org.apache.ws.security.processor
Class SignatureProcessor

java.lang.Object
  extended byorg.apache.ws.security.processor.SignatureProcessor
All Implemented Interfaces:
Processor

public class SignatureProcessor
extends java.lang.Object
implements Processor


Constructor Summary
SignatureProcessor()
           
 
Method Summary
 java.security.cert.X509Certificate[] getCertificatesTokenReference(org.w3c.dom.Element elem, Crypto crypto)
          Extracts the certificate(s) from the Binary Security token reference.
 java.lang.String getId()
          Get the Id of the processor.
 void handleToken(org.w3c.dom.Element elem, Crypto crypto, Crypto decCrypto, javax.security.auth.callback.CallbackHandler cb, WSDocInfo wsDocInfo, java.util.Vector returnResults, WSSConfig wsc)
           
protected  java.security.Principal verifyXMLSignature(org.w3c.dom.Element elem, Crypto crypto, java.security.cert.X509Certificate[] returnCert, java.util.Set returnElements, java.util.Set protectedElements, byte[][] signatureValue, javax.security.auth.callback.CallbackHandler cb)
          Verify the WS-Security signature.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SignatureProcessor

public SignatureProcessor()
Method Detail

handleToken

public void handleToken(org.w3c.dom.Element elem,
                        Crypto crypto,
                        Crypto decCrypto,
                        javax.security.auth.callback.CallbackHandler cb,
                        WSDocInfo wsDocInfo,
                        java.util.Vector returnResults,
                        WSSConfig wsc)
                 throws WSSecurityException
Specified by:
handleToken in interface Processor
Throws:
WSSecurityException

verifyXMLSignature

protected java.security.Principal verifyXMLSignature(org.w3c.dom.Element elem,
                                                     Crypto crypto,
                                                     java.security.cert.X509Certificate[] returnCert,
                                                     java.util.Set returnElements,
                                                     java.util.Set protectedElements,
                                                     byte[][] signatureValue,
                                                     javax.security.auth.callback.CallbackHandler cb)
                                              throws WSSecurityException
Verify the WS-Security signature.

The functions at first checks if then KeyInfo that is contained in the signature contains standard X509 data. If yes then get the certificate data via the standard KeyInfo methods.

Otherwise, if the KeyInfo info does not contain X509 data, check if we can find a wsse:SecurityTokenReference element. If yes, the next step is to check how to get the certificate. Two methods are currently supported here:

The methods checks is the certificate is valid and calls the verification function.

Parameters:
elem - the XMLSignature DOM Element.
crypto - the object that implements the access to the keystore and the handling of certificates.
returnCert - verifyXMLSignature stores the certificate in the first entry of this array. Ther caller may then further validate the certificate
returnElements - verifyXMLSignature adds the wsu:ID attribute values for the signed elements to this Set
cb - CallbackHandler instance to extract key passwords
Returns:
the subject principal of the validated X509 certificate (the authenticated subject). The calling function may use this principal for further authentication or authorization.
Throws:
WSSecurityException

getCertificatesTokenReference

public java.security.cert.X509Certificate[] getCertificatesTokenReference(org.w3c.dom.Element elem,
                                                                          Crypto crypto)
                                                                   throws WSSecurityException
Extracts the certificate(s) from the Binary Security token reference.

Parameters:
elem - The element containing the binary security token. This is either X509 certificate(s) or a PKIPath.
Returns:
an array of X509 certificates
Throws:
WSSecurityException

getId

public java.lang.String getId()
Description copied from interface: Processor
Get the Id of the processor.

Specified by:
getId in interface Processor
Returns:
The Id string


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.