculating the digest of the in-message body. If not specified then the digest algorithm of the signature algorithm is used. Possible values: <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#sha1" rel="nofollow">http://www.w3.org/2000/09/xmldsig#sha1</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha256" rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#sha384" rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#sha384</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha512" rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha512</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>parentLocalName</p></td><td c
 olspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Local name of the parent of the Signature element. The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. If this option and the option <code><span>parentXpath</span> are</code> null, then an enveloping XML signature is created. See also option <code>parentNamespace</code>. Alternatively you can specify the parent via the option <code><span>parentXpath.</span></code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>parentNamespace</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Namespace of the parent of the Signature element. See option <code>parentLocalName</code></p></td></tr><tr><t
 d colspan="1" rowspan="1" class="confluenceTd">parentXpath</td><td colspan="1" rowspan="1" class="confluenceTd">XPathFilterParameterSpec</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.15.0</strong>. XPath to the parent of the Signature element. <span>The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. <span> If this option and the option <span><code>parentLocalName</code> are</span></span><span> null, then an enveloping XML signature is created. <span>A</span><span>lternatively <span>you can specify the parent via the option <code>parentLocalName. </code>Example: <code>/p1:root/SecurityItem[last()] </code>This example will select the last sibling with the name <code>SecurityItem</code>. Such kind of selection is not possible with the option <span><code>parentLocalName</code>.</span></span></span></span></span></td></tr><tr><td colspan="1" r
 owspan="1" class="confluenceTd"><p>canonicalizationMethod</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMethod.html" rel="nofollow">javax.xml.crypto.AlgorithmMethod</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>C14n</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List&lt;String&gt; inclusiveNamespacePrefixes) to create a canonicalization method.</p></td></tr><tr><td colspan="1" r
 owspan="1" class="confluenceTd"><p>transformMethods</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List&lt;javax.xml.crypto.AlgorithmMethod&gt;</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option <code>parentLocalName</code>) also <a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is added at position 0 of the list. Use methods in <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a> to create the transform methods.</p><p>The Camel 
 header "<strong>CamelXmlSignatureTransformMethods</strong>" overwrites this option (since Camel 2.17.0). The header value must be of type string; you specify in a comma separated list the transform algorithms, for example "<a shape="rect" class="external-link" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315" rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>". In the header you cannot specify transform algorithms which need parameters, like <a shape="rect" class="external-link" href="http://www.w3.org/TR/1999/REC-xslt-19991116" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/TR/1999/REC-xslt-19991116</a>, <a shape="rect" class="external-link" href="http://www.w3.org/2002/06/xmldsig-filter2" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/2002/06/xmldsig-filter2</a>, or <a shape="rect" class="external-link" href="http://www.w3
 .org/TR/1999/REC-xpath-19991116" style="line-height: 1.42857;" rel="nofollow">http://www.w3.org/TR/1999/REC-xpath-19991116</a>.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>prefixForXmlSignatureNamespace</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>ds</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Prefix for the XML signature namespace. If <code>null</code> is specified or an empty string then no prefix is used for the signature namespace.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentReferenceUri</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The URI of the reference to the signed content (in-message body). If <code>null</code> and we are in the enveloped XML signature case then the
  URI is set to "". If <code>null</code> and we are in the enveloping XML signature case then the URI is set to "generated_object_id" which means that the reference points to the Object element containing the in-message body. You can use this option to reference a specific part in your in-message body if you do not want to sign the complete in-message body. This value can be overwritten by the header "<code>CamelXmlSignatureContentReferenceUri</code>". Please be aware, if you want to use a value of an XML ID attribute (example: "#ID_value"), then you must provide the information about the ID attribute either via a doctype definition contained in the input XML document or via a XML schema document which you can specify in the option '<span><code>schemaResourceUri</code>'</span>. The defining of the ID attributes via XML schema with the option '<code>schemaResourceURi</code>' works only in the enveloped signature case. This option is ignored in the case of detached signature when the o
 ption <code>xpathsToIdAttributes </code>is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentReferenceType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Value of the type attribute of the content reference. This value can be overwritten by the header "<code>CamelXmlSignatureContentReferenceType</code>"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>plainText</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator whether the in-message body contains plain text. Normally, the signature generator treats the incoming message body as XML. If the message body is plain text, then you must set this option to <code>true</code>. The value can 
