|
Oracle Security Developer Tools Web Services Security Java API Reference 11g (11.1.1) E10678-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.xmlsec.util.XMLNode
oracle.security.xmlsec.util.XMLElement
oracle.security.xmlsec.wss.WSSecurity
public class WSSecurity
This class represents a wsse:Security
header block in a SOAPEnvelope
. It provides methods for signing and encrypting messages and security tokens.
Element
, or SOAPHeaderElement
you can create a WSSecurity wrapper around it by this functionWSSecurity(Element)
getAllSecurityHeaders(javax.xml.soap.SOAPEnvelope)
,getSecurityHeaders(javax.xml.soap.SOAPEnvelope, String)
getMustUnderstandSecurityHeaders(javax.xml.soap.SOAPEnvelope, String)
newInstance(Document)
to create a new Element and a new WSSecurity wrapper over it. Note the new Element is not appended to any DOM nodenewInstance(javax.xml.soap.SOAPEnvelope)
to create a new SOAPHeaderElement and a new WSSecurity wrapper over itWhenever you encrypt or sign, you must provide the key that is to be used by OSDT to perform the encryption or signing. However you also need to provide a hint (which is typically a SecurityTokenReference) to the reciever, so that they do the corresponding decryption or verification.
There are a whole series of methods createSTR_foo to create these STRs. You need to use one of these methods to create an STR, and pass it as the KeyInfoData argument to the encrypt or sign methods. These methods will not try to dereference the STR, they will simply insert the STR into the document. But the verify and decrypt methods will try to dereference the STRs unless the key is provided.
createSTR_X509_IssuerSerial(X509Certificate)
createSTR_X509_SKI(X509Certificate)
createSTR_X509_ThumbprintSHA1(X509Certificate)
createSTR_X509_Ref(String)
. Before using this you must create an X509Certificate BST using createBST_X509(X509Certificate)
or createBST_X509(CertPath)
, assign an id to the BST and pass the ID as the Uri .createSTR_SAML_AssertionIdv11(byte[])
createSTR_SAML_AssertionIdv11(byte[], AuthorityBinding)
createSTR_SAML_AssertionIdv20(byte[])
createSTR_SAML_Assertion_Ref20(String)
createSTR_Username_Ref(String)
For encryption there are two main methods. All other encrypt methods are wrappers over these methods
encryptWithEncKey(List, boolean[], String[], WSSEncryptionParams)
encryptNoEncKey(List, boolean[], String[], WSSEncryptionParams[])
Note: These methods take a list of objects to be encrypted, where each object can be either an XML Element
, or any OSDT object that derives from OSDT XMLElement
, or a SOAPHeader
, or an AttachmentPart
The simplest way to decrypt is to call decryptAll(SOAPMessage)
which will go through all the top level ReferenceList and EncryptedKey elements and decrypt them. It will call the registered callbacks for obtaining the key to be used for decryption. The SOAPMessage parameter is only used for decrypting attachments, you can be null if you are not execting any attachments.
If you want to have more control over the decryption, you can call one of these methods
decrypt(XEEncryptedKey, PrivateKey, SOAPMessage)
, which will at first decrypt the EncryptedKey with the given PrivateKey to obtain a symmetric key, and then use this symmetric key to decrypt all the references inside the EncrytedKey.decrypt(XEEncryptedKey, SOAPMessage)
, which will look into the KeyInfo of the EncryptedKey and call the registered callbacks to obtain the private keydecrypt(XEEncryptedKey, SecretKey, SOAPMessage)
, which will use the given symmetric key to decrypt all the references inside the EncryptedKey.decrypt(XEReferenceList, SecretKey, SOAPMessage)
, which will use the given symmetric key to decrypt all the references inside the ReferenceList. This functions assumes that all the references are encrypted with the same key.decrypt(XEEncryptedData, SecretKey, SOAPMessage)
which will decrypt the EncryptedData with the given symmetric keyUse WSSignatureParams.WSSignatureParams(byte[], PrivateKey)
to create a signature params object with the specified signing key, and then call some set methods to set the signing parameters and finally call
sign(String[], WSSecurityTokenReference[], WSSignatureParams)
to sign a list of URIs which can be URIs to local elements, external uris, or cid references to attachments. You must set the WSSignatureParams.setSOAPMessage(SOAPMessage)
if you have any cid references. Most of the other sign methods are deprecated.
