org.apache.ws.security.message
Class WSSecSignature

java.lang.Object
  extended byorg.apache.ws.security.message.WSSecBase
      extended byorg.apache.ws.security.message.WSSecSignature
Direct Known Subclasses:
WSSecSignatureSAML

public class WSSecSignature
extends WSSecBase

Creates a Signature according to WS Specification, X509 profile. This class is a re-factored implementation of the previous WSS4J class WSSignEnvlope. This new class allows better control of the process to create a Signature and to add it to the Security header.
The flexibility and fine granular control is required to implement a handler that uses WSSecurityPolicy files to control the setup of a Security header.

Author:
Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)

Field Summary
protected  BinarySecurity bstToken
           
protected  java.lang.String canonAlgo
           
protected  java.lang.String certUri
           
protected  org.w3c.dom.Document document
           
protected  org.apache.xml.security.keys.KeyInfo keyInfo
           
protected  java.lang.String keyInfoUri
           
protected  SecurityTokenReference secRef
           
protected  org.apache.xml.security.signature.XMLSignature sig
           
protected  java.lang.String sigAlgo
           
protected  byte[] signatureValue
           
protected  java.lang.String strUri
           
protected  WSSecUsernameToken usernameToken
           
protected  boolean useSingleCert
           
protected  WSDocInfo wsDocInfo
           
 
Fields inherited from class org.apache.ws.security.message.WSSecBase
doDebug, keyIdentifierType, parts, password, user, wssConfig
 
Constructor Summary
WSSecSignature()
          Constructor.
 
Method Summary
 void addReferencesToSign(java.util.Vector references, WSSecHeader secHeader)
          This method adds references to the Signature.
 void appendBSTElementToHeader(WSSecHeader secHeader)
           
 void appendToHeader(WSSecHeader secHeader)
          Appends the Signature element to the elements already in the Security header.
 org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader)
          Builds a signed soap envelope.
 void computeSignature()
          Compute the Signature over the references.
protected  org.w3c.dom.Element createSTRParameter(org.w3c.dom.Document doc)
           
 org.w3c.dom.Element getBinarySecurityTokenElement()
          Returns the BST Token element.
 java.lang.String getBSTTokenId()
          Get the id of the BSt generated during prepare().
 java.lang.String getDigestAlgo()
           
 java.lang.String getId()
          Get the id generated during prepare().
protected  java.util.Set getInclusivePrefixes(org.w3c.dom.Element target)
           
protected  java.util.Set getInclusivePrefixes(org.w3c.dom.Element target, boolean excludeVisible)
           
 java.lang.String getSigCanonicalization()
          Get the canonicalization method.
 java.lang.String getSignatureAlgorithm()
          Get the name of the signature algorithm that is being used.
 org.w3c.dom.Element getSignatureElement()
          Returns the SignatureElement.
 byte[] getSignatureValue()
          Returns the computed Signature value.
 boolean isUseSingleCertificate()
          Get the single cert flag.
 void prepare(org.w3c.dom.Document doc, Crypto cr, WSSecHeader secHeader)
          Initialize a WSSec Signature.
 void prependBSTElementToHeader(WSSecHeader secHeader)
          Prepend the BinarySecurityToken to the elements already in the Security header.
 void prependToHeader(WSSecHeader secHeader)
          Prepends the Signature element to the elements already in the Security header.
 void setCustomTokenId(java.lang.String customTokenId)
           
 void setCustomTokenValueType(java.lang.String customTokenValueType)
           
 void setDigestAlgo(java.lang.String digestAlgo)
          Set the string that defines which digest algorithm to use
 void setEncrKeySha1value(java.lang.String encrKeySha1value)
           
 void setSecretKey(byte[] secretKey)
           
 void setSigCanonicalization(java.lang.String algo)
          Set the canonicalization method to use.
 void setSignatureAlgorithm(java.lang.String algo)
          Set the name of the signature encryption algorithm to use.
 void setUsernameToken(WSSecUsernameToken usernameToken)
           
 void setUseSingleCertificate(boolean useSingleCert)
          set the single cert flag.
 
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

useSingleCert

protected boolean useSingleCert

sigAlgo

protected java.lang.String sigAlgo

canonAlgo

protected java.lang.String canonAlgo

usernameToken

protected WSSecUsernameToken usernameToken

signatureValue

protected byte[] signatureValue

document

protected org.w3c.dom.Document document

wsDocInfo

protected WSDocInfo wsDocInfo

certUri

protected java.lang.String certUri

sig

protected org.apache.xml.security.signature.XMLSignature sig

keyInfo

protected org.apache.xml.security.keys.KeyInfo keyInfo

keyInfoUri

protected java.lang.String keyInfoUri

secRef

protected SecurityTokenReference secRef

strUri

protected java.lang.String strUri

bstToken

protected BinarySecurity bstToken
Constructor Detail

WSSecSignature

public WSSecSignature()
Constructor.

Method Detail

setUseSingleCertificate

public void setUseSingleCertificate(boolean useSingleCert)
set the single cert flag.

Parameters:
useSingleCert -

isUseSingleCertificate

public boolean isUseSingleCertificate()
Get the single cert flag.

