java.lang.Object
- org.certificateservices.messages.utils.XMLSigner

```
public class XMLSigner
extends java.lang.Object
```
Class containing help methods for digital XML signatures

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static interface`	`XMLSigner.OrganisationLookup`	Interface for determining organisation related to a XML message.
`static interface`	`XMLSigner.SignatureLocationFinder`	Interface used to find the location and ID of a signed object.

Field Summary

Fields
Modifier and Type Field Description

static java.lang.String XMLDSIG_NAMESPACE

Constructor Summary

Constructors
Constructor	Description
`XMLSigner(MessageSecurityProvider messageSecurityProvider, boolean signMessages, XMLSigner.SignatureLocationFinder defaultSignatureLocationFinder, XMLSigner.OrganisationLookup defaultOrganisationLookup)`	Constructor used for context based message security providers.
`XMLSigner(MessageSecurityProvider messageSecurityProvider, javax.xml.parsers.DocumentBuilder documentBuilder, boolean signMessages, XMLSigner.SignatureLocationFinder defaultSignatureLocationFinder, XMLSigner.OrganisationLookup defaultOrganisationLookup)`	Deprecated. This constructor will result in an XMLSigner instance that is not thread safe, please use constructor that does not explicitly specify an existing DocumentBuilder instance.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`static boolean`	`checkBasicCertificateValidation(java.security.cert.X509Certificate cert)`	Help method that checks that certificate has: Has digital signature key usage current time is withing not before and not after.
`java.security.cert.X509Certificate`	`findSignerCertificate(byte[] message)`	Method to find first certificate found in signature element using the default signature finder.
`java.security.cert.X509Certificate`	`findSignerCertificate(byte[] message, XMLSigner.SignatureLocationFinder signatureLocationFinder)`	Method to find first certificate found in signature element with specifieddefault signature finder.
`byte[]`	`marshallAndSign(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder)`	Help method to marshall and sign an XML Document Method that generates the signature and marshalls the message to byte array in UTF-8 format.
`byte[]`	`marshallAndSign(org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder)`	Deprecated.
`byte[]`	`marshallDoc(org.w3c.dom.Document doc)`	Method to convert a Document to a UTF-8 encoded byte array
`void`	`sign(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder)`	Help method to sign an XML Document Method that generates the signature and marshalls the message to byte array in UTF-8 format.
`void`	`sign(org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder)`	Deprecated.
`void`	`verifyEnvelopedSignature(byte[] message)`	Deprecated.
`void`	`verifyEnvelopedSignature(byte[] message, boolean authorizeAgainstOrganisation)`	Deprecated.
`void`	`verifyEnvelopedSignature(byte[] message, XMLSigner.SignatureLocationFinder signatureLocationFinder, XMLSigner.OrganisationLookup organisationLookup)`	Deprecated.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, byte[] message)`	Help method to verify a signed enveloped message and performs the following checks.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, byte[] message, boolean authorizeAgainstOrganisation)`	Help method to verify a signed enveloped message and performs the following checks.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, byte[] message, XMLSigner.SignatureLocationFinder signatureLocationFinder, XMLSigner.OrganisationLookup organisationLookup)`	Help method to verify a signed enveloped message and performs the following checks.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document doc, boolean performValidation)`	Help method to verify a signed enveloped CS message and performs the following checks.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document doc, XMLSigner.OrganisationLookup organisationLookup)`	Help method to verify a signed enveloped message and performs the following checks.
`void`	`verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder, XMLSigner.OrganisationLookup organisationLookup)`	Help method to verify a signed enveloped message and performs the following checks.
`void`	`verifyEnvelopedSignature(org.w3c.dom.Document doc, boolean performValidation)`	Deprecated.
`void`	`verifyEnvelopedSignature(org.w3c.dom.Document doc, XMLSigner.OrganisationLookup organisationLookup)`	Deprecated.
`void`	`verifyEnvelopedSignature(org.w3c.dom.Document doc, XMLSigner.SignatureLocationFinder signatureLocationFinder, XMLSigner.OrganisationLookup organisationLookup)`	Deprecated.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - XMLDSIG_NAMESPACE
```
public static java.lang.String XMLDSIG_NAMESPACE
```
- Constructor Detail
  - XMLSigner
```
@Deprecated
public XMLSigner(MessageSecurityProvider messageSecurityProvider,
                 javax.xml.parsers.DocumentBuilder documentBuilder,
                 boolean signMessages,
                 XMLSigner.SignatureLocationFinder defaultSignatureLocationFinder,
                 XMLSigner.OrganisationLookup defaultOrganisationLookup)
          throws MessageProcessingException
```
    Deprecated.
    This constructor will result in an XMLSigner instance that is not thread safe, please use constructor that does not explicitly specify an existing DocumentBuilder instance.
    
