com.sun.xml.wss.core
Class SignatureHeaderBlock

java.lang.Object
  extended by com.sun.xml.wss.impl.misc.SOAPElementExtension
      extended by com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl
          extended by com.sun.xml.wss.core.SignatureHeaderBlock
All Implemented Interfaces:
SecurityHeaderBlock, SOAPElement, Element, Node

public class SignatureHeaderBlock
extends SecurityHeaderBlockImpl


Field Summary
static String SignatureSpecNS
           
static String SignatureSpecNSprefix
           
static String TAG_SIGNATURE
           
 
Fields inherited from class com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl
delegateElement
 
Fields inherited from interface org.w3c.dom.Node
ATTRIBUTE_NODE, CDATA_SECTION_NODE, COMMENT_NODE, DOCUMENT_FRAGMENT_NODE, DOCUMENT_NODE, DOCUMENT_POSITION_CONTAINED_BY, DOCUMENT_POSITION_CONTAINS, DOCUMENT_POSITION_DISCONNECTED, DOCUMENT_POSITION_FOLLOWING, DOCUMENT_POSITION_IMPLEMENTATION_SPECIFIC, DOCUMENT_POSITION_PRECEDING, DOCUMENT_TYPE_NODE, ELEMENT_NODE, ENTITY_NODE, ENTITY_REFERENCE_NODE, NOTATION_NODE, PROCESSING_INSTRUCTION_NODE, TEXT_NODE
 
Constructor Summary
SignatureHeaderBlock(Document doc, String signatureMethodURI)
          This creates a new ds:Signature Element and adds an empty ds:SignedInfo.
SignatureHeaderBlock(SOAPElement elem)
          parse and create the Signature element
SignatureHeaderBlock(com.sun.org.apache.xml.internal.security.signature.XMLSignature signature)
          constructor that takes Apache Signature
 
Method Summary
 void addSignedInfoReference(String referenceURI, com.sun.org.apache.xml.internal.security.transforms.Transforms transforms)
          Adds a Reference with just the URI and the transforms.
 void addSignedInfoReference(String referenceURI, com.sun.org.apache.xml.internal.security.transforms.Transforms trans, String digestURI)
          Adds a Reference with URI, transforms and Digest algorithm URI
 void addSignedInfoReference(String referenceURI, com.sun.org.apache.xml.internal.security.transforms.Transforms trans, String digestURI, String referenceId, String referenceType)
          Add a Reference with full parameters to this Signature
 void appendObject(SOAPElement object)
          Method appendObject.
 boolean checkSignatureValue(Key pk)
          Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
 boolean checkSignatureValue(X509Certificate cert)
          Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
static SecurityHeaderBlock fromSoapElement(SOAPElement element)
           
 SOAPElement getAsSoapElement()
          Method to return the Signature as a SOAPElement
 com.sun.org.apache.xml.internal.security.signature.SignedInfo getDSSignedInfo()
           
 String getId()
          Method getId
 SOAPElement getKeyInfo()
          Returns the KeyInfo child.
 KeyInfoHeaderBlock getKeyInfoHeaderBlock()
          Returns the KeyInfo as a HeaderBlock.
 int getObjectCount()
          Returns the number of all ds:Object elements.
 SOAPElement getObjectItem(int index)
          Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.
 com.sun.org.apache.xml.internal.security.signature.XMLSignature getSignature()
          return the Apache XML Signature corresponding to this Block
 byte[] getSignatureValue()
          Method getSignatureValue
 SOAPElement getSignedInfo()
          Returns the completely parsed SignedInfo object.
 void saveChanges()
          This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class.
 void setApacheResourceResolver(com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi resolver)
           
 void setBaseURI(String uri)
          Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor
 void setDocument(Document doc)
          setDocument.
 void setId(String id)
          Method setId
 void sign(Key signingKey)
          Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.
 
Methods inherited from class com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl
addAttribute, addChildElement, addChildElement, addChildElement, addChildElement, addChildElement, addNamespaceDeclaration, addTextNode, appendChild, cloneNode, compareDocumentPosition, detachNode, equals, fromSoapElement, getAllAttributes, getAllAttributesAsQNames, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getAttributes, getAttributeValue, getBaseURI, getChildElements, getChildElements, getChildNodes, getElementName, getElementsByTagName, getElementsByTagNameNS, getEncodingStyle, getFeature, getFirstChild, getLastChild, getLocalName, getNamespacePrefixes, getNamespaceURI, getNamespaceURI, getNextSibling, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentElement, getParentNode, getPrefix, getPreviousSibling, getSchemaTypeInfo, getSoapFactory, getTagName, getTextContent, getUserData, getValue, getVisibleNamespacePrefixes, hasAttribute, hasAttributeNS, hasAttributes, hasChildNodes, insertBefore, isBSP, isBSP, isDefaultNamespace, isEqualNode, isSameNode, isSupported, lookupNamespaceURI, lookupPrefix, normalize, recycleNode, removeAttribute, removeAttribute, removeAttributeNode, removeAttributeNS, removeChild, removeContents, removeNamespaceDeclaration, replaceChild, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setEncodingStyle, setIdAttribute, setIdAttributeNode, setIdAttributeNS, setNodeValue, setParentElement, setPrefix, setSOAPElement, setTextContent, setUserData, setValue, setWsuIdAttr
 
Methods inherited from class com.sun.xml.wss.impl.misc.SOAPElementExtension
addAttribute, addChildElement, createQName, getAttributeValue, getChildElements, getElementQName, removeAttribute, setElementQName
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.xml.soap.SOAPElement
addAttribute, addChildElement, createQName, getAttributeValue, getChildElements, getElementQName, removeAttribute, setElementQName
 

Field Detail

SignatureSpecNS

public static final String SignatureSpecNS
See Also:
Constant Field Values

SignatureSpecNSprefix

public static final String SignatureSpecNSprefix
See Also:
Constant Field Values

TAG_SIGNATURE

public static final String TAG_SIGNATURE
See Also:
Constant Field Values
Constructor Detail

SignatureHeaderBlock

public SignatureHeaderBlock(SOAPElement elem)
                     throws XWSSecurityException
parse and create the Signature element

Parameters:
elem - the element representing an XML Signature NOTE : this constructor assumes a fully initialized XML Signature No modifications are allowed on the signature, We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
Throws:
XWSSecurityException

SignatureHeaderBlock

public SignatureHeaderBlock(com.sun.org.apache.xml.internal.security.signature.XMLSignature signature)
                     throws XWSSecurityException
constructor that takes Apache Signature

Parameters:
signature - the XMLSignature from XML DSIG NOTE : No modifications are allowed on the signature, if a SIGN operation has already been performed on the argument signature. We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
Throws:
XWSSecurityException

SignatureHeaderBlock

public SignatureHeaderBlock(Document doc,
                            String signatureMethodURI)
                     throws XWSSecurityException
This creates a new ds:Signature Element and adds an empty ds:SignedInfo. The ds:SignedInfo is initialized with the specified Signature algorithm and Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS which is RECOMMENDED by the spec. This method's main use is for creating a new signature.

Parameters:
doc - The OwnerDocument of signature
signatureMethodURI - signature algorithm to use.
Throws:
XWSSecurityException
Method Detail

getSignature

public com.sun.org.apache.xml.internal.security.signature.XMLSignature getSignature()
return the Apache XML Signature corresponding to this Block

Returns:
the XMLSignature

sign

public void sign(Key signingKey)
          throws XWSSecurityException
Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.

Parameters:
signingKey - the PrivateKey or SecretKey that is used to sign.
Throws:
XWSSecurityException

getSignedInfo

public SOAPElement getSignedInfo()
                          throws XWSSecurityException
Returns the completely parsed SignedInfo object.

Returns:
the SignedInfo as a SOAPElement
Throws:
XWSSecurityException

getDSSignedInfo

public com.sun.org.apache.xml.internal.security.signature.SignedInfo getDSSignedInfo()

getKeyInfo

public SOAPElement getKeyInfo()
                       throws XWSSecurityException
Returns the KeyInfo child.

Returns:
the KeyInfo object
Throws:
XWSSecurityException

getKeyInfoHeaderBlock

public KeyInfoHeaderBlock getKeyInfoHeaderBlock()
                                         throws XWSSecurityException
Returns the KeyInfo as a HeaderBlock.