The simplest way to decrypt is to call verifyAll(SOAPMessage)
which will go through all the top level Signature elements and verify them. It will call the registered callbacks for obtaining the key to be used for verification.
If you want to have more control over the verification, you shoulcd at first search for all the signature elements inside the WSSecurity header, and verify them individually
verify(XSSignature, byte[], PublicKey, SOAPMessage)
if you already know the verification keyverify(XSSignature, boolean, SOAPMessage)
if you want to look inside the KeyInfo to find out the verification keyField Summary |
---|
Fields inherited from class oracle.security.xmlsec.util.XMLNode |
---|
node, systemId |
Constructor Summary | |
---|---|
WSSecurity(org.w3c.dom.Element element) Creates a new WSSecurity instance from the given Element node. |
|
WSSecurity(org.w3c.dom.Element element, java.lang.String systemId) Creates a new WSSecurity instance from the given Element node. |
Method Summary | |
---|---|
void |
addKerberosToken(KerberosBinarySecurityToken token) Add a Kerberos Token. |
void |
addSAML2AssertionToken(SAML2AssertionToken token) Add a SAML2 Assertion Token. |
void |
addSAMLAssertionToken(SAMLAssertionToken token) Add a SAML Assertion Token. |
void |
addSecurityToken(org.w3c.dom.Element token) Add a Security Token. |
void |
addSecurityTokenReference(WSSecurityTokenReference ref) Add a Security Token Reference. |
WSSignatureConfirmation |
addSignatureConfirmation(java.lang.String signatureValue) Create a SignatureConfirmation element and prepend it this WSSecurity element |
void |
addSignatureConfirmation(WSSignatureConfirmation sigConfirm) Prepend a SignatureConfirmation element to this WSSecurity element Does a simple insert into the DOM To insert at some other user regular DOM insert/append calls |
void |
addUsernameToken(UsernameToken token) Add a Username Token. |
static void |
addWsuIdToElement(java.lang.String id, org.w3c.dom.Element element) Deprecated. replaced by WSSUtils.addWsuIdToElement(String, Element) |
void |
addX509CertificateToken(X509BinarySecurityToken token) Add a X.509 Certificate Token. |
static byte[] |
computeEncKeySHA1(oracle.security.xmlsec.enc.XEEncryptedKey encKey) Utility method to compute the SHA1 of an EncryptedKey |
KerberosBinarySecurityToken |
createBST_Kerberos(byte[] ap_req, java.lang.String valueType) Create a BST from an Kerberos AP_REQ packet or a GSS wrapped AP_REQ packet |
X509BinarySecurityToken |
createBST_X509(java.security.cert.CertPath certpath) Create an BST from an X509Certificate CertPath |
X509BinarySecurityToken |
createBST_X509(java.security.cert.X509Certificate cert) Create an BST from an X509Certificate cert. |
oracle.security.xmlsec.enc.XEEncryptedData |
createEncryptedData(java.lang.String dataType) Creates a new XEEncryptedData element in this WSSecurity's document, but does not append it to the WSSecurity element. |
oracle.security.xmlsec.enc.XEEncryptedKey |
createEncryptedKey() Creates a new XEEncryptedKey element in this WSSecurity's document, but does not append it to the WSSecurity element. |
oracle.security.xmlsec.dsig.XSSignature |
createSignature() Creates a new XSSignature element in this WSSecurity's document, but does not append it to the WSSecurity element. |
oracle.security.xmlsec.dsig.XSSignature |
createSignature(java.lang.String id) Creates a new Signature element in this document, but does not append it to the WSSecurity element. |
java.util.List |
createSignatureConfirmations(org.w3c.dom.Document doc) Create a List of SignatureConfirmation elements correspnding to the Signature elements in this WSSecurity element. |
WSSecurityTokenReference |
createSTR_EncKeyRef(java.lang.String uri) Create an STR to an EncryptedKey that is in the document. |
WSSecurityTokenReference |
createSTR_EncKeySHA1(byte[] sha1) Create an STR to an EncryptedKey that is NOT in the document. |
WSSecurityTokenReference |
createSTR_KerberosKeyIdSHA1(byte[] ap_req, java.lang.String valueType) Create an STR to a Kerberos ap-req may not be in the document. |
WSSecurityTokenReference |
