Author: buildbot
Date: Wed Oct 9 07:19:06 2013
New Revision: 881810
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/xml-security-component.html
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Wed Oct 9
07:19:06 2013
@@ -86,11 +86,12 @@
<tr>
<td valign="top" width="100%">
<div class="wiki-content maincontent"><h2><a shape="rect"
name="XMLSecuritycomponent-XMLSecuritycomponent"></a>XML Security component</h2>
+
<p><b>Available as of Camel 2.12.0</b></p>
<p>With this Apache Camel component, you can generate and validate XML
signatures as described in the W3C standard <a shape="rect"
class="external-link" href="http://www.w3.org/TR/xmldsig-core/";
rel="nofollow">XML Signature Syntax and Processing</a> or as described in the
successor <a shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-core1/"; rel="nofollow">version 1.1</a>. For
XML Encryption support, please refer to the XML Security <a shape="rect"
href="data-format.html" title="Data Format">Data Format</a>.</p>
-<p>You can find an introduction to XML signature <a shape="rect"
class="external-link"
href="http://www.oracle.com/technetwork/articles/javase/dig-signatures-141823.html/";
rel="nofollow">here</a>. The implementation of the component is based on <a
shape="rect" class="external-link"
href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/overview.html";
rel="nofollow">JSR 105</a>, the Java API corresponding to the W3C standard and
supports the Apache Santuario and the JDK provider for JSR 105. The
implementation will first try to use the Apache Santuario provider; if it does
not find the Santuario provider, it will use the JDK provider. Further, the
implementation is DOM based. </p>
+<p>You can find an introduction to XML signature <a shape="rect"
class="external-link"
href="http://www.oracle.com/technetwork/articles/javase/dig-signatures-141823.html";
rel="nofollow">here</a>. The implementation of the component is based on <a
shape="rect" class="external-link"
href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/overview.html";
rel="nofollow">JSR 105</a>, the Java API corresponding to the W3C standard and
supports the Apache Santuario and the JDK provider for JSR 105. The
implementation will first try to use the Apache Santuario provider; if it does
not find the Santuario provider, it will use the JDK provider. Further, the
implementation is DOM based.</p>
<p>Maven users will need to add the following dependency to their
<tt>pom.xml</tt> for this component:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
@@ -106,9 +107,9 @@
<h3><a shape="rect"
name="XMLSecuritycomponent-XMLSignaturewrappingmodes"></a>XML Signature
wrapping modes</h3>
-<p>XML Signature differs between enveloped, enveloping, and detached XML
signature. In the enveloped XML signature case, the XML Signature is wrapped by
the signed XML Document; which means that the XML signature element is a child
element of a parent element, which belongs to the signed XML Document. In the
enveloping XML signature case, the XML Signature contains the signed content.
All other cases are called detached XML signatures. Detached XML signature are
not supported in the current implementation.</p>
+<p>XML Signature differs between enveloped, enveloping, and detached XML
signature. In the enveloped XML signature case, the XML Signature is wrapped by
the signed XML Document; which means that the XML signature element is a child
element of a parent element, which belongs to the signed XML Document. In the
enveloping XML signature case, the XML Signature contains the signed content.
All other cases are called detached XML signatures. Detached XML signatures are
not supported in the current implementation.</p>
-<p>In the enveloped XML signature case, the supported generated XML signature
has the following structure (Variables are surrounded by []).</p>
+<p>In the <b>enveloped XML signature</b> case, the supported generated XML
signature has the following structure (Variables are surrounded by []).</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
@@ -116,9 +117,9 @@
... <!-- Signature element is added as last child of the parent
element-->
<Signature Id="generated_unique_signature_id">
<SignedInfo>
- <Reference URI="">
+ <Reference URI="">
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- (<Transform>)* <!-- By default
"http://www.w3.org/2006/12/xml-c14n11"; is also added to the transforms -->
+ (<Transform>)* <!-- By default
"http://www.w3.org/2006/12/xml-c14n11"; is added to the transforms -->
<DigestMethod>
<DigestValue>
</Reference>
@@ -137,13 +138,13 @@
]]></script>
</div></div>
-<p>In the enveloping XML signature case, the supported generated XML signature
has the structure:</p>
+<p>In the <b>enveloping XML signature</b> case, the supported generated XML
signature has the structure:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
- <Signature Id="generate_unique_signature_id">
+ <Signature Id="generated_unique_signature_id">
<SignedInfo>
- <Reference URI="#generated_unique_object_id"
type="[optional_type_value]">
+ <Reference URI="#generated_unique_object_id"
type="[optional_type_value]"> <!-- the URI can also be set by the option
'contentReferenceUri'; see below. -->
(<Transform>)* <!-- By default
"http://www.w3.org/2006/12/xml-c14n11"; is added to the transforms -->
<DigestMethod>
<DigestValue>
@@ -159,7 +160,7 @@
(<KeyInfo Id="[keyinfo_id]">)?
