Used to sign and verify exchanges using the XML signature specification.
| Name | Kind | Group | Required | Default | Type | Enum | Description |
|---|---|---|---|---|---|---|---|
| command | path | producer | true | org.apache.camel.component.xmlsecurity.XmlCommand | sign verify |
Whether to sign or verify. | |
| name | path | producer | true | java.lang.String | The name part in the URI can be chosen by the user to distinguish between different signer/verifier endpoints within the camel context. | ||
| baseUri | parameter | common | java.lang.String | You can set a base URI which is used in the URI dereferencing. Relative URIs are then concatenated with the base URI. @see XMLCryptoContext#setBaseURI(String) | |||
| clearHeaders | parameter | common | true | java.lang.Boolean | Determines if the XML signature specific headers be cleared after signing and verification. Defaults to true. | ||
| cryptoContextProperties | parameter | common | java.util.Map |
Sets the crypto context properties. See
{@link XMLCryptoContext#setProperty(String, Object)}. Possible properties
are defined in {@link XMLSignContext} an {@link XMLValidateContext} (see
Supported Properties).
The following properties are set by default to the value {@link Boolean#TRUE} for the XML validation. If you want to switch these features off you must set the property value to {@link Boolean#FALSE}.
|
|||
| disallowDoctypeDecl | parameter | common | true | java.lang.Boolean | Disallows that the incoming XML document contains DTD DOCTYPE declaration. The default value is {@link Boolean#TRUE}. @param disallowDoctypeDecl if set to {@link Boolean#FALSE} then DOCTYPE declaration is allowed, otherwise not | ||
| omitXmlDeclaration | parameter | common | false | java.lang.Boolean | Indicator whether the XML declaration in the outgoing message body should
be omitted. Default value is false. Can be overwritten by
the header {@link XmlSignatureConstants#HEADER_OMIT_XML_DECLARATION}. |
||
| outputXmlEncoding | parameter | common | java.lang.String | The character encoding of the resulting signed XML document. If
null then the encoding of the original XML document is used. |
|||
| schemaResourceUri | parameter | common | java.lang.String | Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header {@link XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI}. | |||
| bridgeErrorHandler | parameter | consumer | boolean | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN/ERROR level and ignored. | |||
| exceptionHandler | parameter | consumer (advanced) | org.apache.camel.spi.ExceptionHandler | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this options is not in use. By default the consumer will deal with exceptions, that will be logged at WARN/ERROR level and ignored. | |||
| exchangePattern | parameter | consumer (advanced) | org.apache.camel.ExchangePattern | InOnly RobustInOnly InOut InOptionalOut OutOnly RobustOutOnly OutIn OutOptionalIn |
Sets the exchange pattern when the consumer creates an exchange. | ||
| synchronous | parameter | advanced | false | boolean | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | ||
| uriDereferencer | parameter | advanced | javax.xml.crypto.URIDereferencer | If you want to restrict the remote access via reference URIs, you can set
an own dereferencer. Optional parameter. If not set the provider default
dereferencer is used which can resolve URI fragments, HTTP, file and
XPpointer URIs.
Attention: The implementation is provider dependent! @see XMLCryptoContext#setURIDereferencer(URIDereferencer) |
|||
| addKeyInfoReference | parameter | sign | true | java.lang.Boolean | In order to protect the KeyInfo element from tampering you can add a
reference to the signed info element so that it is protected via the
signature value. The default value is true.
Only relevant when a KeyInfo is returned by {@link KeyAccessor}. and
{@link KeyInfo#getId()} is not |
||
| canonicalizationMethod | parameter | sign | http://www.w3.org/TR/2001/REC-xml-c14n-20010315 | javax.xml.crypto.AlgorithmMethod | Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated.
You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm)
or getCanonicalizationMethod(String algorithm, List |
||
| contentObjectId | parameter | sign | java.lang.String | Sets the content object Id attribute value. By default a UUID is
generated. If you set the null value, then a new UUID will
be generated. Only used in the enveloping case. |
|||
| contentReferenceType | parameter | sign | java.lang.String | Type of the content reference. The default value is null.
This value can be overwritten by the header
{@link XmlSignatureConstants#HEADER_CONTENT_REFERENCE_TYPE}. |
|||
| contentReferenceUri | parameter | sign | java.lang.String | Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( {@link #setSchemaResourceUri(String)}) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case. | |||
| digestAlgorithm | parameter | sign | java.lang.String | Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: "http://www.w3.org/2001/04/xmlenc#sha256" | |||
| keyAccessor | parameter | sign | org.apache.camel.component.xmlsecurity.api.KeyAccessor | For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore. | |||
| parentLocalName | parameter | sign | java.lang.String | Local name of the parent element to which the XML signature element will
be added. Only relevant for enveloped XML signature. Alternatively you can
also use {@link #setParentXpath(XPathFilterParameterSpec)}.
Default value is
This parameter or the parameter {@link #setParentXpath(XPathFilterParameterSpec)} for enveloped signature and the parameter {@link #setXpathsToIdAttributes(List)} for detached signature must not be set in the same configuration. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. @param parentLocalName local name |
|||
| parentNamespace | parameter | sign | java.lang.String | Namespace of the parent element to which the XML signature element will be added. | |||
| parentXpath | parameter | sign | javax.xml.crypto.dsig.spec.XPathFilterParameterSpec | Sets the XPath to find the parent node in the enveloped case.
