santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: KeyName support in santuario
Date Mon, 10 Oct 2016 16:02:40 GMT
Hi Hugo,

The JSR-105 API in Java just takes a String as parameter, so I think it
would be simpler just to add a new String property in XMLSecurityProperties
which is taken as the KeyName value:

https://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.html#newKeyName(java.lang.String)

Colm.

On Mon, Oct 10, 2016 at 3:24 PM, Hugo Trippaers <trippie@gmail.com> wrote:

> Hello,
>
> I’m working on a project that uses KeyName to identify the key used to
> verify or sign the signature. I’m using the santuario library through the
> XmlSecIn/OutInterceptors in the CXF project. Currently the KeyName
> identifier is not supported for outgoing messages.
>
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
> KeyName not supported.
>         at org.apache.xml.security.stax.impl.processor.output.
> XMLSignatureEndingOutputProcessor.createKeyInfoStructureForSignature(
> XMLSignatureEndingOutputProcessor.java:146) ~[xmlsec-2.0.7.jar!/:2.0.7]
>
> So i’m looking to add some support for it. I’ve got a small proof of
> concept implementation ready but i ran into the problem that there is not
> clear definition of what should be in the KeyName. The project that i’m
> working on defined the contents of the KeyName as the SHA1 fingerprint of
> the certificate, but i’ve also seen and/or read about solution that use the
> CN or any other identifier.
>
> So i’m thinking of extending org.apache.xml.security.stax.ext.XMLSecurityProperties
> with a field identifying the method to use to generate the KeyName content.
> And then use that info in XMLSignatureEndingOutputProcessor.
> createKeyInfoStructureForSignature() to build a KeyName KeyInfo token
> with the required contents.
>
> I’m looking for some feedback if that would be an acceptable solution.
>
> Cheers,
>
> Hugo
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message