main.pageCache xml-security-component.html

buildbot Thu, 18 Dec 2014 23:20:07 -0800

Author: buildbot
Date: Fri Dec 19 07:19:14 2014
New Revision: 933316

Log:
Production update by buildbot for camel


Modified:
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/xml-security-component.html

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Fri Dec 19 
07:19:14 2014
@@ -299,7 +299,7 @@
                 &lt;/SignedDataObjectProperties&gt;
             &lt;/SignedProperties&gt;
         &lt;/QualifyingProperties&gt;]]></script>
-</div></div><p>The properties of the XAdES-BES form are the same except that 
the&#160;<span style="line-height: 
1.4285715;"><code>SignaturePolicyIdentifier</code> property is 
missing.&#160;</span></p><p><span style="line-height: 1.4285715;">You can 
configure the XAdES-BES/EPES properties via the 
bean&#160;<code><span>org.apache.camel.component.xmlsecurity.api.</span>XAdESSignatureProperties</code>
 
or&#160;<code>org.apache.camel.component.xmlsecurity.api.DefaultXAdESSignatureProperties.
 <span>XAdESSignatureProperties</span></code><span>&#160;does support all 
properties mentioned above except the&#160;</span></span><code><span 
style="line-height: 1.4285715;">SigningCertificate&#160;</span></code><span 
style="line-height: 1.4285715;">property. To get 
the&#160;<code><span>SigningCertificate&#160;</span></code><span>property, you 
must overwrite either the 
method&#160;<code>XAdESSignatureProperties.getSigningCertificate() 
</code>or<code>&#160;<span>XAdESSignatureProperties.</span>getSigni
 ngCertificateChain().&#160;</code>The 
class&#160;<code>DefaultXAdESSignatureProperties</code>&#160;overwrites the 
method&#160;<code>getSigningCertificate()</code>&#160;and allows you to specify 
the signing certificate via a keystore and alias. The following example shows 
all parameters which you can specify, if you do not need certain parameters you 
can just omit them.</span></span></p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeHeader panelHeader pdl" 
style="border-bottom-width: 1px;"><b>XAdES-BES/EPES example in Java 
DSL</b></div><div class="codeContent panelContent pdl">
+</div></div><p>The properties of the XAdES-BES form are the same except that 
the&#160;<span style="line-height: 
1.4285715;"><code>SignaturePolicyIdentifier</code> property is not p&#252;art 
of XAdES-BES.&#160;</span></p><p><span style="line-height: 1.4285715;">You can 
configure the XAdES-BES/EPES properties via the 
bean&#160;<code><span>org.apache.camel.component.xmlsecurity.api.</span>XAdESSignatureProperties</code>
 
or&#160;<code>org.apache.camel.component.xmlsecurity.api.DefaultXAdESSignatureProperties.
 <span>XAdESSignatureProperties</span></code><span>&#160;does support all 
properties mentioned above except the&#160;</span></span><code><span 
style="line-height: 1.4285715;">SigningCertificate&#160;</span></code><span 
style="line-height: 1.4285715;">property. To get 
the&#160;<code><span>SigningCertificate&#160;</span></code><span>property, you 
must overwrite either the 
method&#160;<code>XAdESSignatureProperties.getSigningCertificate() 
</code>or<code>&#160;<span>XAdESSignatureProper
 ties.</span>getSigningCertificateChain().&#160;</code>The 
class&#160;<code>DefaultXAdESSignatureProperties</code>&#160;overwrites the 
method&#160;<code>getSigningCertificate()</code>&#160;and allows you to specify 
the signing certificate via a keystore and alias. The following example shows 
all parameters you can specify. If you do not need certain parameters you can 
just omit them.</span></span></p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeHeader panelHeader pdl" 
style="border-bottom-width: 1px;"><b>XAdES-BES/EPES Example in Java 
DSL</b></div><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[       Â Keystore keystore = ... // load a 
keystore
         DefaultKeyAccessor accessor = new DefaultKeyAccessor();
         accessor.setKeyStore(keystore);
@@ -313,7 +313,7 @@
         // signing certificate
         props.setKeystore(keystore));
         props.setAlias(&quot;cert_alias&quot;); // specify the alias of the 
signing certificate in the keystore = signer key alias
-        props.setDigestAlgorithmForSigningCertificate(DigestMethod.SHA256);
+        props.setDigestAlgorithmForSigningCertificate(DigestMethod.SHA256); // 
possible values for the algorithm are 
&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;, 
&quot;http://www.w3.org/2001/04/xmlenc#sha256&quot;, 
&quot;http://www.w3.org/2001/04/xmldsig-more#sha384&quot;, 
&quot;http://www.w3.org/2001/04/xmlenc#sha512&quot;, default value is 
&quot;http://www.w3.org/2001/04/xmlenc#sha256&quot;
         
