Package com.sun.identity.saml.xmlsig

Interface SignatureProvider

    • Method Detail

      • initialize

        void initialize​(KeyProvider keyProvider)
        Initialize the key provider
        Parameters:
        keyProvider - KeyProvider object

      • signXML

        Element signXML​(Document doc,
                String certAlias)
         throws XMLSignatureException
        Sign the XML document using enveloped signatures.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        Returns:
        signature Element object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm)
         throws XMLSignatureException
        Sign the XML document using enveloped signatures.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML Signature Algorithm, such as SAMLConstants.ALGO_ID_SIGNATURE_DSA
        Returns:
        signature Element object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        String signXML​(String xmlString,
               String certAlias)
        throws XMLSignatureException
        Sign the XML string using enveloped signatures.
        Parameters:
        xmlString - XML string to be signed
        certAlias - Signer's certificate alias name
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the XML string could not be signed

      • signXML

        String signXML​(String xmlString,
               String certAlias,
               String algorithm)
        throws XMLSignatureException
        Sign the XML string using enveloped signatures.
        Parameters:
        xmlString - XML string to be signed
        certAlias - Signer's certificate alias name
        algorithm - XML Signature Algorithm, such as SAMLConstants.ALGO_ID_SIGNATURE_DSA
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the XML string could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                String id)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        id - attribute value of the node to be signed
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                String id,
                String xpath)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        id - id attribute value of the node to be signed
        xpath - expression should uniquely identify a node before which
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                String idAttrName,
                String id,
                boolean includeCert)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        String signXML​(String xmlString,
               String certAlias,
               String algorithm,
               String idAttrName,
               String id,
               boolean includeCert)
        throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        xmlString - a string representing XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        Returns:
        a string of signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                String idAttrName,
                String id,
                boolean includeCert,
                String xpath)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        xpath - expression should uniquely identify a node before which
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXMLUsingKeyPass

        Element signXMLUsingKeyPass​(Document doc,
                            String certAlias,
                            String encryptedKeyPass,
                            String algorithm,
                            String idAttrName,
                            String id,
                            boolean includeCert,
                            String xpath)
                     throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        encryptedKeyPass - Use the supplied encrypted key password to get the private key
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        xpath - expression should uniquely identify a node before which
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        String signXML​(String xmlString,
               String certAlias,
               String algorithm,
               String id)
        throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        xmlString - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        id - id attribute value of the node to be signed
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                List ids)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        String signXML​(String xmlString,
               String certAlias,
               String algorithm,
               List ids)
        throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        xmlString - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        Element signXML​(Document doc,
                String certAlias,
                String algorithm,
                String transformAlag,
                List ids)
         throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        transformAlag - XML signature transform algorithm Those transfer constants are defined as SAMLConstants.TRANSFORM_XXX.
        ids - list of id attribute values of nodes to be signed
        Returns:
        XML signature element
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSSAMLTokenProfile

        Element signWithWSSSAMLTokenProfile​(Document doc,
                                    Certificate cert,
                                    String assertionID,
                                    String algorithm,
                                    List ids)
                             throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSSAMLTokenProfile

        Element signWithWSSSAMLTokenProfile​(Document doc,
                                    Certificate cert,
                                    String assertionID,
                                    String algorithm,
                                    List ids,
                                    String wsfVersion)
                             throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        wsfVersion - the web services framework that should be used. For WSF1.1, the version must be "1.1" and for WSF1.0, it must be "1.0"
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithSAMLToken

        Element signWithSAMLToken​(Document doc,
                          Certificate cert,
                          String assertionID,
                          String algorithm,
                          List ids)
                   throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithSAMLToken

        Element signWithSAMLToken​(Document doc,
                          Key key,
                          boolean symmetricKey,
                          Certificate signingCert,
                          Certificate encryptCert,
                          String assertionID,
                          String algorithm,
                          List ids)
                   throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes using SAML Token.
        Parameters:
        doc - XML dom object
        key - the key that will be used to sign the document.
        symmetricKey - true if the supplied key is a symmetric key type.
        signingCert - signer's Certificate. If present, this certificate will be added as part of signature KeyInfo.
        encryptCert - the certificate if present will be used to encrypt the symmetric key and replay it as part of KeyInfo
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithBinarySecurityToken

        Element signWithBinarySecurityToken​(Document doc,
                                    Certificate cert,
                                    String algorithm,
                                    List ids,
                                    String refenceType)
                             throws XMLSignatureException
        Sign part of the XML document wth binary security token using referred by the supplied a list of id attributes of nodes.
        Parameters:
        doc - the XML DOM document.
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        refenceType - signed element reference type
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithKerberosToken

        Element signWithKerberosToken​(Document doc,
                              Key key,
                              String algorithm,
                              List ids)
                       throws XMLSignatureException
        Sign part of the XML document wth kerberos security token using referred by the supplied a list of id attributes of nodes.
        Parameters:
        doc - the XML DOM document.
        key - Security Key.
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        Kerberos Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithUserNameToken

        Element signWithUserNameToken​(Document doc,
                              Certificate cert,
                              String algorithm,
                              List ids)
                       throws XMLSignatureException
        Sign part of the XML document wth UserName security token using referred by the supplied a list of id attributes of nodes.
        Parameters:
        doc - the XML DOM document.
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSX509TokenProfile

        Element signWithWSSX509TokenProfile​(Document doc,
                                    Certificate cert,
                                    String algorithm,
                                    List ids)
                             throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSX509TokenProfile

        Element signWithWSSX509TokenProfile​(Document doc,
                                    Certificate cert,
                                    String algorithm,
                                    List ids,
                                    String wsfVersion)
                             throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        wsfVersion - the web services framework that should be used. For WSF1.1, it should be "1.1" and for WSF1.0, it should be "1.0"
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • verifyXMLSignature

        boolean verifyXMLSignature​(Document document)
                    throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(Document document,
                           String certAlias)
                    throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(Document document,
                           Certificate cert)
                    throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        cert - Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(Element element)
                    throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(Element element,
                           String certAlias)
                    throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        certAlias - certAlias Signer's certificate alias name
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(Element element,
                           String idAttrName,
                           String certAlias)
                    throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        idAttrName - Attribute name for the id attribute
        certAlias - certAlias Signer's certificate alias name
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(String xmlString)
                    throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        xmlString - XML string whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(String xmlString,
                           String certAlias)
                    throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        xmlString - XML string whose signature to be verified
        certAlias - certAlias signer's certificate alias name
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(String xmlString,
                           String idAttrName,
                           String certAlias)
                    throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        xmlString - XML string whose signature to be verified
        idAttrName - Attribute name for the id attribute
        certAlias - certAlias alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        boolean verifyXMLSignature​(String wsfVersion,
                           String certAlias,
                           Document document)
                    throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        wsfVersion - the web services framework that should be used. For WSF1.1, it should be "1.1" and for WSF1.0, it should be "1.0"
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        document - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyWSSSignature

        boolean verifyWSSSignature​(Document document,
                           String certAlias)
                    throws XMLSignatureException
        Verify all the signatures of the XML document for the web services security.
        Parameters:
        document - XML dom document whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyWSSSignature

        boolean verifyWSSSignature​(Document document,
                           Key key)
                    throws XMLSignatureException
        Verify web services message signature using specified key
        Parameters:
        document - the document to be validated
        key - the secret key to be used for validating signature
        Returns:
        true if verification is successful.
        Throws:
        XMLSignatureException

      • verifyWSSSignature

        boolean verifyWSSSignature​(Document document,
                           Key key,
                           String certAlias,
                           String encryptAlias)
                    throws XMLSignatureException
        Verify web services message signature using specified key
        Parameters:
        document - the document to be validated
        key - the secret key to be used for validating signature
        certAlias - the certificate alias used for validating the signature if the key is not available.
        encryptAlias - the certificate alias that may be used to decrypt the symmetric key that may be part of KeyInfo
        Returns:
        true if verification is successful.
        Throws:
        XMLSignatureException

      • getKeyProvider

        KeyProvider getKeyProvider()
        Returns the real key provider.
        Returns:
        the real key provider.