camel-xmlsecurity-sign-kafka-connector sink configuration

Connector Description: Sign XML payloads using the XML signature specification.

When using camel-xmlsecurity-sign-kafka-connector as sink make sure to use the following Maven dependency to have support for the connector:

<dependency>
  <groupId>org.apache.camel.kafkaconnector</groupId>
  <artifactId>camel-xmlsecurity-sign-kafka-connector</artifactId>
  <version>x.x.x</version>
  <!-- use the same version as your Camel Kafka connector version -->
</dependency>

To use this Sink connector in Kafka connect you’ll need to set the following connector.class

connector.class=org.apache.camel.kafkaconnector.xmlsecuritysign.CamelXmlsecuritysignSinkConnector

The camel-xmlsecurity-sign sink connector supports 57 options, which are listed below.

Name Description Default Required Priority

camel.sink.path.name

The name part in the URI can be chosen by the user to distinguish between different signer endpoints within the camel context.

null

true

HIGH

camel.sink.endpoint.addKeyInfoReference

In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true. Only relevant when a KeyInfo is returned by KeyAccessor. and KeyInfo#getId() is not null.

"true"

false

MEDIUM

camel.sink.endpoint.baseUri

You can set a base URI which is used in the URI dereferencing. Relative URIs are then concatenated with the base URI.

null

false

MEDIUM

camel.sink.endpoint.canonicalizationMethod

Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List inclusiveNamespacePrefixes) to create a canonicalization method.

"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

false

MEDIUM

camel.sink.endpoint.clearHeaders

Determines if the XML signature specific headers be cleared after signing and verification. Defaults to true.

"true"

false

MEDIUM

camel.sink.endpoint.contentObjectId

Sets the content object Id attribute value. By default a UUID is generated. If you set the null value, then a new UUID will be generated. Only used in the enveloping case.

null

false

MEDIUM

camel.sink.endpoint.contentReferenceType

Type of the content reference. The default value is null. This value can be overwritten by the header XmlSignatureConstants#HEADER_CONTENT_REFERENCE_TYPE.

null

false

MEDIUM

camel.sink.endpoint.contentReferenceUri

Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( setSchemaResourceUri(String)) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case.

null

false

MEDIUM

camel.sink.endpoint.cryptoContextProperties

Sets the crypto context properties. See {link XMLCryptoContext#setProperty(String, Object)}. Possible properties are defined in XMLSignContext an XMLValidateContext (see Supported Properties). The following properties are set by default to the value Boolean#TRUE for the XML validation. If you want to switch these features off you must set the property value to Boolean#FALSE. org.jcp.xml.dsig.validateManifests javax.xml.crypto.dsig.cacheReference

null

false

MEDIUM

camel.sink.endpoint.digestAlgorithm

Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: http://www.w3.org/2001/04/xmlenc#sha256

null

false

MEDIUM

camel.sink.endpoint.disallowDoctypeDecl

Disallows that the incoming XML document contains DTD DOCTYPE declaration. The default value is Boolean#TRUE.

"true"

false

MEDIUM

camel.sink.endpoint.keyAccessor

For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore.

null

false

MEDIUM

camel.sink.endpoint.lazyStartProducer

Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.

false

false

MEDIUM

camel.sink.endpoint.omitXmlDeclaration

Indicator whether the XML declaration in the outgoing message body should be omitted. Default value is false. Can be overwritten by the header XmlSignatureConstants#HEADER_OMIT_XML_DECLARATION.

"false"

false

MEDIUM

camel.sink.endpoint.outputXmlEncoding

The character encoding of the resulting signed XML document. If null then the encoding of the original XML document is used.

null

false

MEDIUM

camel.sink.endpoint.parentLocalName

Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also use setParentXpath(XPathFilterParameterSpec). Default value is null. The value must be null for enveloping and detached XML signature. This parameter or the parameter setParentXpath(XPathFilterParameterSpec) for enveloped signature and the parameter setXpathsToIdAttributes(List) for detached signature must not be set in the same configuration. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

null

false

MEDIUM

camel.sink.endpoint.parentNamespace

Namespace of the parent element to which the XML signature element will be added.

null

false

MEDIUM

camel.sink.endpoint.parentXpath

Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methods setParentLocalName(String) and setParentNamespace(String). Default value is null. The value must be null for enveloping and detached XML signature. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

null

false

MEDIUM

camel.sink.endpoint.plainText

Indicator whether the message body contains plain text. The default value is false, indicating that the message body contains XML. The value can be overwritten by the header XmlSignatureConstants#HEADER_MESSAGE_IS_PLAIN_TEXT.