props.setSigningCertificateURIs(Collections.singletonList(&quot;http://certuri&quot;));
 Â 
         // signing time
@@ -321,13 +321,14 @@
 Â 
         // policy
         
props.setSignaturePolicy(XAdESSignatureProperties.SIG_POLICY_EXPLICIT_ID);
-        // also the values XAdESSignatureProperties.SIG_POLICY_NONE and 
XAdESSignatureProperties.SIG_POLICY_IMPLIED are possible
-        // then you must not specify any further policy parameters
+        // also the values XAdESSignatureProperties.SIG_POLICY_NONE 
(&quot;None&quot;), and XAdESSignatureProperties.SIG_POLICY_IMPLIED 
(&quot;Implied&quot;)are possible, default value is 
XAdESSignatureProperties.SIG_POLICY_EXPLICIT_ID (&quot;ExplicitId&quot;)
+        // For &quot;None&quot; and &quot;Implied&quot; you must not specify 
any further policy parameters
         props.setSigPolicyId(&quot;urn:oid:1.2.840.113549.1.9.16.6.1&quot;);
-        props.setSigPolicyIdQualifier(&quot;OIDAsURN&quot;);
+        props.setSigPolicyIdQualifier(&quot;OIDAsURN&quot;); //allowed values 
are empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; default value is 
empty string
         props.setSigPolicyIdDescription(&quot;invoice version 3.1&quot;);
-        props.setSignaturePolicyDigestAlgorithm(DigestMethod.SHA256);
+        props.setSignaturePolicyDigestAlgorithm(DigestMethod.SHA256);// 
possible values for the algorithm are 
&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;, 
http://www.w3.org/2001/04/xmlenc#sha256&quot;, 
&quot;http://www.w3.org/2001/04/xmldsig-more#sha384&quot;, 
&quot;http://www.w3.org/2001/04/xmlenc#sha512&quot;, default value is 
http://www.w3.org/2001/04/xmlenc#sha256&quot;
         
props.setSignaturePolicyDigestValue(&quot;Ohixl6upD6av8N7pEvDABhEL6hM=&quot;);
+        // you can add  qualifiers for the signature policy either by 
specifying text or an XML fragment with the root element 
&quot;SigPolicyQualifier&quot; 
         props.setSigPolicyQualifiers(Arrays
             .asList(new String[] {
                 &quot;&lt;SigPolicyQualifier 
xmlns=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;SPURI&gt;http://test.com/sig.policy.pdf&lt;/SPURI&gt;&lt;SPUserNotice&gt;&lt;ExplicitText&gt;display
 text&lt;/ExplicitText&gt;&quot;
@@ -342,7 +343,7 @@
         props.setSignatureProductionPlaceStateOrProvince(&quot;Bavaria&quot;);
 Â 
         //role
-        // you can add claimed roles either by specifying simple text or an 
XML fragment with the root element ClaimedRole 
+        // you can add claimed roles either by specifying text or an XML 
fragment with the root element &quot;ClaimedRole&quot; 
         props.setSignerClaimedRoles(Arrays.asList(new String[] 
{&quot;test&quot;,
             &quot;&lt;a:ClaimedRole 
xmlns:a=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;TestRole&gt;TestRole&lt;/TestRole&gt;&lt;/a:ClaimedRole&gt;&quot;
 }));
         props.setSignerCertifiedRoles(Collections.singletonList(new 
XAdESEncapsulatedPKIData(&quot;Ahixl6upD6av8N7pEvDABhEL6hM=&quot;,
@@ -352,18 +353,18 @@
         props.setDataObjectFormatDescription(&quot;invoice&quot;);
         props.setDataObjectFormatMimeType(&quot;text/xml&quot;);
         
