com.sun.identity.saml.xmlsig

Class AMSignatureProvider

java.lang.Object

com.sun.identity.saml.xmlsig.AMSignatureProvider

All Implemented Interfaces:

SignatureProvider

Direct Known Subclasses:

WSSSignatureProvider

public class AMSignatureProvider
extends Object
implements SignatureProvider

SignatureProvider is an interface to be implemented to sign and verify xml signature

Field Summary

Fields

Modifier and Type	Field and Description
protected KeyProvider	keystore

Constructor Summary

Constructors

Constructor and Description
AMSignatureProvider() Default Constructor

Method Summary

Modifier and Type	Method and Description
static Element	createDSctx(Document doc, String prefix, String namespace)
protected String	getAlgorithmURI(String algorithm) Return algorithm URI for the given algorithm.
protected X509Certificate	getCertificate(String certString, String format) Get the X509Certificate from encoded cert string
KeyProvider	getKeyProvider() Get the real key provider
protected PublicKey	getPublicKey(X509Certificate cert) Returns the public key from the certificate embedded in the KeyInfo.
protected PublicKey	getPublicKeybyDSARSAkeyValue(Document doc, Element reference)
protected PublicKey	getX509PublicKey(Document doc, org.apache.xml.security.keys.KeyInfo keyinfo) Get the X509Certificate embedded in the KeyInfo
void	initialize(KeyProvider keyProvider) Constructor
protected boolean	isValidAlgorithm(String algorithm)
Element	signWithBinarySecurityToken(Document doc, Certificate cert, String algorithm, List ids, String referenceType) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithKerberosToken(Document doc, Key key, String algorithm, List ids) Sign part of the XML document wth kerberos security token using referred by the supplied a list of id attributes of nodes.
Element	signWithSAMLToken(Document doc, Certificate cert, String assertionID, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithSAMLToken(Document doc, Key key, boolean symmetricKey, Certificate sigingCert, Certificate encryptCert, String assertionID, String algorithm, List ids) Sign part of the XML document referred by the supplied a list of id attributes of nodes using SAML Token.
Element	signWithUserNameToken(Document doc, Certificate cert, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithWSSSAMLTokenProfile(Document doc, Certificate cert, String assertionID, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithWSSSAMLTokenProfile(Document doc, Certificate cert, String assertionID, String algorithm, List ids, String wsfVersion) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithWSSX509TokenProfile(Document doc, Certificate cert, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signWithWSSX509TokenProfile(Document doc, Certificate cert, String algorithm, List ids, String wsfVersion) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signXML(Document doc, String certAlias) Sign the xml document using enveloped signatures.
Element	signXML(Document doc, String certAlias, String algorithm) Sign the xml document using enveloped signatures.
Element	signXML(Document doc, String certAlias, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signXML(Document doc, String certAlias, String algorithm, String id) Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.
Element	signXML(Document doc, String certAlias, String algorithm, String transformAlag, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
Element	signXML(Document doc, String certAlias, String algorithm, String id, String xpath) Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.
Element	signXML(Document doc, String certAlias, String algorithm, String idAttrName, String id, boolean includeCert) Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.
Element	signXML(Document doc, String certAlias, String algorithm, String idAttrName, String id, boolean includeCert, String xpath) Sign part of the xml document referred by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.
String	signXML(String xmlString, String certAlias) Sign the xml string using enveloped signatures.
String	signXML(String xmlString, String certAlias, String algorithm) Sign the xml string using enveloped signatures.
String	signXML(String xmlString, String certAlias, String algorithm, List ids) Sign part of the xml document referered by the supplied a list of id attributes of nodes
String	signXML(String xmlString, String certAlias, String algorithm, String id) Sign the xml string using enveloped signatures.
String	signXML(String xmlString, String certAlias, String algorithm, String idAttrName, String id, boolean includeCert) Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.
Element	signXMLUsingKeyPass(Document doc, String certAlias, String encryptedKeyPass, String algorithm, String idAttrName, String id, boolean includeCert, String xpath) Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
boolean	verifyWSSSignature(Document document, Key key) Verify web services message signature using specified key
boolean	verifyWSSSignature(Document document, Key key, String certAlias, String encryptAlias) Verify web services message signature using specified key
boolean	verifyWSSSignature(Document document, String certAlias) Verify all the signatures of the XML document for the web services security.
boolean	verifyXMLSignature(Document doc) Verify the signature of the xml document
boolean	verifyXMLSignature(Document doc, Certificate cert) Verify the signature of the xml document
boolean	verifyXMLSignature(Document doc, String certAlias) Verify all the signatures of the xml document
boolean	verifyXMLSignature(Document doc, String idAttrName, String certAlias) Verify the signature of a DOM Document
boolean	verifyXMLSignature(Element element) Verify the signature of the xml element.
boolean	verifyXMLSignature(Element element, String certAlias) Verify the signature of the xml document
boolean	verifyXMLSignature(Element element, String idAttrName, String certAlias) Verify the signature of the xml document
boolean	verifyXMLSignature(String xmlString) Verify the signature of the xml string
boolean	verifyXMLSignature(String xmlString, String certAlias) Verify the signature of the xml string
boolean	verifyXMLSignature(String wsfVersion, String certAlias, Document doc) Verify all the signatures of the xml document
boolean	verifyXMLSignature(String xmlString, String idAttrName, String certAlias) Verify the signature of the xml string