 be overwritten by the header "CamelXmlSignatureMessageIsPlainText".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>plainTextEncoding</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Only used when the option <code>plainText</code> is set to <code>true</code>. Then you can specify the encoding of the plain text. If <code>null</code> then UTF-8 is used. The value can be overwritten by the header "<code>CamelXmlSignatureMessageIsPlainTextEncoding</code>".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>properties</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java" rel="nofollow">XmlSignaturePrope
 rties</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java" rel="nofollow">XmlSignatureProperties</a> interface.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>contentObjectId</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Value of the Id attribute of the Object element. Only used in the enveloping XML signature case. If <code>null</code> then a unique value is generated. Available as of <strong>2.12.2
 </strong></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">xpathsToIdAttributes</td><td colspan="1" rowspan="1" class="confluenceTd">List&lt;<span style="line-height: 1.4285715;">XPathFilterParameterSpec</span>&gt;</td><td colspan="1" rowspan="1" class="confluenceTd">empty list</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. List of XPATH expressions to ID attributes of elements to be signed. Used for the detached XML Signatures. Can only be used in combination with the option <code>schemaResourceUri</code><em>. </em><span>The value can be overwritten by the header "<code>CamelXmlSignatureXpathsToIdAttributes</code>". If the option <span><code>parentLocalNam</code><em>e</em> is set at the same time then an exception is thrown. The class <code>XPathFilterParameterSpec </code>has the package <code>javax.xml.crypto.dsig.spec</code>. For further information, s</span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Sign
 ed Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">signatureId</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since 2.14.0</strong>. Value of the Id attribute of the Signature element. If <code>null</code> then a unique Id is generated. If the value is the empty string ("") then no Id attribute is added to the Signature element.</td></tr></tbody></table></div><h3 id="XMLSecuritycomponent-VerifyingOptions">Verifying Options</h3><p>The verifier endpoint has the following options.</p><p>&#160;</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description
 </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>keySelector</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html" rel="nofollow">javax.xml.crypto.KeySelector</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Provides the key for validating the XML signature. There is an example implementation which uses a keystore, see <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java" rel="nofollow">DefaultKeySelector</a>.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>xmlSignatureChecker</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com
 /apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java" rel="nofollow">XmlSignatureChecker</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This interface allows the application to check the XML signature before the validation is executed. This step is recommended in <a shape="rect" class="external-link" href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed" rel="nofollow">http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>validationFailedHandler</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java" rel="nofollow">V
 alidationFailedHandler</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java" rel="nofollow">DefaultValidationFailedHandler</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Handles the different validation failed situations. The default implementation throws specific exceptions for the different situations (All exceptions have the package name <code>org.apache.camel.component.xmlsecurity.api</code> and are a sub-class of <code>XmlSignatureInvalidException</code>. If the signature value validation fails, a <code>XmlSignatureInvalidValueException</code> is thrown. If a reference validation fails, a <code>XmlSignatureInvalidContentHashException</code> is thrown. For more detailed information, see the JavaDoc.</p></td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"><p>xmlSignature2Message</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java" rel="nofollow">XmlSignature2Message</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java" rel="nofollow">DefaultXmlSignature2Message</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Bean which maps the XML signature to the ouput-message after the validation. How this mapping should be done can be configured by the options <code>outputNodeSearchType</code>, <code>outputNodeSearch</code>, and <code>removeSignatureElements</code>. The default implementation 
 offers three possibilities which are related to the three output node search types "Default", "ElementName", and "XPath". The default implementation determines a node which is then serialized and set to the body of the ouput message. If the search type is "ElementName" then the ouput node (which must be in this case an element) is determined by the local name and namespace defined in the search value (see option <code>outputNodeSearch</code>). If the search type is "XPath" then the output node is determined by the XPath specified in the search value (in this case the ouput node can be of type "Element", "TextNode" or "Document"). If the output node search type is "Default" then the following rules apply: In the enveloped XML signature case (there is a reference with URI="" and transform "http://www.w3.org/2000/09/xmldsig#enveloped-signature"), the incoming XML document without the Signature element is set to the output message body. In the non-enveloped XML signature case, the messa
 ge body is determined from a referenced Object; this is explained in more detail in chapter "Output Node Determination in Enveloping XML Signature Case".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>outputNodeSearchType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>"Default"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Determines the type of the search of the output node. See option <code>xmlSignature2Message</code>. The default implementation <code>DefaultXmlSignature2Message</code> supports the three search types "Default", "ElementName", and "XPath".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>outputNodeSearch</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Object</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Search value of the output node search.
