org.apache.ws.security.message
Class WSSecSignature

java.lang.Object
  extended by org.apache.ws.security.message.WSSecBase
      extended by org.apache.ws.security.message.WSSecSignatureBase
          extended by org.apache.ws.security.message.WSSecSignature
Direct Known Subclasses:
WSSecSignatureSAML

public class WSSecSignature
extends WSSecSignatureBase

Creates a Signature according to WS Specification, X509 profile. This class is a re-factored implementation of the previous WSS4J class WSSignEnvelope. This new class allows better control of the process to create a Signature and to add it to the Security header. The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.

Author:
Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)

Field Summary
protected  BinarySecurity bstToken
           
protected  javax.xml.crypto.dsig.CanonicalizationMethod c14nMethod
           
protected  String canonAlgo
           
protected  String certUri
           
protected  String customTokenId
           
protected  String customTokenValueType
           
protected  Document document
           
protected  javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo
           
protected  javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory
           
protected  String keyInfoUri
           
protected  SecurityTokenReference secRef
           
protected  byte[] secretKey
           
protected  javax.xml.crypto.dsig.XMLSignature sig
           
protected  String sigAlgo
           
protected  javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory
           
protected  byte[] signatureValue
           
protected  String strUri
           
protected  boolean useSingleCert
           
protected  WSDocInfo wsDocInfo
           
 
Fields inherited from class org.apache.ws.security.message.WSSecBase
callbackLookup, doDebug, keyIdentifierType, parts, password, user
 
Constructor Summary
WSSecSignature()
           
WSSecSignature(WSSConfig config)
           
 
Method Summary
 List<javax.xml.crypto.dsig.Reference> addReferencesToSign(List<WSEncryptionPart> references, WSSecHeader secHeader)
          This method adds references to the Signature.
 void appendBSTElementToHeader(WSSecHeader secHeader)
          Append the BinarySecurityToken to the security header.
 Document build(Document doc, Crypto cr, WSSecHeader secHeader)
          Builds a signed soap envelope.
 void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList)
          Compute the Signature over the references.
 void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList, boolean prepend, Element siblingElement)
          Compute the Signature over the references.
 Element getBinarySecurityTokenElement()
          Returns the BST Token element.
 String getBSTTokenId()
          Get the id of the BST generated during prepare().
 String getDigestAlgo()
           
 String getId()
          Get the id generated during prepare().
 SecurityTokenReference getSecurityTokenReference()
          Get the SecurityTokenReference to be used in the KeyInfo element.
 String getSecurityTokenReferenceURI()
           
 String getSigCanonicalization()
          Get the canonicalization method.
 String getSignatureAlgorithm()
          Get the name (uri) of the signature algorithm that is being used.
 Element getSignatureElement()
          Returns the SignatureElement.
 byte[] getSignatureValue()
          Returns the computed Signature value.
 boolean isUseSingleCertificate()
          Get the single cert flag.
 void prepare(Document doc, Crypto cr, WSSecHeader secHeader)
          Initialize a WSSec Signature.
 void prependBSTElementToHeader(WSSecHeader secHeader)
          Prepend the BinarySecurityToken to the elements already in the Security header.
 void setCustomTokenId(String customTokenId)
          Set the custom token id
 void setCustomTokenValueType(String customTokenValueType)
          Set the custom token value type to use
 void setDigestAlgo(String digestAlgo)
          Set the string that defines which digest algorithm to use.
 void setEncrKeySha1value(String encrKeySha1value)
          Set the encrypted key sha1 value
 void setSecretKey(byte[] secretKey)
          Set the secret key to use
 void setSecurityTokenReference(SecurityTokenReference secRef)
          Set the SecurityTokenReference to be used in the KeyInfo element.
 void setSigCanonicalization(String algo)
          Set the canonicalization method to use.
 void setSignatureAlgorithm(String algo)
          Set the name (uri) of the signature encryption algorithm to use.
 void setUseSingleCertificate(boolean useSingleCert)
          Set the single cert flag.
 void setX509Certificate(X509Certificate cer)
          Set the X509 Certificate to use
 
Methods inherited from class org.apache.ws.security.message.WSSecSignatureBase
addReferencesToSign, createSTRParameter, getInclusivePrefixes, getInclusivePrefixes
 
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, getWsConfig, setBodyID, setCallbackLookup, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

useSingleCert

protected boolean useSingleCert

sigAlgo

protected String sigAlgo

canonAlgo

protected String canonAlgo

signatureValue

protected byte[] signatureValue

document

protected Document document

wsDocInfo

protected WSDocInfo wsDocInfo

certUri

protected String certUri

keyInfoUri

protected String keyInfoUri

secRef

protected SecurityTokenReference secRef

strUri

protected String strUri

bstToken

protected BinarySecurity bstToken

keyInfoFactory

protected javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory

signatureFactory

protected javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory

keyInfo

protected javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo

c14nMethod

protected javax.xml.crypto.dsig.CanonicalizationMethod c14nMethod

sig

protected javax.xml.crypto.dsig.XMLSignature sig

secretKey

protected byte[] secretKey

customTokenValueType

protected String customTokenValueType

customTokenId

protected String customTokenId
Constructor Detail

WSSecSignature

public WSSecSignature()

WSSecSignature

public WSSecSignature(WSSConfig config)
Method Detail

prepare

public void prepare(Document doc,
                    Crypto cr,
                    WSSecHeader secHeader)
             throws WSSecurityException
Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed. This method does not add the Signature element to the security header. See prependSignatureElementToHeader() method.