Either you specify the parent node via this method or the local name and namespace of the parent
with the methods {@link #setParentLocalName(String)} and {@link #setParentNamespace(String)}.
Default value is If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown. @param parentXpath xpath to the parent node, if the xpath returns several values then the first Element node is used |
|||
| plainText | parameter | sign | false | java.lang.Boolean | Indicator whether the message body contains plain text. The default value
is false, indicating that the message body contains XML. The
value can be overwritten by the header
{@link XmlSignatureConstants#HEADER_MESSAGE_IS_PLAIN_TEXT}. |
||
| plainTextEncoding | parameter | sign | UTF-8 | java.lang.String | Encoding of the plain text. Only relevant if the message body is plain text (see parameter {@link #plainText}. Default value is "UTF-8". | ||
| prefixForXmlSignatureNamespace | parameter | sign | ds | java.lang.String | Namespace prefix for the XML signature namespace
"http://www.w3.org/2000/09/xmldsig#". Default value is "ds".
If null or an empty value is set then no prefix is used for
the XML signature namespace.
See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces @param prefixForXmlSignatureNamespace prefix |
||
| properties | parameter | sign | org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties | For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. | |||
| signatureAlgorithm | parameter | sign | http://www.w3.org/2000/09/xmldsig#rsa-sha1 | java.lang.String | Signature algorithm. Default value is "http://www.w3.org/2000/09/xmldsig#rsa-sha1". | ||
| signatureId | parameter | sign | java.lang.String | Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to "" (empty string) then no Id attribute is created in the signature element. | |||
| transformMethods | parameter | sign | java.util.List |
Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. | |||
| xpathsToIdAttributes | parameter | sign | java.util.List |
Define the elements which are signed in the detached case via XPATH
expressions to ID attributes (attributes of type ID). For each element
found via the XPATH expression a detached signature is created whose
reference URI contains the corresponding attribute value (preceded by
'#'). The signature becomes the last sibling of the signed element.
Elements with deeper hierarchy level are signed first.
You can also set the XPATH list dynamically via the header {@link XmlSignatureConstants#HEADER_XPATHS_TO_ID_ATTRIBUTES}. The parameter {@link #setParentLocalName(String)} or {@link #setParentXpath(XPathFilterParameterSpec)} for enveloped signature and this parameter for detached signature must not be set in the same configuration. |
|||
| keySelector | parameter | verify | javax.xml.crypto.KeySelector | Provides the key for validating the XML signature. | |||
| outputNodeSearch | parameter | verify | java.lang.String | Sets the output node search value for determining the node from the XML signature document which shall be set to the output message body. The class of the value depends on the type of the output node search. The output node search is forwarded to {@link XmlSignature2Message}. | |||
| outputNodeSearchType | parameter | verify | Default | java.lang.String | Determines the search type for determining the output node which is serialized into the output message bodyF. See {@link #setOutputNodeSearch(Object)}. The supported default search types you can find in {@link DefaultXmlSignature2Message}. | ||
| removeSignatureElements | parameter | verify | false | java.lang.Boolean | Indicator whether the XML signature elements (elements with local name
"Signature" and namesapce ""http://www.w3.org/2000/09/xmldsig#"") shall
be removed from the document set to the output message. Normally, this is
only necessary, if the XML signature is enveloped. The default value is
{@link Boolean#FALSE}. This parameter is forwarded to
{@link XmlSignature2Message}.
This indicator has no effect if the output node search is of type {@link DefaultXmlSignature2Message#OUTPUT_NODE_SEARCH_TYPE_DEFAULT}.F |
||
| secureValidation | parameter | verify | true | java.lang.Boolean | Enables secure validation. If true then secure validation is enabled. | ||
| validationFailedHandler | parameter | verify | org.apache.camel.component.xmlsecurity.api.ValidationFailedHandler | Handles the different validation failed situations. The default implementation throws specific exceptions for the different situations (All exceptions have the package name org.apache.camel.component.xmlsecurity.api and are a sub-class of XmlSignatureInvalidException. If the signature value validation fails, a XmlSignatureInvalidValueException is thrown. If a reference validation fails, a XmlSignatureInvalidContentHashException is thrown. For more detailed information, see the JavaDoc. | |||
| xmlSignature2Message | parameter | verify | org.apache.camel.component.xmlsecurity.api.XmlSignature2Message | Bean which maps the XML signature to the output-message after the validation. How this mapping should be done can be configured by the options outputNodeSearchType, outputNodeSearch, and removeSignatureElements. The default implementation offers three possibilities which are related to the three output node search types "Default", "ElementName", and "XPath". The default implementation determines a node which is then serialized and set to the body of the output message If the search type is "ElementName" then the output node (which must be in this case an element) is determined by the local name and namespace defined in the search value (see option outputNodeSearch). If the search type is "XPath" then the output node is determined by the XPath specified in the search value (in this case the output node can be of type "Element", "TextNode" or "Document"). If the output node search type is "Default" then the following rules apply: In the enveloped XML signature case (there is a reference with URI="" and transform "http://www.w3.org/2000/09/xmldsig#enveloped-signature"), the incoming XML document without the Signature element is set to the output message body. In the non-enveloped XML signature case, the message body is determined from a referenced Object; this is explained in more detail in chapter "Output Node Determination in Enveloping XML Signature Case". | |||
| xmlSignatureChecker | parameter | verify | org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker | This interface allows the application to check the XML signature before the validation is executed. This step is recommended in http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed |