Package org.apache.wss4j.dom.message

Class WSSecSignature

java.lang.Object
org.apache.wss4j.dom.message.WSSecBase
org.apache.wss4j.dom.message.WSSecSignatureBase
org.apache.wss4j.dom.message.WSSecSignature
Direct Known Subclasses:
WSSecSignatureSAML
public class WSSecSignature extends WSSecSignatureBase
Creates a Signature according to WS Specification, X509 profile. This class is a re-factored implementation of the previous WSS4J class WSSignEnvelope. This new class allows better control of the process to create a Signature and to add it to the Security header. The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.

  • Field Details

    • signatureFactory

      protected XMLSignatureFactory signatureFactory

    • keyInfo

      protected KeyInfo keyInfo

    • c14nMethod

      protected CanonicalizationMethod c14nMethod

    • sig

      protected XMLSignature sig

    • secretKey

      protected byte[] secretKey

    • strUri

      protected String strUri

    • bstToken

      protected Element bstToken

    • keyInfoUri

      protected String keyInfoUri

    • certUri

      protected String certUri

    • signatureValue

      protected byte[] signatureValue

  • Constructor Details

    • WSSecSignature

      public WSSecSignature(WSSecHeader securityHeader)

    • WSSecSignature

      public WSSecSignature(WSSecHeader securityHeader, Provider provider)

    • WSSecSignature

      public WSSecSignature(Document doc)

    • WSSecSignature

      public WSSecSignature(Document doc, Provider provider)

  • Method Details

    • prepare

      public void prepare(Crypto cr) throws WSSecurityException
      Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed. This method does not add the Signature element to the security header. See prependSignatureElementToHeader() method.
      Parameters:
      cr - An instance of the Crypto API to handle keystore and certificates
      Throws:
      WSSecurityException

    • marshalKeyInfo

      protected void marshalKeyInfo(WSDocInfo wsDocInfo) throws WSSecurityException
      Throws:
      WSSecurityException

    • build

      public Document build(Crypto cr) throws WSSecurityException
      Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature.
      Parameters:
      cr - An instance of the Crypto API to handle keystore and certificates
      Returns:
      A signed SOAP envelope as Document
      Throws:
      WSSecurityException

    • addReferencesToSign

      public List<Reference> addReferencesToSign(List<WSEncryptionPart> references) throws WSSecurityException
      This method adds references to the Signature.
      Parameters:
      references - The list of references to sign
      Throws:
      WSSecurityException

    • getSignatureElement

      public Element getSignatureElement()
      Returns the SignatureElement. The method can be called any time after prepare().
      Returns:
      The DOM Element of the signature.

    • prependBSTElementToHeader

      public void prependBSTElementToHeader()
      Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

    • appendBSTElementToHeader

      public void appendBSTElementToHeader()
      Append the BinarySecurityToken to the security header.

    • computeSignature

      public void computeSignature(List<Reference> referenceList) throws WSSecurityException
      Compute the Signature over the references. The signature element will be prepended to the security header. This method can be called any time after the references were set. See addReferencesToSign().
      Parameters:
      referenceList - The list of references to sign
      Throws:
      WSSecurityException

    • computeSignature

      public void computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement) throws WSSecurityException
      Compute the Signature over the references. This method can be called any time after the references were set. See addReferencesToSign().
      Parameters:
      referenceList - The list of references to sign
      prepend - Whether to prepend the signature element to the security header
      siblingElement - If prepending, then prepend before this sibling Element
      Throws:
      WSSecurityException

    • setUseSingleCertificate

      public void setUseSingleCertificate(boolean useSingleCert)
      Set the single cert flag.
      Parameters:
      useSingleCert -

    • isUseSingleCertificate

      public boolean isUseSingleCertificate()
      Get the single cert flag.
      Returns:
      A boolean if single certificate is set.