"false"

false

MEDIUM

camel.sink.endpoint.plainTextEncoding

Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is UTF-8.

"UTF-8"

false

MEDIUM

camel.sink.endpoint.prefixForXmlSignatureNamespace

Namespace prefix for the XML signature namespace http://www.w3.org/2000/09/xmldsig#. Default value is ds. If null or an empty value is set then no prefix is used for the XML signature namespace. See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces

"ds"

false

MEDIUM

camel.sink.endpoint.properties

For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface.

null

false

MEDIUM

camel.sink.endpoint.schemaResourceUri

Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI.

null

false

MEDIUM

camel.sink.endpoint.signatureAlgorithm

Signature algorithm. Default value is http://www.w3.org/2000/09/xmldsig#rsa-sha1.

"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

false

MEDIUM

camel.sink.endpoint.signatureId

Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to (empty string) then no Id attribute is created in the signature element.

null

false

MEDIUM

camel.sink.endpoint.transformMethods

Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods.

null

false

MEDIUM

camel.sink.endpoint.xpathsToIdAttributes

Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first. You can also set the XPATH list dynamically via the header XmlSignatureConstants#HEADER_XPATHS_TO_ID_ATTRIBUTES. The parameter setParentLocalName(String) or setParentXpath(XPathFilterParameterSpec) for enveloped signature and this parameter for detached signature must not be set in the same configuration.

null

false

MEDIUM

camel.sink.endpoint.uriDereferencer

If you want to restrict the remote access via reference URIs, you can set an own dereferencer. Optional parameter. If not set the provider default dereferencer is used which can resolve URI fragments, HTTP, file and XPpointer URIs. Attention: The implementation is provider dependent!

null

false

MEDIUM

camel.component.xmlsecurity-sign.addKeyInfo Reference

In order to protect the KeyInfo element from tampering you can add a reference to the signed info element so that it is protected via the signature value. The default value is true. Only relevant when a KeyInfo is returned by KeyAccessor. and KeyInfo#getId() is not null.

"true"

false

MEDIUM

camel.component.xmlsecurity-sign.baseUri

You can set a base URI which is used in the URI dereferencing. Relative URIs are then concatenated with the base URI.

null

false

MEDIUM

camel.component.xmlsecurity-sign.canonicalization Method

Canonicalization method used to canonicalize the SignedInfo element before the digest is calculated. You can use the helper methods XmlSignatureHelper.getCanonicalizationMethod(String algorithm) or getCanonicalizationMethod(String algorithm, List inclusiveNamespacePrefixes) to create a canonicalization method.

"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

false

MEDIUM

camel.component.xmlsecurity-sign.clearHeaders

Determines if the XML signature specific headers be cleared after signing and verification. Defaults to true.

"true"

false

MEDIUM

camel.component.xmlsecurity-sign.contentObjectId

Sets the content object Id attribute value. By default a UUID is generated. If you set the null value, then a new UUID will be generated. Only used in the enveloping case.

null

false

MEDIUM

camel.component.xmlsecurity-sign.contentReference Type

Type of the content reference. The default value is null. This value can be overwritten by the header XmlSignatureConstants#HEADER_CONTENT_REFERENCE_TYPE.

null

false

MEDIUM

camel.component.xmlsecurity-sign.contentReference Uri

Reference URI for the content to be signed. Only used in the enveloped case. If the reference URI contains an ID attribute value, then the resource schema URI ( setSchemaResourceUri(String)) must also be set because the schema validator will then find out which attributes are ID attributes. Will be ignored in the enveloping or detached case.

null

false

MEDIUM

camel.component.xmlsecurity-sign.cryptoContext Properties

Sets the crypto context properties. See {link XMLCryptoContext#setProperty(String, Object)}. Possible properties are defined in XMLSignContext an XMLValidateContext (see Supported Properties). The following properties are set by default to the value Boolean#TRUE for the XML validation. If you want to switch these features off you must set the property value to Boolean#FALSE. org.jcp.xml.dsig.validateManifests javax.xml.crypto.dsig.cacheReference

null

false

MEDIUM

camel.component.xmlsecurity-sign.digestAlgorithm

Digest algorithm URI. Optional parameter. This digest algorithm is used for calculating the digest of the input message. If this digest algorithm is not specified then the digest algorithm is calculated from the signature algorithm. Example: http://www.w3.org/2001/04/xmlenc#sha256

null

false

MEDIUM

camel.component.xmlsecurity-sign.disallowDoctype Decl

Disallows that the incoming XML document contains DTD DOCTYPE declaration. The default value is Boolean#TRUE.