<Object Id="generated_unique_object_id"/> <!-- The Object
element contains the in-message body -->
<!-- Further Object elements possible, see option 'properties' below
-->
- </Signature>
+ </Signature>
]]></script>
</div></div>
@@ -173,7 +174,7 @@
]]></script>
</div></div>
-<ul><li>With the signer endpoint, you can generate a XML signature for the
body of the in-message which can be either a XML document or a plain text. The
enveloped or enveloping XML signature will be set to the body of the
out-message.</li><li>With the verifier endpoint, you can validate a enveloped
or enveloping XML signature contained in the body of the in-message; if the
validation is successful, then the original content is extracted from the XML
signature and set to the body of the out-message.</li><li>The <tt>name</tt>
part in the URI can be chosen by the user to distinguish between different
signer/verifier endpoints within one camel context.</li></ul>
+<ul><li>With the signer endpoint, you can generate a XML signature for the
body of the in-message which can be either a XML document or a plain text. The
enveloped or enveloping XML signature will be set to the body of the
out-message.</li><li>With the verifier endpoint, you can validate an enveloped
or enveloping XML signature contained in the body of the in-message; if the
validation is successful, then the original content is extracted from the XML
signature and set to the body of the out-message.</li><li>The <tt>name</tt>
part in the URI can be chosen by the user to distinguish between different
signer/verifier endpoints within one camel context.</li></ul>
<h3><a shape="rect" name="XMLSecuritycomponent-BasicExample"></a>Basic
Example</h3>
@@ -202,7 +203,7 @@
<p>The key selector bean must implement the <a shape="rect"
class="external-link"
href="http://docs.oracle.com/javase/6/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a> interface. The package
<tt>org.apache.camel.component.xmlsecurity.api</tt> contains the default
implementation class <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java";
rel="nofollow">DefaultKeySelector</a> which reads the public key from a
keystore.</p>
-<p>In the example, the default signature algorithm <tt><a shape="rect"
class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></tt> is used. You
can set the signature algorithm of your choice by the option
<tt>signatureAlgorithm</tt> (see below). The signer endpoint creates an
<b>enveloping</b> XML signature. If you want to create an <b>enveloped</b> XML
signature then you must specify the parent element of the Signature element;
see option <tt>parentLocalName</tt> for more details. </p>
+<p>In the example, the default signature algorithm <tt><a shape="rect"
class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></tt> is used. You
can set the signature algorithm of your choice by the option
<tt>signatureAlgorithm</tt> (see below). The signer endpoint creates an
<b>enveloping</b> XML signature. If you want to create an <b>enveloped</b> XML
signature then you must specify the parent element of the Signature element;
see option <tt>parentLocalName</tt> for more details.</p>
<h3><a shape="rect"
name="XMLSecuritycomponent-CommonSigningandVerifyingOptions"></a>Common Signing
and Verifying Options</h3>
@@ -220,7 +221,7 @@
<div class="confluenceTableSmall"></div>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> keyAccessor </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Provides the signing key and the KeyInfo instance. There
is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/ja
va/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java"
rel="nofollow">DefaultKeyAccessor</a> </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> addKeyInfoReference </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.TRUE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator whether the KeyInfo element provided by the key
accessor should be added to the XML signature. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> signatureAlgorithm </td><td colspan="1"
rowspan="1" class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a> </td><td
colspan="1" rowspan="1" class="confluenceTd"> signature algorithm consisting of
a digest and encryption algorithm. The digest algorithm is used to calcula
te the digest of the SignedInfo element and the encryption algorithm is used
to sign this digest. Which algorithm are supported depends on the JSR 105
provider (see option <tt>provider</tt>). </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> digestAlgorithm </td><td colspan="1"
rowspan="1" class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> see description </td><td colspan="1" rowspan="1"
class="confluenceTd"> Digest algorithm for calculating the digest of the
in-message body. If not specified then the digest algorithm of the signature
algorithm is used (e.g. <a shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmlenc#sha256";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>). Which digest
algorithm can be used depends on the JSR 105 provider (see option
<tt>provider</tt>). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> parentLocalName </td><td colspan="1" rowspan="1"
class="confluenceTd"> Strin
g </td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Local name of the parent of the
Signature element. The Signature element will be added at the end of the
children of the parent. Necessary for enveloped XML signature. If this option
is null, then an enveloping XML signature is created. See also option
<tt>parentNamespace</tt>. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> parentNamespace </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Namespace of the parent of the Signature element. See
option <tt>parentLocalName</tt> </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> canonicalizationMethod </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMeth
od.html" rel="nofollow">javax.xml.crypto.AlgorithmMethod</a> </td><td
colspan="1" rowspan="1" class="confluenceTd"> C14n </td><td colspan="1"