    • setSignatureAlgorithm

      public void setSignatureAlgorithm(String algo)
      Set the name (uri) of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is performed during the prepare() method. Refer to WSConstants which algorithms are supported.
      Parameters:
      algo - the name of the signature algorithm
      See Also:

    • getSignatureAlgorithm

      public String getSignatureAlgorithm()
      Get the name (uri) of the signature algorithm that is being used. Call this method after prepare to get the information which signature algorithm was automatically detected if no signature algorithm was preset.
      Returns:
      the identifier URI of the signature algorithm

    • setSigCanonicalization

      public void setSigCanonicalization(String algo)
      Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default. Refer to WSConstants which algorithms are supported.
      Parameters:
      algo - Is the name of the signature algorithm
      See Also:

    • getSigCanonicalization

      public String getSigCanonicalization()
      Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.
      Returns:
      The string describing the canonicalization algorithm.

    • getDigestAlgo

      public String getDigestAlgo()
      Returns:
      the digest algorithm to use

    • setDigestAlgo

      public void setDigestAlgo(String digestAlgo)
      Set the string that defines which digest algorithm to use. The default is WSConstants.SHA1.
      Parameters:
      digestAlgo - the digestAlgo to set

    • getSignatureValue

      public byte[] getSignatureValue()
      Returns the computed Signature value. Call this method after computeSignature() or build() methods were called.
      Returns:
      Returns the signatureValue.

    • getId

      public String getId()
      Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the Signature element.
      Returns:
      Return the wsu:Id of this token or null if prepare() was not called before.

    • getBSTTokenId

      public String getBSTTokenId()
      Get the id of the BST generated during prepare().
      Returns:
      Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

    • setSecretKey

      public void setSecretKey(byte[] secretKey)
      Set the secret key to use
      Parameters:
      secretKey - the secret key to use

    • setCustomTokenValueType

      public void setCustomTokenValueType(String customTokenValueType)
      Set the custom token value type to use
      Parameters:
      customTokenValueType - the custom token value type to use

    • setCustomTokenId

      public void setCustomTokenId(String customTokenId)
      Set the custom token id
      Parameters:
      customTokenId - the custom token id

    • getCustomTokenId

      public String getCustomTokenId()

    • setEncrKeySha1value

      public void setEncrKeySha1value(String encrKeySha1value)
      Set the encrypted key sha1 value
      Parameters:
      encrKeySha1value - the encrypted key sha1 value

    • setX509Certificate

      public void setX509Certificate(X509Certificate cer)
      Set the X509 Certificate to use
      Parameters:
      cer - the X509 Certificate to use

    • getBinarySecurityTokenElement

      public Element getBinarySecurityTokenElement()
      Returns the BST Token element. The method can be called any time after prepare().
      Returns:
      the BST Token element

    • getSecurityTokenReferenceURI

      public String getSecurityTokenReferenceURI()
      Returns:
      the URI associated with the SecurityTokenReference (must be called after #prepare(Document, Crypto)

    • getSecurityTokenReference

      public SecurityTokenReference getSecurityTokenReference()
      Get the SecurityTokenReference to be used in the KeyInfo element.

    • setSecurityTokenReference

      public void setSecurityTokenReference(SecurityTokenReference secRef)
      Set the SecurityTokenReference to be used in the KeyInfo element. If this method is not called, a SecurityTokenRefence will be generated.

    • isIncludeSignatureToken

      public boolean isIncludeSignatureToken()

    • setIncludeSignatureToken

      public void setIncludeSignatureToken(boolean includeSignatureToken)

    • isAddInclusivePrefixes

      public boolean isAddInclusivePrefixes()

    • setAddInclusivePrefixes

      public void setAddInclusivePrefixes(boolean addInclusivePrefixes)

    • setCustomKeyInfoElement

      public void setCustomKeyInfoElement(Element keyInfoElement)

    • getCustomKeyInfoElement

      public Element getCustomKeyInfoElement()

    • getSignatureProvider

      public Provider getSignatureProvider()

    • setSignatureProvider

      public void setSignatureProvider(Provider signatureProvider)

    • getKeyInfoUri

      public String getKeyInfoUri()