com.sun.xml.wss.core

Class SignatureHeaderBlock

java.lang.Object

com.sun.xml.wss.impl.misc.SOAPElementExtension

com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl

com.sun.xml.wss.core.SignatureHeaderBlock

All Implemented Interfaces:

SecurityHeaderBlock, SOAPElement, Element, Node

public class SignatureHeaderBlock
extends SecurityHeaderBlockImpl

Field Summary

Fields

Modifier and Type	Field and Description
static String	SignatureSpecNS
static String	SignatureSpecNSprefix
static String	TAG_SIGNATURE

Fields inherited from class com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl

delegateElement

Fields inherited from interface org.w3c.dom.Node

ATTRIBUTE_NODE, CDATA_SECTION_NODE, COMMENT_NODE, DOCUMENT_FRAGMENT_NODE, DOCUMENT_NODE, DOCUMENT_POSITION_CONTAINED_BY, DOCUMENT_POSITION_CONTAINS, DOCUMENT_POSITION_DISCONNECTED, DOCUMENT_POSITION_FOLLOWING, DOCUMENT_POSITION_IMPLEMENTATION_SPECIFIC, DOCUMENT_POSITION_PRECEDING, DOCUMENT_TYPE_NODE, ELEMENT_NODE, ENTITY_NODE, ENTITY_REFERENCE_NODE, NOTATION_NODE, PROCESSING_INSTRUCTION_NODE, TEXT_NODE

Constructor Summary

Constructors

Constructor and Description
SignatureHeaderBlock(Document doc, String signatureMethodURI) This creates a new ds:Signature Element and adds an empty ds:SignedInfo.
SignatureHeaderBlock(SOAPElement elem) parse and create the Signature element
SignatureHeaderBlock(org.apache.xml.security.signature.XMLSignature signature) constructor that takes Apache Signature

Method Summary

Modifier and Type	Method and Description
void	addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms transforms) Adds a Reference with just the URI and the transforms.
void	addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms trans, String digestURI) Adds a Reference with URI, transforms and Digest algorithm URI
void	addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms trans, String digestURI, String referenceId, String referenceType) Add a Reference with full parameters to this Signature
void	appendObject(SOAPElement object) Method appendObject.
boolean	checkSignatureValue(Key pk) Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
boolean	checkSignatureValue(X509Certificate cert) Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
static SecurityHeaderBlock	fromSoapElement(SOAPElement element)
SOAPElement	getAsSoapElement() Method to return the Signature as a SOAPElement
org.apache.xml.security.signature.SignedInfo	getDSSignedInfo()
String	getId() Method getId
SOAPElement	getKeyInfo() Returns the KeyInfo child.
KeyInfoHeaderBlock	getKeyInfoHeaderBlock() Returns the KeyInfo as a HeaderBlock.
int	getObjectCount() Returns the number of all ds:Object elements.
SOAPElement	getObjectItem(int index) Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.
org.apache.xml.security.signature.XMLSignature	getSignature() return the Apache XML Signature corresponding to this Block
byte[]	getSignatureValue() Method getSignatureValue
SOAPElement	getSignedInfo() Returns the completely parsed SignedInfo object.
void	saveChanges() This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class.
void	setApacheResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolverSpi resolver)
void	setBaseURI(String uri) Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor
void	setDocument(Document doc) setDocument.
void	setId(String id) Method setId
void	sign(Key signingKey) Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.