    Constructor used for context based message security providers using an existing DocumentBuilder instance.
    
    Parameters:
    
    messageSecurityProvider - MessageSecurityProvider instance to use.
    
    documentBuilder - DocumentBuilder to use when processing and parsing XML
    
    signMessages - If messages should be signed or not.
    
    defaultSignatureLocationFinder - SignatureLocationFinder instance to use.
    
    defaultOrganisationLookup - OrganisationLookup instance to use.
    
    Throws:
    
    MessageProcessingException - If an error occurs while performing signature operation.
  - XMLSigner
```
public XMLSigner(MessageSecurityProvider messageSecurityProvider,
                 boolean signMessages,
                 XMLSigner.SignatureLocationFinder defaultSignatureLocationFinder,
                 XMLSigner.OrganisationLookup defaultOrganisationLookup)
          throws MessageProcessingException
```
    Constructor used for context based message security providers.
    
    Parameters:
    
    messageSecurityProvider - MessageSecurityProvider instance to use.
    
    signMessages - If messages should be signed or not.
    
    defaultSignatureLocationFinder - SignatureLocationFinder instance to use.
    
    defaultOrganisationLookup - OrganisationLookup instance to use.
    
    Throws:
    
    MessageProcessingException - If an error occurs while performing signature operation.
- Method Detail
  - verifyEnvelopedSignature
```
@Deprecated
public void verifyEnvelopedSignature(byte[] message)
                              throws MessageContentException,
                                     MessageProcessingException
```
    Deprecated.
    
    Help method to verify a signed enveloped message and performs the following checks. Using the default context.
  - That the signature if included X509Certificate verifies.
  - That the signatures algorithms is one of supported signature schemes.
  - That the signature method is enveloped.
    This method does not perform and authorization call towards message security provider.

Parameters:: message - the message to verify signature of.
Throws:: MessageContentException - if message content was faulty; MessageProcessingException - if internal error occurred verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     byte[] message)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped message and performs the following checks.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.
This method does not perform and authorization call towards message security provider.

Parameters:: context - the related message security context; message - the message to verify signature of.
Throws:: MessageContentException - if message content was faulty; MessageProcessingException - if internal error occurred verifying the signature.

verifyEnvelopedSignature

@Deprecated
public void verifyEnvelopedSignature(byte[] message,
                                     boolean authorizeAgainstOrganisation)
                              throws MessageContentException,
                                     MessageProcessingException

Deprecated.

Help method to verify a signed enveloped message and performs the following checks. Using the default message security context.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

message - the message to verify signature of.

authorizeAgainstOrganisation - true if the message security provider should perform any authorization to the related organisation, that must exist in the message of true.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     byte[] message,
                                     boolean authorizeAgainstOrganisation)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped message and performs the following checks.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

context - the related message security context

message - the message to verify signature of.

authorizeAgainstOrganisation - true if the message security provider should perform any authorization to the related organisation, that must exist in the message of true.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

@Deprecated
public void verifyEnvelopedSignature(org.w3c.dom.Document doc,
                                     boolean performValidation)
                              throws MessageContentException,
                                     MessageProcessingException

Deprecated.