rowspan="1" class="confluenceTd"> Canonicalization method used to canonicalize
the SignedInfo element before the digest is calculated. You can use the helper
methods <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String
algorithm) or getCanonicalizationMethod(String algorithm, List<String>
inclusiveNamespacePrefixes) to create a canonicalization method.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
transformMethods </td><td colspan="1" rowspan="1" class="confluenceTd">
List<javax.xml.crypto.AlgorithmMethod> </td><td colspan="1" rowspan="1"
class="confluenceTd"> see description </td><td colspan="1" rows
pan="1" class="confluenceTd"> Transforms which are executed on the message
body before the digest is calculated. By default, C14n is added and in the case
of enveloped signature (see option <tt>parentLocalName</tt>) also <a
shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is
added at position 0 of the list. Use methods in <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a> to create the transform methods.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
prefixForXmlSignatureNamespace </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>ds</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Pref
ix for the XML signature namespace. If <tt>null</tt> is specified or an empty
string then no prefix is used for the signature namespace. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> contentReferenceUri </td><td
colspan="1" rowspan="1" class="confluenceTd"> String </td><td colspan="1"
rowspan="1" class="confluenceTd"> see description </td><td colspan="1"
rowspan="1" class="confluenceTd"> The URI of the reference to the signed
content (in-message body). If <tt>null</tt> and we are in the enveloped XML
signature case then the URI is set to "". If <tt>null</tt> and we are in the
enveloping XML signature case then the URI is set to "#object_id" (where
"object_id" is the value of the option <tt>contentObjectId</tt> which means
that the reference points to the Object element containing the in-message body.
You can use this option to reference a specific part in your in-message body if
you do not want to sign the complete in-message body. This value can be
overwritten by
the header "CamelXmlSignatureContentReferenceUri". </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> contentReferenceType </td><td
colspan="1" rowspan="1" class="confluenceTd"> String </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Value of the type attribute of the content reference.
This value can be overwritten by the header
"CamelXmlSignatureContentReferenceType" </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> plainText </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.FALSE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator whether the in-message body contains plain
text. Normally, the signature generator treats the incoming message body as
XML. If the message body is plain text, then you must set this option to
<tt>true</tt>. The value can be overwritten by the header
"CamelXmlSignatureMessage
IsPlainText". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
plainTextEncoding </td><td colspan="1" rowspan="1" class="confluenceTd"> String
</td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Only used when the option
<tt>plainText</tt> is set to <tt>true</tt>. Then you can specify the encoding
of the plain text. If <tt>null</tt> then UTF-8 is used. The value can be
overwritten by the header "CamelXmlSignatureMessageIsPlainTextEncoding".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> properties
</td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1" class=
"confluenceTd"> For adding additional References and Objects to the XML
signature which contain additional properties, you can provide a bean which
implements the <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a> interface. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> keyAccessor </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Provides the signing key and the KeyInfo instance. There
is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/ja
va/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java"
rel="nofollow">DefaultKeyAccessor</a> </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> addKeyInfoReference </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.TRUE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator whether a Reference element refering the
KeyInfo element provided by the key accessor should be added to the XML
signature. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
signatureAlgorithm </td><td colspan="1" rowspan="1" class="confluenceTd">
String </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect"
class="external-link" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a> </td><td
colspan="1" rowspan="1" class="confluenceTd"> signature algorithm consisting of
a digest and encryption algorithm. The digest
algorithm is used to calculate the digest of the SignedInfo element and the
encryption algorithm is used to sign this digest. Which algorithm are supported
depends on the JSR 105 provider. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> digestAlgorithm </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> see description </td><td colspan="1" rowspan="1"
class="confluenceTd"> Digest algorithm for calculating the digest of the
in-message body. If not specified then the digest algorithm of the signature
algorithm is used (e.g. <a shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmlenc#sha256";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>). Which digest
algorithm can be used depends on the JSR 105 provider. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> parentLocalName </td><td
colspan="1" rowspan="1" class="confluenceTd"> String </td><td colspan="1"
rowspan="1
" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Local name of the parent of the Signature element. The
Signature element will be added at the end of the children of the parent.
