Author: buildbot
Date: Thu Dec 18 15:18:17 2014
New Revision: 933235
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/xml-security-component.html
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Thu Dec 18
15:18:17 2014
@@ -85,7 +85,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2
id="XMLSecuritycomponent-XMLSecuritycomponent">XML Security
component</h2><p><strong>Available as of Camel 2.12.0</strong></p><p>With this
Apache Camel component, you can generate and validate XML signatures as
described in the W3C standard <a shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-core/"; rel="nofollow">XML Signature Syntax
and Processing</a> or as described in the successor <a shape="rect"
class="external-link" href="http://www.w3.org/TR/xmldsig-core1/";
rel="nofollow">version 1.1</a>. For XML Encryption support, please refer to the
XML Security <a shape="rect" href="data-format.html">Data Format</a>.</p><p>You
can find an introduction to XML signature <a shape="rect" class="external-link"
href="http://www.oracle.com/technetwork/articles/javase/dig-signatures-141823.html";
rel="nofollow">here</a>. The implementation of the component is based on <a
shape="rect" class="external-link" href="http://docs.oracle.com/j
avase/6/docs/technotes/guides/security/xmldsig/overview.html"
rel="nofollow">JSR 105</a>, the Java API corresponding to the W3C standard and
supports the Apache Santuario and the JDK provider for JSR 105. The
implementation will first try to use the Apache Santuario provider; if it does
not find the Santuario provider, it will use the JDK provider. Further, the
implementation is DOM based.</p><p>Maven users will need to add the following
dependency to their <code>pom.xml</code> for this component:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<div class="wiki-content maincontent"><h2
id="XMLSecuritycomponent-XMLSecuritycomponent">XML Security
component</h2><p><strong>Available as of Camel 2.12.0</strong></p><p>With this
Apache Camel component, you can generate and validate XML signatures as
described in the W3C standard <a shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-core/"; rel="nofollow">XML Signature Syntax
and Processing</a> or as described in the successor <a shape="rect"
class="external-link" href="http://www.w3.org/TR/xmldsig-core1/";
rel="nofollow">version 1.1</a>. For XML Encryption support, please refer to the
XML Security <a shape="rect" href="data-format.html">Data Format</a>.</p><p>You
can find an introduction to XML signature <a shape="rect" class="external-link"
href="http://www.oracle.com/technetwork/articles/javase/dig-signatures-141823.html";
rel="nofollow">here</a>. The implementation of the component is based on <a
shape="rect" class="external-link" href="http://docs.oracle.com/j
avase/6/docs/technotes/guides/security/xmldsig/overview.html"
rel="nofollow">JSR 105</a>, the Java API corresponding to the W3C standard and
supports the Apache Santuario and the JDK provider for JSR 105. The
implementation will first try to use the Apache Santuario provider; if it does
not find the Santuario provider, it will use the JDK provider. Further, the
implementation is DOM based.</p><p>Since Camel 2.15.0 we also provide support
for <strong>XAdES-BES/EPES</strong> for the signer endpoint; see subsection
"XAdES-BES/EPES for the Signer Endpoint".</p><p>Maven users will need to add
the following dependency to their <code>pom.xml</code> for this
component:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-xmlsecurity</artifactId>
@@ -283,7 +283,7 @@
<to
uri="xmlsecurity:verify://detached?keySelector=#keySelectorBean&amp;schemaResourceUri=Test.xsd"
/>
<to uri="mock:result" />]]></script>
-</div></div><p><span style="line-height: 1.4285715;"><br
clear="none"></span></p><h3
id="XMLSecuritycomponent-XAdES-BES/EPESfortheSignerEndpoint"><span
style="line-height: 1.4285715;">XAdES-BES/EPES for the Signer
Endpoint</span></h3><p><span style="line-height: 1.4285715;"><strong>Available
as of Camel 2.15.0</strong></span></p><p><span style="line-height:
1.4285715;"> </span></p><div class="O2"><a shape="rect"
class="external-link"
href="http://www.etsi.org/deliver/etsi_ts/101900_101999/101903/01.04.02_60/ts_101903v010402p.pdf";
rel="nofollow">Ÿ<u>X</u>ML <u>Ad</u>vanced <u>E</u>lectronic
<u>S</u>ignatures (XAdES)</a> defines extensions to XML Signature. This
standard was defined by the <a shape="rect" class="external-link"
href="http://www.etsi.org/"; rel="nofollow">European Telecomunication Standards
Institute</a> and allows you to create signatures which are compliant to the <a
shape="rect" class="external-link"
href="http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?ur
i=OJ:L:2000:013:0012:0020:EN:PDF" rel="nofollow">European Union Directive
(1999/93/EC) on a Community framework for electronic signatrues</a>. XAdES
defines different sets of signature properties which are called signature
forms. We support the signature forms <strong>Basic Electronic
Signature</strong> (XAdES-BES) and <strong>Explicit Policy Based Electronic
Signature</strong> (XAdES-EPES) for the Signer Endpoint. The forms
<strong>E<span style="line-height:
1.4285715;">lectronic </span></strong><span style="line-height:
1.4285715;"><strong>Signature with Validation Data</strong> XAdES-T and
XAdES-C are not supported.</span></div><div class="O2"><span
style="line-height: 1.4285715;"><br clear="none"></span></div><div
class="O2">We support the following properties of the XAdES-EPES form ("?"
