Package org.apache.wss4j.dom.message
Class WSSecSignature
- java.lang.Object
-
- org.apache.wss4j.dom.message.WSSecBase
-
- org.apache.wss4j.dom.message.WSSecSignatureBase
-
- org.apache.wss4j.dom.message.WSSecSignature
-
- Direct Known Subclasses:
WSSecSignatureSAML
public class WSSecSignature extends WSSecSignatureBase
Creates a Signature according to WS Specification, X509 profile. This class is a re-factored implementation of the previous WSS4J classWSSignEnvelope
. This new class allows better control of the process to create a Signature and to add it to the Security header. The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.
-
-
Field Summary
Fields Modifier and Type Field Description protected Element
bstToken
protected CanonicalizationMethod
c14nMethod
protected String
certUri
protected KeyInfo
keyInfo
protected String
keyInfoUri
protected byte[]
secretKey
protected XMLSignature
sig
protected XMLSignatureFactory
signatureFactory
protected byte[]
signatureValue
protected String
strUri
-
Fields inherited from class org.apache.wss4j.dom.message.WSSecBase
addWSUNamespace, attachmentCallbackHandler, callbackLookup, expandXopInclude, keyIdentifierType, password, storeBytesInAttachment, user
-
-
Constructor Summary
Constructors Constructor Description WSSecSignature(WSSecHeader securityHeader)
WSSecSignature(Document doc)
WSSecSignature(Document doc, Provider provider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<Reference>
addReferencesToSign(List<WSEncryptionPart> references)
This method adds references to the Signature.void
appendBSTElementToHeader()
Append the BinarySecurityToken to the security header.Document
build(Crypto cr)
Builds a signed soap envelope.void
computeSignature(List<Reference> referenceList)
Compute the Signature over the references.void
computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement)
Compute the Signature over the references.Element
getBinarySecurityTokenElement()
Returns the BST Token element.String
getBSTTokenId()
Get the id of the BST generated duringprepare()
.Element
getCustomKeyInfoElement()
String
getCustomTokenId()
String
getDigestAlgo()
String
getId()
Get the id generated duringprepare()
.String
getKeyInfoUri()
SecurityTokenReference
getSecurityTokenReference()
Get the SecurityTokenReference to be used in the KeyInfo element.String
getSecurityTokenReferenceURI()
String
getSigCanonicalization()
Get the canonicalization method.String
getSignatureAlgorithm()
Get the name (uri) of the signature algorithm that is being used.Element
getSignatureElement()
Returns the SignatureElement.Provider
getSignatureProvider()
byte[]
getSignatureValue()
Returns the computed Signature value.boolean
isAddInclusivePrefixes()
boolean
isIncludeSignatureToken()
boolean
isUseSingleCertificate()
Get the single cert flag.protected void
marshalKeyInfo(WSDocInfo wsDocInfo)
void
prepare(Crypto cr)
Initialize a WSSec Signature.void
prependBSTElementToHeader()
Prepend the BinarySecurityToken to the elements already in the Security header.void
setAddInclusivePrefixes(boolean addInclusivePrefixes)
void
setCustomKeyInfoElement(Element keyInfoElement)
void
setCustomTokenId(String customTokenId)
Set the custom token idvoid
setCustomTokenValueType(String customTokenValueType)
Set the custom token value type to usevoid
setDigestAlgo(String digestAlgo)
Set the string that defines which digest algorithm to use.void
setEncrKeySha1value(String encrKeySha1value)
Set the encrypted key sha1 valuevoid
setIncludeSignatureToken(boolean includeSignatureToken)
void
setSecretKey(byte[] secretKey)
Set the secret key to usevoid
setSecurityTokenReference(SecurityTokenReference secRef)
Set the SecurityTokenReference to be used in the KeyInfo element.void
setSigCanonicalization(String algo)
Set the canonicalization method to use.void
setSignatureAlgorithm(String algo)
Set the name (uri) of the signature encryption algorithm to use.void
setSignatureProvider(Provider signatureProvider)
