...
There are options which can be used for both endpoints, signer and verifier.
...
class | confluenceTableSmall |
---|
Name | Type | Default | Description |
---|---|---|---|
uriDereferencer | null | URI dereferencer. You can specify here your own URI dereferencer, if you want to restrict the dereferencing or have special requirements for dereferencing. | |
baseUri | String | null | Base URI used in the URI dereferencer. Relative URIs are concatenated with the base URI. |
cryptoContextProperties | Map<String, ? extends Object> | null | Crypto context properties. See |
disallowDoctypeDecl | Boolean | Boolean.TRUE | Indicator whether DTD DOCTYPE declarations shall be disallowed in the incoming XML message. |
omitXmlDeclaration | Boolean | Boolean.FALSE | Indicator whether the XML declaration header shall be omitted in the output XML message. |
clearHeaders | Boolean | Boolean.TRUE | Indicator whether the XML signature message headers defined in XmlSignatureConstants shall be deleted at the end of the signer or verifier processing. |
schemaResourceUri | String | null | Since 2.14.0. Classpath to the XML Schema file. If set then the XML document is validated against the XML schema. Must be set in the case of detached signatures in order to determine the attributes of type ID. This value can be overwritten by the header "CamelXmlSignatureSchemaResourceUri ". For further information, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements". |
outputXmlEncoding | String | null | Since 2.15.0. Character encoding of the output XML document. If null then UTF-8 is used. |
...
The signer endpoint has the following options.
...
Name | Type | Default | Description |
---|---|---|---|
keyAccessor | null | Provides the signing key and the KeyInfo instance. There is an example implementation which uses a keystore, see DefaultKeyAccessor | |
addKeyInfoReference | Boolean | Boolean.TRUE | Indicator whether a Reference element refering the KeyInfo element provided by the key accessor should be added to the XML signature. |
signatureAlgorithm | String | signature algorithm consisting of a digest and encryption algorithm. The digest algorithm is used to calculate the digest of the SignedInfo element and the encryption algorithm is used to sign this digest. Possible values: http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | |
digestAlgorithm | String | see description | Digest algorithm for calculating the digest of the in-message body. If not specified then the digest algorithm of the signature algorithm is used. Possible values: http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 |
parentLocalName | String | null | Local name of the parent of the Signature element. The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. If this option and the option |
parentNamespace | String | null | Namespace of the parent of the Signature element. See option |
parentXpath | StringXPathFilterParameterSpec | null | Since 2.15.0. XPath to the parent of the Signature element. The Signature element will be added at the end of the children of the parent. Necessary for enveloped XML signature. If this option and the option parentLocalName are null, then an enveloping XML signature is created. Alternatively you can specify the parent via the option parentLocalName. Example: /p1:root/SecurityItem[last()] This example will select the last sibling with the name SecurityItem . Such kind of selection is not possible with the option parentLocalName . |
canonicalizationMethod | C14n | Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List<String> inclusiveNamespacePrefixes) to create a canonicalization method. | |
transformMethods | List<javax.xml.crypto.AlgorithmMethod> | see description | Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option |
prefixForXmlSignatureNamespace | String | ds | Prefix for the XML signature namespace. If |
contentReferenceUri | String | see description | The URI of the reference to the signed content (in-message body). If |
contentReferenceType | String | null | Value of the type attribute of the content reference. This value can be overwritten by the header " |
plainText | Boolean | Boolean.FALSE | Indicator whether the in-message body contains plain text. Normally, the signature generator treats the incoming message body as XML. If the message body is plain text, then you must set this option to |
plainTextEncoding | String | null | Only used when the option |
properties | null | For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. | |
contentObjectId | String | null | Value of the Id attribute of the Object element. Only used in the enveloping XML signature case. If |
xpathsToIdAttributes | List<XPathFilterParameterSpec> | empty list | Since 2.14.0. List of XPATH expressions to ID attributes of elements to be signed. Used for the detached XML Signatures. Can only be used in combination with the option schemaResourceUri . The value can be overwritten by the header "CamelXmlSignatureXpathsToIdAttributes ". If the option parentLocalNam e is set at the same time then an exception is thrown. The class XPathFilterParameterSpec has the package javax.xml.crypto.dsig.spec . For further information, see sub-chapter "Detached XML Signatures as Siblings of the Signed Elements". |
signatureId | String | null | Since 2.14.0. Value of the Id attribute of the Signature element. If null then a unique Id is generated. If the value is the empty string ("") then no Id attribute is added to the Signature element. |
...
The verifier endpoint has the following options.
...
Name | Type | Default | Description |
---|---|---|---|
keySelector | null | Provides the key for validating the XML signature. There is an example implementation which uses a keystore, see DefaultKeySelector. | |
xmlSignatureChecker | null | This interface allows the application to check the XML signature before the validation is executed. This step is recommended in http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed | |
validationFailedHandler | Handles the different validation failed situations. The default implementation throws specific exceptions for the different situations (All exceptions have the package name | ||
xmlSignature2Message | Bean which maps the XML signature to the ouput-message after the validation. How this mapping should be done can be configured by the options | ||
outputNodeSearchType | String | "Default" | Determines the type of the search of the output node. See option |
outputNodeSearch | Object | null | Search value of the output node search. The type depends on the search type. For the default search implementation |
removeSignatureElements | Boolean | Boolean.FALSE | Indicator for removing Signature elements in the output message in the enveloped XML signature case. Used in the |
secureValidation | Boolean | Boolean.TRUE | Enables secure validation. If true then secure validation is enabled - see here for more information. |
...