Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BC89A200B9B for ; Wed, 12 Oct 2016 22:56:03 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BB286160AD4; Wed, 12 Oct 2016 20:56:03 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0D5A7160ACA for ; Wed, 12 Oct 2016 22:56:02 +0200 (CEST) Received: (qmail 26801 invoked by uid 500); 12 Oct 2016 20:56:01 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 26784 invoked by uid 99); 12 Oct 2016 20:56:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Oct 2016 20:56:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id DA052C0118 for ; Wed, 12 Oct 2016 20:56:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.321 X-Spam-Level: X-Spam-Status: No, score=-0.321 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id AZa2E9Y0eI8w for ; Wed, 12 Oct 2016 20:55:58 +0000 (UTC) Received: from mail-qk0-f180.google.com (mail-qk0-f180.google.com [209.85.220.180]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D8F155FB09 for ; Wed, 12 Oct 2016 20:55:57 +0000 (UTC) Received: by mail-qk0-f180.google.com with SMTP id o68so100776025qkf.3 for ; Wed, 12 Oct 2016 13:55:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=VmaCfb5AQl/h/FaDwDhKS1yC8OBEe1RpcPmtyZX7l2c=; b=S5uUxG0ifaV9pJWMw0qhmJ4c1QGj6oenGiMXu/XETOBbS+t5sl+WRzpXRJXMC5EZQS P1RXj6qFgBq4h9mPTPVV4edc8opf669eTWzzFZcHEwuLmvah3hKtcnf0z6GXl7j6URJU brxj+s3l53HBX3YcDpjkIKxl4qqlF8SmW4qIcgP6pMlcjKI8W1LSNiBbbIys7/SP3e8K 9ZwT4wA6iVdGIR/wfIqYaysHn/OHcTA+9Fy/siP339ec7pHgPhMbeh4OHn9q8nT3qHnE JLfgf8Em5EXQqm9YFhCcauh6dWM2+jIkXr++zWGVTgUfhmKQAHXJEp1IB2ccgI1yRMm5 yFFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=VmaCfb5AQl/h/FaDwDhKS1yC8OBEe1RpcPmtyZX7l2c=; b=hSCemby3T3sEwicPaZlD3tfR6w50aG8uaWNbCuLDMQddoSqRNN/x4me+G0PIAFKLk6 cveCUUyGJg3JgNRYgp5VZi66/N2mCEnr/yh8rn4mZpwQsd38m8pk7SZwhKVOjrzD4/BC 1hVDuAXzwM7OF98nHvJyZmu8q6fGDwULPwlgWMu+3CSWGmykOijkjafmDvKX5QmStPUY tRKJWVP78bZ/oLfG/862gfBwOD4SsD3Ba4N/HG6fdcKLE8MadZRaihp4megnWXt8bYJn hL2EFr/sXJyc2ZGOvVsFSQRofEQdXnhhEs9koFxZH3RQeYYZWzQ7IUZmcPDo6QScs+39 pJYg== X-Gm-Message-State: AA6/9Rmjj3WqipxvgkzXU4ENzDBE1dbx2/gaYz7PT7HGTALakGPYLTQCeKBQUdNnwPVeHQ== X-Received: by 10.194.55.41 with SMTP id o9mr4129528wjp.228.1476305756482; Wed, 12 Oct 2016 13:55:56 -0700 (PDT) Received: from [192.168.168.100] (53538DA8.cm-6-4c.dynamic.ziggo.nl. [83.83.141.168]) by smtp.gmail.com with ESMTPSA id ya1sm16010444wjb.23.2016.10.12.13.55.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Oct 2016 13:55:55 -0700 (PDT) From: Hugo Trippaers Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\)) Subject: Question on specific document requirements Message-Id: <56B988B8-75F3-478B-A495-9CD31E77DB8E@gmail.com> Date: Wed, 12 Oct 2016 22:55:57 +0200 To: dev@santuario.apache.org X-Mailer: Apple Mail (2.3226) archived-at: Wed, 12 Oct 2016 20:56:03 -0000 Hey folks, Hope this is the right place to ask this, but i=E2=80=99m working on an = interface to a system with some specific requirements i haven=E2=80=99t = figured out yet. I=E2=80=99ve got some of them covered so far (they use = KeyName as key identifier for example), but i have a few remaining = things i need to solve and i would like to know if those are possible to = configure with the current version of the santuario library. First of all their implementation expects the signature element to be = the last element in the resulting xml document. See the example below, = can this be done with a configuration? =E2=80=A6. =E2=80=A6 Second they don=E2=80=99t accept Ids in the root and signature element = and expect the Reference URI to be an empty string. And they also seem to take offence at the '=E2=80=99 = transform being present. Below it the complete signature as generated by my current = configuration.=20 If using the library indirectly from the CXF XmlSecOutInterceptor with = the following configuration: final SignatureProperties properties =3D new SignatureProperties(); /* 1. The entire XML message must be signed. /* 2. For the purpose of generating the digest of the main message, the = inclusive canonicalization algorithm must be used. /* 3. For the purpose of generating the signature value, the exclusive = canonicalization algorithm must be used. */ properties.setSignatureC14nMethod(XMLSecurityConstants.NS_C14N_EXCL); /* 4. The syntax for an enveloped signature must be used. * 5. For hashing purposes the SHA256 algorithm must be used. */ properties.setSignatureDigestAlgo(XMLSecurityConstants.NS_XENC_SHA256); /* 6. For signature purposes the RSAWithSHA256 algorithm must be used. = RSA keys must be 2,048 bits long. */ properties.setSignatureAlgo(XMLSecurityConstants.NS_XMLDSIG_RSASHA256); /* 7. The public key must be referenced using a fingerprint of an X.509 = certificate. The fingerprint must be * calculated according to the following formula HEX(SHA-1(DER = certificate)). */ properties.setSignatureKeyIdType("KeyName"); Looking for some pointer to get this done, if it is configuration that = would be great. If this needs some modifications in the code i would be = happy with some pointers in the right direction. Thanks! Hugo = AtXiXRQ7sLparlwtp9PwFcUmdzR8XsJenVNxy3Ulue4=3D = I+qG/S2HV+1c9a6quuH15cooZHslLG+GlyWgvnzn83DYGh6tgG4c2= sKgUMy3OuES3raw8dczf02Q = THvwztwoMl7136Ca2M9/Qyc/BRhW7fVoMqMzkppHcTtFFB/V7Q3D9k8VquqdPuGwFb+rPSgQfd= xe = owB00/OGt5eXcMcpLERvbK6t9iRbg6ykLBGgc0VLQSYbxcA4FgBe1RTOFbuUadq9Nz4qVxXmZy= TY = rH/kdmOIvsL1yrCmhQ2EqVw8XalNVBoamu2T3WCxPWDSvZrvJ0Hf7bp0K6hd/aF7vRwaYzklDA= 0Z F1XAUMctYXnBNFc5yjeyrCEGiEmkLYsafcP3AQ=3D=3D = B1E1820D3DC7D8E57F80AF11B968749380A5D1EB