|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.xml.dsig.XMLSignature
This class builds and stores XML Signatures.
XML Signatures are applied to arbitrary digital content data (data objects)
via an indirection. Data objects are digested; the resulting value is
placed in an element and that element is then digested and
cryptographically signed. Enveloped or enveloping signatures are over data
within the same XML document as the signature. Detached signatures are
over data external to the signature element.
XML digital signatures are represented by the Signature element which has
the following structure. The following conventions are used:
"?
" denotes
zero or one occurrence; "+
"
denotes one or more occurrences; and "*
"
denotes zero or more occurrences.
< Signature > < SignedInfo > (CanonicalizationMethod)? (SignatureMethod) (< Reference (URI=)? > (Transforms)? (DigestMethod) (DigestValue) < /Reference >)+ < /SignedInfo > (SignatureValue) (keyInfo)? (Object)* < /Signature > |
See Also
Field Summary |
|
static String |
DEFAULT_DIGEST_ALGORITHM
MD5 is not recommended for XML signatures. |
static String |
DEFAULT_MAC_ALGORITHM
The default MAC algorithm HMAC-SHA1 is used. |
static String |
DEFAULT_XML_NAMESPACE
The default XML namespace. |
static int |
DETACHED_SIGNATURE
Specifies that the signature is detached: the signature is over content external to the signature element. |
static String |
DSA_SIGNATURE_ALGORITHM
The DSAwithSHA1 signature algorithm. |
static int |
ENVELOPED_SIGNATURE
Specifies that the signature is enveloped: the signature is over XML content that contains the signature as an element. |
static int |
ENVELOPING_SIGNATURE
Specifies that the signature is enveloping: the signature is over content found within an Object element of the signature itself. |
boolean |
foundET
A flag to track the existence of the enveloped signature transform in
any given |
static String |
RSA_SIGNATURE_ALGORITHM
The RSAwithSHA1 signature algorithm. |
static int |
SIGNATURE_MASK
Indicates which bits of the signature to check. |
static String[] |
SUPPORTED_DIGEST_ALGORITHMS
All supported digest algorithms. |
static String[] |
SUPPORTED_MAC_ALGORITHMS
All supported MAC algorithms. |
static String[] |
SUPPORTED_SIGNATURE_ALGORITHMS
All supported signature algorithms. |
static String[] |
SUPPORTED_XML_NAMESPACES
All supported XML namespace values. |
boolean |
useTemplate
Internal member, do not use |
Constructor Summary |
|
XMLSignature()
Creates an empty |
|
XMLSignature(File file)
Constructs an instance of |
|
XMLSignature(InputStream inputStream)
Constructs an instance of |
|
XMLSignature(String fileName)
Constructs an instance of |
Method Summary |
|
void |
addKeyInfo(KeyInfo keyInfo)
Adds the given |
void |
addReference(Reference reference)
Adds a |
void |
addXMLObject(org.w3c.dom.Element xmlObject)
Adds the given |
byte[] |
generateSignedInfo()
Creates an incomplete Signature element (with an empty SignatureValue element or no SignatureValue element) in the document and returns the canonicalized SignedInfo value. |
getCanonicalizationMethod()
Returns the canonicalization method. |
|
byte[] |
getCanonicalizedSignedInfo()
Calculates the canonicalized value of an existing SignedInfo element. |
org.w3c.dom.Document |
getDocument()
Returns the |
int |
getFlags()
Gets the current state of internal behavior flags. |
int |
getHMACOutputLen()
Returns the HMAC output length, in bits, as an integer. |
KeyInfo[] |
getKeyInfos()
Returns the |
getNamespacePrefix()
Returns the prefix of the signature as a |
|
getReferences()
Returns the references. |
|
org.w3c.dom.Element |
getSignatureElement()
Returns the signature element containing all the information of this XMLSignature object to the passed in value. |
getSignatureID()
Returns the ID of the signature as a |
|
getSignatureMethod()
Returns the signature method. |
|
int |
getSignatureType()
Returns the signature type as an integer value. |
byte[] |
getSignatureValue()
Returns the signature value as a |
getVerifyingCert()
Retrieves the certificate used to verify the signature. |
|
getXMLNamespace()
Returns the xml namespace as a string. |
|
org.w3c.dom.Element |
getXMLObjectByID(String ID)
Retrieves the |
org.w3c.dom.Element[] |
getXMLObjects()
Returns the |
void |
includeCommentsForXPointer(boolean commentXPointer)
Sets the boolean to indicate if comment nodes should be removed while processing XPointer or not. |
void |
setCanonicalizationMethod(String c14nMethod)
Sets the canonicalization method to c14nMethod. |
void |
setCertificates(Certificate[] certs)
Sets the certificates, which contain the key information to use
