Package org.apache.camel.component.xmlsecurity.processor

Class XmlSignerConfiguration

    • Constructor Detail

      • XmlSignerConfiguration

        public XmlSignerConfiguration()

    • Method Detail

      • setKeyAccessor

        public void setKeyAccessor​(KeyAccessor keyAccessor)
        For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore.

      • getCanonicalizationMethod

        public AlgorithmMethod getCanonicalizationMethod()

      • setCanonicalizationMethod

        public void setCanonicalizationMethod​(AlgorithmMethod canonicalizationMethod)
        Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List inclusiveNamespacePrefixes) to create a canonicalization method.

      • setTransformMethods

        public void setTransformMethods​(List<AlgorithmMethod> transformMethods)
        Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods.

      • getSignatureAlgorithm

        public String getSignatureAlgorithm()

      • setSignatureAlgorithm

        public void setSignatureAlgorithm​(String signatureAlgorithm)
        Signature algorithm. Default value is "http://www.w3.org/2000/09/xmldsig#rsa-sha1".

      • getDigestAlgorithm

        public String getDigestAlgorithm()

      • setDigestAlgorithm

        public void setDigestAlgorithm​(String digestAlgorithm)
        Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: "http://www.w3.org/2001/04/xmlenc#sha256"

      • getAddKeyInfoReference

        public Boolean getAddKeyInfoReference()

      • setAddKeyInfoReference

        public void setAddKeyInfoReference​(Boolean addKeyInfoReference)
        In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true.

        Only relevant when a KeyInfo is returned by KeyAccessor. and KeyInfo.getId() is not null.

      • getPrefixForXmlSignatureNamespace

        public String getPrefixForXmlSignatureNamespace()

      • setPrefixForXmlSignatureNamespace

        public void setPrefixForXmlSignatureNamespace​(String prefixForXmlSignatureNamespace)
        Namespace prefix for the XML signature namespace "http://www.w3.org/2000/09/xmldsig#". Default value is "ds". If null or an empty value is set then no prefix is used for the XML signature namespace.

        See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces

        Parameters:
        prefixForXmlSignatureNamespace - prefix

      • getParentLocalName

        public String getParentLocalName()

      • setParentLocalName

        public void setParentLocalName​(String parentLocalName)
        Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also use setParentXpath(XPathFilterParameterSpec).

        Default value is null. The value must be null for enveloping and detached XML signature.

        This parameter or the parameter setParentXpath(XPathFilterParameterSpec) for enveloped signature and the parameter setXpathsToIdAttributes(List) for detached signature must not be set in the same configuration.

        If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

        Parameters:
        parentLocalName - local name

      • getParentNamespace

        public String getParentNamespace()

      • setParentNamespace

        public void setParentNamespace​(String parentNamespace)
        Namespace of the parent element to which the XML signature element will be added.

      • getContentObjectId

        public String getContentObjectId()

      • setContentObjectId

        public void setContentObjectId​(String contentObjectId)
        Sets the content object Id attribute value. By default a UUID is generated. If you set the null value, then a new UUID will be generated. Only used in the enveloping case.

      • getSignatureId

        public String getSignatureId()

      • setSignatureId

        public void setSignatureId​(String signatureId)
        Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to "" (empty string) then no Id attribute is created in the signature element.

      • getContentReferenceUri

        public String getContentReferenceUri()

      • setContentReferenceUri

        public void setContentReferenceUri​(String referenceUri)
        Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( XmlSignatureConfiguration.setSchemaResourceUri(String)) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case.

      • getContentReferenceType

        public String getContentReferenceType()

      • getPlainText

        public Boolean getPlainText()

      • setPlainText

        public void setPlainText​(Boolean plainText)
        Indicator whether the message body contains plain text. The default value is false, indicating that the message body contains XML. The value can be overwritten by the header XmlSignatureConstants.HEADER_MESSAGE_IS_PLAIN_TEXT.

      • getPlainTextEncoding

        public String getPlainTextEncoding()

      • setPlainTextEncoding

        public void setPlainTextEncoding​(String plainTextEncoding)
        Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is "UTF-8".

      • setProperties

        public void setProperties​(XmlSignatureProperties properties)
        For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface.

      • setXpathsToIdAttributes

        public void setXpathsToIdAttributes​(List<XPathFilterParameterSpec> xpathsToIdAttributes)
        Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first.

        You can also set the XPATH list dynamically via the header XmlSignatureConstants.HEADER_XPATHS_TO_ID_ATTRIBUTES.

        The parameter setParentLocalName(String) or setParentXpath(XPathFilterParameterSpec) for enveloped signature and this parameter for detached signature must not be set in the same configuration.

      • setParentXpath

        public void setParentXpath​(XPathFilterParameterSpec parentXpath)
        Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methods setParentLocalName(String) and setParentNamespace(String).

        Default value is null. The value must be null for enveloping and detached XML signature.

        If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

        Parameters:
        parentXpath - xpath to the parent node, if the xpath returns several values then the first Element node is used