denotes zero or one occurence):</div><div class="O2"><div class="code panel
pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b
>XAdES-EPES Properties</b></div><div class="codeContent panelContent pdl">
+</div></div><p><span style="line-height: 1.4285715;"><br
clear="none"></span></p><h3
id="XMLSecuritycomponent-XAdES-BES/EPESfortheSignerEndpoint"><span
style="line-height: 1.4285715;">XAdES-BES/EPES for the Signer
Endpoint</span></h3><p><span style="line-height: 1.4285715;"><strong>Available
as of Camel 2.15.0</strong></span><span style="line-height:
1.4285715;"> </span></p><div class="O2"><a shape="rect"
class="external-link"
href="http://www.etsi.org/deliver/etsi_ts/101900_101999/101903/01.04.02_60/ts_101903v010402p.pdf";
rel="nofollow">Ÿ<u>X</u>ML <u>Ad</u>vanced <u>E</u>lectronic
<u>S</u>ignatures (XAdES)</a> defines extensions to XML Signature. This
standard was defined by the <a shape="rect" class="external-link"
href="http://www.etsi.org/"; rel="nofollow">European Telecomunication Standards
Institute</a> and allows you to create signatures which are compliant to the <a
shape="rect" class="external-link"
href="http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:
2000:013:0012:0020:EN:PDF" rel="nofollow">European Union Directive
(1999/93/EC) on a Community framework for electronic signatrues</a>. XAdES
defines different sets of signature properties which are called signature
forms. We support the signature forms <strong>Basic Electronic
Signature</strong> (XAdES-BES) and <strong>Explicit Policy Based Electronic
Signature</strong> (XAdES-EPES) for the Signer Endpoint. The forms
<strong>E<span style="line-height:
1.4285715;">lectronic </span></strong><span style="line-height:
1.4285715;"><strong>Signature with Validation Data</strong> XAdES-T and
XAdES-C are not supported.</span></div><div class="O2"><span
style="line-height: 1.4285715;"><br clear="none"></span></div><div
class="O2">We support the following properties of the XAdES-EPES form ("?"
denotes zero or one occurrence):</div><div class="O2"><p> </p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1
px;"><b>Supported XAdES-EPES Properties</b></div><div class="codeContent
panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[ <QualifyingProperties Target>
<SignedProperties>
<SignedSignatureProperties>
@@ -299,7 +299,83 @@
</SignedDataObjectProperties>
</SignedProperties>
</QualifyingProperties>]]></script>
-</div></div><p>The properties of the XAdES-BES form are the same except that
the <span style="line-height:
1.4285715;"><code>SignaturePolicyIdentifier</code> property is
missing. </span></p><p><span style="line-height: 1.4285715;"><br
clear="none"></span></p></div><p><span style="line-height:
1.4285715;"><strong><br clear="none"></strong></span></p><p><span
style="line-height: 1.4285715;"><strong><br
clear="none"></strong></span></p><h3 id="XMLSecuritycomponent-SeeAlso">See
Also</h3><ul><li><a shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/"; rel="nofollow">Best
Practices</a></li></ul></div>
+</div></div><p>The properties of the XAdES-BES form are the same except that
the <span style="line-height:
1.4285715;"><code>SignaturePolicyIdentifier</code> property is
missing. </span></p><p><span style="line-height: 1.4285715;">You can
configure the XAdES-BES/EPES properties via the
bean <code><span>org.apache.camel.component.xmlsecurity.api.</span>XAdESSignatureProperties</code>
or <code>org.apache.camel.component.xmlsecurity.api.DefaultXAdESSignatureProperties.
<span>XAdESSignatureProperties</span></code><span> does support all
properties mentioned above except the </span></span><code><span
style="line-height: 1.4285715;">SigningCertificate </span></code><span
style="line-height: 1.4285715;">property. To get
the <code><span>SigningCertificate </span></code><span>property, you
must overwrite either the
method <code>XAdESSignatureProperties.getSigningCertificate()
</code>or<code> <span>XAdESSignatureProperties.</span>getSigni
ngCertificateChain(). </code>The
class <code>DefaultXAdESSignatureProperties</code> overwrites the
method <code>getSigningCertificate()</code> and allows you to specify
the signing certificate via a keystore and alias. The following example shows
all parameters which you can specify, if you do not need certain parameters you
can just omit them.</span></span></p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>XAdES-BES/EPES example in Java
DSL</b></div><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ Â Keystore keystore = ... // load a
keystore
+ DefaultKeyAccessor accessor = new DefaultKeyAccessor();
+ accessor.setKeyStore(keystore);
+ accessor.setPassword("password");
+ accessor.setAlias("cert_alias"); // signer key alias
+Â
+ DefaultXAdESSignatureProperties props = new
DefaultXAdESSignatureProperties();
+ props.setNamespace("http://uri.etsi.org/01903/v1.3.2#"); //
sets the namespace for the XAdES elements; the namspace is related to the XAdES
version, default value is "http://uri.etsi.org/01903/v1.3.2#", other
possible values are "http://uri.etsi.org/01903/v1.1.1#" and
"http://uri.etsi.org/01903/v1.2.2#"
+ props.setPrefix("etsi"); // sets the prefix for the XAdES
elements, default value is "etsi"
+ Â
+ // signing certificate
+ props.setKeystore(keystore));
+ props.setAlias("cert_alias"); // specify the alias of the
signing certificate in the keystore = signer key alias
+ props.setDigestAlgorithmForSigningCertificate(DigestMethod.SHA256);
+
props.setSigningCertificateURIs(Collections.singletonList("http://certuri"));
+Â
+ // signing time
+ props.setAddSigningTime(true);
+Â
+ // policy
+
props.setSignaturePolicy(XAdESSignatureProperties.SIG_POLICY_EXPLICIT_ID);
+ // also the values XAdESSignatureProperties.SIG_POLICY_NONE and
XAdESSignatureProperties.SIG_POLICY_IMPLIED are possible
+ // then you must not specify any further policy parameters
+ props.setSigPolicyId("urn:oid:1.2.840.113549.1.9.16.6.1");
+ props.setSigPolicyIdQualifier("OIDAsURN");
+ props.setSigPolicyIdDescription("invoice version 3.1");
+ props.setSignaturePolicyDigestAlgorithm(DigestMethod.SHA256);
+
props.setSignaturePolicyDigestValue("Ohixl6upD6av8N7pEvDABhEL6hM=");
+ props.setSigPolicyQualifiers(Arrays
+ .asList(new String[] {
+ "<SigPolicyQualifier
xmlns=\"http://uri.etsi.org/01903/v1.3.2#\"><SPURI>http://test.com/sig.policy.pdf</SPURI><SPUserNotice><ExplicitText>display
text</ExplicitText>"
+ +
"</SPUserNotice></SigPolicyQualifier>", "category
B" }));
+ props.setSigPolicyIdDocumentationReferences(Arrays.asList(new String[]
{"http://test.com/policy.doc.ref1.txt",
+ "http://test.com/policy.doc.ref2.txt" }));
+Â
+ // production place
+ props.setSignatureProductionPlaceCity("Munich");
+ props.setSignatureProductionPlaceCountryName("Germany");
+ props.setSignatureProductionPlacePostalCode("80331");
+ props.setSignatureProductionPlaceStateOrProvince("Bavaria");
+Â
+ //role
+ // you can add claimed roles either by specifying simple text or an
XML fragment with the root element ClaimedRole
+ props.setSignerClaimedRoles(Arrays.asList(new String[]
{"test",
+ "<a:ClaimedRole
xmlns:a=\"http://uri.etsi.org/01903/v1.3.2#\"><TestRole>TestRole</TestRole></a:ClaimedRole>"
}));
+ props.setSignerCertifiedRoles(Collections.singletonList(new
XAdESEncapsulatedPKIData("Ahixl6upD6av8N7pEvDABhEL6hM=",
+ "http://uri.etsi.org/01903/v1.2.2#DER",
"IdCertifiedRole")));
+Â
+ // data object format
+ props.setDataObjectFormatDescription("invoice");
+ props.setDataObjectFormatMimeType("text/xml");
+
props.setDataObjectFormatIdentifier("urn:oid:1.2.840.113549.1.9.16.6.2");
