Package com.sun.identity.saml.xmlsig

Class XMLSignatureManager

  • public class XMLSignatureManager
extends Object
    The class XMLSignatureManager provides methods to sign and verify XML signature.

    • Constructor Detail

      • XMLSignatureManager

        protected XMLSignatureManager()
        Constructor

    • Method Detail

      • getInstance

        public static XMLSignatureManager getInstance()
        Gets the singleton instance of XMLSignatureManager with default KeyProvider and SignatureProvider.
        Returns:
        XMLSignatureManager

      • getInstance

        public static XMLSignatureManager getInstance​(KeyProvider keyProvider,
                                              SignatureProvider sigProvider)
        Get an instance of XMLSignatureManager with specified KeyProvider and SignatureProvider.
        Parameters:
        keyProvider - KeyProvider
        sigProvider - SignatureProvider.
        Returns:
        XMLSignatureManager.

      • getSignatureProvider

        public SignatureProvider getSignatureProvider()
        Returns the SignatureProvider
        Returns:
        SignatureKeyProvider instance

      • signXML

        public Element signXML​(Document doc,
                       String certAlias)
                throws XMLSignatureException
        Sign the XML document using enveloped signatures.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm)
                throws XMLSignatureException
        Sign the XML document using enveloped signatures.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - signature algorithm
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public String signXML​(String XML,
                      String certAlias)
               throws XMLSignatureException
        Sign the XML string using enveloped signatures.
        Parameters:
        XML - XML string to be signed
        certAlias - Signer's certificate alias name
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the XML string could not be signed

      • signXML

        public String signXML​(String XML,
                      String certAlias,
                      String algorithm)
               throws XMLSignatureException
        Sign the XML string using enveloped signatures.
        Parameters:
        XML - XML string to be signed
        certAlias - Signer's certificate alias name
        algorithm - signature algorithm
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the XML string could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       String id)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        id - attribute value of the node to be signed
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       String id,
                       String xpath)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        id - id attribute value of the node to be signed
        xpath - expression should uniquely identify a node before which
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       String idAttrName,
                       String id,
                       boolean includeCert)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public String signXML​(String xmlString,
                      String certAlias,
                      String algorithm,
                      String idAttrName,
                      String id,
                      boolean includeCert)
               throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        xmlString - a string representing XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        Returns:
        a string of signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       String idAttrName,
                       String id,
                       boolean includeCert,
                       String xpath)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        xpath - expression should uniquely identify a node before which
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXMLUsingKeyPass

        public Element signXMLUsingKeyPass​(Document doc,
                                   String certAlias,
                                   String encryptedKeyPass,
                                   String algorithm,
                                   String idAttrName,
                                   String id,
                                   boolean includeCert,
                                   String xpath)
                            throws XMLSignatureException
        Sign part of the XML document referred by the supplied id attribute using enveloped signatures and use exclusive XML canonicalization.
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        encryptedKeyPass - Use the supplied encrypted key password to get the private key
        algorithm - XML signature algorithm
        idAttrName - attribute name for the id attribute of the node to be signed.
        id - id attribute value of the node to be signed
        includeCert - if true, include the signing certificate in KeyInfo. if false, does not include the signing certificate.
        xpath - expression should uniquely identify a node before which
        Returns:
        a signed dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public String signXML​(String xmlString,
                      String certAlias,
                      String algorithm,
                      String id)
               throws XMLSignatureException
        Sign the XML string using enveloped signatures.
        Parameters:
        xmlString - XML string to be signed
        certAlias - Signer's certificate alias name
        algorithm - XML Signature algorithm
        id - id attribute value of the node to be signed
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the XML string could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       List ids)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        signature dom object
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public String signXML​(String xmlString,
                      String certAlias,
                      String algorithm,
                      List ids)
               throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        xmlString - XML dom object's string format
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        XML signature string
        Throws:
        XMLSignatureException - if the document could not be signed

      • signXML

        public Element signXML​(Document doc,
                       String certAlias,
                       String algorithm,
                       String transformAlag,
                       List ids)
                throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        certAlias - Signer's certificate alias name
        algorithm - XML signature algorithm
        transformAlag - XML signature transform algorithm Those transfer constants are defined as SAMLConstants.TRANSFORM_XXX.
        ids - list of id attribute values of nodes to be signed
        Returns:
        XML signature element
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSSAMLTokenProfile

        public Element signWithWSSSAMLTokenProfile​(Document doc,
                                           Certificate cert,
                                           String assertionID,
                                           String algorithm,
                                           List ids)
                                    throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSSAMLTokenProfile

        public Element signWithWSSSAMLTokenProfile​(Document doc,
                                           Certificate cert,
                                           String assertionID,
                                           String algorithm,
                                           List ids,
                                           String wsfVersion)
                                    throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        wsfVersion - the web services framework that should be used. For WSF1.1, the version must be "1.1" and for WSF1.0, it must be "1.0"
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithSAMLToken

        public Element signWithSAMLToken​(Document doc,
                                 Certificate cert,
                                 String assertionID,
                                 String algorithm,
                                 List ids)
                          throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - signer's Certificate
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithSAMLToken

        public Element signWithSAMLToken​(Document doc,
                                 Key key,
                                 boolean symmetricKey,
                                 Certificate signingCert,
                                 Certificate encryptCert,
                                 String assertionID,
                                 String algorithm,
                                 List ids)
                          throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes using SAML Token.
        Parameters:
        doc - XML dom object
        key - the key that will be used to sign the document.
        symmetricKey - true if the supplied key is a symmetric key type.
        signingCert - signer's Certificate. If present, this certificate will be added as part of signature KeyInfo.
        encryptCert - the certificate if present will be used to encrypt the symmetric key and replay it as part of KeyInfo
        assertionID - assertion ID for the SAML Security Token
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        SAML Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithBinarySecurityToken

        public Element signWithBinarySecurityToken​(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids,
                                           String refenceType)
                                    throws XMLSignatureException
        Sign part of the XML document wth binary security token using referred by the supplied a list of id attributes of nodes.
        Parameters:
        doc - the XML DOM document.
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        refenceType - signed element reference type
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithUserNameToken

        public Element signWithUserNameToken​(Document doc,
                                     Certificate cert,
                                     String algorithm,
                                     List ids)
                              throws XMLSignatureException
        Sign part of the XML document wth UserName security token using referred by the supplied a list of id attributes of nodes.
        Parameters:
        doc - the XML DOM document.
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSX509TokenProfile

        public Element signWithWSSX509TokenProfile​(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids)
                                    throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • signWithWSSX509TokenProfile

        public Element signWithWSSX509TokenProfile​(Document doc,
                                           Certificate cert,
                                           String algorithm,
                                           List ids,
                                           String wsfVersion)
                                    throws XMLSignatureException
        Sign part of the XML document referred by the supplied a list of id attributes of nodes
        Parameters:
        doc - XML dom object
        cert - Signer's certificate
        algorithm - XML signature algorithm
        ids - list of id attribute values of nodes to be signed
        wsfVersion - the web services framework that should be used. For WSF1.1, it should be "1.1" and for WSF1.0, it should be "1.0"
        Returns:
        X509 Security Token signature
        Throws:
        XMLSignatureException - if the document could not be signed

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Document document)
                           throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Document document,
                                  String certAlias)
                           throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Document document,
                                  Certificate cert)
                           throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        document - XML dom document whose signature to be verified
        cert - Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Element element)
                           throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Element element,
                                  String certAlias)
                           throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(Element element,
                                  String idAttrName,
                                  String certAlias)
                           throws XMLSignatureException
        Verify the signature of the XML document
        Parameters:
        element - XML dom document whose signature to be verified
        idAttrName - Attribute name for the id attribute
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(String XML)
                           throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        XML - XML string whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(String XML,
                                  String certAlias)
                           throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        XML - XML string whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo/
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyXMLSignature

        public boolean verifyXMLSignature​(String xmlString,
                                  String idAttrName,
                                  String certAlias)
                           throws XMLSignatureException
        Verify the signature of the XML string
        Parameters:
        xmlString - XML string whose signature to be verified
        idAttrName - Attribute name for the id attribute
        certAlias - certAlias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise.
        Throws:
        XMLSignatureException - if problem occurs during verification.

      • verifyXMLSignature

        public boolean verifyXMLSignature​(String wsfVersion,
                                  String certAlias,
                                  Document document)
                           throws XMLSignatureException
        Verify all the signatures of the XML document
        Parameters:
        wsfVersion - the web services version that should be used.
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        document - XML dom document whose signature to be verified
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification.

      • verifyWSSSignature

        public boolean verifyWSSSignature​(Document document,
                                  String certAlias)
                           throws XMLSignatureException
        Verify all the signatures of the XML document for the web services security.
        Parameters:
        document - XML dom document whose signature to be verified
        certAlias - alias for Signer's certificate, this is used to search signer's public certificate if it is not presented in ds:KeyInfo.
        Returns:
        true if the XML signature is verified, false otherwise
        Throws:
        XMLSignatureException - if problem occurs during verification

      • verifyWSSSignature

        public boolean verifyWSSSignature​(Document document,
                                  Key key)
                           throws XMLSignatureException
        Verify web services message signature using specified key
        Parameters:
        document - the document to be validated
        key - the secret key to be used for validating signature
        Returns:
        true if verification is successful.
        Throws:
        XMLSignatureException

      • verifyWSSSignature

        public boolean verifyWSSSignature​(Document document,
                                  Key key,
                                  String certAlias,
                                  String encryptAlias)
                           throws XMLSignatureException
        Verify web services message signature using specified key
        Parameters:
        document - the document to be validated
        key - the secret key to be used for validating signature
        certAlias - the certificate alias used for validating the signature if the key is not available.
        encryptAlias - the certificate alias that may be used to decrypt the symmetric key that may be part of KeyInfo
        Returns:
        true if verification is successful.
        Throws:
        XMLSignatureException

      • getKeyProvider

        public KeyProvider getKeyProvider()
        Get KeyProvider
        Returns:
        KeyProvider