Class WSSecSignature


  • public class WSSecSignature
    extends WSSecBase
    Creates a Signature according to WS Specification, X509 profile. This class is a refactored implementation of the previous WSS4J class WSSignEnvlope. This new class allows better control of the process to create a Signature and to add it to the Security header.
    The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.
    Author:
    Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)
    • Field Detail

      • useSingleCert

        protected boolean useSingleCert
      • sigAlgo

        protected java.lang.String sigAlgo
      • canonAlgo

        protected java.lang.String canonAlgo
      • signatureValue

        protected byte[] signatureValue
      • document

        protected org.w3c.dom.Document document
      • certUri

        protected java.lang.String certUri
      • sig

        protected org.apache.xml.security.signature.XMLSignature sig
      • keyInfo

        protected org.apache.xml.security.keys.KeyInfo keyInfo
      • keyInfoUri

        protected java.lang.String keyInfoUri
      • strUri

        protected java.lang.String strUri
    • Constructor Detail

      • WSSecSignature

        public WSSecSignature()
        Constructor.
    • Method Detail

      • setUseSingleCertificate

        public void setUseSingleCertificate​(boolean useSingleCert)
        set the single cert flag.
        Parameters:
        useSingleCert -
      • isUseSingleCertificate

        public boolean isUseSingleCertificate()
        Get the single cert flag.
        Returns:
        A blolean if single vertificate is set.
      • setSignatureAlgorithm

        public void setSignatureAlgorithm​(java.lang.String algo)
        Set the name of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is perfomed during the prepare() method. Refer to WSConstants which algorithms are supported.
        Parameters:
        algo - Is the name of the signature algorithm
        See Also:
        WSConstants.RSA, WSConstants.DSA
      • getSignatureAlgorithm

        public java.lang.String getSignatureAlgorithm()
        Get the name of the signature algorithm that is being used. Call this method after prepare to get the information which signature algorithem was automaticall detected if no signature algorithm was preset.
        Returns:
        the identifier URI of the signature algorithm
      • getSigCanonicalization

        public java.lang.String getSigCanonicalization()
        Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.
        Returns:
        The string describing the canonicalization algorithm.
      • setUsernameToken

        public void setUsernameToken​(WSSecUsernameToken usernameToken)
        Parameters:
        usernameToken - The usernameToken to set.
      • getSignatureValue

        public byte[] getSignatureValue()
        Returns the computed Signature value. Call this method after computeSignature() or build() methods were called.
        Returns:
        Returns the signatureValue.
      • getId

        public java.lang.String getId()
        Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the Signature element.
        Returns:
        Return the wsu:Id of this token or null if prepare() was not called before.
      • getBSTTokenId

        public java.lang.String getBSTTokenId()
        Get the id of the BSt generated during prepare().
        Returns:
        Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
      • prepare

        public void prepare​(org.w3c.dom.Document doc,
                            Crypto cr,
                            WSSecHeader secHeader)
                     throws WSSecurityException
        Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed.

        This method does not add the Signature element to the security header. See prependSignatureElementToHeader() method.

        Parameters:
        doc - The SOAP envelope as Document
        cr - An instance of the Crypto API to handle keystore and certificates
        secHeader - The security header that will hold the Signature. This ise use to construct namespace prefixes for Signature. This method
        Throws:
        WSSecurityException
      • addReferencesToSign

        public void addReferencesToSign​(java.util.Vector references,
                                        WSSecHeader secHeader)
                                 throws WSSecurityException
        This method adds references to the Signature. The added references are signed when calling computeSignature(). This method can be called several times to add references as required. addReferencesToSign() can be called anytime after prepare.
        Parameters:
        references - A vector containing WSEncryptionPart objects that define the parts to sign.
        secHeader - Used to compute namespaces to be inserted by InclusiveNamespaces to be WSI compliant.
        Throws:
        WSSecurityException
      • prependToHeader

        public void prependToHeader​(WSSecHeader secHeader)
        Prepends the Signature element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the Signature element at any position in the Security header.
        Parameters:
        securityHeader - The secHeader that holds the Signature element.
      • appendToHeader

        public void appendToHeader​(WSSecHeader secHeader)
        Appends the Signature element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the Signature element at any position in the Security header.
        Parameters:
        securityHeader - The secHeader that holds the Signature element.
      • prependBSTElementToHeader

        public void prependBSTElementToHeader​(WSSecHeader secHeader)
        Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the BST element.
      • getSignatureElement

        public org.w3c.dom.Element getSignatureElement()
        Returns the SignatureElement. The method can be called any time after prepare().
        Returns:
        The DOM Element of the signature.
      • getBinarySecurityTokenElement

        public org.w3c.dom.Element getBinarySecurityTokenElement()
        Returns the BST Token element. The method can be called any time after prepare().
        Returns:
      • appendBSTElementToHeader

        public void appendBSTElementToHeader​(WSSecHeader secHeader)
      • computeSignature

        public void computeSignature()
                              throws WSSecurityException
        Compute the Signature over the references. After references are set this method computes the Signature for them. This method can be called anytime after the references were set. See addReferencesToSign().
        Throws:
        WSSecurityException
      • build

        public org.w3c.dom.Document build​(org.w3c.dom.Document doc,
                                          Crypto cr,
                                          WSSecHeader secHeader)
                                   throws WSSecurityException
        Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.
        Parameters:
        doc - The unsigned SOAP envelope as Document
        cr - An instance of the Crypto API to handle keystore and certificates
        secHeader - the security header element to hold the encrypted key element.
        Returns:
        A signed SOAP envelope as Document
        Throws:
        WSSecurityException
      • createSTRParameter

        protected org.w3c.dom.Element createSTRParameter​(org.w3c.dom.Document doc)
      • getInclusivePrefixes

        protected java.util.Set getInclusivePrefixes​(org.w3c.dom.Element target)
      • getInclusivePrefixes

        protected java.util.Set getInclusivePrefixes​(org.w3c.dom.Element target,
                                                     boolean excludeVisible)