Package org.apache.camel.component.xmlsecurity.processor

Class XmlSignerProcessor

  • All Implemented Interfaces:
    org.apache.camel.Processor
    public class XmlSignerProcessor
extends XmlSignatureProcessor
    Creates from the message body a XML signature element which is returned in the message body of the output message. Enveloped, enveloping XML, and detached signatures are supported.

    In the enveloped XML signature case, the method XmlSignerConfiguration.getParentLocalName() must not return null. In this case the parent element must be contained in the XML document provided by the message body and the signature element is added as last child element of the parent element. If a KeyInfo instance is provided by the KeyAccessor and XmlSignerConfiguration.getAddKeyInfoReference() is true, then also a reference to the KeyInfo element is added. The generated XML signature has the following structure: 

     
 <[parent element]>
     ...
      <Signature Id="[signature_id]">
          <SignedInfo>
                <Reference URI=""> 
                      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                      (<Transform>)*
                      <DigestMethod>
                      <DigestValue>
                </Reference>
                (<Reference URI="#[keyinfo_Id]">
                      <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                      <DigestMethod>
                      <DigestValue>
                </Reference>)?
                <!-- further references possible, see XmlSignerConfiguration#setProperties(XmlSignatureProperties) -->
         </SignedInfo>
         <SignatureValue>
         (<KeyInfo Id="[keyinfo_id]">)?
         <!-- Object elements possible, see XmlSignerConfiguration#setProperties(XmlSignatureProperties) -->
     </Signature>
 </[parent element]>

    In the enveloping XML signature case, the generated XML signature has the following structure: 

      
  <Signature Id="[signature_id]">
     <SignedInfo>
            <Reference URI="#[object_id]" type="[optional_type_value]"> 
                  (<Transform>)*
                  <DigestMethod>
                  <DigestValue>
            </Reference>
            (<Reference URI="#[keyinfo_id]">
                  <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                  <DigestMethod>
                  <DigestValue>
            </Reference>)?
             <!-- further references possible, see XmlSignerConfiguration#setProperties(XmlSignatureProperties) -->
     </SignedInfo>
     <SignatureValue>
     (<KeyInfo Id="[keyinfo_id]">)?
     <Object Id="[object_id]"/>
     <!-- further Object elements possible, see XmlSignerConfiguration#setProperties(XmlSignatureProperties) -->
 </Signature>
    In the enveloping XML signature case, also message bodies containing plain text are supported. This must be indicated via the header XmlSignatureConstants.HEADER_MESSAGE_IS_PLAIN_TEXT or via the configuration XmlSignerConfiguration.getPlainText().

    Detached signatures where the signature element is a sibling element to the signed element are supported. Those elements can be signed which have ID attributes. The elements to be signed must be specified via xpath expressions (see XmlSignerConfiguration.setXpathsToIdAttributes(List)) and the XML schema must be provided via the schema resource URI (see method XmlSignatureConfiguration.setSchemaResourceUri(String). Elements with deeper hierarchy level are signed first. This procedure can result in nested signatures.

    In all cases, the digest algorithm is either read from the configuration method XmlSignerConfiguration.getDigestAlgorithm() or calculated from the signature algorithm ( XmlSignerConfiguration.getSignatureAlgorithm(). The optional transforms are read from XmlSignerConfiguration.getTransformMethods() .

    In all cases, you can add additional references and objects which contain properties for the XML signature, see XmlSignerConfiguration.setProperties(XmlSignatureProperties).