Necessary for enveloped XML signature. If this option is null, then an
enveloping XML signature is created. See also option <tt>parentNamespace</tt>.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> parentNamespace
</td><td colspan="1" rowspan="1" class="confluenceTd"> String </td><td
colspan="1" rowspan="1" class="confluenceTd"> null </td><td colspan="1"
rowspan="1" class="confluenceTd"> Namespace of the parent of the Signature
element. See option <tt>parentLocalName</tt> </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> canonicalizationMethod </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMethod.html";
rel="nofollow">javax.xml
.crypto.AlgorithmMethod</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> C14n </td><td colspan="1" rowspan="1"
class="confluenceTd"> Canonicalization method used to canonicalize the
SignedInfo element before the digest is calculated. You can use the helper
methods <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String
algorithm) or getCanonicalizationMethod(String algorithm, List<String>
inclusiveNamespacePrefixes) to create a canonicalization method.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
transformMethods </td><td colspan="1" rowspan="1" class="confluenceTd">
List<javax.xml.crypto.AlgorithmMethod> </td><td colspan="1" rowspan="1"
class="confluenceTd"> see description </td><td colspan="1" rowspan="1"
class="confluenceTd"> Tra
nsforms which are executed on the message body before the digest is
calculated. By default, C14n is added and in the case of enveloped signature
(see option <tt>parentLocalName</tt>) also <a shape="rect"
class="external-link"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is
added at position 0 of the list. Use methods in <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a> to create the transform methods.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
prefixForXmlSignatureNamespace </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>ds</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Prefix for the XML signature namespac
e. If <tt>null</tt> is specified or an empty string then no prefix is used for
the signature namespace. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> contentReferenceUri </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> see description </td><td colspan="1" rowspan="1"
class="confluenceTd"> The URI of the reference to the signed content
(in-message body). If <tt>null</tt> and we are in the enveloped XML signature
case then the URI is set to "". If <tt>null</tt> and we are in the enveloping
XML signature case then the URI is set to "generated_object_id" which means
that the reference points to the Object element containing the in-message body.
You can use this option to reference a specific part in your in-message body if
you do not want to sign the complete in-message body. This value can be
overwritten by the header "CamelXmlSignatureContentReferenceUri".
</td></tr><tr><td colspan="1" rowspan="1" cl
ass="confluenceTd"> contentReferenceType </td><td colspan="1" rowspan="1"
class="confluenceTd"> String </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Value of the type attribute of the content reference.
This value can be overwritten by the header
"CamelXmlSignatureContentReferenceType" </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> plainText </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.FALSE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator whether the in-message body contains plain
text. Normally, the signature generator treats the incoming message body as
XML. If the message body is plain text, then you must set this option to
<tt>true</tt>. The value can be overwritten by the header
"CamelXmlSignatureMessageIsPlainText". </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> plainTextEncoding
</td><td colspan="1" rowspan="1" class="confluenceTd"> String </td><td
colspan="1" rowspan="1" class="confluenceTd"> null </td><td colspan="1"
rowspan="1" class="confluenceTd"> Only used when the option <tt>plainText</tt>
is set to <tt>true</tt>. Then you can specify the encoding of the plain text.