createSTR_KerberosKeyRef(java.lang.String uri, java.lang.String valueType) Create an STR to a Keberos BST that is in the document. |
WSSecurityTokenReference |
createSTR_SAML_Assertion_Ref20(java.lang.String uri) Create an STR to local or remote SAML v2.0 Assertion. |
WSSecurityTokenReference |
createSTR_SAML_AssertionIdv11(byte[] assertionId) Create an STR to local SAML v1.1 AssertionID. |
WSSecurityTokenReference |
createSTR_SAML_AssertionIdv11(byte[] assertionId, oracle.security.xmlsec.saml.AuthorityBinding authorityBinding) Create an STR to an external SAML v1.1 AssertionID. |
WSSecurityTokenReference |
createSTR_SAML_AssertionIdv20(byte[] assertionId) Create an STR to local SAML v2.0 AssertionID. |
WSSecurityTokenReference |
createSTR_Username_Ref(java.lang.String uri) Create an STR to an UsernameToken. |
WSSecurityTokenReference |
createSTR_X509_IssuerSerial(java.security.cert.X509Certificate cert) Create an STR to an X509Certificate cert. |
WSSecurityTokenReference |
createSTR_X509_Ref(java.lang.String uri) Create an STR to an X509Certificate cert. |
WSSecurityTokenReference |
createSTR_X509_SKI(java.security.cert.X509Certificate cert) Create an STR to an X509Certificate cert. |
WSSecurityTokenReference |
createSTR_X509_ThumbprintSHA1(java.security.cert.X509Certificate cert) Create an STR to an X509Certificate cert. |
static java.lang.Object |
decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData) Decrypts the EncrypedData element. |
static java.lang.Object |
decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData, javax.crypto.SecretKey dataDecKey) Decrypts the EncrypedData element with the given key |
static java.lang.Object |
decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData, javax.crypto.SecretKey dataDecKey, javax.xml.soap.SOAPMessage msg) Decrypts the EncrypedData element with the given key |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, java.security.PrivateKey keyDecKey) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, java.security.PrivateKey keyDecKey, javax.xml.soap.SOAPMessage msg) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.crypto.SecretKey dataDecKey) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.crypto.SecretKey dataDecKey, javax.xml.soap.SOAPMessage msg) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.xml.soap.SOAPMessage msg) Decrypts all the EncrypedData elements referenced by the given EncryptedKey element |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEReferenceList refList) Decrypts the EncrypedData/EncryptedHeader elements referenced by the given ReferenceList element in this structure. |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEReferenceList refList, javax.crypto.SecretKey symKey) Decrypts the EncrypedData/EncryptedHeader elements referenced by the given ReferenceList element in this structure. |
static java.util.List |
decrypt(oracle.security.xmlsec.enc.XEReferenceList refList, javax.crypto.SecretKey symKey, javax.xml.soap.SOAPMessage msg) |
void |
decryptAll() Decrypts all the EncryptedData child elements and replaces the EncrypteData element with the decrypted XML result. |
void |
decryptAll(javax.xml.soap.SOAPMessage msg) |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) Perform encryption of the Security Header content. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.cert.X509Certificate keyEncCert, java.lang.String keyEncAlg) Perform encryption of the Security Header content. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) Deprecated. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) Perform encryption of the Security Header content. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, javax.crypto.SecretKey dataEncKey) Perform encryption of the Security Header content. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String encDataId, WSSEncryptionParams encParam) Encrypt an element with a content key. |
void |