void
setUseSingleCertificate(boolean useSingleCert)
Set the single cert flag.void
setX509Certificate(X509Certificate cer)
Set the X509 Certificate to use-
Methods inherited from class org.apache.wss4j.dom.message.WSSecSignatureBase
addReferencesToSign, cleanup, createSTRParameter, getInclusivePrefixes, getInclusivePrefixes
-
Methods inherited from class org.apache.wss4j.dom.message.WSSecBase
clean, getDocument, getIdAllocator, getKeyIdentifierType, getParts, getSecurityHeader, getWsDocInfo, isExpandXopInclude, setAttachmentCallbackHandler, setBodyID, setCallbackLookup, setExpandXopInclude, setIdAllocator, setKeyIdentifierType, setStoreBytesInAttachment, setUserInfo, setWsDocInfo, setWsuId
-
-
-
-
Field Detail
-
signatureFactory
protected XMLSignatureFactory signatureFactory
-
keyInfo
protected KeyInfo keyInfo
-
c14nMethod
protected CanonicalizationMethod c14nMethod
-
sig
protected XMLSignature sig
-
secretKey
protected byte[] secretKey
-
strUri
protected String strUri
-
bstToken
protected Element bstToken
-
keyInfoUri
protected String keyInfoUri
-
certUri
protected String certUri
-
signatureValue
protected byte[] signatureValue
-
-
Constructor Detail
-
WSSecSignature
public WSSecSignature(WSSecHeader securityHeader)
-
WSSecSignature
public WSSecSignature(Document doc)
-
-
Method Detail
-
prepare
public void prepare(Crypto cr) throws WSSecurityException
Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed. This method does not add the Signature element to the security header. SeeprependSignatureElementToHeader()
method.- Parameters:
cr
- An instance of the Crypto API to handle keystore and certificates- Throws:
WSSecurityException
-
marshalKeyInfo
protected void marshalKeyInfo(WSDocInfo wsDocInfo) throws WSSecurityException
- Throws:
WSSecurityException
-
build
public Document build(Crypto cr) throws WSSecurityException
Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature.- Parameters:
cr
- An instance of the Crypto API to handle keystore and certificates- Returns:
- A signed SOAP envelope as
Document
- Throws:
WSSecurityException
-
addReferencesToSign
public List<Reference> addReferencesToSign(List<WSEncryptionPart> references) throws WSSecurityException
This method adds references to the Signature.- Parameters:
references
- The list of references to sign- Throws:
WSSecurityException
-
getSignatureElement
public Element getSignatureElement()
Returns the SignatureElement. The method can be called any time afterprepare()
.- Returns:
- The DOM Element of the signature.
-
prependBSTElementToHeader
public void prependBSTElementToHeader()
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.
-
appendBSTElementToHeader
public void appendBSTElementToHeader()
Append the BinarySecurityToken to the security header.
-
computeSignature
public void computeSignature(List<Reference> referenceList) throws WSSecurityException
Compute the Signature over the references. The signature element will be prepended to the security header. This method can be called any time after the references were set. SeeaddReferencesToSign()
.- Parameters:
referenceList
- The list of references to sign- Throws:
WSSecurityException
-
computeSignature
public void computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement) throws WSSecurityException
Compute the Signature over the references. This method can be called any time after the references were set. SeeaddReferencesToSign()
.- Parameters:
referenceList
- The list of references to signprepend
- Whether to prepend the signature element to the security headersiblingElement
- If prepending, then prepend before this sibling Element- Throws:
WSSecurityException
-
setUseSingleCertificate
public void setUseSingleCertificate(boolean useSingleCert)
Set the single cert flag.- Parameters:
useSingleCert
-
-
isUseSingleCertificate
public boolean isUseSingleCertificate()
Get the single cert flag.- Returns:
- A boolean if single certificate is set.
