...
| Name |
Type |
Default |
Description |
| uriDereferencer |
javax.xml.crypto.URIDereferencer |
null |
URI dereferencer. You can specify here your own URI dereferencer, if you want to restrict the dereferencing or have special requirements for dereferencing. |
| baseUri |
String |
null |
Base URI used in the URI dereferencer. Relative URIs are concatenated with the base URI. |
| cryptoContextProperties |
Map<String, ? extends Object> |
null |
Crypto context properties. See javax.xml.crypto.XMLCryptoContext.setProperty(String, Object). The properties can depend on the provider. For example, the JDK provider "XMLDSig" has the property "org.jcp.xml.dsig.validateManifests" for enabling manifest validation. The following properties are set by default to the value Boolean.TRUE for the XML verifier: "org.jcp.xml.dsig.validateManifests", "javax.xml.crypto.dsig.cacheReference". If the option secureValidation} is {{true then additionally the properties "org.apache.jcp.xml.dsig.secureValidation" and "org.jcp.xml.dsig.secureValidation" are set to Boolean.TRUE for the XML verifier. If you want to switch these features off you must set the property values to Boolean.FALSE. |
| disallowDoctypeDecl |
Boolean |
Boolean.TRUE |
Indicator whether DTD DOCTYPE declarations shall be disallowed in the incoming XML message. |
| omitXmlDeclaration |
Boolean |
Boolean.FALSE |
Indicator whether the XML declaration header shall be omitted in the output XML message. |
| clearHeaders |
Boolean |
Boolean.TRUE |
Indicator whether the XML signature message headers defined in XmlSignatureConstants shall be deleted at the end of the signer or verifier processing. |
| schemaResourceUri |
String |
null |
Since 2.14.0. Classpath to the XML Schema file. If set then the XML document is validated against the XML schema. Must be set in the case of detached signatures in order to determine the attributes of type ID. This value can be overwritten by the header "CamelXmlSignatureSchemaResourceUri". For further information, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements". |
...
| Name |
Type |
Default |
Description |
| keyAccessor |
KeyAccessor |
null |
Provides the signing key and the KeyInfo instance. There is an example implementation which uses a keystore, see DefaultKeyAccessor |
| addKeyInfoReference |
Boolean |
Boolean.TRUE |
Indicator whether a Reference element refering the KeyInfo element provided by the key accessor should be added to the XML signature. |
| signatureAlgorithm |
String |
http://www.w3.org/2000/09/xmldsig#rsa-sha1 |
signature algorithm consisting of a digest and encryption algorithm. The digest algorithm is used to calculate the digest of the SignedInfo element and the encryption algorithm is used to sign this digest. Possible values: http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 |
| digestAlgorithm |
String |
see description |
Digest algorithm for calculating the digest of the in-message body. If not specified then the digest algorithm of the signature algorithm is used. Possible values: http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 |
| parentLocalName |
String |
null |
Local name of the parent of the Signature element. The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. If this option is null, then an enveloping XML signature is created. See also option parentNamespace. |
| parentNamespace |
String |
null |
Namespace of the parent of the Signature element. See option parentLocalName |
| canonicalizationMethod |
javax.xml.crypto.AlgorithmMethod |
C14n |
Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List<String> inclusiveNamespacePrefixes) to create a canonicalization method. |
| transformMethods |
List<javax.xml.crypto.AlgorithmMethod> |
see description |
Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. |
| prefixForXmlSignatureNamespace |
String |
ds |
Prefix for the XML signature namespace. If null is specified or an empty string then no prefix is used for the signature namespace. |
| contentReferenceUri |
String |
see description |
The URI of the reference to the signed content (in-message body). If null and we are in the enveloped XML signature case then the URI is set to "". If null and we are in the enveloping XML signature case then the URI is set to "generated_object_id" which means that the reference points to the Object element containing the in-message body. You can use this option to reference a specific part in your in-message body if you do not want to sign the complete in-message body. This value can be overwritten by the header "CamelXmlSignatureContentReferenceUri". Please be aware, if you want to use a value of an XML ID attribute (example: "#ID_value"), then you must provide the information about the ID attribute via a doctype definition contained in the input XML document. This option is ignored in the case of detached signature when the option xpathsToIdAttributes is set. |
| contentReferenceType |
String |
null |
Value of the type attribute of the content reference. This value can be overwritten by the header "CamelXmlSignatureContentReferenceType" |
| plainText |
Boolean |
Boolean.FALSE |
Indicator whether the in-message body contains plain text. Normally, the signature generator treats the incoming message body as XML. If the message body is plain text, then you must set this option to true. The value can be overwritten by the header "CamelXmlSignatureMessageIsPlainText". |
| plainTextEncoding |
String |
null |
Only used when the option plainText is set to true. Then you can specify the encoding of the plain text. If null then UTF-8 is used. The value can be overwritten by the header "CamelXmlSignatureMessageIsPlainTextEncoding". |
| properties |
XmlSignatureProperties |
null |
For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. |
| contentObjectId |
String |
null |
Value of the Id attribute of the Object element. Only used in the enveloping XML signature case. If null then a unique value is generated. Available as of 2.12.2 |
| xpathsToIdAttributes |
List<XPathFilterParameterSpec> |
empty list |
Since 2.14.0. List of XPATH expressions to ID attributes of elements to be signed. Used for the detached XML Signatures. Can only be used in combination with the option schemaResourceUri. The value can be overwritten by the header "CamelXmlSignatureXpathsToIdAttributes". If the option parentLocalName parentLocalName is set at the same time then an exception is thrown. The class XPathFilterParameterSpec has the package javax.xml.crypto.dsig.spec. For further information, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements". |
| signatureId |
String |
null |
Since 2.14.0. Value of the Id attribute of the Signature element. If null then a unique Id is generated. If the value is the empty string ("") then no Id attribute is added to the Signature element. |
Verifying Options
The verifier endpoint has the following options.
...