encrypt(org.w3c.dom.Element element, boolean contentOnly, WSSEncryptionParams encParams) Deprecated. Replaced by encrypt(Element, boolean, String, SecretKey, PublicKey, String, String, byte[]) |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) Perform encryption of a list of elements, all with the same content key. |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.cert.X509Certificate keyEncCert, java.lang.String keyEncAlg) Perform encryption of a list of elements, all with the same content key. |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlgURI, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) Deprecated. |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) Perform encryption of the Security Header content. |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, javax.crypto.SecretKey dataEncKey) Perform encryption of the Security Header content. |
void |
encrypt(java.util.List elements, boolean[] contentOnlys, WSSEncryptionParams encParams) Deprecated. Replaced by encrypt(List, boolean[], String, SecretKey, PublicKey, String, String, byte[]) |
oracle.security.xmlsec.enc.XEReferenceList |
encryptNoEncKey(java.util.List elements, boolean[] contentOnlys, java.lang.String[] encDataIds, WSSEncryptionParams[] encParams) Encrypt a list of elements (or attachments), each with a different content key. |
oracle.security.xmlsec.enc.XEEncryptedKey |
encryptWithEncKey(java.util.List elements, boolean[] contentOnlys, java.lang.String[] encDataIds, WSSEncryptionParams encParam) Encrypt of a list of elements, all with the same content key and encrypt that content key with a public key. |
static WSSecurity[] |
getAllSecurityHeaders(javax.xml.soap.SOAPEnvelope env) Get all the wsse:Security headers in this envelope. |
java.util.List |
getBinaryTokens() Returns the list of Binary Security Tokens. |
java.util.List |
getEncryptedKeys() Returns all the EncryptedKey elements in this WSSecurity block. |
static WSSecurity[] |
getMustUnderstandSecurityHeaders(javax.xml.soap.SOAPEnvelope env, java.lang.String actor) Get all the wsse:Security headers in this envelope. |
java.util.List |
getReferenceLists() Returns all the ReferenceList elements in this WSSecurity block. |
java.util.List |
getSAML2AssertionTokens() Returns the list of SAML2 Assertion Security Tokens. |
java.util.List |
getSAMLAssertionTokens() Returns the list of SAML Assertion Security Tokens. |
static WSSecurity[] |
getSecurityHeaders(javax.xml.soap.SOAPEnvelope env, java.lang.String actor) Get all the wsse:Security headers in this envelope. |
WSSecurityToken |
getSecurityTokenByWsuID(java.lang.String id) Get the Security token corresponding to the WSU identifier. |
java.util.List |
getSignatures() Returns all the Signature elements in this WSSecurity header block. |
java.lang.String[] |
getSignatureValues() Return a list of Signature values of all the top level Signature elements in this WSSecurity element. |
WSUTimestamp |
getTimestamp() Get the token Timestamp. |
java.util.List |
getUsernameTokens() Returns the list of Username Security Tokens. |
static WSSecurity |
newInstance(org.w3c.dom.Document owner) Creates a new WSSecurity instance using the given owner document, but does not append it to any element. |
static WSSecurity |
newInstance(org.w3c.dom.Document owner, java.lang.String id) Creates a new WSSecurity instance using the given owner document, but does not append it to any element. |
static WSSecurity |
newInstance(javax.xml.soap.SOAPEnvelope env) Create a new WSSecurity instance using the given SOAPEnvelope. |
static WSSecurity |
newInstance(java.lang.String id) Creates a new WSSecurity instance in a new owner document, and makes it the root element of the document. |
void |
setTimestamp(WSUTimestamp timeStamp) Set the token Timestamp. |
void |
sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Deprecated. KeyDerivator was used before WSS 1.1, Instead use UsernameToken.deriveKey(char[], byte[], int) to derive the password, and call the regular sign method |
void |
sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Deprecated. |
void |
sign(java.lang.String[] uris, WSSecurityTokenReference[] refs, WSSignatureParams sigParams) Deprecated. Combine the uris and the refs into one list of uris and call sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
oracle.security.xmlsec.dsig.XSSignature |