Returns:
the KeyInfoHeaderBlock object
Throws:
XWSSecurityException

getSignatureValue

public byte[] getSignatureValue()
                         throws XWSSecurityException
Method getSignatureValue

Throws:
XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   com.sun.org.apache.xml.internal.security.transforms.Transforms transforms)
                            throws XWSSecurityException
Adds a Reference with just the URI and the transforms. This uses the SHA1 algorithm as a default digest algorithm.

Parameters:
referenceURI - URI according to the XML Signature specification.
transforms - List of transformations to be applied.
Throws:
XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   com.sun.org.apache.xml.internal.security.transforms.Transforms trans,
                                   String digestURI)
                            throws XWSSecurityException
Adds a Reference with URI, transforms and Digest algorithm URI

Parameters:
referenceURI - URI according to the XML Signature specification.
trans - List of transformations to be applied.
digestURI - URI of the digest algorithm to be used.
Throws:
XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   com.sun.org.apache.xml.internal.security.transforms.Transforms trans,
                                   String digestURI,
                                   String referenceId,
                                   String referenceType)
                            throws XWSSecurityException
Add a Reference with full parameters to this Signature

Parameters:
referenceURI - URI of the resource to be signed.Can be null in which case the dereferencing is application specific. Can be "" in which it's the parent node (or parent document?). There can only be one "" in each signature.
trans - Optional list of transformations to be done before digesting
digestURI - Mandatory URI of the digesting algorithm to use.
referenceId - Optional id attribute for this Reference
referenceType - Optional mimetype for the URI
Throws:
XWSSecurityException

checkSignatureValue

public boolean checkSignatureValue(X509Certificate cert)
                            throws XWSSecurityException
Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.

Parameters:
cert - Certificate that contains the public key part of the keypair that was used to sign.
Returns:
true if the signature is valid, false otherwise
Throws:
XWSSecurityException

checkSignatureValue

public boolean checkSignatureValue(Key pk)
                            throws XWSSecurityException
Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.

Parameters:
pk - PublicKey part of the keypair or SecretKey that was used to sign
Returns:
true if the signature is valid, false otherwise
Throws:
XWSSecurityException

appendObject

public void appendObject(SOAPElement object)
                  throws XWSSecurityException
Method appendObject.

Throws:
XWSSecurityException

getObjectItem

public SOAPElement getObjectItem(int index)
                          throws XWSSecurityException
Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.

Parameters:
index -
Returns:
the indexth ds:Object child of the signature or null if no such ds:Object element exists. 1 is the lowest index (not 0)
Throws:
XWSSecurityException

getObjectCount

public int getObjectCount()
Returns the number of all ds:Object elements.

Returns:
the number of all ds:Object elements.

setId

public void setId(String id)
Method setId


getId

public String getId()
Method getId

Specified by:
getId in interface SecurityHeaderBlock
Overrides:
getId in class SecurityHeaderBlockImpl
Returns:
the id

setBaseURI

public void setBaseURI(String uri)
Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor

Parameters:
uri - URI to be used as context for all relative URIs.

getAsSoapElement

public SOAPElement getAsSoapElement()
                             throws XWSSecurityException
Method to return the Signature as a SOAPElement

Specified by:
getAsSoapElement in interface SecurityHeaderBlock
Overrides:
getAsSoapElement in class SecurityHeaderBlockImpl
Returns:
SOAPElement
Throws:
XWSSecurityException - If owner soap document is not set.
See Also:
setDocument(Document)

setDocument

public void setDocument(Document doc)
setDocument.

Parameters:
doc - The owner Document of this Signature

saveChanges

public void saveChanges()
This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class. As an example, if getKeyInfo() call is made and then changes are made inside the keyInfo, this method should be called to reflect changes when getAsSoapElement() is called finally.


setApacheResourceResolver

public void setApacheResourceResolver(com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi resolver)

fromSoapElement

public static SecurityHeaderBlock fromSoapElement(SOAPElement element)
                                           throws XWSSecurityException
Throws:
XWSSecurityException


Copyright © 2005-2015 Oracle Corporation. All Rights Reserved.