Return-Path: X-Original-To: apmail-santuario-dev-archive@www.apache.org Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EA77D9FE8 for ; Mon, 9 Apr 2012 13:19:11 +0000 (UTC) Received: (qmail 23687 invoked by uid 500); 9 Apr 2012 13:19:11 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 23623 invoked by uid 500); 9 Apr 2012 13:19:11 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 23616 invoked by uid 99); 9 Apr 2012 13:19:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Apr 2012 13:19:10 +0000 X-ASF-Spam-Status: No, hits=-3.7 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sean.mullan@oracle.com designates 148.87.113.117 as permitted sender) Received: from [148.87.113.117] (HELO rcsinet15.oracle.com) (148.87.113.117) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Apr 2012 13:19:02 +0000 Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q39DIXYA008613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 9 Apr 2012 13:18:34 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q39DIWQ5015671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Apr 2012 13:18:33 GMT Received: from abhmt107.oracle.com (abhmt107.oracle.com [141.146.116.59]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q39DIVd8024878; Mon, 9 Apr 2012 08:18:32 -0500 Received: from [10.152.12.59] (/10.152.12.59) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 09 Apr 2012 06:18:31 -0700 Message-ID: <4F82E1F2.4060906@oracle.com> Date: Mon, 09 Apr 2012 09:19:46 -0400 From: Sean Mullan User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: dev@santuario.apache.org CC: Dmitriev Vadim Subject: Re: Extending XML signature algorithms list References: <4F81F596.5030709@mail.ru> In-Reply-To: <4F81F596.5030709@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: acsinet21.oracle.com [141.146.126.237] X-CT-RefId: str=0001.0A090203.4F82E1AA.00F0,ss=1,re=0.000,fgs=0 X-Virus-Checked: Checked by ClamAV on apache.org On 04/08/2012 04:31 PM, Dmitriev Vadim wrote: > Hi! > > I'm implementing web-service with non standard algorithm for message > signature (GOST3410) [1]. My current problem is that DOMSignatureMethod > contains hardcoded list of allowed algorithms and doesn't provide any > way to externally extend it. Hardcoding is perfectly valid if algorithm > has conventional URI, but in an ad-hoc case URIs even for the same algo > can differ. > I was looking for a way to add extensibility to the DOMSignatureMethod > so new algorithms can be registered at runtime, but most of it and it's > hierarchy is package-private, so user implementations are hardly an > option (not taking into account that this class resides in an "internal" > package). > > Maybe custom algorithms support is already there, but I totally missed > it? Or maybe there is already enhancement request for this feature? Yes: see http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6566047 However, this would require API changes to JSR 105 (javax.xml.crypto) and a maintenance release of the JSR, which isn't planned right now. We could potentially implement a non-standard (Santuario-specific) solution. At this time I don't expect to have the resources to do that, but would be willing to review any contributions to extend the internal API to do that. > If it is not likely that the team will tackle with this issue in the > near future, maybe someone can give me insight on how to approach > extensibility in this part of the code? Take a look at the javax.xml.crypto.dsig.TransformService API and the code to load TransformService implementations. You would want to implement a similar API/mechanism, say SignatureMethodService. --Sean > > Thanks. > > P.S. Colm O hEigeartaigh already provided invaluable help for me before, > but it seems that WS-S technological stack just resists addition of new > algorithms :) > > [1] > http://cxf.547215.n5.nabble.com/WS-with-non-standard-algorithm-for-signature-computation-td5163324.html >