sign(java.lang.String[] uris, WSSignatureParams sigParams, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[][] trans) Signs a list of URIs using an HMAC key or a PrivateKey. |
void |
sign(java.lang.String[] uris, WSSKeyIdentifier keyId, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Deprecated. Use sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) instead |
void |
sign(java.lang.String[] uris, WSSKeyIdentifier keyId, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Deprecated. Use the createSTR_XXX methods to create a KeyIdentifier and then pass it to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
void |
sign(java.lang.String[] uris, X509BinarySecurityToken token, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Deprecated. Use createSTR_X509_IssuerSerial(X509Certificate) to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
void |
sign(java.lang.String[] uris, X509BinarySecurityToken token, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Deprecated. Use createSTR_X509_IssuerSerial(X509Certificate) to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
void |
sign(java.lang.String[] uris, X509IssuerSerial certIASN, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Deprecated. Use createSTR_X509_IssuerSerial(X509Certificate) to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
void |
sign(java.lang.String[] uris, X509IssuerSerial certIASN, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Deprecated. Use createSTR_X509_IssuerSerial(X509Certificate) to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][]) |
void |
sign(java.lang.String uri, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Deprecated. KeyDerivator was used before WSS 1.1, Instead use UsernameToken.deriveKey(char[], byte[], int) to derive the password, and call the regular sign method |
void |
sign(java.lang.String uri, WSSignatureParams sigParams) Sign a single URI. |
void |
sign(WSSecurityTokenReference ref, WSSignatureParams sigParams) Deprecated. Use sign(String, WSSignatureParams) which can sign both regular URIs and URIs to STRs. |
boolean |
verify(oracle.security.xmlsec.dsig.XSSignature sig) Verifies the given XSSignature , following the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
static boolean |
verify(oracle.security.xmlsec.dsig.XSSignature sig, boolean searchDocument) Verifies the given XSSignature , following the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
static boolean |
verify(oracle.security.xmlsec.dsig.XSSignature sig, boolean searchDocument, javax.xml.soap.SOAPMessage msg) Verifies the given XSSignature , following the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
static boolean |
verify(oracle.security.xmlsec.dsig.XSSignature sig, byte[] hmacKey, java.security.PublicKey pubKey, javax.xml.soap.SOAPMessage msg) Verifies the given XSSignature using either the hmacKey or the pubKey, following the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
boolean |
verify(oracle.security.xmlsec.dsig.XSSignature sig, javax.xml.soap.SOAPMessage msg) Verifies the given XSSignature , following the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
boolean |
verifyAll() Verifies all of the XSSignature s in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
boolean |
verifyAll(javax.xml.soap.SOAPMessage msg) Verifies all of the XSSignature s in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG]. |
boolean |
verifySignatureConfirmations(java.lang.String[] sigValues) Verify the signature confirmations in this WSSecurity following the response processing rules for Signature Confirmation in the WS SEcurity 1.1 spec. |
Methods inherited from class oracle.security.xmlsec.util.XMLElement |
---|
addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElement, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix |
Methods inherited from class oracle.security.xmlsec.util.XMLNode |
---|
appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public WSSecurity(org.w3c.dom.Element element)
WSSecurity
instance from the given Element node.
element
- An org.w3c.dom.Element that conforms to the wsse:Security schema.public WSSecurity(org.w3c.dom.Element element, java.lang.String systemId)
WSSecurity
instance from the given Element node.
