Class XmlSignerConfiguration
- java.lang.Object
-
- org.apache.camel.component.xmlsecurity.processor.XmlSignatureConfiguration
-
- org.apache.camel.component.xmlsecurity.processor.XmlSignerConfiguration
-
- All Implemented Interfaces:
Cloneable
@UriParams public class XmlSignerConfiguration extends XmlSignatureConfiguration
-
-
Constructor Summary
Constructors Constructor Description XmlSignerConfiguration()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description XmlSignerConfiguration
copy()
Boolean
getAddKeyInfoReference()
AlgorithmMethod
getCanonicalizationMethod()
String
getContentObjectId()
String
getContentReferenceType()
String
getContentReferenceUri()
String
getDigestAlgorithm()
KeyAccessor
getKeyAccessor()
String
getParentLocalName()
String
getParentNamespace()
XPathFilterParameterSpec
getParentXpath()
Boolean
getPlainText()
String
getPlainTextEncoding()
String
getPrefixForXmlSignatureNamespace()
XmlSignatureProperties
getProperties()
String
getSignatureAlgorithm()
String
getSignatureId()
List<AlgorithmMethod>
getTransformMethods()
List<XPathFilterParameterSpec>
getXpathsToIdAttributes()
void
setAddKeyInfoReference(Boolean addKeyInfoReference)
In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value.void
setCanonicalizationMethod(AlgorithmMethod canonicalizationMethod)
Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated.void
setContentObjectId(String contentObjectId)
Sets the content object Id attribute value.void
setContentReferenceType(String referenceType)
Type of the content reference.void
setContentReferenceUri(String referenceUri)
Reference URI for the content to be signed.void
setDigestAlgorithm(String digestAlgorithm)
Digest algorithm URI.void
setKeyAccessor(KeyAccessor keyAccessor)
For the signing process, a private key is necessary.void
setParentLocalName(String parentLocalName)
Local name of the parent element to which the XML signature element will be added.void
setParentNamespace(String parentNamespace)
Namespace of the parent element to which the XML signature element will be added.void
setParentXpath(XPathFilterParameterSpec parentXpath)
Sets the XPath to find the parent node in the enveloped case.void
setPlainText(Boolean plainText)
Indicator whether the message body contains plain text.void
setPlainTextEncoding(String plainTextEncoding)
Encoding of the plain text.void
setPrefixForXmlSignatureNamespace(String prefixForXmlSignatureNamespace)
Namespace prefix for the XML signature namespace "http://www.w3.org/2000/09/xmldsig#".void
setProperties(XmlSignatureProperties properties)
For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface.void
setSignatureAlgorithm(String signatureAlgorithm)
Signature algorithm.void
setSignatureId(String signatureId)
Sets the signature Id.void
setTransformMethods(List<AlgorithmMethod> transformMethods)
Transforms which are executed on the message body before the digest is calculated.void
setXpathsToIdAttributes(List<XPathFilterParameterSpec> xpathsToIdAttributes)
Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID).-
Methods inherited from class org.apache.camel.component.xmlsecurity.processor.XmlSignatureConfiguration
getBaseUri, getClearHeaders, getCryptoContextProperties, getDisallowDoctypeDecl, getOmitXmlDeclaration, getOutputXmlEncoding, getSchemaResourceUri, getUriDereferencer, setBaseUri, setClearHeaders, setCryptoContextProperties, setDisallowDoctypeDecl, setOmitXmlDeclaration, setOutputXmlEncoding, setSchemaResourceUri, setUriDereferencer
-
-
-
-
Method Detail
-
copy
public XmlSignerConfiguration copy()
-
getKeyAccessor
public KeyAccessor getKeyAccessor()
-
setKeyAccessor
public void setKeyAccessor(KeyAccessor keyAccessor)
For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore.
-
getCanonicalizationMethod
public AlgorithmMethod getCanonicalizationMethod()
-
setCanonicalizationMethod
public void setCanonicalizationMethod(AlgorithmMethod canonicalizationMethod)
Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, ListinclusiveNamespacePrefixes) to create a canonicalization method.
-
getTransformMethods
public List<AlgorithmMethod> getTransformMethods()
-
setTransformMethods
public void setTransformMethods(List<AlgorithmMethod> transformMethods)
Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods.
-
getSignatureAlgorithm
public String getSignatureAlgorithm()
-
setSignatureAlgorithm
public void setSignatureAlgorithm(String signatureAlgorithm)
Signature algorithm. Default value is "http://www.w3.org/2000/09/xmldsig#rsa-sha1".