-
setSignatureAlgorithm
public void setSignatureAlgorithm(String algo)
Set the name (uri) of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is performed during theprepare()
method. Refer to WSConstants which algorithms are supported.- Parameters:
algo
- the name of the signature algorithm- See Also:
WSS4JConstants.RSA
,WSS4JConstants.DSA
-
getSignatureAlgorithm
public String getSignatureAlgorithm()
Get the name (uri) of the signature algorithm that is being used. Call this method afterprepare
to get the information which signature algorithm was automatically detected if no signature algorithm was preset.- Returns:
- the identifier URI of the signature algorithm
-
setSigCanonicalization
public void setSigCanonicalization(String algo)
Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default. Refer to WSConstants which algorithms are supported.- Parameters:
algo
- Is the name of the signature algorithm- See Also:
WSS4JConstants.C14N_OMIT_COMMENTS
,WSS4JConstants.C14N_WITH_COMMENTS
,WSS4JConstants.C14N_EXCL_OMIT_COMMENTS
,WSS4JConstants.C14N_EXCL_WITH_COMMENTS
-
getSigCanonicalization
public String getSigCanonicalization()
Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.- Returns:
- The string describing the canonicalization algorithm.
-
getDigestAlgo
public String getDigestAlgo()
- Returns:
- the digest algorithm to use
-
setDigestAlgo
public void setDigestAlgo(String digestAlgo)
Set the string that defines which digest algorithm to use. The default is WSConstants.SHA1.- Parameters:
digestAlgo
- the digestAlgo to set
-
getSignatureValue
public byte[] getSignatureValue()
Returns the computed Signature value. Call this method aftercomputeSignature()
orbuild()
methods were called.- Returns:
- Returns the signatureValue.
-
getId
public String getId()
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the Signature element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
getBSTTokenId
public String getBSTTokenId()
Get the id of the BST generated duringprepare()
.- Returns:
- Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
-
setSecretKey
public void setSecretKey(byte[] secretKey)
Set the secret key to use- Parameters:
secretKey
- the secret key to use
-
setCustomTokenValueType
public void setCustomTokenValueType(String customTokenValueType)
Set the custom token value type to use- Parameters:
customTokenValueType
- the custom token value type to use
-
setCustomTokenId
public void setCustomTokenId(String customTokenId)
Set the custom token id- Parameters:
customTokenId
- the custom token id
-
getCustomTokenId
public String getCustomTokenId()
-
setEncrKeySha1value
public void setEncrKeySha1value(String encrKeySha1value)
Set the encrypted key sha1 value- Parameters:
encrKeySha1value
- the encrypted key sha1 value
-
setX509Certificate
public void setX509Certificate(X509Certificate cer)
Set the X509 Certificate to use- Parameters:
cer
- the X509 Certificate to use
-
getBinarySecurityTokenElement
public Element getBinarySecurityTokenElement()
Returns the BST Token element. The method can be called any time afterprepare()
.- Returns:
- the BST Token element
-
getSecurityTokenReferenceURI
public String getSecurityTokenReferenceURI()
- Returns:
- the URI associated with the SecurityTokenReference
(must be called after
#prepare(Document, Crypto)
-
getSecurityTokenReference
public SecurityTokenReference getSecurityTokenReference()
Get the SecurityTokenReference to be used in the KeyInfo element.
-
setSecurityTokenReference
public void setSecurityTokenReference(SecurityTokenReference secRef)
Set the SecurityTokenReference to be used in the KeyInfo element. If this method is not called, a SecurityTokenRefence will be generated.
-
isIncludeSignatureToken
public boolean isIncludeSignatureToken()
-
setIncludeSignatureToken
public void setIncludeSignatureToken(boolean includeSignatureToken)
-
isAddInclusivePrefixes
public boolean isAddInclusivePrefixes()
-
setAddInclusivePrefixes
public void setAddInclusivePrefixes(boolean addInclusivePrefixes)
-
setCustomKeyInfoElement
public void setCustomKeyInfoElement(Element keyInfoElement)
-
getCustomKeyInfoElement
public Element getCustomKeyInfoElement()
-
getSignatureProvider
public Provider getSignatureProvider()
-
setSignatureProvider
public void setSignatureProvider(Provider signatureProvider)
-
getKeyInfoUri
public String getKeyInfoUri()
-
-