camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Franz Paul Forsthofer <>
Subject Re: Re: Contribution: Component XML Digital Signature
Date Wed, 13 Mar 2013 08:46:02 GMT

the API I want to use is also available in Java 6 (see

I had a look at the project camel-xmlsecurity. The XML signature
feature will fit well into this project.

The XML en/decryption feature is implemented as DataFormat. I would
prefer to implement the XML signature feature as camel component with
two endpoints one for signing and one for verifying. The component
implementation has the following advantages in comparison to the
DataFormat implementation:
- The signer and verifier endpoint can have different parameters
whereas the marshal and unmarshal method of the data formater have the
same parameters.  For XML signature, the signer endpoint will have
more complex parameters than the verifier endpoint. For example, for
signing you can specify transformations like xslt(s) or xpath(s) which
must be executed before signing, whereas for verifying these
transformations are contained in the XML signature and must not be
specified during configuration time.
- The DataFormatClause contained in the core project will have
dependencies to the data format implementation. Whenever the data
format api is changed you have to adapt the DataFormatClause.

What's your opinion on that?

Regards Franz

> On Tue, Mar 12, 2013 at 12:317 PM, Claus Ibson
> <> wrote:
> Hi
> Welcome to the community.
> Mind that Apache Camel supports JDK6+ so we cannot have components
> currently that require JDK7+.
> In case that API you wanna use is only avail in JDK7 onwards.
> We have 2 crypto components
> Isn't your component more alike the existing xmlsecurity component from Camel?
> Maybe that's the place where it fits the best?
> I suggest to take a second look
> On Tue, Mar 12, 2013 at 7:33 AM, Franz Paul Forsthofer
> <> wrote:
>> Hello,
>> I want to contribute a new component for XML Digital Signature. There
>> shall be two endpoints; the signer endpoint shall sign the body of the
>> in-message and create an XML digital signature in the out-message, the
>> verifier endpoint shall verify the XML signature contained in the body
>> of the in-message and return the signed content in the body of the
>> out-message.
>> The implementation shall be based on the JRE API for XML Digital
>> Signature (
>> which fulfills the requirements of the XML signature specification
>> (
>> The first version shall support
>> ·   RSA and DSA keys
>> ·   enveloping signatures
>> ·   X509Certificate element as children of the KeyInfo element
>> ·   the canonicalization algorithms
>>             o
>>             o
>>             o" (needs
>> inclusive namespace prefix list, we should not support this algorithm
>> in the first implementation)
>>             o
>> ·   the transform algorithms
>>             o      <all cononicalization algorithms>
>>             o
>> I have a few questions about the contribution:
>> ·   Schall I add the new code to the maven project with
>> <groupId>org.apache.camel</groupId> and
>> <artifactId>camel-crypto</artifactId>?
>> ·   There is already a crypto component for signing and verifying
>> non-XML messages
>> (
>>           o   Shall I add the new endpoints to this component, like
>>                   §  crypto:signxml://<name>?<parameters>
>>                   §  crypto:verfyxml://<name>?<parameters>
>>           o   or shall I create a new component “cryptoxml”?
>> ·   Shall I add the classes to the package org.apache.camel.component.crypto ?
>> Regards Franz
> --
> Claus Ibsen
> -----------------
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email:
> Web:
> Twitter: davsclaus
> Blog:
> Author of Camel in Action:

View raw message