Hello,
I want to contribute a new component for XML Digital Signature. There shall be two endpoints; the signer endpoint shall sign the body of the in-message and create an XML digital signature in the out-message, the verifier endpoint shall verify the XML signature contained in the body of the in-message and return the signed content in the body of the out-message. The implementation shall be based on the JRE API for XML Digital Signature (http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/overview.html) which fulfills the requirements of the XML signature specification (http://www.w3.org/TR/xmldsig-core/). The first version shall support · RSA and DSA keys · enveloping signatures · X509Certificate element as children of the KeyInfo element · the canonicalization algorithms o http://www.w3.org/TR/2001/REC-xml-c14n-20010315 o http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments o http://www.w3.org/2001/10/xml-exc-c14n#"; (needs inclusive namespace prefix list, we should not support this algorithm in the first implementation) o http://www.w3.org/2001/10/xml-exc-c14n#WithComments · the transform algorithms o <all cononicalization algorithms> o http://www.w3.org/2000/09/xmldsig#base64 I have a few questions about the contribution: · Schall I add the new code to the maven project with <groupId>org.apache.camel</groupId> and <artifactId>camel-crypto</artifactId>? · There is already a crypto component for signing and verifying non-XML messages (http://camel.apache.org/crypto-digital-signatures.html). o Shall I add the new endpoints to this component, like § crypto:signxml://<name>?<parameters> § crypto:verfyxml://<name>?<parameters> o or shall I create a new component “cryptoxml”? · Shall I add the classes to the package org.apache.camel.component.crypto ? Regards Franz