props.setDataObjectFormatIdentifier(&quot;urn:oid:1.2.840.113549.1.9.16.6.2&quot;);
-        props.setDataObjectFormatIdentifierQualifier(&quot;OIDAsURN&quot;);
+        props.setDataObjectFormatIdentifierQualifier(&quot;OIDAsURN&quot;); 
//allowed values are empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; 
default value is empty string
         props.setDataObjectFormatIdentifierDescription(&quot;identifier 
desc&quot;);
         
props.setDataObjectFormatIdentifierDocumentationReferences(Arrays.asList(new 
String[] {
             &quot;http://test.com/dataobject.format.doc.ref1.txt&quot;, 
&quot;http://test.com/dataobject.format.doc.ref2.txt&quot; }));
 Â 
         //commitment
         
props.setCommitmentTypeId(&quot;urn:oid:1.2.840.113549.1.9.16.6.4&quot;);
-        props.setCommitmentTypeIdQualifier(&quot;OIDAsURN&quot;);
+        props.setCommitmentTypeIdQualifier(&quot;OIDAsURN&quot;); //allowed 
values are empty string, &quot;OIDAsURI&quot;, &quot;OIDAsURN&quot;; default 
value is empty string
         props.setCommitmentTypeIdDescription(&quot;description for commitment 
type ID&quot;);
         props.setCommitmentTypeIdDocumentationReferences(Arrays.asList(new 
String[] {&quot;http://test.com/commitment.ref1.txt&quot;,
             &quot;http://test.com/commitment.ref2.txt&quot; }));
-        // you can specify a commitment type qualifier either by simple text 
or an XML fragment with root element CommitmentTypeQualifier
+        // you can specify a commitment type qualifier either by simple text 
or an XML fragment with root element &quot;CommitmentTypeQualifier&quot;
         props.setCommitmentTypeQualifiers(Arrays.asList(new String[] 
{&quot;commitment qualifier&quot;,
             &quot;&lt;c:CommitmentTypeQualifier 
xmlns:c=\&quot;http://uri.etsi.org/01903/v1.3.2#\&quot;&gt;&lt;C&gt;c&lt;/C&gt;&lt;/c:CommitmentTypeQualifier&gt;&quot;
 }));
 Â 
@@ -375,7 +376,37 @@
                      .to(&quot;mock:result&quot;);
 
 ]]></script>
-</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" 
class="confluenceTh">Type</th><th colspan="1" rowspan="1" 
class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of 
<code>QualifyingProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of 
<code>SignedDataObjectProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" class="co
 
nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of&#160; 
<code>SignedSignatureProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd"><span>for the value of the 
</span><code>Encoding</code><span> element of the 
</span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td 
colspan="1" rowspan="1" 
class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td 
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">&#160;overwrites the XAdES namespace parameter 
value</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><c
 ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd">String</td><td colspan="1" rowspan="1" 
class="confluenceTd">overwrites the XAdES prefix parameter 
value</td></tr></tbody></table></div><h4 
id="XMLSecuritycomponent-Limitations">Limitations</h4><ul><li>No support for 
signature form XAdES-T and XAdES-C</li><li>Only signer part 
implemented.</li><li>No support&#160;for the 
'<code>QualifyingPropertiesReference</code>' element (see section 6.3.2 of 
spec).</li><li>No support for the <code>Transforms</code> element contained in 
the&#160;<code>SignaturePolicyId</code> element contained in 
the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No support of 
the <code>CounterSignature</code> element --&gt; no support for 
the&#160;<code>UnsignedProperties</code> element</li><li>At most one 
<code>DataObjectFormat</code> element. More than one <code>DataObjectFormat 
</code>element makes no sense &#160;because we have only one data object whic
 h is signed (this is the incoming message body to the XML signer 
endpoint).</li><li>At most one <code>CommitmentTypeIndication</code> element. 
More than one <code>CommitmentTypeIndication</code>element makes no sense 
&#160;because we have only one data object which is signed (this is the 
incoming message body to the XML signer endpoint).</li><li><p>A 
<code>CommitmentTypeIndication</code> element contains always the 
<code>AllSignedDataObjects</code> element. The <code>ObjectReference</code> 
element within <code>CommitmentTypeIndication</code>&#160; element is not 
supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code> element is not 
supported</li><li>The<code> IndividualDataObjectsTimeStamp</code> element is 
not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See 
Also</h3><ul><li><a shape="rect" class="external-link" 
href="http://www.w3.org/TR/xmldsig-bestpractices/"; rel="nofollow">Best 
Practices</a></li></ul></div>
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeHeader panelHeader pdl" style="border-bottom-width: 
1px;"><b>XAdES-BES/EPES Example in Spring XML</b></div><div class="codeContent 
panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" 
type="syntaxhighlighter"><![CDATA[Â Â  ...
+   &lt;from uri=&quot;direct:xades&quot; /&gt;
+            &lt;to
+                
uri=&quot;xmlsecurity:sign://xades?keyAccessor=#accessorRsa&amp;amp;properties=#xadesProperties&quot;
 /&gt;
+            &lt;to uri=&quot;mock:result&quot; /&gt;
+   ...
+   &lt;bean id=&quot;xadesProperties&quot;
+        
class=&quot;org.apache.camel.component.xmlsecurity.api.XAdESSignatureProperties&quot;&gt;
+        &lt;!-- For more properties see the the previous Java DSL example.Â 
+             If you want to have a signing certificate then use the bean class 
DefaultXAdESSignatureProperties (see the previous Java DSL example). --&gt;
+        &lt;property name=&quot;signaturePolicy&quot; 
value=&quot;ExplicitId&quot; /&gt;
+        &lt;property name=&quot;sigPolicyId&quot; 
value=&quot;http://www.test.com/policy.pdf&quot; /&gt;
+        &lt;property name=&quot;sigPolicyIdDescription&quot; 
value=&quot;factura&quot; /&gt;
+        &lt;property name=&quot;signaturePolicyDigestAlgorithm&quot; 
value=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot; /&gt;
+        &lt;property name=&quot;signaturePolicyDigestValue&quot; 
value=&quot;Ohixl6upD6av8N7pEvDABhEL1hM=&quot; /&gt;
+        &lt;property name=&quot;signerClaimedRoles&quot; 
ref=&quot;signerClaimedRoles_XMLSigner&quot; /&gt;
+        &lt;property name=&quot;dataObjectFormatDescription&quot; 
value=&quot;Factura electrÃ³nica&quot; /&gt;
+        &lt;property name=&quot;dataObjectFormatMimeType&quot; 
value=&quot;text/xml&quot; /&gt;
+    &lt;/bean&gt;
+    &lt;bean class=&quot;java.util.ArrayList&quot; 
id=&quot;signerClaimedRoles_XMLSigner&quot;&gt;
+        &lt;constructor-arg&gt;
+            &lt;list&gt;
+                &lt;value&gt;Emisor&lt;/value&gt;
+                &lt;value&gt;&amp;lt;ClaimedRole
+                    
xmlns=&amp;quot;http://uri.etsi.org/01903/v1.3.2#&amp;quot;&amp;gt;&amp;lt;test
+                    
xmlns=&amp;quot;http://test.com/&amp;quot;&amp;gt;test&amp;lt;/test&amp;gt;&amp;lt;/ClaimedRole&amp;gt;&lt;/value&gt;
+            &lt;/list&gt;
+        &lt;/constructor-arg&gt;
+    &lt;/bean&gt;]]></script>
+</div></div><h4 id="XMLSecuritycomponent-Headers">Headers</h4><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh">Header</th><th colspan="1" rowspan="1" 
class="confluenceTh">Type</th><th colspan="1" rowspan="1" 
class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESQualifyingPropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of 
<code>QualifyingProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESSignedDataObjectPropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of 
<code>SignedDataObjectProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" class="co
 