"true"

false

MEDIUM

camel.component.xmlsecurity-sign.keyAccessor

For the signing process, a private key is necessary. You specify a key accessor bean which provides this private key. The key accessor bean must implement the KeyAccessor interface. The package org.apache.camel.component.xmlsecurity.api contains the default implementation class DefaultKeyAccessor which reads the private key from a Java keystore.

null

false

MEDIUM

camel.component.xmlsecurity-sign.lazyStartProducer

Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.

false

false

MEDIUM

camel.component.xmlsecurity-sign.omitXml Declaration

Indicator whether the XML declaration in the outgoing message body should be omitted. Default value is false. Can be overwritten by the header XmlSignatureConstants#HEADER_OMIT_XML_DECLARATION.

"false"

false

MEDIUM

camel.component.xmlsecurity-sign.outputXmlEncoding

The character encoding of the resulting signed XML document. If null then the encoding of the original XML document is used.

null

false

MEDIUM

camel.component.xmlsecurity-sign.parentLocalName

Local name of the parent element to which the XML signature element will be added. Only relevant for enveloped XML signature. Alternatively you can also use setParentXpath(XPathFilterParameterSpec). Default value is null. The value must be null for enveloping and detached XML signature. This parameter or the parameter setParentXpath(XPathFilterParameterSpec) for enveloped signature and the parameter setXpathsToIdAttributes(List) for detached signature must not be set in the same configuration. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

null

false

MEDIUM

camel.component.xmlsecurity-sign.parentNamespace

Namespace of the parent element to which the XML signature element will be added.

null

false

MEDIUM

camel.component.xmlsecurity-sign.parentXpath

Sets the XPath to find the parent node in the enveloped case. Either you specify the parent node via this method or the local name and namespace of the parent with the methods setParentLocalName(String) and setParentNamespace(String). Default value is null. The value must be null for enveloping and detached XML signature. If the parameters parentXpath and parentLocalName are specified in the same configuration then an exception is thrown.

null

false

MEDIUM

camel.component.xmlsecurity-sign.plainText

Indicator whether the message body contains plain text. The default value is false, indicating that the message body contains XML. The value can be overwritten by the header XmlSignatureConstants#HEADER_MESSAGE_IS_PLAIN_TEXT.

"false"

false

MEDIUM

camel.component.xmlsecurity-sign.plainTextEncoding

Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is UTF-8.

"UTF-8"

false

MEDIUM

camel.component.xmlsecurity-sign.prefixForXml SignatureNamespace

Namespace prefix for the XML signature namespace http://www.w3.org/2000/09/xmldsig#. Default value is ds. If null or an empty value is set then no prefix is used for the XML signature namespace. See best practice http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces

"ds"

false

MEDIUM

camel.component.xmlsecurity-sign.properties

For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface.

null

false

MEDIUM

camel.component.xmlsecurity-sign.schemaResourceUri

Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI.

null

false

MEDIUM

camel.component.xmlsecurity-sign.signature Algorithm

Signature algorithm. Default value is http://www.w3.org/2000/09/xmldsig#rsa-sha1.

"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

false

MEDIUM

camel.component.xmlsecurity-sign.signatureId

Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to (empty string) then no Id attribute is created in the signature element.

null

false

MEDIUM

camel.component.xmlsecurity-sign.transformMethods

Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods.

null

false

MEDIUM

camel.component.xmlsecurity-sign.xpathsToId Attributes

Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first. You can also set the XPATH list dynamically via the header XmlSignatureConstants#HEADER_XPATHS_TO_ID_ATTRIBUTES. The parameter setParentLocalName(String) or setParentXpath(XPathFilterParameterSpec) for enveloped signature and this parameter for detached signature must not be set in the same configuration.

null

false

MEDIUM

camel.component.xmlsecurity-sign.autowiredEnabled

Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc.

true

false

MEDIUM

camel.component.xmlsecurity-sign.signer Configuration

To use a shared XmlSignerConfiguration configuration to use as base for configuring endpoints.

null

false

MEDIUM

camel.component.xmlsecurity-sign.uriDereferencer

If you want to restrict the remote access via reference URIs, you can set an own dereferencer. Optional parameter. If not set the provider default dereferencer is used which can resolve URI fragments, HTTP, file and XPpointer URIs. Attention: The implementation is provider dependent!

null

false

MEDIUM

The camel-xmlsecurity-sign sink connector has no converters out of the box.

The camel-xmlsecurity-sign sink connector has no transforms out of the box.

The camel-xmlsecurity-sign sink connector has no aggregation strategies out of the box.