Hi Jack, the XML Signature component does not support the KeyInfo content you need. But what you could do is that you create the KeyInfo element on your own before you call the XML Signature component.
Then I think it is better to use enveloped Signature than the detached Signature mode. You have to provide an XSD for the total XML document with soapenv:Envelope as root element. And you can use the option "contentReferenceUri" to point to the element which should be signed. In your example above the value of the contentReferenceUri must be "#id-181AC833A9A23E3A2E14545684427885". See also the description of the option in http://camel.apache.org/xml-security-component.html Best Regards Franz On Wed, Feb 10, 2016 at 2:15 AM, Jack Ding <hding...@yahoo.com.invalid> wrote: > Thanks Claus, > My ultimate goal is to create a soap secure header with signature in it. I > am thinking to use detached mode plus referring the schemaResourceUri to the > schema "http://schemas.xmlsoap.org/soap/envelope/";. Now the problem seems to > be the location of x509 certificate, which needs to be in the > BinarySecurityToken element and referenced by SecurityTokenReference in the > KeyInfo. > Could you advise if the current camel-xmlsecurity supports this kind of soap > secure header? If so, could you check if my above approach is feasible? > For example, below is the format of the secure soap header we need. > <soapenv:Envelope > xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:ser="http://webservices.cashedge.com/services"; > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> > <wsse:Security soapenv:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsse:BinarySecurityToken > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > > wsu:Id="X509-181AC833A9A23E3A2E145461038308455">MIIE4jCCA8qgAwIBAg...</wsse:BinarySecurityToken> > <ds:Signature Id="SIG-181AC833A9A23E3A2E145461038308458" > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="oas ser soapenv" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:CanonicalizationMethod> <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI="#id-181AC833A9A23E3A2E14545684427885"> > <ds:Transforms> <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="oas ser" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transform> </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>cermnLLbtJrCVJ2wtmj4OmFOD3M=</ds:DigestValue> > </ds:Reference> </ds:SignedInfo> > <ds:SignatureValue>nrBdXPCD9PHkPe....p+icdOcQ==</ds:SignatureValue> > <ds:KeyInfo Id="KI-181AC833A9A23E3A2E145461038308456"> > <wsse:SecurityTokenReference wsu:Id="STR-181AC833A9A23E3A2E145461038308457"> > <wsse:Reference URI="#X509-181AC833A9A23E3A2E145461038308455" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> > </wsse:SecurityTokenReference> </ds:KeyInfo> > </ds:Signature> <wsu:Timestamp > wsu:Id="TS-181AC833A9A23E3A2E145461038306854"> > <wsu:Created>2016-02-04T18:26:23Z</wsu:Created> > <wsu:Expires>2016-02-04T18:36:23Z</wsu:Expires> </wsu:Timestamp> > </wsse:Security> </soapenv:Header> <soapenv:Body > wsu:Id="id-181AC833A9A23E3A2E14545684427885" > ..... > </soapenv:Body></soapenv:Envelope> > Thanks in advance. > > > On Tuesday, February 9, 2016 1:01 AM, Claus Ibsen <claus.ib...@gmail.com> > wrote: > > > You need to put the test.xsd file together with your Camel application > so they are in the same OSGi bundle, so the classloder can find the > file. > > Look at some of the other osgi examples that are in the examples of Camel. > https://github.com/apache/camel/tree/master/examples > > On Tue, Feb 9, 2016 at 6:16 AM, Jack Ding <hding...@yahoo.com.invalid> wrote: >> Hello, >> >> I am testing the XML Security component according to the example from the >> camel-xmlsecurity website. For example the following producer refers to the >> Test.xsd: >> >> <to >> uri="xmlsecurity:sign://detached?keyAccessor=#keyAccessorBean&xpathsToIdAttributes=#xpathsToIdAttributesBean&schemaResourceUri=Test.xsd" >> /> >> >> I am testing this in the karaf and I have put the Test.xsd in the following >> folder: >> >> apache-karaf-2.3.11/instances/mytestinstance/ >> However I am getting this error: >> org.apache.camel.component.xmlsecurity.api.XmlSignatureException: XML >> Signature component is wrongly configured: No XML schema found for specified >> schema resource URI Test.xsd >> >> My camel version is 2.14.3. >> >> According to the document it is the classpath: >> schemaResourceUri: Since 2.14.0. Classpath to the XML Schema file.... >> >> Could anybody advise what the classpath exactly is and where I should I put >> the Test.xsd in Karaf container for xmlsecurity endpoint to access it? >> >> Thanks in advance >> > > > > -- > Claus Ibsen > ----------------- > http://davsclaus.com @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 > > >