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keystore

protected KeyProvider keystore

Constructor Detail

AMSignatureProvider

public AMSignatureProvider()

Default Constructor

Method Detail

initialize

public void initialize(KeyProvider keyProvider)

Constructor

Specified by:

initialize in interface SignatureProvider

Parameters:

keyProvider - KeyProvider object

signXML

public Element signXML(Document doc,
                       String certAlias)
                throws XMLSignatureException

Sign the xml document using enveloped signatures.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

Returns:

signature Element object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm)
                throws XMLSignatureException

Sign the xml document using enveloped signatures.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public String signXML(String xmlString,
                      String certAlias)
               throws XMLSignatureException

Sign the xml string using enveloped signatures.

Specified by:

signXML in interface SignatureProvider

Parameters:

xmlString - xml string to be signed

certAlias - Signer's certificate alias name

Returns:

XML signature string

Throws:

XMLSignatureException - if the xml string could not be signed

signXML

public String signXML(String xmlString,
                      String certAlias,
                      String algorithm)
               throws XMLSignatureException

Sign the xml string using enveloped signatures.

Specified by:

signXML in interface SignatureProvider

Parameters:

xmlString - xml string to be signed

certAlias - Signer's certificate alias name

algorithm - XML Signature algorithm

Returns:

XML signature string

Throws:

XMLSignatureException - if the xml string could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       String id)
                throws XMLSignatureException

Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

id - id attribute value of the node to be signed

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       String id,
                       String xpath)
                throws XMLSignatureException

Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

id - id attribute value of the node to be signed

xpath - expression should uniquly identify a node before which

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       String idAttrName,
                       String id,
                       boolean includeCert)
                throws XMLSignatureException

Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

idAttrName - attribute name for the id attribute of the node to be signed

id - id attribute value of the node to be signed

includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public String signXML(String xmlString,
                      String certAlias,
                      String algorithm,
                      String idAttrName,
                      String id,
                      boolean includeCert)
               throws XMLSignatureException

Sign part of the xml document referered by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.

Specified by:

signXML in interface SignatureProvider

Parameters:

xmlString - a string representing XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

idAttrName - attribute name for the id attribute of the node to be signed.

id - id attribute value of the node to be signed

includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.

Returns:

a string representing signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       String idAttrName,
                       String id,
                       boolean includeCert,
                       String xpath)
                throws XMLSignatureException

Sign part of the xml document referred by the supplied id attribute using enveloped signatures and use exclusive xml canonicalization.

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

idAttrName - attribute name for the id attribute of the node to be signed

id - id attribute value of the node to be signed

includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.

xpath - expression should uniquly identify a node before which

Returns:

a signed dom object

Throws:

XMLSignatureException - if the document could not be signed

signXMLUsingKeyPass

public Element signXMLUsingKeyPass(Document doc,
                                   String certAlias,
                                   String encryptedKeyPass,
                                   String algorithm,
                                   String idAttrName,
                                   String id,
                                   boolean includeCert,
                                   String xpath)
                            throws XMLSignatureException

Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.

Specified by:

signXMLUsingKeyPass in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

encryptedKeyPass - Use the supplied encrypted key password to get the private key

algorithm - XML signature algorithm

idAttrName - attribute name for the id attribute of the node to be signed.

id - id attribute value of the node to be signed

includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.

xpath - expression should uniquely identify a node before which

Returns:

a signed dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public String signXML(String xmlString,
                      String certAlias,
                      String algorithm,
                      String id)
               throws XMLSignatureException

Sign the xml string using enveloped signatures.

