This will be fixed for the next release, see https://issues.apache.org/jira/browse/SANTUARIO-486
Colm. On Wed, May 9, 2018 at 3:56 PM, Anthony Dodd <[email protected]> wrote: > All, > > > > When using the DOM implementation you can request which elements of the > X509 data you want to appear in the signature. > > > > // add x509 data > > X509Data x509data = *new* X509Data(document); > > x509data.add(*new* XMLX509SubjectName(document, certificate)); > > x509data.add(*new* XMLX509IssuerSerial(document, certificate)); > > > > In the StAX implementation, we appear to be limited to the following > > > > *public* *static* *final* KeyIdentifier *KeyIdentifier_KeyValue* = > *new* KeyIdentifier("KeyValue"); > > *public* *static* *final* KeyIdentifier *KeyIdentifier_KeyName* = > *new* KeyIdentifier("KeyName"); > > *public* *static* *final* KeyIdentifier *KeyIdentifier_IssuerSerial* > = *new* KeyIdentifier("IssuerSerial"); > > *public* *static* *final* KeyIdentifier > *KeyIdentifier_SkiKeyIdentifier* = *new* KeyIdentifier("SkiKeyIdentifier" > ); > > *public* *static* *final* KeyIdentifier > *KeyIdentifier_X509KeyIdentifier* = *new* KeyIdentifier(" > X509KeyIdentifier"); > > *public* *static* *final* KeyIdentifier > *KeyIdentifier_X509SubjectName* = *new* KeyIdentifier("X509SubjectName"); > > *public* *static* *final* KeyIdentifier *KeyIdentifier_NoKeyInfo* = > *new* KeyIdentifier("NoKeyInfo"); > > *public* *static* *final* KeyIdentifier *KeyIdentifier_EncryptedKey* > = *new* KeyIdentifier("EncryptedKey"); > > > > In the StAX implementation, I can either choose *KeyIdentifier_IssuerSerial > *or *KeyIdentifier_X509SubutbjectName *but not both as we could with the > DOM code fragment above. > > > > The reason I ask is that we have a service provider who has stipulated a > strict format for the signature to be used when signing and sending data to > them > > > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <SignedInfo> > > <CanonicalizationMethod Algorithm="http://www.w3.org/ > TR/2001/REC-xml-c14n-20010315"/> > > <SignatureMethod Algorithm="http://www.w3.org/ > 2001/04/xmldsig-more#rsa-sha256"/> > > <Reference URI=""> > > <Transforms> > > <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped- > signature"/> > > <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> > > </Transforms> > > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> > > <DigestValue>xe/kONljHYOi5X1sw8AmgIjbHw/SX8zjAT98zpJahhI=</ > DigestValue> > > </Reference> > > </SignedInfo> > > <SignatureValue>7vdS9h04J/slnfUO1aoQ/RvbvWE=</SignatureValue> > > <KeyInfo> > > <X509Data> > > <X509SubjectName>CN=rsa0,OU=rtp,O=org,L=location,ST= > Unknown,C=</X509SubjectName> > > <X509IssuerSerial> > > <X509IssuerName>CN=sign0, OU=rtp, O=org, L=location, > ST=Unknown,C=</X509IssuerName> > > <X509SerialNumber>1328092436</X509SerialNumber> > > </X509IssuerSerial> > > </X509Data> > > </KeyInfo> > > </Signature> > > > > Regards > > Tony > "FINASTRA" is the trade name of the FINASTRA group of companies. This > email and any attachments have been scanned for known viruses using > multiple scanners. This email message is intended for the named recipient > only. It may be privileged and/or confidential. If you are not the named > recipient of this email please notify us immediately and do not copy it or > use it for any purpose, nor disclose its contents to any other person. This > email does not constitute the commencement of legal relations between you > and FINASTRA. Please refer to the executed contract between you and the > relevant member of the FINASTRA group for the identity of the contracting > party with which you are dealing. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
