santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: KeyName support in santuario
Date Mon, 10 Oct 2016 16:02:40 GMT
Hi Hugo,

The JSR-105 API in Java just takes a String as parameter, so I think it
would be simpler just to add a new String property in XMLSecurityProperties
which is taken as the KeyName value:


On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers <> wrote:

> Hello,
> I’m working on a project that uses KeyName to identify the key used to
> verify or sign the signature. I’m using the santuario library through the
> XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName
> identifier is not supported for outgoing messages.
> Caused by:
> KeyName not supported.
>         at
> XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(
> ~[xmlsec-2.0.7.jar!/:2.0.7]
> So i’m looking to add some support for it. I’ve got a small proof of
> concept implementation ready but i ran into the problem that there is not
> clear definition of what should be in the KeyName. The project that i’m
> working on defined the contents of the KeyName as the SHA1 fingerprint of
> the certificate, but i’ve also seen and/or read about solution that use the
> CN or any other identifier.
> So i’m thinking of extending
> with a field identifying the method to use to generate the KeyName content.
> And then use that info in XMLSignatureEndingOutputProcessor.
> createKeyInfoStructureForSignature() to build a KeyName KeyInfo token
> with the required contents.
> I’m looking for some feedback if that would be an acceptable solution.
> Cheers,
> Hugo

Colm O hEigeartaigh

Talend Community Coder

View raw message