Package org.apache.ws.security.message
Class WSSecSignature
- java.lang.Object
-
- org.apache.ws.security.message.WSSecBase
-
- org.apache.ws.security.message.WSSecSignature
-
public class WSSecSignature extends WSSecBase
Creates a Signature according to WS Specification, X509 profile. This class is a refactored implementation of the previous WSS4J classWSSignEnvlope
. This new class allows better control of the process to create a Signature and to add it to the Security header.
The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.- Author:
- Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)
-
-
Field Summary
Fields Modifier and Type Field Description protected BinarySecurity
bstToken
protected java.lang.String
canonAlgo
protected java.lang.String
certUri
protected org.w3c.dom.Document
document
protected org.apache.xml.security.keys.KeyInfo
keyInfo
protected java.lang.String
keyInfoUri
protected SecurityTokenReference
secRef
protected org.apache.xml.security.signature.XMLSignature
sig
protected java.lang.String
sigAlgo
protected byte[]
signatureValue
protected java.lang.String
strUri
protected WSSecUsernameToken
usernameToken
protected boolean
useSingleCert
protected WSDocInfo
wsDocInfo
-
Constructor Summary
Constructors Constructor Description WSSecSignature()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addReferencesToSign(java.util.Vector references, WSSecHeader secHeader)
This method adds references to the Signature.void
appendBSTElementToHeader(WSSecHeader secHeader)
void
appendToHeader(WSSecHeader secHeader)
Appends the Signature element to the elements already in the Security header.org.w3c.dom.Document
build(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader)
Builds a signed soap envelope.void
computeSignature()
Compute the Signature over the references.protected org.w3c.dom.Element
createSTRParameter(org.w3c.dom.Document doc)
org.w3c.dom.Element
getBinarySecurityTokenElement()
Returns the BST Token element.java.lang.String
getBSTTokenId()
Get the id of the BSt generated duringprepare()
.java.lang.String
getId()
Get the id generated duringprepare()
.protected java.util.Set
getInclusivePrefixes(org.w3c.dom.Element target)
protected java.util.Set
getInclusivePrefixes(org.w3c.dom.Element target, boolean excludeVisible)
java.lang.String
getSigCanonicalization()
Get the canonicalization method.java.lang.String
getSignatureAlgorithm()
Get the name of the signature algorithm that is being used.org.w3c.dom.Element
getSignatureElement()
Returns the SignatureElement.byte[]
getSignatureValue()
Returns the computed Signature value.boolean
isUseSingleCertificate()
Get the single cert flag.void
prepare(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader)
Initialize a WSSec Signature.void
prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header.void
prependToHeader(WSSecHeader secHeader)
Prepends the Signature element to the elements already in the Security header.void
setSigCanonicalization(java.lang.String algo)
Set the canonicalization method to use.void
setSignatureAlgorithm(java.lang.String algo)
Set the name of the signature encryption algorithm to use.void
setUsernameToken(WSSecUsernameToken usernameToken)
void
setUseSingleCertificate(boolean useSingleCert)
set the single cert flag.-
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
-
-
-
-
Field Detail
-
useSingleCert
protected boolean useSingleCert
-
sigAlgo
protected java.lang.String sigAlgo
-
canonAlgo
protected java.lang.String canonAlgo
-
usernameToken
protected WSSecUsernameToken usernameToken
-
signatureValue
protected byte[] signatureValue
-
document
protected org.w3c.dom.Document document
-
wsDocInfo
protected WSDocInfo wsDocInfo
-
certUri
protected java.lang.String certUri
-
sig
protected org.apache.xml.security.signature.XMLSignature sig
-
keyInfo
protected org.apache.xml.security.keys.KeyInfo keyInfo
-
keyInfoUri
protected java.lang.String keyInfoUri
-
secRef
protected SecurityTokenReference secRef
-
strUri
protected java.lang.String strUri
-
bstToken
protected BinarySecurity bstToken
-
-
Method Detail
-
setUseSingleCertificate
public void setUseSingleCertificate(boolean useSingleCert)
set the single cert flag.- Parameters:
useSingleCert
-
-
isUseSingleCertificate
public boolean isUseSingleCertificate()
Get the single cert flag.- Returns:
- A blolean if single vertificate is set.