Help method to verify a signed enveloped CS message and performs the following checks. Using the default message security context.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

doc - the message to verify signature of.

performValidation - true if the message security provider should perform validate that the signing certificate is valid and authorized for related organisation. Otherwise must validation be performed manually after the message is parsed.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     org.w3c.dom.Document doc,
                                     boolean performValidation)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped CS message and performs the following checks.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

context - the related message security context

doc - the message to verify signature of.

performValidation - true if the message security provider should perform validate that the signing certificate is valid and authorized for related organisation. Otherwise must validation be performed manually after the message is parsed.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     org.w3c.dom.Document doc,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped message and performs the following checks. Using the default signature location finder.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

context - the related message security context

doc - the message to verify signature of.

organisationLookup - implementation to extract organsiation name from a given XML message. If null must validation be performed manually after the message is parsed. It is possible to use the checkBasicCertificateValidation help method for this.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

@Deprecated
public void verifyEnvelopedSignature(org.w3c.dom.Document doc,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Deprecated.

Help method to verify a signed enveloped message and performs the following checks. Using the default signature location finder. Using the default message security context.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

doc - the message to verify signature of.

organisationLookup - implementation to extract organsiation name from a given XML message. If null must validation be performed manually after the message is parsed. It is possible to use the checkBasicCertificateValidation help method for this.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

@Deprecated
public void verifyEnvelopedSignature(byte[] message,
                                     XMLSigner.SignatureLocationFinder signatureLocationFinder,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Deprecated.

Help method to verify a signed enveloped message and performs the following checks. Using the default message security context.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

message - the message to verify signature of.

signatureLocationFinder - reference to implementation finding the signature element of a document. (Required)

organisationLookup - implementation to extract organsiation name from a given XML message. If null must validation be performed manually after the message is parsed. It is possible to use the checkBasicCertificateValidation help method for this.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     byte[] message,
                                     XMLSigner.SignatureLocationFinder signatureLocationFinder,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped message and performs the following checks.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

context - the related message security context

message - the message to verify signature of.

signatureLocationFinder - reference to implementation finding the signature element of a document. (Required)

organisationLookup - implementation to extract organsiation name from a given XML message. If null must validation be performed manually after the message is parsed. It is possible to use the checkBasicCertificateValidation help method for this.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

@Deprecated
public void verifyEnvelopedSignature(org.w3c.dom.Document doc,
                                     XMLSigner.SignatureLocationFinder signatureLocationFinder,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Deprecated.

Help method to verify a signed enveloped message and performs the following checks, using the default context. Using the default message security context.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

doc - the message to verify signature of.

signatureLocationFinder - reference to implementation finding the signature element of a document. (Required)

organisationLookup - implementation to extract organsiation name from a given XML message. If null is basic validation performed such as key usage and expiration, but no revocation checks.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

verifyEnvelopedSignature

public void verifyEnvelopedSignature(ContextMessageSecurityProvider.Context context,
                                     org.w3c.dom.Document doc,
                                     XMLSigner.SignatureLocationFinder signatureLocationFinder,
                                     XMLSigner.OrganisationLookup organisationLookup)
                              throws MessageContentException,
                                     MessageProcessingException

Help method to verify a signed enveloped message and performs the following checks.

That the signature if included X509Certificate verifies.
That the signatures algorithms is one of supported signature schemes.
That the signature method is enveloped.

Parameters:

context - the related message security context

doc - the message to verify signature of.

signatureLocationFinder - reference to implementation finding the signature element of a document. (Required)

organisationLookup - implementation to extract organsiation name from a given XML message. If null is basic validation performed such as key usage and expiration, but no revocation checks.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occured verifying the signature.

findSignerCertificate
```
public java.security.cert.X509Certificate findSignerCertificate(byte[] message)
                                                         throws MessageContentException,
                                                                MessageProcessingException
```
Method to find first certificate found in signature element using the default signature finder.

Parameters:

message - the message to extract certificate of.

Returns:

the certificate in signature.