Parameters:
doc - The SOAP envelope as Document
cr - An instance of the Crypto API to handle keystore and certificates
secHeader - The security header that will hold the Signature. This is used to construct namespace prefixes for Signature. This method
Throws:
WSSecurityException

build

public Document build(Document doc,
                      Crypto cr,
                      WSSecHeader secHeader)
               throws WSSecurityException
Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.

Parameters:
doc - The unsigned SOAP envelope as Document
cr - An instance of the Crypto API to handle keystore and certificates
secHeader - the security header element to hold the encrypted key element.
Returns:
A signed SOAP envelope as Document
Throws:
WSSecurityException

addReferencesToSign

public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(List<WSEncryptionPart> references,
                                                                 WSSecHeader secHeader)
                                                          throws WSSecurityException
This method adds references to the Signature.

Parameters:
references - The list of references to sign
secHeader - The Security Header
Throws:
WSSecurityException

getSignatureElement

public Element getSignatureElement()
Returns the SignatureElement. The method can be called any time after prepare().

Returns:
The DOM Element of the signature.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)
Append the BinarySecurityToken to the security header.

Parameters:
secHeader - The security header

computeSignature

public void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList)
                      throws WSSecurityException
Compute the Signature over the references. The signature element will be prepended to the security header. This method can be called any time after the references were set. See addReferencesToSign().

Parameters:
referenceList - The list of references to sign
Throws:
WSSecurityException

computeSignature

public void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList,
                             boolean prepend,
                             Element siblingElement)
                      throws WSSecurityException
Compute the Signature over the references. This method can be called any time after the references were set. See addReferencesToSign().

Parameters:
referenceList - The list of references to sign
prepend - Whether to prepend the signature element to the security header
siblingElement - If prepending, then prepend before this sibling Element
Throws:
WSSecurityException

setUseSingleCertificate

public void setUseSingleCertificate(boolean useSingleCert)
Set the single cert flag.

Parameters:
useSingleCert -

isUseSingleCertificate

public boolean isUseSingleCertificate()
Get the single cert flag.

Returns:
A boolean if single certificate is set.

setSignatureAlgorithm

public void setSignatureAlgorithm(String algo)
Set the name (uri) of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is performed during the prepare() method. Refer to WSConstants which algorithms are supported.

Parameters:
algo - the name of the signature algorithm
See Also:
WSConstants.RSA, WSConstants.DSA

getSignatureAlgorithm

public String getSignatureAlgorithm()
Get the name (uri) of the signature algorithm that is being used. Call this method after prepare to get the information which signature algorithm was automatically detected if no signature algorithm was preset.

Returns:
the identifier URI of the signature algorithm

setSigCanonicalization

public void setSigCanonicalization(String algo)
Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the signature algorithm
See Also:
WSConstants.C14N_OMIT_COMMENTS, WSConstants.C14N_WITH_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_WITH_COMMENTS

getSigCanonicalization

public String getSigCanonicalization()
Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.

Returns:
The string describing the canonicalization algorithm.

getDigestAlgo

public String getDigestAlgo()
Returns:
the digest algorithm to use

setDigestAlgo

public void setDigestAlgo(String digestAlgo)
Set the string that defines which digest algorithm to use. The default is Constants.ALGO_ID_DIGEST_SHA1.

Parameters:
digestAlgo - the digestAlgo to set

getSignatureValue

public byte[] getSignatureValue()
Returns the computed Signature value. Call this method after computeSignature() or build() methods were called.

Returns:
Returns the signatureValue.

getId

public String getId()
Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the Signature element.

Returns:
Return the wsu:Id of this token or null if prepare() was not called before.

getBSTTokenId

public String getBSTTokenId()
Get the id of the BST generated during prepare().

Returns:
Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setSecretKey

public void setSecretKey(byte[] secretKey)
Set the secret key to use

Parameters:
secretKey - the secret key to use

setCustomTokenValueType

public void setCustomTokenValueType(String customTokenValueType)
Set the custom token value type to use

Parameters:
customTokenValueType - the custom token value type to use

setCustomTokenId

public void setCustomTokenId(String customTokenId)
Set the custom token id

Parameters:
customTokenId - the custom token id

setEncrKeySha1value

public void setEncrKeySha1value(String encrKeySha1value)
Set the encrypted key sha1 value

Parameters:
encrKeySha1value - the encrypted key sha1 value

setX509Certificate

public void setX509Certificate(X509Certificate cer)
Set the X509 Certificate to use

Parameters:
cer - the X509 Certificate to use

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()
Returns the BST Token element. The method can be called any time after prepare().

Returns:
the BST Token element

getSecurityTokenReferenceURI

public String getSecurityTokenReferenceURI()
Returns:
the URI associated with the SecurityTokenReference (must be called after prepare(Document, Crypto, WSSecHeader)

getSecurityTokenReference

public SecurityTokenReference getSecurityTokenReference()
Get the SecurityTokenReference to be used in the KeyInfo element.


setSecurityTokenReference

public void setSecurityTokenReference(SecurityTokenReference secRef)
Set the SecurityTokenReference to be used in the KeyInfo element. If this method is not called, a SecurityTokenRefence will be generated.



Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.