for verification, by assigning the certificate
list in this |
void |
setDocument(org.w3c.dom.Document document)
Sets the |
void |
setDocument(org.w3c.dom.Document document,
boolean useTemplate)
Sets the |
void |
setFlags(int flags)
Sets the internal behavior flags to the specified flag values. |
void |
setHMACOutputLen(int length)
Sets the HMAC output length, in bits, to the given value. |
void |
setKey(com.rsa.jsafe.JSAFE_PublicKey key)
Sets the verification key to the given value. |
void |
setKeyInfos(KeyInfo[] keyInfos)
Sets the keyInfos of this |
void |
setNamespacePrefix(String prefix)
Sets the prefix of this signature to prefix. |
void |
setReferences(Reference[] references)
Sets the |
void |
setSignatureElement(org.w3c.dom.Element sigElement)
Sets the signature element containing all the information of this
|
void |
setSignatureID(String Id)
Sets the ID of this signature to Id. |
void |
setSignatureMethod(String signatureMethod)
Sets the signature method to signatureMethod. |
void |
setSignatureType(int type)
Sets the signature type to type. |
void |
setSignatureValue(byte[] signature)
Sets the signatureValue of this |
void |
setSignatureValueElement(byte[] newSignatureValue)
Sets the SignatureValue element to the value specified by newSignatureValue. |
void |
setSignedInfo(org.w3c.dom.Node signedInfo)
Sets the signedInfo element of this XMLSignature object to the passed in value. |
void |
setXMLNamespace(String namespace)
Sets the xml namespace to the passed in string value. |
void |
setXMLObjects(org.w3c.dom.Element[] xmlObjects)
Sets the |
void |
sign(CertJ certj)
Signs the XML document, specified in a constructor. |
void |
sign(CertJ theCertJ,
com.rsa.jsafe.JSAFE_Key signKey,
com.rsa.jsafe.JSAFE_SecureRandom random,
String device)
Signs the XML document with the specified |
void |
sign(com.rsa.jsafe.JSAFE_Key signKey,
com.rsa.jsafe.JSAFE_SecureRandom random,
String device)
Signs the document with the private key given in
signKey, without
validating it against the information
stored in |
boolean |
useTemplate()
Returns |
verify(CertJ certj,
CertPathCtx certPathCtx)
Verifies the signature in the document, specified in the constructor,
and returns a |
|
verify(CertJ certj,
com.rsa.jsafe.JSAFE_Key verifyKey,
String device)
Verifies the signature with the |
|
verify(com.rsa.jsafe.JSAFE_Key verifyKey,
String device)
Verifies the signature contained in the XML document. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int SIGNATURE_MASK
public static final int DETACHED_SIGNATURE
public static final int ENVELOPING_SIGNATURE
public static final int ENVELOPED_SIGNATURE
public static final String DEFAULT_DIGEST_ALGORITHM
public static final String DEFAULT_MAC_ALGORITHM
public static final String DSA_SIGNATURE_ALGORITHM
public static final String RSA_SIGNATURE_ALGORITHM
public static final String[] SUPPORTED_MAC_ALGORITHMS
public static final String[] SUPPORTED_SIGNATURE_ALGORITHMS
public static final String DEFAULT_XML_NAMESPACE
public static final String[] SUPPORTED_XML_NAMESPACES
public static final String[] SUPPORTED_DIGEST_ALGORITHMS
public boolean useTemplate
public boolean foundET
Constructor Detail |
public XMLSignature()
XMLSignature
object.
This constructor should be used for detached signatures. If this
constructor is used for enveloped or enveloping signatures, then
call the setDocument (Document document)
method to
set the Document
object explicitly to specify what
is the root document that envelops or is enveloped.public XMLSignature(String fileName) throws XMLException
XMLSignature
and initializes it with the fileName
to sign.
Parameters
fileName | A |
Throws
XMLException
- If an error occurs while reading the
input file.public XMLSignature(File file) throws XMLException
XMLSignature
and intializes it with the file
to sign.
Parameters
file | The |
Throws
XMLException
- If an error occurs while reading the
file.public XMLSignature(InputStream inputStream) throws XMLException
XMLSignature
and
intializes it with the inputStream
to sign.
Parameters
inputStream | The |
Throws
XMLException
- If an error occurs while reading the
inputStream.Method Detail |
public void setSignedInfo(org.w3c.dom.Node signedInfo)
Internal method, do not use
Parameters
signedInfo | a DOM |
public void setSignatureType(int type)
Parameters
type | An integer containing the value of the signature type, defined in this class. The signature may be described as detached, enveloping, or enveloped. |
public int getSignatureType()
Returns
public void setSignatureID(String Id)
Parameters
Id | A |
public String getSignatureID()
String
object.
Returns
String
object.public void setNamespacePrefix(String prefix)
Parameters
prefix | A |
public String getNamespacePrefix()
String
object.
Returns
String
object.public void setCertificates(Certificate[] certs)
XMLSignature
instance to the given
certificate list.
This method can be useful for explicit signature
validation. If the signature omits keyInfo
, either this
method or setKey(JSAFE_PublicKey key)
should be called.
Parameters
certs | A |
public void setKey(com.rsa.jsafe.JSAFE_PublicKey key)
keyInfo
, call this
method or setCertificates(Certificate[] certs)
. Otherwise,
signature verification will fail.
Parameters
key | A |
public void addReference(Reference reference)
Reference
object to the reference list belonging
to this XMLSignature
instance.
Parameters
reference | The reference element including the optional identification of the data object, any optional transform elements, the digest algorithm and the digest value. |
public void setReferences(Reference[] references)
Reference
object list with the
values given in references by overriding the
existing reference array.
Call this method or addReference ()
before signing; otherwise, the signing will fail.
Parameters
references | The references to put in
the |
public Reference[] getReferences()
Returns
Reference
object list in this XML signature.
Each Reference
contains a URI referring to the data object,
the digest method, and the resulting digest value calculated over the
identified data object. It may also include the transformations that
produced the input to the digest operation.public void setHMACOutputLen(int length)
Parameters
length | The integer value of the required HMAC output length, in bits. |
public int getHMACOutputLen()
0
.
Returns
public void setKeyInfos(KeyInfo[] keyInfos)
XMLSignature
to the given value.
For X509Data keyInfo
, if the verification
side uses an IBM toolkit,
the DSA certificates stored in the X509Certificate
element should be in X957 format.
Parameters
keyInfos | An array that contains a list of |
public void addKeyInfo(KeyInfo keyInfo)
KeyInfo
object to this
XMLSignature
instance by appending
it to the KeyInfo
list.
Parameters
keyInfo | A |
public KeyInfo[] getKeyInfos()
keyInfo
object list
of this XMLSignature
object.
Returns
KeyInfo
objects that can contain keys,
names, certificates, and other public key management information, such as
in-band key distribution or key-agreement data.public void setSignatureMethod(String signatureMethod) throws XMLException
Parameters
signatureMethod | A |
Throws
XMLException
- If the given signature method value is not
supported.public String getSignatureMethod()
Returns
String
.public void setCanonicalizationMethod(String c14nMethod) throws XMLException
Parameters
c14nMethod | The required element as a |
Throws
XMLException
- If the given canonicalization method value
is not supported.public String getCanonicalizationMethod()
Returns
String
.public void setSignatureValue(byte[] signature)
XMLSignature
.
Internal method, do not use
Parameters
signature | The byte array used to set the signatureValue of this
|
public byte[] getSignatureValue()
byte
array.
Returns
signatureValue
of this
XMLSignature
as a byte
array.public void setXMLObjects(org.w3c.dom.Element[] xmlObjects)
xmlObjects
of this
XMLSignature
to xmlObjects.
Call this method before calling the sign()
method;
otherwise, the XML object element will not be included in the
resulting signing document. All the XML object elements
to set should attach to the same root document owned by this
XMLSignature
instance.
Parameters
xmlObjects | A DOM |
public void addXMLObject(org.w3c.dom.Element xmlObject)
xmlObject
by appending it
to the xmlObject
list of this
XMLSignature
instance. Call this method before
calling the sign()
method; otherwise,
this XML object element will not be
included in the resulting signing document. The XML Object element
to add should attach to the same root document owned by this
XMLSignature
instance.
Parameters
xmlObject | A DOM |
public org.w3c.dom.Element[] getXMLObjects()
xmlObjects
as a DOM Element
array.
Returns
Element
within the
signature element or elsewhere.public org.w3c.dom.Element getXMLObjectByID(String ID)
xmlObject
with the given ID value.
Parameters
ID | A |
Returns
xmlObject
containing ID as a DOM
Element
.public void includeCommentsForXPointer(boolean commentXPointer)
true
value means to leave
comment nodes, false
means to remove them. The default
behavior is to remove comment nodes.
Parameters
commentXPointer | the boolean indicating if comment nodes should be removed while processing XPointer or not. |
public void sign(CertJ certj) throws XMLException
keyInfo
is set with a
public key or certificates. It retrieves the signing private key
from the database by the public key or certificates stored in the
keyInfo
.
If the verification side uses an IBM toolkit, then the DSA certificates
stored in X509Certificate
element should be in X957 format.
If no keyInfo
is specified, call the sign
method that takes a private key as an argument.
Parameters
certj | A |
Throws
XMLException
- If an error occurs while signing
the XML signature. For example, if a signing key is not available, this
method throws an exception.public void sign(com.rsa.jsafe.JSAFE_Key signKey, com.rsa.jsafe.JSAFE_SecureRandom random, String device) throws XMLException
keyInfo
. Call this method
only if keyInfo
is omitted from the signature. The
application should be aware that the private key to sign and the
key stored in keyInfo
are a pair.
Since keyInfo
is not present in the signature,
the key to validate the
signature is identified based on application context information.
Parameters
signKey | A | ||
random | A | ||
device | A |
Throws
XMLException
- If an error occurs while signing the document.public void sign(CertJ theCertJ, com.rsa.jsafe.JSAFE_Key signKey, com.rsa.jsafe.JSAFE_SecureRandom random, String device) throws XMLException
CertJ
context.
Parameters
theCertJ | A | ||
signKey | A | ||
random | A | ||
device | A |
Throws
XMLException
- If an error occurs while signing the
document.public byte[] generateSignedInfo() throws XMLException
setSignatureValueElement()
method. Call the
generateSignedInfo()
method only once and never
call it in conjunction with the sign()
method.
Returns
byte
array containing the canonicalized
SignedInfo, which is ready to have the signature operation applied.Throws
XMLException
- If an error occurs while signing the
document.public byte[] getCanonicalizedSignedInfo() throws XMLException
sign()
or generateSignedInfo()
methods.
Returns
byte
array containing the canonicalized
value of the SignedInfo element. The private key operation is
applied to this value.public void setSignatureValueElement(byte[] newSignatureValue) throws XMLException
generateSignedData()
method (after
a signature is calculated). Do not call this method in
conjunction with the sign()
method.
Parameters
newsignatureValue | A |
public VerificationInfo verify(CertJ certj, CertPathCtx certPathCtx) throws XMLException
VerificationInfo
object with detailed
information such as signature verification failure or reference
validation failure.
Parameters
certj | The | ||
certPathCtx | The |
Returns
VerificationInfo
object with detailed signature
validation information.Throws
XMLException
- If an error occurs while verifing
the signature.public VerificationInfo verify(com.rsa.jsafe.JSAFE_Key verifyKey, String device) throws XMLException
VerificationInfo
object with detailed information,
such as signature
verification or reference validation failure.
Parameters
verifyKey | A | ||
device | A string value that specifies on which device the Crypto JSAFE operates. |
Returns
VerificationInfo
object with
detailed signature validation
information.Throws
XMLException
- If an error occurs during signature
verification.public VerificationInfo verify(CertJ certj, com.rsa.jsafe.JSAFE_Key verifyKey, String device) throws XMLException
CertJ
context specified.
Parameters
certj | The | ||
verifyKey | A | ||
device | A string value that specifies on which device the crypto jsafe operations on. |
Returns
VerificationInfo
object with detailed signature
validation information.Throws
XMLException
- If an error occured during signature verification.public Certificate getVerifyingCert() throws CloneNotSupportedException
Returns
null
if a certificate was not used, for example,
the public key was provided directly. The existence of this certificate
does not mean the signature was verified, rather that it was the
certificate used in the verification process.public void setSignatureElement(org.w3c.dom.Element sigElement)
XMLSignature
object to the passed in value.
Internal method, do not use
Parameters
sigElement | a DOM |
public org.w3c.dom.Element getSignatureElement()
Internal method, do not use
Returns
Element
object containing the Signature
element.public void setXMLNamespace(String namespace) throws XMLException
internal method, do not use
Parameters
namespace | a |
Throws
XMLException
- will be throwed if the value passed in is not a
supported one.public String getXMLNamespace()
Internal method, do not use
Returns
XMLSignature
instancepublic void setDocument(org.w3c.dom.Document document)
Document
object.
If an empty XMLSignature
constructor is
used and the signature type is
either Enveloped
or Enveloping
,
use this method to
specify the root of the Signature
element.
For a detached signature,
this method can also be used to specify explicitly the root of
the signature element.
Parameters
document | A |
public void setDocument(org.w3c.dom.Document document, boolean useTemplate)
Document
object. This method should be called for
template signing. If useTemplate is set to true
, the
document contains an XML signature template.
Parameters
document | A | ||
useTemplate | A |
public boolean useTemplate()
true
if it is a template signing; false
otherwise.Returns
true
if it is a template signing; false
otherwise.public org.w3c.dom.Document getDocument()
Document
object. It should be the root of the
XML Object element. To generate an XML Object element, call
this method to get the root document.
Returns
Document
object.public void setFlags(int flags)
Parameters
flags | Specified behavior flags. |
public int getFlags()
Returns
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |