org.apache.ws.security.message

Class WSSecSignature

java.lang.Object

org.apache.ws.security.message.WSSecBase

org.apache.ws.security.message.WSSecSignatureBase

org.apache.ws.security.message.WSSecSignature

Direct Known Subclasses:

WSSecSignatureSAML

public class WSSecSignature
extends WSSecSignatureBase

Creates a Signature according to WS Specification, X509 profile. This class is a re-factored implementation of the previous WSS4J class WSSignEnvelope. This new class allows better control of the process to create a Signature and to add it to the Security header. The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.

Author:

Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)

Field Summary

Fields

Modifier and Type	Field and Description
protected BinarySecurity	bstToken
protected CanonicalizationMethod	c14nMethod
protected String	canonAlgo
protected String	certUri
protected String	customTokenId
protected String	customTokenValueType
protected Document	document
protected KeyInfo	keyInfo
protected KeyInfoFactory	keyInfoFactory
protected String	keyInfoUri
protected SecurityTokenReference	secRef
protected byte[]	secretKey
protected XMLSignature	sig
protected String	sigAlgo
protected XMLSignatureFactory	signatureFactory
protected byte[]	signatureValue
protected String	strUri
protected boolean	useSingleCert
protected WSDocInfo	wsDocInfo

Fields inherited from class org.apache.ws.security.message.WSSecBase

callbackLookup, doDebug, keyIdentifierType, parts, password, user

Constructor Summary

Constructors

Constructor and Description
WSSecSignature()
WSSecSignature(WSSConfig config)

Method Summary

Methods

Modifier and Type	Method and Description
List<Reference>	addReferencesToSign(List<WSEncryptionPart> references, WSSecHeader secHeader) This method adds references to the Signature.
void	appendBSTElementToHeader(WSSecHeader secHeader) Append the BinarySecurityToken to the security header.
Document	build(Document doc, Crypto cr, WSSecHeader secHeader) Builds a signed soap envelope.
void	computeSignature(List<Reference> referenceList) Compute the Signature over the references.
void	computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement) Compute the Signature over the references.
Element	getBinarySecurityTokenElement() Returns the BST Token element.
String	getBSTTokenId() Get the id of the BST generated during prepare().
String	getDigestAlgo()
String	getId() Get the id generated during prepare().
SecurityTokenReference	getSecurityTokenReference() Get the SecurityTokenReference to be used in the KeyInfo element.
String	getSecurityTokenReferenceURI()
String	getSigCanonicalization() Get the canonicalization method.
String	getSignatureAlgorithm() Get the name (uri) of the signature algorithm that is being used.
Element	getSignatureElement() Returns the SignatureElement.
byte[]	getSignatureValue() Returns the computed Signature value.
boolean	isUseSingleCertificate() Get the single cert flag.
void	prepare(Document doc, Crypto cr, WSSecHeader secHeader) Initialize a WSSec Signature.
void	prependBSTElementToHeader(WSSecHeader secHeader) Prepend the BinarySecurityToken to the elements already in the Security header.
void	setCustomTokenId(String customTokenId) Set the custom token id
void	setCustomTokenValueType(String customTokenValueType) Set the custom token value type to use
void	setDigestAlgo(String digestAlgo) Set the string that defines which digest algorithm to use.
void	setEncrKeySha1value(String encrKeySha1value) Set the encrypted key sha1 value
void	setSecretKey(byte[] secretKey) Set the secret key to use
void	setSecurityTokenReference(SecurityTokenReference secRef) Set the SecurityTokenReference to be used in the KeyInfo element.
void	setSigCanonicalization(String algo) Set the canonicalization method to use.
void	setSignatureAlgorithm(String algo) Set the name (uri) of the signature encryption algorithm to use.
void	setUseSingleCertificate(boolean useSingleCert) Set the single cert flag.
void	setX509Certificate(X509Certificate cer) Set the X509 Certificate to use

Methods inherited from class org.apache.ws.security.message.WSSecSignatureBase

addReferencesToSign, createSTRParameter, getInclusivePrefixes, getInclusivePrefixes

Methods inherited from class org.apache.ws.security.message.WSSecBase

getKeyIdentifierType, getWsConfig, setBodyID, setCallbackLookup, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

useSingleCert

protected boolean useSingleCert

sigAlgo

protected String sigAlgo

canonAlgo

protected String canonAlgo

signatureValue

protected byte[] signatureValue

document

protected Document document

wsDocInfo

protected WSDocInfo wsDocInfo

certUri

protected String certUri

keyInfoUri

protected String keyInfoUri

secRef

protected SecurityTokenReference secRef

strUri

protected String strUri

bstToken

protected BinarySecurity bstToken

keyInfoFactory

protected KeyInfoFactory keyInfoFactory

signatureFactory

protected XMLSignatureFactory signatureFactory

keyInfo

protected KeyInfo keyInfo

c14nMethod

protected CanonicalizationMethod c14nMethod

sig

protected XMLSignature sig

secretKey

protected byte[] secretKey

customTokenValueType

protected String customTokenValueType

customTokenId

protected String customTokenId

Constructor Detail

WSSecSignature

public WSSecSignature()

WSSecSignature

public WSSecSignature(WSSConfig config)

Method Detail

prepare

public void prepare(Document doc,
           Crypto cr,
           WSSecHeader secHeader)
             throws WSSecurityException

Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed. This method does not add the Signature element to the security header. See prependSignatureElementToHeader() method.

Parameters:

doc - The SOAP envelope as Document

cr - An instance of the Crypto API to handle keystore and certificates

secHeader - The security header that will hold the Signature. This is used to construct namespace prefixes for Signature. This method

Throws:

WSSecurityException

build

public Document build(Document doc,
             Crypto cr,
             WSSecHeader secHeader)
               throws WSSecurityException

Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.

Parameters:

doc - The unsigned SOAP envelope as Document

cr - An instance of the Crypto API to handle keystore and certificates

secHeader - the security header element to hold the encrypted key element.

Returns:

A signed SOAP envelope as Document

Throws:

WSSecurityException

addReferencesToSign

public List<Reference> addReferencesToSign(List<WSEncryptionPart> references,
                                  WSSecHeader secHeader)
                                    throws WSSecurityException

This method adds references to the Signature.

Parameters:

references - The list of references to sign

secHeader - The Security Header

Throws:

WSSecurityException

getSignatureElement

public Element getSignatureElement()

Returns the SignatureElement. The method can be called any time after prepare().

Returns:

The DOM Element of the signature.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)

Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:

secHeader - The security header

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)

Append the BinarySecurityToken to the security header.

Parameters:

secHeader - The security header

computeSignature

public void computeSignature(List<Reference> referenceList)
                      throws WSSecurityException

Compute the Signature over the references. The signature element will be prepended to the security header. This method can be called any time after the references were set. See addReferencesToSign().

Parameters:

referenceList - The list of references to sign

Throws:

WSSecurityException

computeSignature

public void computeSignature(List<Reference> referenceList,
                    boolean prepend,
                    Element siblingElement)
                      throws WSSecurityException

Compute the Signature over the references. This method can be called any time after the references were set. See addReferencesToSign().

Parameters:

referenceList - The list of references to sign

prepend - Whether to prepend the signature element to the security header

siblingElement - If prepending, then prepend before this sibling Element

Throws:

WSSecurityException

setUseSingleCertificate

public void setUseSingleCertificate(boolean useSingleCert)

Set the single cert flag.

Parameters:

useSingleCert -

isUseSingleCertificate

public boolean isUseSingleCertificate()

Get the single cert flag.

Returns:

A boolean if single certificate is set.

setSignatureAlgorithm

public void setSignatureAlgorithm(String algo)

Set the name (uri) of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is performed during the prepare() method. Refer to WSConstants which algorithms are supported.

Parameters:

algo - the name of the signature algorithm

See Also:

WSConstants.RSA, WSConstants.DSA

getSignatureAlgorithm

public String getSignatureAlgorithm()

Get the name (uri) of the signature algorithm that is being used. Call this method after prepare to get the information which signature algorithm was automatically detected if no signature algorithm was preset.

Returns:

the identifier URI of the signature algorithm

setSigCanonicalization

public void setSigCanonicalization(String algo)

Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default. Refer to WSConstants which algorithms are supported.

Parameters:

algo - Is the name of the signature algorithm

See Also:

WSConstants.C14N_OMIT_COMMENTS, WSConstants.C14N_WITH_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_WITH_COMMENTS

getSigCanonicalization

public String getSigCanonicalization()

Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.

Returns:

The string describing the canonicalization algorithm.

getDigestAlgo

public String getDigestAlgo()

Returns:

the digest algorithm to use

setDigestAlgo

public void setDigestAlgo(String digestAlgo)

Set the string that defines which digest algorithm to use. The default is Constants.ALGO_ID_DIGEST_SHA1.

Parameters:

digestAlgo - the digestAlgo to set

getSignatureValue

public byte[] getSignatureValue()

Returns the computed Signature value. Call this method after computeSignature() or build() methods were called.

Returns:

Returns the signatureValue.

getId

public String getId()

Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the Signature element.

Returns:

Return the wsu:Id of this token or null if prepare() was not called before.

getBSTTokenId

public String getBSTTokenId()

Get the id of the BST generated during prepare().

Returns:

Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setSecretKey

public void setSecretKey(byte[] secretKey)

Set the secret key to use

Parameters:

secretKey - the secret key to use

setCustomTokenValueType

public void setCustomTokenValueType(String customTokenValueType)

Set the custom token value type to use

Parameters:

customTokenValueType - the custom token value type to use

setCustomTokenId

public void setCustomTokenId(String customTokenId)

Set the custom token id

Parameters:

customTokenId - the custom token id

setEncrKeySha1value

public void setEncrKeySha1value(String encrKeySha1value)

Set the encrypted key sha1 value

Parameters:

encrKeySha1value - the encrypted key sha1 value

setX509Certificate

public void setX509Certificate(X509Certificate cer)

Set the X509 Certificate to use

Parameters:

cer - the X509 Certificate to use

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()

Returns the BST Token element. The method can be called any time after prepare().

Returns:

the BST Token element

getSecurityTokenReferenceURI

public String getSecurityTokenReferenceURI()

Returns:

the URI associated with the SecurityTokenReference (must be called after prepare(Document, Crypto, WSSecHeader)

getSecurityTokenReference

public SecurityTokenReference getSecurityTokenReference()

Get the SecurityTokenReference to be used in the KeyInfo element.

setSecurityTokenReference

public void setSecurityTokenReference(SecurityTokenReference secRef)

Set the SecurityTokenReference to be used in the KeyInfo element. If this method is not called, a SecurityTokenRefence will be generated.