Package com.sun.xml.wss.core

Class SignatureHeaderBlock

  • All Implemented Interfaces:
    SecurityHeaderBlock, jakarta.xml.soap.Node, jakarta.xml.soap.SOAPElement, Element, Node
    public class SignatureHeaderBlock
extends SecurityHeaderBlockImpl
    
    <element name="Signature" type="ds:SignatureType"/>
    <complexType name="SignatureType">
    <sequence>
        <element ref="ds:SignedInfo"/>
        <element ref="ds:SignatureValue"/>
        <element ref="ds:KeyInfo" minOccurs="0"/>
        <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="Id" type="ID" use="optional"/>
    </complexType>

    • Constructor Detail

      • SignatureHeaderBlock

        public SignatureHeaderBlock​(jakarta.xml.soap.SOAPElement elem)
                     throws XWSSecurityException
        parse and create the Signature element
        Parameters:
        elem - the element representing an XML Signature NOTE : this constructor assumes a fully initialized XML Signature No modifications are allowed on the signature, We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
        Throws:
        XWSSecurityException

      • SignatureHeaderBlock

        public SignatureHeaderBlock​(org.apache.xml.security.signature.XMLSignature signature)
                     throws XWSSecurityException
        constructor that takes Apache Signature
        Parameters:
        signature - the XMLSignature from XML DSIG NOTE : No modifications are allowed on the signature, if a SIGN operation has already been performed on the argument signature. We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
        Throws:
        XWSSecurityException

      • SignatureHeaderBlock

        public SignatureHeaderBlock​(Document doc,
                            String signatureMethodURI)
                     throws XWSSecurityException
        This creates a new ds:Signature Element and adds an empty ds:SignedInfo. The ds:SignedInfo is initialized with the specified Signature algorithm and Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS which is RECOMMENDED by the spec. This method's main use is for creating a new signature.
        Parameters:
        doc - The OwnerDocument of signature
        signatureMethodURI - signature algorithm to use.
        Throws:
        XWSSecurityException

    • Method Detail

      • getSignature

        public org.apache.xml.security.signature.XMLSignature getSignature()
        return the Apache XML Signature corresponding to this Block
        Returns:
        the XMLSignature

      • getSignedInfo

        public jakarta.xml.soap.SOAPElement getSignedInfo()
                                           throws XWSSecurityException
        Returns the completely parsed SignedInfo object.
        Returns:
        the SignedInfo as a SOAPElement
        Throws:
        XWSSecurityException

      • getDSSignedInfo

        public org.apache.xml.security.signature.SignedInfo getDSSignedInfo()

      • addSignedInfoReference

        public void addSignedInfoReference​(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms transforms)
                            throws XWSSecurityException
        Adds a Reference with just the URI and the transforms. This uses the SHA1 algorithm as a default digest algorithm.
        Parameters:
        referenceURI - URI according to the XML Signature specification.
        transforms - List of transformations to be applied.
        Throws:
        XWSSecurityException

      • addSignedInfoReference

        public void addSignedInfoReference​(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms trans,
                                   String digestURI)
                            throws XWSSecurityException
        Adds a Reference with URI, transforms and Digest algorithm URI
        Parameters:
        referenceURI - URI according to the XML Signature specification.
        trans - List of transformations to be applied.
        digestURI - URI of the digest algorithm to be used.
        Throws:
        XWSSecurityException

      • addSignedInfoReference

        public void addSignedInfoReference​(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms trans,
                                   String digestURI,
                                   String referenceId,
                                   String referenceType)
                            throws XWSSecurityException
        Add a Reference with full parameters to this Signature
        Parameters:
        referenceURI - URI of the resource to be signed.Can be null in which case the dereferencing is application specific. Can be "" in which it's the parent node (or parent document?). There can only be one "" in each signature.
        trans - Optional list of transformations to be done before digesting
        digestURI - Mandatory URI of the digesting algorithm to use.
        referenceId - Optional id attribute for this Reference
        referenceType - Optional mimetype for the URI
        Throws:
        XWSSecurityException

      • checkSignatureValue

        public boolean checkSignatureValue​(X509Certificate cert)
                            throws XWSSecurityException
        Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
        Parameters:
        cert - Certificate that contains the public key part of the keypair that was used to sign.
        Returns:
        true if the signature is valid, false otherwise
        Throws:
        XWSSecurityException

      • checkSignatureValue

        public boolean checkSignatureValue​(Key pk)
                            throws XWSSecurityException
        Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
        Parameters:
        pk - PublicKey part of the keypair or SecretKey that was used to sign
        Returns:
        true if the signature is valid, false otherwise
        Throws:
        XWSSecurityException

      • getObjectItem

        public jakarta.xml.soap.SOAPElement getObjectItem​(int index)
                                           throws XWSSecurityException
        Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.
        Parameters:
        index -
        Returns:
        the indexth ds:Object child of the signature or null if no such ds:Object element exists. 1 is the lowest index (not 0)
        Throws:
        XWSSecurityException

      • getObjectCount

        public int getObjectCount()
        Returns the number of all ds:Object elements.
        Returns:
        the number of all ds:Object elements.

      • setId

        public void setId​(String id)
        Method setId

      • setBaseURI

        public void setBaseURI​(String uri)
        Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor
        Parameters:
        uri - URI to be used as context for all relative URIs.

      • setDocument

        public void setDocument​(Document doc)
        setDocument.
        Parameters:
        doc - The owner Document of this Signature

      • saveChanges

        public void saveChanges()
        This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class. As an example, if getKeyInfo() call is made and then changes are made inside the keyInfo, this method should be called to reflect changes when getAsSoapElement() is called finally.

      • setApacheResourceResolver

        public void setApacheResourceResolver​(org.apache.xml.security.utils.resolver.ResourceResolverSpi resolver)