-
setSignatureAlgorithm
public void setSignatureAlgorithm(java.lang.String algo)
Set the name of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is perfomed during theprepare()
method. Refer to WSConstants which algorithms are supported.- Parameters:
algo
- Is the name of the signature algorithm- See Also:
WSConstants.RSA
,WSConstants.DSA
-
getSignatureAlgorithm
public java.lang.String getSignatureAlgorithm()
Get the name of the signature algorithm that is being used. Call this method afterprepare
to get the information which signature algorithem was automaticall detected if no signature algorithm was preset.- Returns:
- the identifier URI of the signature algorithm
-
setSigCanonicalization
public void setSigCanonicalization(java.lang.String algo)
Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default Refer to WSConstants which algorithms are supported.- Parameters:
algo
- Is the name of the signature algorithm- See Also:
WSConstants.C14N_OMIT_COMMENTS
,WSConstants.C14N_WITH_COMMENTS
,WSConstants.C14N_EXCL_OMIT_COMMENTS
,WSConstants.C14N_EXCL_WITH_COMMENTS
-
getSigCanonicalization
public java.lang.String getSigCanonicalization()
Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.- Returns:
- The string describing the canonicalization algorithm.
-
setUsernameToken
public void setUsernameToken(WSSecUsernameToken usernameToken)
- Parameters:
usernameToken
- The usernameToken to set.
-
getSignatureValue
public byte[] getSignatureValue()
Returns the computed Signature value. Call this method aftercomputeSignature()
orbuild()
methods were called.- Returns:
- Returns the signatureValue.
-
getId
public java.lang.String getId()
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the Signature element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
getBSTTokenId
public java.lang.String getBSTTokenId()
Get the id of the BSt generated duringprepare()
.- Returns:
- Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
-
prepare
public void prepare(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader) throws WSSecurityException
Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed. This method does not add the Signature element to the security header. SeeprependSignatureElementToHeader()
method.- Parameters:
doc
- The SOAP envelope asDocument
cr
- An instance of the Crypto API to handle keystore and certificatessecHeader
- The security header that will hold the Signature. This ise use to construct namespace prefixes for Signature. This method- Throws:
WSSecurityException
-
addReferencesToSign
public void addReferencesToSign(java.util.Vector references, WSSecHeader secHeader) throws WSSecurityException
This method adds references to the Signature. The added references are signed when callingcomputeSignature()
. This method can be called several times to add references as required.addReferencesToSign()
can be called anytime afterprepare
.- Parameters:
references
- A vector containingWSEncryptionPart
objects that define the parts to sign.secHeader
- Used to compute namespaces to be inserted by InclusiveNamespaces to be WSI compliant.- Throws:
WSSecurityException
-
prependToHeader
public void prependToHeader(WSSecHeader secHeader)
Prepends the Signature element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the Signature element at any position in the Security header.- Parameters:
securityHeader
- The secHeader that holds the Signature element.
-
appendToHeader
public void appendToHeader(WSSecHeader secHeader)
Appends the Signature element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the Signature element at any position in the Security header.- Parameters:
securityHeader
- The secHeader that holds the Signature element.
-
prependBSTElementToHeader
public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the BST element.
-
getSignatureElement
public org.w3c.dom.Element getSignatureElement()
Returns the SignatureElement. The method can be called any time afterprepare()
.- Returns:
- The DOM Element of the signature.
-
getBinarySecurityTokenElement
public org.w3c.dom.Element getBinarySecurityTokenElement()
Returns the BST Token element. The method can be called any time afterprepare()
.- Returns:
-
appendBSTElementToHeader
public void appendBSTElementToHeader(WSSecHeader secHeader)
-
computeSignature
public void computeSignature() throws WSSecurityException
Compute the Signature over the references. After references are set this method computes the Signature for them. This method can be called anytime after the references were set. SeeaddReferencesToSign()
.- Throws:
WSSecurityException
-
build
public org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader) throws WSSecurityException
Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.- Parameters:
doc
- The unsigned SOAP envelope asDocument
cr
- An instance of the Crypto API to handle keystore and certificatessecHeader
- the security header element to hold the encrypted key element.- Returns:
- A signed SOAP envelope as
Document
- Throws:
WSSecurityException
-
createSTRParameter
protected org.w3c.dom.Element createSTRParameter(org.w3c.dom.Document doc)
-
getInclusivePrefixes
protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target)
-
getInclusivePrefixes
protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target, boolean excludeVisible)
-
-