Methods inherited from class com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl

addAttribute, addChildElement, addChildElement, addChildElement, addChildElement, addChildElement, addNamespaceDeclaration, addTextNode, appendChild, cloneNode, compareDocumentPosition, detachNode, equals, fromSoapElement, getAllAttributes, getAllAttributesAsQNames, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getAttributes, getAttributeValue, getBaseURI, getChildElements, getChildElements, getChildNodes, getElementName, getElementsByTagName, getElementsByTagNameNS, getEncodingStyle, getFeature, getFirstChild, getLastChild, getLocalName, getNamespacePrefixes, getNamespaceURI, getNamespaceURI, getNextSibling, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentElement, getParentNode, getPrefix, getPreviousSibling, getSchemaTypeInfo, getSoapFactory, getTagName, getTextContent, getUserData, getValue, getVisibleNamespacePrefixes, hasAttribute, hasAttributeNS, hasAttributes, hasChildNodes, insertBefore, isBSP, isBSP, isDefaultNamespace, isEqualNode, isSameNode, isSupported, lookupNamespaceURI, lookupPrefix, normalize, recycleNode, removeAttribute, removeAttribute, removeAttributeNode, removeAttributeNS, removeChild, removeContents, removeNamespaceDeclaration, replaceChild, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setEncodingStyle, setIdAttribute, setIdAttributeNode, setIdAttributeNS, setNodeValue, setParentElement, setPrefix, setSOAPElement, setTextContent, setUserData, setValue, setWsuIdAttr

Methods inherited from class com.sun.xml.wss.impl.misc.SOAPElementExtension

addAttribute, addChildElement, createQName, getAttributeValue, getChildElements, getElementQName, removeAttribute, setElementQName

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.xml.soap.SOAPElement

addAttribute, addChildElement, createQName, getAttributeValue, getChildElements, getElementQName, removeAttribute, setElementQName

Field Detail

SignatureSpecNS

public static final String SignatureSpecNS

See Also:

Constant Field Values

SignatureSpecNSprefix

public static final String SignatureSpecNSprefix

See Also:

Constant Field Values

TAG_SIGNATURE

public static final String TAG_SIGNATURE

See Also:

Constant Field Values

Constructor Detail

SignatureHeaderBlock

public SignatureHeaderBlock(SOAPElement elem)
                     throws XWSSecurityException

parse and create the Signature element

Parameters:

elem - the element representing an XML Signature NOTE : this constructor assumes a fully initialized XML Signature No modifications are allowed on the signature, We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.

Throws:

XWSSecurityException

SignatureHeaderBlock

public SignatureHeaderBlock(org.apache.xml.security.signature.XMLSignature signature)
                     throws XWSSecurityException

constructor that takes Apache Signature

Parameters:

signature - the XMLSignature from XML DSIG NOTE : No modifications are allowed on the signature, if a SIGN operation has already been performed on the argument signature. We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.

Throws:

XWSSecurityException

SignatureHeaderBlock

public SignatureHeaderBlock(Document doc,
                            String signatureMethodURI)
                     throws XWSSecurityException

This creates a new ds:Signature Element and adds an empty ds:SignedInfo. The ds:SignedInfo is initialized with the specified Signature algorithm and Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS which is RECOMMENDED by the spec. This method's main use is for creating a new signature.

Parameters:

doc - The OwnerDocument of signature

signatureMethodURI - signature algorithm to use.

Throws:

XWSSecurityException

Method Detail

getSignature

public org.apache.xml.security.signature.XMLSignature getSignature()

return the Apache XML Signature corresponding to this Block

Returns:

the XMLSignature

sign

public void sign(Key signingKey)
          throws XWSSecurityException

Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.

Parameters:

signingKey - the PrivateKey or SecretKey that is used to sign.

Throws:

XWSSecurityException

getSignedInfo

public SOAPElement getSignedInfo()
                          throws XWSSecurityException

Returns the completely parsed SignedInfo object.

Returns:

the SignedInfo as a SOAPElement

Throws:

XWSSecurityException

getDSSignedInfo

public org.apache.xml.security.signature.SignedInfo getDSSignedInfo()

getKeyInfo

public SOAPElement getKeyInfo()
                       throws XWSSecurityException

Returns the KeyInfo child.

Returns:

the KeyInfo object

Throws:

XWSSecurityException

getKeyInfoHeaderBlock

public KeyInfoHeaderBlock getKeyInfoHeaderBlock()
                                         throws XWSSecurityException

Returns the KeyInfo as a HeaderBlock.