Specified by:

signXML in interface SignatureProvider

Parameters:

xmlString - xml string to be signed

certAlias - Signer's certificate alias name

algorithm - XML Signature algorithm

id - id attribute value of the node to be signed

Returns:

XML signature string

Throws:

XMLSignatureException - if the xml string could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       List ids)
                throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public Element signXML(Document doc,
                       String certAlias,
                       String algorithm,
                       String transformAlag,
                       List ids)
                throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signXML in interface SignatureProvider

Parameters:

doc - XML dom object

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

transformAlag - XML siganture transform algorithm Those transfer constants are defined as SAMLConstants.TRANSFORM_XXX.

ids - list of id attribute values of nodes to be signed

Returns:

signature dom object

Throws:

XMLSignatureException - if the document could not be signed

signXML

public String signXML(String xmlString,
                      String certAlias,
                      String algorithm,
                      List ids)
               throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signXML in interface SignatureProvider

Parameters:

xmlString - XML.

certAlias - Signer's certificate alias name

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

XML signature string

Throws:

XMLSignatureException - if the document could not be signed

signWithWSSSAMLTokenProfile

public Element signWithWSSSAMLTokenProfile(Document doc,
                                           Certificate cert,
                                           String assertionID,
                                           String algorithm,
                                           List ids)
                                    throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithWSSSAMLTokenProfile in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

assertionID - assertion ID

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

SAML Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

createDSctx

public static Element createDSctx(Document doc,
                                  String prefix,
                                  String namespace)

signWithWSSSAMLTokenProfile

public Element signWithWSSSAMLTokenProfile(Document doc,
                                           Certificate cert,
                                           String assertionID,
                                           String algorithm,
                                           List ids,
                                           String wsfVersion)
                                    throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithWSSSAMLTokenProfile in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

assertionID - assertion ID

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

wsfVersion - the web services version.

Returns:

SAML Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithWSSX509TokenProfile

public Element signWithWSSX509TokenProfile(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids)
                                    throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithWSSX509TokenProfile in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

X509 Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithWSSX509TokenProfile

public Element signWithWSSX509TokenProfile(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids,
                                           String wsfVersion)
                                    throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithWSSX509TokenProfile in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

wsfVersion - the web services version.

Returns:

X509 Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

verifyXMLSignature

public boolean verifyXMLSignature(Document doc,
                                  String certAlias)
                           throws XMLSignatureException

Verify all the signatures of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

doc - XML dom document whose signature to be verified

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(String wsfVersion,
                                  String certAlias,
                                  Document doc)
                           throws XMLSignatureException

Verify all the signatures of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

wsfVersion - the web services version.

doc - XML dom document whose signature to be verified

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Document doc)
                           throws XMLSignatureException

Verify the signature of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

doc - XML dom document whose signature to be verified

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Element element)
                           throws XMLSignatureException

Verify the signature of the xml element.

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

element - XML dom element whose signature to be verified

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Element element,
                                  String certAlias)
                           throws XMLSignatureException

Verify the signature of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

element - XML Element whose signature to be verified

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Element element,
                                  String idAttrName,
                                  String certAlias)
                           throws XMLSignatureException

Verify the signature of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

element - XML Element whose signature to be verified

idAttrName - Attribute name for the id attribute

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Document doc,
                                  Certificate cert)
                           throws XMLSignatureException

Verify the signature of the xml document

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

doc - XML dom document whose signature to be verified

cert - Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(String xmlString)
                           throws XMLSignatureException

Verify the signature of the xml string

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

xmlString - XML string whose signature to be verified

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(String xmlString,
                                  String certAlias)
                           throws XMLSignatureException

Verify the signature of the xml string

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

xmlString - XML string whose signature to be verified

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(String xmlString,
                                  String idAttrName,
                                  String certAlias)
                           throws XMLSignatureException

Verify the signature of the xml string

Specified by:

verifyXMLSignature in interface SignatureProvider

Parameters:

xmlString - XML string whose signature to be verified

idAttrName - Attribute name for the id attribute

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyXMLSignature

public boolean verifyXMLSignature(Document doc,
                                  String idAttrName,
                                  String certAlias)
                           throws XMLSignatureException

Verify the signature of a DOM Document

Parameters:

doc - a DOM Document

idAttrName - Attribute name for the id attribute

certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo

Returns:

true if the xml signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

getKeyProvider

public KeyProvider getKeyProvider()

Get the real key provider

Specified by:

getKeyProvider in interface SignatureProvider

Returns:

KeyProvider

getX509PublicKey

protected PublicKey getX509PublicKey(Document doc,
                                     org.apache.xml.security.keys.KeyInfo keyinfo)

Get the X509Certificate embedded in the KeyInfo

Parameters:

keyinfo - KeyInfo

Returns:

a X509Certificate

getPublicKeybyDSARSAkeyValue

protected PublicKey getPublicKeybyDSARSAkeyValue(Document doc,
                                                 Element reference)
                                          throws XMLSignatureException

Throws:

XMLSignatureException

getCertificate

protected X509Certificate getCertificate(String certString,
                                         String format)

Get the X509Certificate from encoded cert string

Parameters:

certString - BASE64 or PKCS7 encoded certtificate string

format - encoded format

Returns:

a X509Certificate

getPublicKey

protected PublicKey getPublicKey(X509Certificate cert)

Returns the public key from the certificate embedded in the KeyInfo.