Returns:
A boolean if single certificate is set.

setSignatureAlgorithm

public void setSignatureAlgorithm(java.lang.String algo)
Set the name of the signature encryption algorithm to use. If the algorithm is not set then an automatic detection of the signature algorithm to use is performed during the prepare() method. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the signature algorithm
See Also:
WSConstants.RSA, WSConstants.DSA

getSignatureAlgorithm

public java.lang.String getSignatureAlgorithm()
Get the name of the signature algorithm that is being used. Call this method after prepare to get the information which signature algorithm was automatically detected if no signature algorithm was preset.

Returns:
the identifier URI of the signature algorithm

setSigCanonicalization

public void setSigCanonicalization(java.lang.String algo)
Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the signature algorithm
See Also:
WSConstants.C14N_OMIT_COMMENTS, WSConstants.C14N_WITH_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_WITH_COMMENTS

getSigCanonicalization

public java.lang.String getSigCanonicalization()
Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.

Returns:
The string describing the canonicalization algorithm.

getDigestAlgo

public java.lang.String getDigestAlgo()
Returns:
the digestAlgo

setDigestAlgo

public void setDigestAlgo(java.lang.String digestAlgo)
Set the string that defines which digest algorithm to use

Parameters:
digestAlgo - the digestAlgo to set

setUsernameToken

public void setUsernameToken(WSSecUsernameToken usernameToken)
Parameters:
usernameToken - The usernameToken to set.

getSignatureValue

public byte[] getSignatureValue()
Returns the computed Signature value. Call this method after computeSignature() or build() methods were called.

Returns:
Returns the signatureValue.

getId

public java.lang.String getId()
Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the Signature element.

Returns:
Return the wsu:Id of this token or null if prepare() was not called before.

getBSTTokenId

public java.lang.String getBSTTokenId()
Get the id of the BSt generated during prepare().

Returns:
Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

prepare

public void prepare(org.w3c.dom.Document doc,
                    Crypto cr,
                    WSSecHeader secHeader)
             throws WSSecurityException
Initialize a WSSec Signature. The method sets up and initializes a WSSec Signature structure after the relevant information was set. After setup of the references to elements to sign may be added. After all references are added they can be signed.

This method does not add the Signature element to the security header. See prependSignatureElementToHeader() method.

Parameters:
doc - The SOAP envelope as Document
cr - An instance of the Crypto API to handle keystore and certificates
secHeader - The security header that will hold the Signature. This is used to construct namespace prefixes for Signature. This method
Throws:
WSSecurityException

addReferencesToSign

public void addReferencesToSign(java.util.Vector references,
                                WSSecHeader secHeader)
                         throws WSSecurityException
This method adds references to the Signature. The added references are signed when calling computeSignature(). This method can be called several times to add references as required. addReferencesToSign() can be called any time after prepare.

Parameters:
references - A vector containing WSEncryptionPart objects that define the parts to sign.
secHeader - Used to compute namespaces to be inserted by InclusiveNamespaces to be WSI compliant.
Throws:
WSSecurityException

prependToHeader

public void prependToHeader(WSSecHeader secHeader)
Prepends the Signature element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the Signature element at any position in the Security header.

Parameters:
secHeader - The secHeader that holds the Signature element.

appendToHeader

public void appendToHeader(WSSecHeader secHeader)
Appends the Signature element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the Signature element at any position in the Security header.

Parameters:
secHeader - The secHeader that holds the Signature element.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header that holds the BST element.

getSignatureElement

public org.w3c.dom.Element getSignatureElement()
Returns the SignatureElement. The method can be called any time after prepare().

Returns:
The DOM Element of the signature.

getBinarySecurityTokenElement

public org.w3c.dom.Element getBinarySecurityTokenElement()
Returns the BST Token element. The method can be called any time after prepare().

Returns:
the BST Token element

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)

computeSignature

public void computeSignature()
                      throws WSSecurityException
Compute the Signature over the references. After references are set this method computes the Signature for them. This method can be called any time after the references were set. See addReferencesToSign().

Throws:
WSSecurityException

build

public org.w3c.dom.Document build(org.w3c.dom.Document doc,
                                  Crypto cr,
                                  WSSecHeader secHeader)
                           throws WSSecurityException
Builds a signed soap envelope. This is a convenience method and for backward compatibility. The method creates a Signature and puts it into the Security header. It does so by calling the single functions in order to perform a one shot signature. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.

Parameters:
doc - The unsigned SOAP envelope as Document
cr - An instance of the Crypto API to handle keystore and certificates
secHeader - the security header element to hold the encrypted key element.
Returns:
A signed SOAP envelope as Document
Throws:
WSSecurityException

createSTRParameter

protected org.w3c.dom.Element createSTRParameter(org.w3c.dom.Document doc)

getInclusivePrefixes

protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target)

getInclusivePrefixes

protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target,
                                             boolean excludeVisible)

setSecretKey

public void setSecretKey(byte[] secretKey)

setCustomTokenValueType

public void setCustomTokenValueType(java.lang.String customTokenValueType)

setCustomTokenId

public void setCustomTokenId(java.lang.String customTokenId)

setEncrKeySha1value

public void setEncrKeySha1value(java.lang.String encrKeySha1value)


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.