Class XMLSignature
- java.lang.Object
-
- org.apache.xml.security.utils.ElementProxy
-
- org.apache.xml.security.utils.SignatureElementProxy
-
- org.apache.xml.security.signature.XMLSignature
-
public final class XMLSignature extends SignatureElementProxy
Handles<ds:Signature>
elements. This is the main class that deals with creating and verifying signatures.There are 2 types of constructors for this class. The ones that take a document, baseURI and 1 or more Java Objects. This is mostly used for signing purposes. The other constructor is the one that takes a DOM Element and a baseURI. This is used mostly with for verifying, when you have a SignatureElement. There are a few different types of methods:
- The addDocument* methods are used to add References with optional transforms during signing.
- addKeyInfo* methods are to add Certificates and Keys to the KeyInfo tags during signing.
- appendObject allows a user to add any XML Structure as an ObjectContainer during signing.
- sign and checkSignatureValue methods are used to sign and validate the signature.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5
HMAC - NOT Recommended HMAC-MD5static java.lang.String
ALGO_ID_MAC_HMAC_RIPEMD160
HMAC - Optional HMAC-RIPEMD160static java.lang.String
ALGO_ID_MAC_HMAC_SHA1
MAC - Required HMAC-SHA1static java.lang.String
ALGO_ID_MAC_HMAC_SHA224
HMAC - Optional HMAC-SHA2224static java.lang.String
ALGO_ID_MAC_HMAC_SHA256
HMAC - Optional HMAC-SHA256static java.lang.String
ALGO_ID_MAC_HMAC_SHA384
HMAC - Optional HMAC-SHA284static java.lang.String
ALGO_ID_MAC_HMAC_SHA512
HMAC - Optional HMAC-SHA512static java.lang.String
ALGO_ID_SIGNATURE_DSA
Signature - Required DSAwithSHA1 (DSS)static java.lang.String
ALGO_ID_SIGNATURE_DSA_SHA256
Signature - Optional DSAwithSHA256static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_RIPEMD160
Signature - Optional ECDSAwithRIPEMD160static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_SHA1
Signature - Optional ECDSAwithSHA1static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_SHA224
Signature - Optional ECDSAwithSHA224static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_SHA256
Signature - Optional ECDSAwithSHA256static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_SHA384
Signature - Optional ECDSAwithSHA384static java.lang.String
ALGO_ID_SIGNATURE_ECDSA_SHA512
Signature - Optional ECDSAwithSHA512static java.lang.String
ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5
Signature - NOT Recommended RSAwithMD5static java.lang.String
ALGO_ID_SIGNATURE_RSA
Signature - Recommended RSAwithSHA1static java.lang.String
ALGO_ID_SIGNATURE_RSA_RIPEMD160
Signature - Optional RSAwithRIPEMD160static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA1
Signature - Recommended RSAwithSHA1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA1_MGF1
Signature - Optional RSAwithSHA1andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA224
Signature - Optional RSAwithSHA224static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA224_MGF1
Signature - Optional RSAwithSHA224andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA256
Signature - Optional RSAwithSHA256static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA256_MGF1
Signature - Optional RSAwithSHA256andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1
Signature - Optional RSAwithSHA3_224andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1
Signature - Optional RSAwithSHA3_256andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1
Signature - Optional RSAwithSHA3_384andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1
Signature - Optional RSAwithSHA3_512andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA384
Signature - Optional RSAwithSHA384static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA384_MGF1
Signature - Optional RSAwithSHA384andMGF1static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA512
Signature - Optional RSAwithSHA512static java.lang.String
ALGO_ID_SIGNATURE_RSA_SHA512_MGF1
Signature - Optional RSAwithSHA512andMGF1private boolean
followManifestsDuringValidation
Checking the digests in References in a Signature are mandatory, but for References inside a Manifest it is application specific.private KeyInfo
keyInfo
ds:Signature.ds:KeyInfoprivate static org.slf4j.Logger
LOG
private static int
MODE_SIGN
private static int
MODE_VERIFY
private org.w3c.dom.Element
signatureValueElement
private SignedInfo
signedInfo
ds:Signature.ds:SignedInfo elementprivate int
state
-
Fields inherited from class org.apache.xml.security.utils.ElementProxy
baseURI
-
-
Constructor Summary
Constructors Constructor Description XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI)
This creates a newds:Signature
Element and adds an emptyds:SignedInfo
.XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, int hmacOutputLength)
Constructor XMLSignatureXMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, int hmacOutputLength, java.lang.String canonicalizationMethodURI)
Constructor XMLSignatureXMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, java.lang.String canonicalizationMethodURI)
Constructor XMLSignatureXMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, org.w3c.dom.Element SignatureMethodElem, org.w3c.dom.Element CanonicalizationMethodElem)
Creates a XMLSignature in a DocumentXMLSignature(org.w3c.dom.Element element, java.lang.String baseURI)
This will parse the element and construct the Java Objects.XMLSignature(org.w3c.dom.Element element, java.lang.String baseURI, boolean secureValidation)
This will parse the element and construct the Java Objects.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addDocument(java.lang.String referenceURI)
Add a Reference with just this URI.void
addDocument(java.lang.String referenceURI, Transforms trans)
Adds a Reference with just the URI and the transforms.void
addDocument(java.lang.String referenceURI, Transforms trans, java.lang.String digestURI)
This method is a proxy method for theManifest.addDocument(java.lang.String, java.lang.String, org.apache.xml.security.transforms.Transforms, java.lang.String, java.lang.String, java.lang.String)
method.void
addDocument(java.lang.String referenceURI, Transforms trans, java.lang.String digestURI, java.lang.String referenceId, java.lang.String referenceType)
Add a Reference with full parameters to this Signaturevoid
addKeyInfo(java.security.cert.X509Certificate cert)
Add an X509 Certificate to the KeyInfo.void
addKeyInfo(java.security.PublicKey pk)
Add this public key to the KeyInfo.void
addResourceResolver(ResourceResolver resolver)
Adds aResourceResolver
to enable the retrieval of resources.void
addResourceResolver(ResourceResolverSpi resolver)
Adds aResourceResolverSpi
to enable the retrieval of resources.void
appendObject(ObjectContainer object)
Appends an Object (not ajava.lang.Object
but an Object element) to the Signature.boolean
checkSignatureValue(java.security.cert.X509Certificate cert)
Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.boolean
checkSignatureValue(java.security.Key pk)
Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.javax.crypto.SecretKey
createSecretKey(byte[] secretKeyBytes)
Proxy method forSignedInfo.createSecretKey(byte[])
.java.lang.String
getBaseLocalName()
Get the local name of this elementjava.lang.String
getId()
Returns theId
attributeKeyInfo
getKeyInfo()
Returns the KeyInfo child.ObjectContainer
getObjectItem(int i)
Returns thei
thds:Object
child of the signature or null if no suchds:Object
element exists.int
getObjectLength()
Returns the number of allds:Object
elements.byte[]
getSignatureValue()
Returns the octet value of the SignatureValue element.SignedInfo
getSignedInfo()
Returns the completely parsedSignedInfo
object.void
setFollowNestedManifests(boolean followManifests)
Signal whether Manifest should be automatically validated.void
setId(java.lang.String id)
Sets theId
attributeprivate void
setSignatureValueElement(byte[] bytes)
Base64 encodes and sets the bytes as the content of the SignatureValue Node.void
sign(java.security.Key signingKey)
Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.-
Methods inherited from class org.apache.xml.security.utils.SignatureElementProxy
getBaseNamespace
-
Methods inherited from class org.apache.xml.security.utils.ElementProxy
addBase64Element, addBase64Text, addBigIntegerElement, addReturnToSelf, addText, addTextElement, appendOther, appendSelf, appendSelf, createElementForFamily, createElementForFamilyLocal, createText, getBaseURI, getBigIntegerFromChildElement, getBytesFromTextChild, getDefaultPrefix, getDocument, getElement, getElementPlusReturns, getFirstChild, getLocalAttribute, getTextFromChildElement, getTextFromTextChild, length, registerDefaultPrefixes, setDefaultPrefix, setDocument, setElement, setElement, setLocalAttribute, setLocalIdAttribute, setXPathNamespaceContext
-
-
-
-
Field Detail
-
ALGO_ID_MAC_HMAC_SHA1
public static final java.lang.String ALGO_ID_MAC_HMAC_SHA1
MAC - Required HMAC-SHA1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_DSA
public static final java.lang.String ALGO_ID_SIGNATURE_DSA
Signature - Required DSAwithSHA1 (DSS)- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_DSA_SHA256
public static final java.lang.String ALGO_ID_SIGNATURE_DSA_SHA256
Signature - Optional DSAwithSHA256- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA
public static final java.lang.String ALGO_ID_SIGNATURE_RSA
Signature - Recommended RSAwithSHA1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA1
Signature - Recommended RSAwithSHA1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5
public static final java.lang.String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5
Signature - NOT Recommended RSAwithMD5- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_RIPEMD160
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_RIPEMD160
Signature - Optional RSAwithRIPEMD160- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA224
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA224
Signature - Optional RSAwithSHA224- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA256
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA256
Signature - Optional RSAwithSHA256- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA384
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA384
Signature - Optional RSAwithSHA384- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA512
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA512
Signature - Optional RSAwithSHA512- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA1_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA1_MGF1
Signature - Optional RSAwithSHA1andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA224_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA224_MGF1
Signature - Optional RSAwithSHA224andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA256_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA256_MGF1
Signature - Optional RSAwithSHA256andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA384_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA384_MGF1
Signature - Optional RSAwithSHA384andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA512_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA512_MGF1
Signature - Optional RSAwithSHA512andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1
Signature - Optional RSAwithSHA3_224andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1
Signature - Optional RSAwithSHA3_256andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1
Signature - Optional RSAwithSHA3_384andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1
public static final java.lang.String ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1
Signature - Optional RSAwithSHA3_512andMGF1- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5
public static final java.lang.String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5
HMAC - NOT Recommended HMAC-MD5- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_RIPEMD160
public static final java.lang.String ALGO_ID_MAC_HMAC_RIPEMD160
HMAC - Optional HMAC-RIPEMD160- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_SHA224
public static final java.lang.String ALGO_ID_MAC_HMAC_SHA224
HMAC - Optional HMAC-SHA2224- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_SHA256
public static final java.lang.String ALGO_ID_MAC_HMAC_SHA256
HMAC - Optional HMAC-SHA256- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_SHA384
public static final java.lang.String ALGO_ID_MAC_HMAC_SHA384
HMAC - Optional HMAC-SHA284- See Also:
- Constant Field Values
-
ALGO_ID_MAC_HMAC_SHA512
public static final java.lang.String ALGO_ID_MAC_HMAC_SHA512
HMAC - Optional HMAC-SHA512- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_SHA1
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_SHA1
Signature - Optional ECDSAwithSHA1- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_SHA224
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_SHA224
Signature - Optional ECDSAwithSHA224- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_SHA256
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_SHA256
Signature - Optional ECDSAwithSHA256- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_SHA384
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_SHA384
Signature - Optional ECDSAwithSHA384- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_SHA512
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_SHA512
Signature - Optional ECDSAwithSHA512- See Also:
- Constant Field Values
-
ALGO_ID_SIGNATURE_ECDSA_RIPEMD160
public static final java.lang.String ALGO_ID_SIGNATURE_ECDSA_RIPEMD160
Signature - Optional ECDSAwithRIPEMD160- See Also:
- Constant Field Values
-
LOG
private static final org.slf4j.Logger LOG
-
signedInfo
private SignedInfo signedInfo
ds:Signature.ds:SignedInfo element
-
keyInfo
private KeyInfo keyInfo
ds:Signature.ds:KeyInfo
-
followManifestsDuringValidation
private boolean followManifestsDuringValidation
Checking the digests in References in a Signature are mandatory, but for References inside a Manifest it is application specific. This boolean is to indicate that the References inside Manifests should be validated.
-
signatureValueElement
private org.w3c.dom.Element signatureValueElement
-
MODE_SIGN
private static final int MODE_SIGN
- See Also:
- Constant Field Values
-
MODE_VERIFY
private static final int MODE_VERIFY
- See Also:
- Constant Field Values
-
state
private int state
-
-
Constructor Detail
-
XMLSignature
public XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI) throws XMLSecurityException
This creates a newds:Signature
Element and adds an emptyds:SignedInfo
. Theds:SignedInfo
is initialized with the specified Signature algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED by the spec. This method's main use is for creating a new signature.- Parameters:
doc
- Document in which the signature will be appended after creation.baseURI
- URI to be used as context for all relative URIs.signatureMethodURI
- signature algorithm to use.- Throws:
XMLSecurityException
-
XMLSignature
public XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, int hmacOutputLength) throws XMLSecurityException
Constructor XMLSignature- Parameters:
doc
-baseURI
-signatureMethodURI
- the Signature method to be used.hmacOutputLength
-- Throws:
XMLSecurityException
-
XMLSignature
public XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, java.lang.String canonicalizationMethodURI) throws XMLSecurityException
Constructor XMLSignature- Parameters:
doc
-baseURI
-signatureMethodURI
- the Signature method to be used.canonicalizationMethodURI
- the canonicalization algorithm to be used to c14nize the SignedInfo element.- Throws:
XMLSecurityException
-
XMLSignature
public XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, java.lang.String signatureMethodURI, int hmacOutputLength, java.lang.String canonicalizationMethodURI) throws XMLSecurityException
Constructor XMLSignature- Parameters:
doc
-baseURI
-signatureMethodURI
-hmacOutputLength
-canonicalizationMethodURI
-- Throws:
XMLSecurityException
-
XMLSignature
public XMLSignature(org.w3c.dom.Document doc, java.lang.String baseURI, org.w3c.dom.Element SignatureMethodElem, org.w3c.dom.Element CanonicalizationMethodElem) throws XMLSecurityException
Creates a XMLSignature in a Document- Parameters:
doc
-baseURI
-SignatureMethodElem
-CanonicalizationMethodElem
-- Throws:
XMLSecurityException
-
XMLSignature
public XMLSignature(org.w3c.dom.Element element, java.lang.String baseURI) throws XMLSignatureException, XMLSecurityException
This will parse the element and construct the Java Objects. That will allow a user to validate the signature.- Parameters:
element
- ds:Signature element that contains the whole signaturebaseURI
- URI to be prepended to all relative URIs- Throws:
XMLSecurityException
XMLSignatureException
- if the signature is badly formatted
-
XMLSignature
public XMLSignature(org.w3c.dom.Element element, java.lang.String baseURI, boolean secureValidation) throws XMLSignatureException, XMLSecurityException
This will parse the element and construct the Java Objects. That will allow a user to validate the signature.- Parameters:
element
- ds:Signature element that contains the whole signaturebaseURI
- URI to be prepended to all relative URIssecureValidation
- whether secure secureValidation is enabled or not- Throws:
XMLSecurityException
XMLSignatureException
- if the signature is badly formatted
-
-
Method Detail
-
setId
public void setId(java.lang.String id)
Sets theId
attribute- Parameters:
id
- Id value for the id attribute on the Signature Element
-
getId
public java.lang.String getId()
Returns theId
attribute- Returns:
- the
Id
attribute
-
getSignedInfo
public SignedInfo getSignedInfo()
Returns the completely parsedSignedInfo
object.- Returns:
- the completely parsed
SignedInfo
object.
-
getSignatureValue
public byte[] getSignatureValue() throws XMLSignatureException
Returns the octet value of the SignatureValue element. Throws an XMLSignatureException if it has no or wrong content.- Returns:
- the value of the SignatureValue element.
- Throws:
XMLSignatureException
- If there is no content
-
setSignatureValueElement
private void setSignatureValueElement(byte[] bytes)
Base64 encodes and sets the bytes as the content of the SignatureValue Node.- Parameters:
bytes
- bytes to be used by SignatureValue before Base64 encoding
-
getKeyInfo
public KeyInfo getKeyInfo()
Returns the KeyInfo child. If we are in signing mode and the KeyInfo does not exist yet, it is created on demand and added to the Signature.
This allows to add arbitrary content to the KeyInfo during signing.- Returns:
- the KeyInfo object
-
appendObject
public void appendObject(ObjectContainer object) throws XMLSignatureException
Appends an Object (not ajava.lang.Object
but an Object element) to the Signature. Please note that this is only possible when signing.- Parameters:
object
- ds:Object to be appended.- Throws:
XMLSignatureException
- When this object is used to verify.
-
getObjectItem
public ObjectContainer getObjectItem(int i)
Returns thei
thds:Object
child of the signature or null if no suchds:Object
element exists.- Parameters:
i
-- Returns:
- the
i
thds:Object
child of the signature or null if no suchds:Object
element exists.
-
getObjectLength
public int getObjectLength()
Returns the number of allds:Object
elements.- Returns:
- the number of all
ds:Object
elements.
-
sign
public void sign(java.security.Key signingKey) throws XMLSignatureException
Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.- Parameters:
signingKey
- thePrivateKey
orSecretKey
that is used to sign.- Throws:
XMLSignatureException
-
addResourceResolver
public void addResourceResolver(ResourceResolver resolver)
Adds aResourceResolver
to enable the retrieval of resources.- Parameters:
resolver
-
-
addResourceResolver
public void addResourceResolver(ResourceResolverSpi resolver)
Adds aResourceResolverSpi
to enable the retrieval of resources.- Parameters:
resolver
-
-
checkSignatureValue
public boolean checkSignatureValue(java.security.cert.X509Certificate cert) throws XMLSignatureException
Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.- Parameters:
cert
- Certificate that contains the public key part of the keypair that was used to sign.- Returns:
- true if the signature is valid, false otherwise
- Throws:
XMLSignatureException
-
checkSignatureValue
public boolean checkSignatureValue(java.security.Key pk) throws XMLSignatureException
Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.- Parameters:
pk
-PublicKey
part of the keypair orSecretKey
that was used to sign- Returns:
- true if the signature is valid, false otherwise
- Throws:
XMLSignatureException
-
addDocument
public void addDocument(java.lang.String referenceURI, Transforms trans, java.lang.String digestURI, java.lang.String referenceId, java.lang.String referenceType) throws XMLSignatureException
Add a Reference with full parameters to this Signature- Parameters:
referenceURI
- URI of the resource to be signed. Can be null in which case the dereferencing is application specific. Can be "" in which it's the parent node (or parent document?). There can only be one "" in each signature.trans
- Optional list of transformations to be done before digestingdigestURI
- Mandatory URI of the digesting algorithm to use.referenceId
- Optional id attribute for this ReferencereferenceType
- Optional mimetype for the URI- Throws:
XMLSignatureException
-
addDocument
public void addDocument(java.lang.String referenceURI, Transforms trans, java.lang.String digestURI) throws XMLSignatureException
This method is a proxy method for theManifest.addDocument(java.lang.String, java.lang.String, org.apache.xml.security.transforms.Transforms, java.lang.String, java.lang.String, java.lang.String)
method.- Parameters:
referenceURI
- URI according to the XML Signature specification.trans
- List of transformations to be applied.digestURI
- URI of the digest algorithm to be used.- Throws:
XMLSignatureException
- See Also:
Manifest.addDocument(java.lang.String, java.lang.String, org.apache.xml.security.transforms.Transforms, java.lang.String, java.lang.String, java.lang.String)
-
addDocument
public void addDocument(java.lang.String referenceURI, Transforms trans) throws XMLSignatureException
Adds a Reference with just the URI and the transforms. This used the SHA1 algorithm as a default digest algorithm.- Parameters:
referenceURI
- URI according to the XML Signature specification.trans
- List of transformations to be applied.- Throws:
XMLSignatureException
-
addDocument
public void addDocument(java.lang.String referenceURI) throws XMLSignatureException
Add a Reference with just this URI. It uses SHA1 by default as the digest algorithm- Parameters:
referenceURI
- URI according to the XML Signature specification.- Throws:
XMLSignatureException
-
addKeyInfo
public void addKeyInfo(java.security.cert.X509Certificate cert) throws XMLSecurityException
Add an X509 Certificate to the KeyInfo. This will include the whole cert inside X509Data/X509Certificate tags.- Parameters:
cert
- Certificate to be included. This should be the certificate of the key that was used to sign.- Throws:
XMLSecurityException
-
addKeyInfo
public void addKeyInfo(java.security.PublicKey pk)
Add this public key to the KeyInfo. This will include the complete key in the KeyInfo structure.- Parameters:
pk
-
-
createSecretKey
public javax.crypto.SecretKey createSecretKey(byte[] secretKeyBytes)
Proxy method forSignedInfo.createSecretKey(byte[])
. If you want to create a MAC, this method helps you to obtain theSecretKey
from octets.- Parameters:
secretKeyBytes
-- Returns:
- the secret key created.
- See Also:
SignedInfo.createSecretKey(byte[])
-
setFollowNestedManifests
public void setFollowNestedManifests(boolean followManifests)
Signal whether Manifest should be automatically validated. Checking the digests in References in a Signature are mandatory, but for References inside a Manifest it is application specific. This boolean is to indicate that the References inside Manifests should be validated.- Parameters:
followManifests
-- See Also:
- Core validation section in the XML Signature Rec.
-
getBaseLocalName
public java.lang.String getBaseLocalName()
Get the local name of this element- Specified by:
getBaseLocalName
in classElementProxy
- Returns:
- Constants._TAG_SIGNATURE
-
-