+ props.setDataObjectFormatIdentifierQualifier("OIDAsURN");
+ props.setDataObjectFormatIdentifierDescription("identifier
desc");
+
props.setDataObjectFormatIdentifierDocumentationReferences(Arrays.asList(new
String[] {
+ "http://test.com/dataobject.format.doc.ref1.txt",
"http://test.com/dataobject.format.doc.ref2.txt" }));
+Â
+ //commitment
+
props.setCommitmentTypeId("urn:oid:1.2.840.113549.1.9.16.6.4");
+ props.setCommitmentTypeIdQualifier("OIDAsURN");
+ props.setCommitmentTypeIdDescription("description for commitment
type ID");
+ props.setCommitmentTypeIdDocumentationReferences(Arrays.asList(new
String[] {"http://test.com/commitment.ref1.txt",
+ "http://test.com/commitment.ref2.txt" }));
+ // you can specify a commitment type qualifier either by simple text
or an XML fragment with root element CommitmentTypeQualifier
+ props.setCommitmentTypeQualifiers(Arrays.asList(new String[]
{"commitment qualifier",
+ "<c:CommitmentTypeQualifier
xmlns:c=\"http://uri.etsi.org/01903/v1.3.2#\"><C>c</C></c:CommitmentTypeQualifier>"
}));
+Â
+ beanRegistry.bind("xmlSignatureProperties",props);
+ beanRegistry.bind("keyAccessorDefault",keyAccessor);
+Â
+ // you must reference the properties bean in the "xmlsecurity" URI
+
from("direct:xades").to("xmlsecurity:sign://xades?keyAccessor=#keyAccessorDefault&properties=#xmlSignatureProperties")
+ .to("mock:result");
+
+]]></script>
+</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1"
class="confluenceTh">Type</th><th colspan="1" rowspan="1"
class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd">for the 'Id' attribute value of
<code>QualifyingProperties</code> element</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd">for the 'Id' attribute value of
<code>SignedDataObjectProperties</code> element</td></tr><tr><td colspan="1"
rowspan="1" class="co
nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd">for the 'Id' attribute value of 
<code>SignedSignatureProperties</code> element</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd"><span>for the value of the
</span><code>Encoding</code><span> element of the
</span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd"> overwrites the XAdES namespace parameter
value</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><c
ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">overwrites the XAdES prefix parameter
value</td></tr></tbody></table></div><h4
id="XMLSecuritycomponent-Limitations">Limitations</h4><ul><li>No support for
signature form XAdES-T and XAdES-C</li><li>Only signer part
implemented.</li><li>No support for the
'<code>QualifyingPropertiesReference</code>' element (see section 6.3.2 of
spec).</li><li>No support for the <code>Transforms</code> element contained in
the <code>SignaturePolicyId</code> element contained in
the <code>SignaturePolicyIdentifier element</code></li><li>No support of
the <code>CounterSignature</code> element --> no support for
the <code>UnsignedProperties</code> element</li><li>At most one
<code>DataObjectFormat</code> element. More than one <code>DataObjectFormat
</code>element makes no sense  because we have only one data object whic
h is signed (this is the incoming message body to the XML signer
endpoint).</li><li>At most one <code>CommitmentTypeIndication</code> element.
More than one <code>CommitmentTypeIndication</code>element makes no sense
 because we have only one data object which is signed (this is the
incoming message body to the XML signer endpoint).</li><li><p>A
<code>CommitmentTypeIndication</code> element contains always the
<code>AllSignedDataObjects</code> element. The <code>ObjectReference</code>
element within <code>CommitmentTypeIndication</code>  element is not
supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code> element is not
supported</li><li>The<code> IndividualDataObjectsTimeStamp</code> element is
not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See
Also</h3><ul><li><a shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/"; rel="nofollow">Best
Practices</a></li></ul></div>
</td>
<td valign="top">
<div class="navigation">