Throws:

MessageContentException - if message content was faulty

MessageProcessingException - if internal error occurred parsing the certificate.

findSignerCertificate

public java.security.cert.X509Certificate findSignerCertificate(byte[] message,
                                                                XMLSigner.SignatureLocationFinder signatureLocationFinder)
                                                         throws MessageContentException,
                                                                MessageProcessingException

Method to find first certificate found in signature element with specifieddefault signature finder.

Parameters:: message - the message to extract certificate of.; signatureLocationFinder - the custom signature location finder.
Returns:: the certificate in signature.
Throws:: MessageContentException - if message content was faulty; MessageProcessingException - if internal error occurred parsing the certificate.

checkBasicCertificateValidation

public static boolean checkBasicCertificateValidation(java.security.cert.X509Certificate cert)

Help method that checks that certificate has:

Has digital signature key usage
current time is withing not before and not after.

Parameters:: cert - the certificate to check.
Returns:: true if valid otherwise false.

sign
```
@Deprecated
public void sign(org.w3c.dom.Document doc,
                 XMLSigner.SignatureLocationFinder signatureLocationFinder)
          throws MessageProcessingException,
                 MessageContentException
```
Deprecated.

Help method to sign an XML Document using default context Method that generates the signature and marshalls the message to byte array in UTF-8 format.

Parameters:

doc - a XML document about to be signed.

signatureLocationFinder - to find in which element the signature should be placed.

Throws:

MessageProcessingException - if problems occurred when processing the message.

MessageContentException - if unsupported version is detected in message.

sign
```
public void sign(ContextMessageSecurityProvider.Context context,
                 org.w3c.dom.Document doc,
                 XMLSigner.SignatureLocationFinder signatureLocationFinder)
          throws MessageProcessingException,
                 MessageContentException
```
Help method to sign an XML Document Method that generates the signature and marshalls the message to byte array in UTF-8 format.

Parameters:

context - the related message security context

doc - a XML document about to be signed.

signatureLocationFinder - to find in which element the signature should be placed.

Throws:

MessageProcessingException - if problems occurred when processing the message.

MessageContentException - if unsupported version is detected in message.

marshallDoc
```
public byte[] marshallDoc(org.w3c.dom.Document doc)
                   throws MessageProcessingException,
                          MessageContentException
```
Method to convert a Document to a UTF-8 encoded byte array

Parameters:

doc - the document to convert

Returns:

a marshalled byte array in UTF-8 format.

Throws:

MessageProcessingException - if problems occurred when processing the message.

MessageContentException - if unsupported version is detected in message.

marshallAndSign
```
public byte[] marshallAndSign(ContextMessageSecurityProvider.Context context,
                              org.w3c.dom.Document doc,
                              XMLSigner.SignatureLocationFinder signatureLocationFinder)
                       throws MessageProcessingException,
                              MessageContentException
```
Help method to marshall and sign an XML Document Method that generates the signature and marshalls the message to byte array in UTF-8 format.

Parameters:

context - related message security context.

doc - a XML document about to be signed.

signatureLocationFinder - to find in which element the signature should be placed.

Returns:

a marshalled and signed message.

Throws:

MessageProcessingException - if problems occurred when processing the message.

MessageContentException - if unsupported version is detected in message.

marshallAndSign
```
@Deprecated
public byte[] marshallAndSign(org.w3c.dom.Document doc,
                              XMLSigner.SignatureLocationFinder signatureLocationFinder)
                       throws MessageProcessingException,
                              MessageContentException
```
Deprecated.

Help method to marshall and sign an XML Document Method that generates the signature and marshalls the message to byte array in UTF-8 format.

Parameters:

doc - a XML document about to be signed.

signatureLocationFinder - to find in which element the signature should be placed.

Returns:

a marshalled and signed message.

Throws:

MessageProcessingException - if problems occurred when processing the message.

MessageContentException - if unsupported version is detected in message.

Class XMLSigner

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

XMLDSIG_NAMESPACE

Constructor Detail

XMLSigner

XMLSigner

Method Detail

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

verifyEnvelopedSignature

findSignerCertificate

findSignerCertificate

checkBasicCertificateValidation

sign

sign

marshallDoc

marshallAndSign

marshallAndSign