  The type depends on the search type. For the default search implementation <code>DefaultXmlSignature2Message</code> the following values can be supplied. If the search type is "Default", then the search value is not used. If the search type is "ElementName", then the search value contains the namespace and local name of the output element. The namespace must be embraced in brackets. If the search type is "XPath", the search value contains an instance of <code>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</code> which represents an XPath. You can create such an instance via the method <code><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java" rel="nofollow">XmlSignatureHelper</a></code><code>.getXpathFilter(String xpath, Map&lt;String, String&gt; namespaceMap)</code>. The XPath determines the output node which can be of type Element,
  TextNode, or Document.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>removeSignatureElements</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicator for removing Signature elements in the output message in the enveloped XML signature case. Used in the <code>XmlSignature2Message</code> instance. The default implementation does use this indicator for the two search types "ElementName" and "XPath".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>secureValidation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Enables secure validation. If true then secure validation is enabled - see <a shape="rect" class="external-link" href="http://santu
 ario.apache.org/java150releasenotes.html">here</a> for more information.</p></td></tr></tbody></table></div><h4 id="XMLSecuritycomponent-OutputNodeDeterminationinEnvelopingXMLSignatureCase">Output Node Determination in Enveloping XML Signature Case</h4><p>After the validation the node is extracted from the XML signature document which is finally returned to the output-message body. In the enveloping XML signature case, the default implementation <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java" rel="nofollow">DefaultXmlSignature2Message</a> of <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java" rel="nofollow">XmlSignature2Message</a> does this for the node search type "Default" in 
 the following way (see option <code>xmlSignature2Message</code>):</p><p>First an Object reference is determined:</p><ul><li>Only same document references are taken into account (URI must start with '#')</li><li>Also indirect same document references to an object via manifest are taken into account.</li><li>The resulting number of Object references must be 1.</li></ul><p>Then, the Object is dereferenced and the Object must only contain one XML element. This element is returned as output node.</p><p>This does mean that the enveloping XML signature must have either the structure</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[    &lt;Signature&gt;
           &lt;SignedInfo&gt;
              &lt;Reference URI=&quot;#object&quot;/&gt;
@@ -406,7 +406,7 @@
             &lt;/list&gt;
         &lt;/constructor-arg&gt;
     &lt;/bean&gt;]]></script>
-</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of <code>QualifyingProperties</code> element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of <code>SignedDataObjectProperties</code> element</td></tr><tr><td colspan="1" rowspan="1" class="co
 nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of&#160; <code>SignedSignatureProperties</code> element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd"><span>for the value of the </span><code>Encoding</code><span> element of the </span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;overwrites the XAdES namespace parameter value</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><c
 ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">overwrites the XAdES prefix parameter value</td></tr></tbody></table></div><h4 id="XMLSecuritycomponent-LimitationswithregardtoXAdESversion1.4.2">Limitations with regard to XAdES version 1.4.2</h4><ul><li>No support for signature form XAdES-T and XAdES-C</li><li>Only signer part implemented. Verifier part currently not available.</li><li>No support&#160;for the '<code>QualifyingPropertiesReference</code>' element (see section 6.3.2 of spec).</li><li>No support for the <code>Transforms</code> element contained in the&#160;<code>SignaturePolicyId</code> element contained in the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No support of the <code>CounterSignature</code> element --&gt; no support for the&#160;<code>UnsignedProperties</code> element</li><li>At most one <code>DataObjectFormat</code> element. More than o
 ne <code>DataObjectFormat </code>element makes no sense &#160;because we have only one data object which is signed (this is the incoming message body to the XML signer endpoint).</li><li>At most one <code>CommitmentTypeIndication</code> element. More than one <code>CommitmentTypeIndication</code>element makes no sense &#160;because we have only one data object which is signed (this is the incoming message body to the XML signer endpoint).</li><li><p>A <code>CommitmentTypeIndication</code> element contains always the <code>AllSignedDataObjects</code> element. The <code>ObjectReference</code> element within <code>CommitmentTypeIndication</code>&#160; element is not supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code> element is not supported</li><li>The<code> IndividualDataObjectsTimeStamp</code> element is not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See Also</h3><ul><li><a shape="rect" class="external-link" href="http://www.w3.org/TR/xmldsig-bestprac
 tices/" rel="nofollow">Best Practices</a></li></ul></div>
+</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of QualifyingProperties element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of SignedDataObjectProperties element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>Camel
 XmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the 'Id' attribute value of&#160; SignedSignatureProperties element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">for the value of the Encoding element of the DataObjectFormat element</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;overwrites the XAdES namespace parameter value</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1" class="confluenceTd">String<
 /td><td colspan="1" rowspan="1" class="confluenceTd">overwrites the XAdES prefix parameter value</td></tr></tbody></table></div><h4 id="XMLSecuritycomponent-LimitationswithregardtoXAdESversion1.4.2">Limitations with regard to XAdES version 1.4.2</h4><ul><li>No support for signature form XAdES-T and XAdES-C</li><li>Only signer part implemented. Verifier part currently not available.</li><li>No support&#160;for the '<code>QualifyingPropertiesReference</code>' element (see section 6.3.2 of spec).</li><li>No support for the <code>Transforms</code> element contained in the&#160;<code>SignaturePolicyId</code> element contained in the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No support of the <code>CounterSignature</code> element --&gt; no support for the&#160;<code>UnsignedProperties</code> element</li><li>At most one <code>DataObjectFormat</code> element. More than one <code>DataObjectFormat </code>element makes no sense &#160;because we have only one data object which
  is signed (this is the incoming message body to the XML signer endpoint).</li><li>At most one <code>CommitmentTypeIndication</code> element. More than one <code>CommitmentTypeIndication</code>element makes no sense &#160;because we have only one data object which is signed (this is the incoming message body to the XML signer endpoint).</li><li><p>A <code>CommitmentTypeIndication</code> element contains always the <code>AllSignedDataObjects</code> element. The <code>ObjectReference</code> element within <code>CommitmentTypeIndication</code>&#160; element is not supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code> element is not supported</li><li>The<code> IndividualDataObjectsTimeStamp</code> element is not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See Also</h3><ul><li><a shape="rect" class="external-link" href="http://www.w3.org/TR/xmldsig-bestpractices/" rel="nofollow">Best Practices</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message