If <tt>null</tt> then UTF-8 is used. The value can be overwritten by the header
"CamelXmlSignatureMessageIsPlainTextEncoding". </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> properties </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> For adding additional References and Objects to the XML
signature which contain
additional properties, you can provide a bean which implements the <a
shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a> interface. </td></tr></tbody></table>
</div>
@@ -231,7 +232,7 @@
<div class="confluenceTableSmall"></div>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> keySelector </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Provides the key for validating the XML signature. There
is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKe
ySelector.java" rel="nofollow">DefaultKeySelector</a>. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> xmlSignatureChecker </td><td
colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java";
rel="nofollow">XmlSignatureChecker</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> This interface allows the application to check the XML
signature before the validation is executed. This step is recommended in <a
shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed";
rel="nofollow">http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed</a>
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
validationFailedHandler </td><td colspan="1" rowspan="1" class=
"confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java";
rel="nofollow">ValidationFailedHandler</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java";
rel="nofollow">DefaultValidationFailedHandler</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Handles the different validation failed
situations. The default implementation throws specific exceptions for the
different situations (All exceptions have the package name
<tt>org.apache.camel.component.xmlsecurity.api</tt> and are a sub-class of
<tt>XmlSignatureInvalidException</tt>. If the signature value validation fails,
a <tt>XmlSignatureInvalidValueExcep
tion</tt>. If a reference validation fails, a
<tt>XmlSignatureInvalidContentHashException</tt> is thrown. For more detailed
information, see the JavaDoc. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> xmlSignature2Message </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java";
rel="nofollow">DefaultXmlSignature2Message</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Bean which maps the XML signature to the
ouput-message after the validation. How this mapping sho
uld be done can be configured by the options <tt>outputNodeSearchType</tt>,
<tt>outputNodeSearch</tt>, and <tt>removeSignatureElements</tt>. The default
implementation offers three possibilities which are related to the three output
node search types "Default", "ElementName", and "XPath". The default
implementation determines a node which is then serialized and set to the body
of the ouput message. If the search type is "ElementName" then the ouput node
(which must be in this case an element) is determined by the local name and
namespace defined in the search value (see option <tt>outputNodeSearch</tt>).
If the search type is "XPath" then the output node is determined by the XPath
specified in the search value (in this case the ouput node can be of type
"Element", "TextNode" or "Document"). If the output node search type is
"Default" then the following rules apply: In the enveloped XML signature case
(there is a reference with URI="" and transform
"http://www.w3.org/2000/09/xmldsig#
enveloped-signature"), the incoming XML document without the Signature element
is set to the output message body. In the non-enveloped XML signature case, the
message body is determined from a referenced Object; this is explained in more
detail in chapter "Output Node Determination in Enveloping XML Signature Case".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
outputNodeSearchType </td><td colspan="1" rowspan="1" class="confluenceTd">
String </td><td colspan="1" rowspan="1" class="confluenceTd"> "Default"
</td><td colspan="1" rowspan="1" class="confluenceTd"> Determines the type of
the search of the output node. See option <tt>xmlSignature2Message</tt>. The
default implementation <tt>DefaultXmlSignature2Message</tt> supports the three
search types "Default", "ElementName", and "XPath". </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> outputNodeSearch </td><td
colspan="1" rowspan="1" class="confluenceTd"> Object </td><td colspan="1"
rowspan="1" class
="confluenceTd"> null </td><td colspan="1" rowspan="1" class="confluenceTd">
Search value of the output node search. The type depends on the search type.
For the default search implementation <tt>DefaultXmlSignature2Message</tt> the
following values can be supplied. If the search type is "Default", then the
search value is not used. If the search type is "ElementName", then the search
value contains the namespace and local name of the output element. The
namespace must be embraced in brackets. If the search type is "XPath", the
search value contains an instance of
<tt>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</tt> which represents
an XPath. You can create such an instance via the method <tt><a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a>.getXpathFilter(String xpath,
Map<String, String
> namespaceMap)</tt>. The XPath determines the output node which can be of
type Element, TextNode, or Document. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> removeSignatureElements </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.FALSE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator for removing Signature elements in the output
message in the enveloped XML signature case. Used in the
<tt>XmlSignature2Message</tt> instance. The default implementation does use
this indicator for the two search types "ElementName" and "XPath".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
secureValidation </td><td colspan="1" rowspan="1" class="confluenceTd"> Boolean
</td><td colspan="1" rowspan="1" class="confluenceTd"> Boolean.TRUE </td><td
colspan="1" rowspan="1" class="confluenceTd"> Enables secure validation. If