nfluenceTd"><p><code>CamelXmlSignatureXAdESSignedSignaturePropertiesId</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">for the 'Id' attribute value of&#160; 
<code>SignedSignatureProperties</code> element</td></tr><tr><td colspan="1" 
rowspan="1" 
class="confluenceTd"><p><code>CamelXmlSignatureXAdESDataObjectFormatEncoding</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd"><span>for the value of the 
</span><code>Encoding</code><span> element of the 
</span><code>DataObjectFormat</code><span> element</span></td></tr><tr><td 
colspan="1" rowspan="1" 
class="confluenceTd"><code>CamelXmlSignatureXAdESNamespace</code></td><td 
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" 
rowspan="1" class="confluenceTd">&#160;overwrites the XAdES namespace parameter 
value</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><c
 ode>CamelXmlSignatureXAdESPrefix</code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd">String</td><td colspan="1" rowspan="1" 
class="confluenceTd">overwrites the XAdES prefix parameter 
value</td></tr></tbody></table></div><h4 
id="XMLSecuritycomponent-LimitationswithregardtoXAdESversion1.4.2">Limitations 
with regard to XAdES version 1.4.2</h4><ul><li>No support for signature form 
XAdES-T and XAdES-C</li><li>Only signer part implemented. Verifier part 
currently not available.</li><li>No support&#160;for the 
'<code>QualifyingPropertiesReference</code>' element (see section 6.3.2 of 
spec).</li><li>No support for the <code>Transforms</code> element contained in 
the&#160;<code>SignaturePolicyId</code> element contained in 
the&#160;<code>SignaturePolicyIdentifier element</code></li><li>No support of 
the <code>CounterSignature</code> element --&gt; no support for 
the&#160;<code>UnsignedProperties</code> element</li><li>At most one 
<code>DataObjectFormat</code> element. More than o
 ne <code>DataObjectFormat </code>element makes no sense &#160;because we have 
only one data object which is signed (this is the incoming message body to the 
XML signer endpoint).</li><li>At most one <code>CommitmentTypeIndication</code> 
element. More than one <code>CommitmentTypeIndication</code>element makes no 
sense &#160;because we have only one data object which is signed (this is the 
incoming message body to the XML signer endpoint).</li><li><p>A 
<code>CommitmentTypeIndication</code> element contains always the 
<code>AllSignedDataObjects</code> element. The <code>ObjectReference</code> 
element within <code>CommitmentTypeIndication</code>&#160; element is not 
supported.</p></li><li>The<code> AllDataObjectsTimeStamp</code> element is not 
supported</li><li>The<code> IndividualDataObjectsTimeStamp</code> element is 
not supported</li></ul></div><h3 id="XMLSecuritycomponent-SeeAlso">See 
Also</h3><ul><li><a shape="rect" class="external-link" 
href="http://www.w3.org/TR/xmldsig-bestprac
 tices/" rel="nofollow">Best Practices</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">

svn commit: r933316 - in /websites/production/camel/content: cache/main.pageCache xml-security-component.html

Reply via email to