Parameters:

cert - X509 Certificate

Returns:

a public key from the certificate embedded in the KeyInfo.

isValidAlgorithm

protected boolean isValidAlgorithm(String algorithm)

signWithSAMLToken

public Element signWithSAMLToken(Document doc,
                                 Certificate cert,
                                 String assertionID,
                                 String algorithm,
                                 List ids)
                          throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithSAMLToken in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

assertionID - assertion ID

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

SAML Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithSAMLToken

public Element signWithSAMLToken(Document doc,
                                 Key key,
                                 boolean symmetricKey,
                                 Certificate sigingCert,
                                 Certificate encryptCert,
                                 String assertionID,
                                 String algorithm,
                                 List ids)
                          throws XMLSignatureException

Sign part of the XML document referred by the supplied a list of id attributes of nodes using SAML Token.

Specified by:

signWithSAMLToken in interface SignatureProvider

Parameters:

doc - XML dom object

key - the key that will be used to sign the document.

symmetricKey - true if the supplied key is a symmetric key type.

sigingCert - signer's Certificate. If present, this certificate will be added as part of signature KeyInfo.

encryptCert - the certificate if present will be used to encrypt the symmetric key and replay it as part of KeyInfo

assertionID - assertion ID for the SAML Security Token

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

SAML Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithKerberosToken

public Element signWithKerberosToken(Document doc,
                                     Key key,
                                     String algorithm,
                                     List ids)
                              throws XMLSignatureException

Description copied from interface: SignatureProvider

Sign part of the XML document wth kerberos security token using referred by the supplied a list of id attributes of nodes.

Specified by:

signWithKerberosToken in interface SignatureProvider

Parameters:

doc - the XML DOM document.

key - Security Key.

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

Kerberos Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithUserNameToken

public Element signWithUserNameToken(Document doc,
                                     Certificate cert,
                                     String algorithm,
                                     List ids)
                              throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithUserNameToken in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

Returns:

X509 Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

signWithBinarySecurityToken

public Element signWithBinarySecurityToken(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids,
                                           String referenceType)
                                    throws XMLSignatureException

Sign part of the xml document referered by the supplied a list of id attributes of nodes

Specified by:

signWithBinarySecurityToken in interface SignatureProvider

Parameters:

doc - XML dom object

cert - Signer's certificate

algorithm - XML signature algorithm

ids - list of id attribute values of nodes to be signed

referenceType - signed element reference type

Returns:

X509 Security Token signature

Throws:

XMLSignatureException - if the document could not be signed

verifyWSSSignature

public boolean verifyWSSSignature(Document document,
                                  String certAlias)
                           throws XMLSignatureException

Verify all the signatures of the XML document for the web services security.

Specified by:

verifyWSSSignature in interface SignatureProvider

Parameters:

document - XML dom document whose signature to be verified

certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.

Returns:

true if the XML signature is verified, false otherwise

Throws:

XMLSignatureException - if problem occurs during verification

verifyWSSSignature

public boolean verifyWSSSignature(Document document,
                                  Key key)
                           throws XMLSignatureException

Verify web services message signature using specified key

Specified by:

verifyWSSSignature in interface SignatureProvider

Parameters:

document - the document to be validated

key - the secret key to be used for validating signature

Returns:

true if verification is successful.

Throws:

XMLSignatureException

verifyWSSSignature

public boolean verifyWSSSignature(Document document,
                                  Key key,
                                  String certAlias,
                                  String encryptAlias)
                           throws XMLSignatureException

Verify web services message signature using specified key

Specified by:

verifyWSSSignature in interface SignatureProvider

Parameters:

document - the document to be validated

key - the secret key to be used for validating signature

certAlias - the certificate alias used for validating the signature if the key is not available.

encryptAlias - the certificate alias that may be used to decrypt the symmetric key that may be part of KeyInfo

Returns:

true if verification is successful.

Throws:

XMLSignatureException

getAlgorithmURI

protected String getAlgorithmURI(String algorithm)

Return algorithm URI for the given algorithm.