true then secure validation is enabled - see <a shape=
"rect" class="external-link"
href="http://santuario.apache.org/java150releasenotes.html";>here</a> for more
information. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> keySelector </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Provides the key for validating the XML signature. There
is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKe
ySelector.java" rel="nofollow">DefaultKeySelector</a>. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> xmlSignatureChecker </td><td
colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java";
rel="nofollow">XmlSignatureChecker</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> This interface allows the application to check the XML
signature before the validation is executed. This step is recommended in <a
shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed";
rel="nofollow">http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed</a>
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
validationFailedHandler </td><td colspan="1" rowspan="1" class=
"confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java";
rel="nofollow">ValidationFailedHandler</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java";
rel="nofollow">DefaultValidationFailedHandler</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Handles the different validation failed
situations. The default implementation throws specific exceptions for the
different situations (All exceptions have the package name
<tt>org.apache.camel.component.xmlsecurity.api</tt> and are a sub-class of
<tt>XmlSignatureInvalidException</tt>. If the signature value validation fails,
a <tt>XmlSignatureInvalidValueExcep
tion</tt>. If a reference validation fails, a
<tt>XmlSignatureInvalidContentHashException</tt> is thrown. For more detailed
information, see the JavaDoc. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> xmlSignature2Message </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java";
rel="nofollow">DefaultXmlSignature2Message</a> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Bean which maps the XML signature to the
ouput-message after the validation. How this mapping sho
uld be done can be configured by the options <tt>outputNodeSearchType</tt>,
<tt>outputNodeSearch</tt>, and <tt>removeSignatureElements</tt>. The default
implementation offers three possibilities which are related to the three output
node search types "Default", "ElementName", and "XPath". The default
implementation determines a node which is then serialized and set to the body
of the ouput message. If the search type is "ElementName" then the ouput node
(which must be in this case an element) is determined by the local name and
namespace defined in the search value (see option <tt>outputNodeSearch</tt>).
If the search type is "XPath" then the output node is determined by the XPath
specified in the search value (in this case the ouput node can be of type
"Element", "TextNode" or "Document"). If the output node search type is
"Default" then the following rules apply: In the enveloped XML signature case
(there is a reference with URI="" and transform
"http://www.w3.org/2000/09/xmldsig#
enveloped-signature"), the incoming XML document without the Signature element
is set to the output message body. In the non-enveloped XML signature case, the
message body is determined from a referenced Object; this is explained in more
detail in chapter "Output Node Determination in Enveloping XML Signature Case".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
outputNodeSearchType </td><td colspan="1" rowspan="1" class="confluenceTd">
String </td><td colspan="1" rowspan="1" class="confluenceTd"> "Default"
</td><td colspan="1" rowspan="1" class="confluenceTd"> Determines the type of
the search of the output node. See option <tt>xmlSignature2Message</tt>. The
default implementation <tt>DefaultXmlSignature2Message</tt> supports the three
search types "Default", "ElementName", and "XPath". </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> outputNodeSearch </td><td
colspan="1" rowspan="1" class="confluenceTd"> Object </td><td colspan="1"
rowspan="1" class
="confluenceTd"> null </td><td colspan="1" rowspan="1" class="confluenceTd">
Search value of the output node search. The type depends on the search type.
For the default search implementation <tt>DefaultXmlSignature2Message</tt> the
following values can be supplied. If the search type is "Default", then the
search value is not used. If the search type is "ElementName", then the search
value contains the namespace and local name of the output element. The
namespace must be embraced in brackets. If the search type is "XPath", the
search value contains an instance of
<tt>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</tt> which represents
an XPath. You can create such an instance via the method <tt><a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a></tt><tt>.getXpathFilter(String xpath,
Map<Strin
g, String> namespaceMap)</tt>. The XPath determines the output node which
can be of type Element, TextNode, or Document. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> removeSignatureElements </td><td colspan="1"
rowspan="1" class="confluenceTd"> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd"> Boolean.FALSE </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicator for removing Signature elements in the output
message in the enveloped XML signature case. Used in the
<tt>XmlSignature2Message</tt> instance. The default implementation does use
this indicator for the two search types "ElementName" and "XPath".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
secureValidation </td><td colspan="1" rowspan="1" class="confluenceTd"> Boolean
</td><td colspan="1" rowspan="1" class="confluenceTd"> Boolean.TRUE </td><td
colspan="1" rowspan="1" class="confluenceTd"> Enables secure validation. If
true then secure validation is enabled - see
<a shape="rect" class="external-link"
href="http://santuario.apache.org/java150releasenotes.html";>here</a> for more
information. </td></tr></tbody></table>
</div>
@@ -251,11 +252,11 @@
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><