Returns:

the KeyInfoHeaderBlock object

Throws:

XWSSecurityException

getSignatureValue

public byte[] getSignatureValue()
                         throws XWSSecurityException

Method getSignatureValue

Throws:

XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms transforms)
                            throws XWSSecurityException

Adds a Reference with just the URI and the transforms. This uses the SHA1 algorithm as a default digest algorithm.

Parameters:

referenceURI - URI according to the XML Signature specification.

transforms - List of transformations to be applied.

Throws:

XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms trans,
                                   String digestURI)
                            throws XWSSecurityException

Adds a Reference with URI, transforms and Digest algorithm URI

Parameters:

referenceURI - URI according to the XML Signature specification.

trans - List of transformations to be applied.

digestURI - URI of the digest algorithm to be used.

Throws:

XWSSecurityException

addSignedInfoReference

public void addSignedInfoReference(String referenceURI,
                                   org.apache.xml.security.transforms.Transforms trans,
                                   String digestURI,
                                   String referenceId,
                                   String referenceType)
                            throws XWSSecurityException

Add a Reference with full parameters to this Signature

Parameters:

referenceURI - URI of the resource to be signed.Can be null in which case the dereferencing is application specific. Can be "" in which it's the parent node (or parent document?). There can only be one "" in each signature.

trans - Optional list of transformations to be done before digesting

digestURI - Mandatory URI of the digesting algorithm to use.

referenceId - Optional id attribute for this Reference

referenceType - Optional mimetype for the URI

Throws:

XWSSecurityException

checkSignatureValue

public boolean checkSignatureValue(X509Certificate cert)
                            throws XWSSecurityException

Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.

Parameters:

cert - Certificate that contains the public key part of the keypair that was used to sign.

Returns:

true if the signature is valid, false otherwise

Throws:

XWSSecurityException

checkSignatureValue

public boolean checkSignatureValue(Key pk)
                            throws XWSSecurityException

Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.

Parameters:

pk - PublicKey part of the keypair or SecretKey that was used to sign

Returns:

true if the signature is valid, false otherwise

Throws:

XWSSecurityException

appendObject

public void appendObject(SOAPElement object)
                  throws XWSSecurityException

Method appendObject.

Throws:

XWSSecurityException

getObjectItem

public SOAPElement getObjectItem(int index)
                          throws XWSSecurityException

Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.

Parameters:

index -

Returns:

the indexth ds:Object child of the signature or null if no such ds:Object element exists. 1 is the lowest index (not 0)

Throws:

XWSSecurityException

getObjectCount

public int getObjectCount()

Returns the number of all ds:Object elements.

Returns:

the number of all ds:Object elements.

setId

public void setId(String id)

Method setId

getId

public String getId()

Method getId

Specified by:

getId in interface SecurityHeaderBlock

Overrides:

getId in class SecurityHeaderBlockImpl

Returns:

the id

setBaseURI

public void setBaseURI(String uri)

Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor

Parameters:

uri - URI to be used as context for all relative URIs.

getAsSoapElement

public SOAPElement getAsSoapElement()
                             throws XWSSecurityException

Method to return the Signature as a SOAPElement

Specified by:

getAsSoapElement in interface SecurityHeaderBlock

Overrides:

getAsSoapElement in class SecurityHeaderBlockImpl

Returns:

SOAPElement

Throws:

XWSSecurityException - If owner soap document is not set.

See Also:

setDocument(Document)

setDocument

public void setDocument(Document doc)

setDocument.

Parameters:

doc - The owner Document of this Signature

saveChanges

public void saveChanges()

This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class. As an example, if getKeyInfo() call is made and then changes are made inside the keyInfo, this method should be called to reflect changes when getAsSoapElement() is called finally.

setApacheResourceResolver

public void setApacheResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolverSpi resolver)

fromSoapElement

public static SecurityHeaderBlock fromSoapElement(SOAPElement element)
                                           throws XWSSecurityException

Throws:

XWSSecurityException