-
getDigestAlgorithm
public String getDigestAlgorithm()
-
setDigestAlgorithm
public void setDigestAlgorithm(String digestAlgorithm)
Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: "http://www.w3.org/2001/04/xmlenc#sha256"
-
getAddKeyInfoReference
public Boolean getAddKeyInfoReference()
-
setAddKeyInfoReference
public void setAddKeyInfoReference(Boolean addKeyInfoReference)
In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true.Only relevant when a KeyInfo is returned by
KeyAccessor
. andKeyInfo.getId()
is notnull
.
-
getPrefixForXmlSignatureNamespace
public String getPrefixForXmlSignatureNamespace()
-
setPrefixForXmlSignatureNamespace
public void setPrefixForXmlSignatureNamespace(String prefixForXmlSignatureNamespace)
Namespace prefix for the XML signature namespace "http://www.w3.org/2000/09/xmldsig#". Default value is "ds". Ifnull
or an empty value is set then no prefix is used for the XML signature namespace.See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces
- Parameters:
prefixForXmlSignatureNamespace
- prefix
-
getParentLocalName
public String getParentLocalName()
-
setParentLocalName
public void setParentLocalName(String parentLocalName)
Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also usesetParentXpath(XPathFilterParameterSpec)
.Default value is
null
. The value must benull
for enveloping and detached XML signature.This parameter or the parameter
setParentXpath(XPathFilterParameterSpec)
for enveloped signature and the parametersetXpathsToIdAttributes(List)
for detached signature must not be set in the same configuration.If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.
- Parameters:
parentLocalName
- local name
-
getParentNamespace
public String getParentNamespace()
-
setParentNamespace
public void setParentNamespace(String parentNamespace)
Namespace of the parent element to which the XML signature element will be added.
-
getContentObjectId
public String getContentObjectId()
-
setContentObjectId
public void setContentObjectId(String contentObjectId)
Sets the content object Id attribute value. By default a UUID is generated. If you set thenull
value, then a new UUID will be generated. Only used in the enveloping case.
-
getSignatureId
public String getSignatureId()
-
setSignatureId
public void setSignatureId(String signatureId)
Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to "" (empty string) then no Id attribute is created in the signature element.
-
getContentReferenceUri
public String getContentReferenceUri()
-
setContentReferenceUri
public void setContentReferenceUri(String referenceUri)
Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI (XmlSignatureConfiguration.setSchemaResourceUri(String)
) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case.
-
getContentReferenceType
public String getContentReferenceType()
-
setContentReferenceType
public void setContentReferenceType(String referenceType)
Type of the content reference. The default value isnull
. This value can be overwritten by the headerXmlSignatureConstants.HEADER_CONTENT_REFERENCE_TYPE
.
-
getPlainText
public Boolean getPlainText()
-
setPlainText
public void setPlainText(Boolean plainText)
Indicator whether the message body contains plain text. The default value isfalse
, indicating that the message body contains XML. The value can be overwritten by the headerXmlSignatureConstants.HEADER_MESSAGE_IS_PLAIN_TEXT
.
-
getPlainTextEncoding
public String getPlainTextEncoding()
-
setPlainTextEncoding
public void setPlainTextEncoding(String plainTextEncoding)
Encoding of the plain text. Only relevant if the message body is plain text (see parameterplainText
. Default value is "UTF-8".
-
getProperties
public XmlSignatureProperties getProperties()
-
setProperties
public void setProperties(XmlSignatureProperties properties)
For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface.
-
getXpathsToIdAttributes
public List<XPathFilterParameterSpec> getXpathsToIdAttributes()
-
setXpathsToIdAttributes
public void setXpathsToIdAttributes(List<XPathFilterParameterSpec> xpathsToIdAttributes)
Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first.You can also set the XPATH list dynamically via the header
XmlSignatureConstants.HEADER_XPATHS_TO_ID_ATTRIBUTES
.The parameter
setParentLocalName(String)
orsetParentXpath(XPathFilterParameterSpec)
for enveloped signature and this parameter for detached signature must not be set in the same configuration.
-
getParentXpath
public XPathFilterParameterSpec getParentXpath()
-
setParentXpath
public void setParentXpath(XPathFilterParameterSpec parentXpath)
Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methodssetParentLocalName(String)
andsetParentNamespace(String)
.Default value is
null
. The value must benull
for enveloping and detached XML signature.If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.
- Parameters:
parentXpath
- xpath to the parent node, if the xpath returns several values then the first Element node is used
-
-