element
- An org.w3c.dom.Element that conforms to the wsse:WSSecurity schema.systemId
- The URI string system ID for this XSSignature.Method Detail |
---|
public static WSSecurity newInstance(java.lang.String id)
WSSecurity
instance in a new owner document, and makes it the root element of the document.id
- An optional string ID name for the wsse:Security element.WSSecurity
instance.public static WSSecurity newInstance(org.w3c.dom.Document owner)
WSSecurity
instance using the given owner document, but does not append it to any element.owner
- The XML Document to be used as the owner document of this structure.WSSecurity
instance.public static WSSecurity newInstance(javax.xml.soap.SOAPEnvelope env) throws javax.xml.soap.SOAPException
WSSecurity
instance using the given SOAPEnvelope. This method uses SOAPHeader.addHeaderElement(javax.xml.soap.Name)
to create the WSSecurity header, so you can get the underlying WSSecurity element by casting WSSecurity.getElement() to a SOAPHeaderElement
WSSecurity ws = WSSecurity.newInstance(env); SOAPHeaderElement el = (SOAPHeaderElement)ws.getElement();
env
-WSSecurity
instance.javax.xml.soap.SOAPException
public static WSSecurity newInstance(org.w3c.dom.Document owner, java.lang.String id)
WSSecurity
instance using the given owner document, but does not append it to any element.owner
- The XML Document to be used as the owner document of this structure.id
- An optional string ID name for the wsse:Security element.WSSecurity
instance.public static WSSecurity[] getAllSecurityHeaders(javax.xml.soap.SOAPEnvelope env) throws javax.xml.soap.SOAPException
SOAPHeader.examineAllHeaderElements()
to get a list of headers, and of them returns the ones that are wsse:Securityenv
-javax.xml.soap.SOAPException
public static WSSecurity[] getSecurityHeaders(javax.xml.soap.SOAPEnvelope env, java.lang.String actor) throws javax.xml.soap.SOAPException
SOAPHeader.examineHeaderElements(String)
to get a list of headers for a specified actor(in SOAP 1.1) or role (in SOAP 1.2), and of them returns the ones that are wsse:Securityenv
-javax.xml.soap.SOAPException
public static WSSecurity[] getMustUnderstandSecurityHeaders(javax.xml.soap.SOAPEnvelope env, java.lang.String actor) throws javax.xml.soap.SOAPException
SOAPHeader.examineMustUnderstandHeaderElements(String)
to get a list of headers for a specified actor(in SOAP 1.1) or role (in SOAP 1.2), which have mustUnderstand=true and of them returns the ones that are wsse:Securityenv
-javax.xml.soap.SOAPException
public oracle.security.xmlsec.dsig.XSSignature createSignature(java.lang.String id)
id
- An optional string ID name for the Signature element.XSSignature
instance.public void addUsernameToken(UsernameToken token)
The Username Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token to add.public void addX509CertificateToken(X509BinarySecurityToken token)
The X.509 Certificate Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token to add.public void addKerberosToken(KerberosBinarySecurityToken token)
The Kerberos Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token to add.public void addSAMLAssertionToken(SAMLAssertionToken token)
The SAML Assertione Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token to add.public void addSAML2AssertionToken(SAML2AssertionToken token)
The SAML2 Assertione Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token to add.public void addSecurityToken(org.w3c.dom.Element token)
The input token element is not schema validated.
The Security Token will be imported if it is in a different org.w3c.dom.Document
.
token
- The Security Token element to add.public void addSecurityTokenReference(WSSecurityTokenReference ref)
ref
- The Security Token reference to add.public void setTimestamp(WSUTimestamp timeStamp)
timeStamp
- The timestamp.public WSUTimestamp getTimestamp()
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) throws WSSException
The keyEncKeyURI
must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.
element
- The element to encrypt.contentOnly
- If true
only encrypt the children of the element
else encrypt the whole element.dataEncAlg
- The content encryption algorithm.usernameTokenURI
- The UsernameToken URI.keyDerivator
- The key derivation interface to use.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlgURI, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) throws WSSException
The usernameTokenURI
must be a reference to an Username Token.
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlgURI
- The content encryption algorithm.usernameTokenURI
- The UsernameToken URI.keyDerivator
- The key derivation interface to use.WSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, javax.crypto.SecretKey dataEncKey) throws WSSException
The keyEncKeyURI
must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.
element
- The element to encrypt.contentOnly
- If true
only encrypt the children of the element
else encrypt the whole element.dataEncAlg
- The content encryption algorithm.certTokenURI
- The X.509 certificate token URI.keyEncAlg
- The key key encryption algorithm.dataEncKey
- The content encryption key.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, javax.crypto.SecretKey dataEncKey) throws WSSException
The keyEncKeyURI
must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlg
- The content encryption algorithm.certTokenURI
- The X.509 certificate token URI.keyEncAlg
- The key key encryption algorithm.dataEncKey
- The content encryption key.WSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) throws WSSException
The keyEncKeyURI
must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.
element
- The element to encrypt.contentOnly
- If true
only encrypt the children of the element
else encrypt the whole element.dataEncAlg
- The content encryption algorithm.keyEncKeyURI
- The key encryption certificate URI.keyEncAlg
- The key encryption algorithm.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) throws WSSException
The keyEncKeyURI
must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlg
- The content encryption algorithm.keyEncKeyURI
- The key encryption certificate URI.keyEncAlg
- The key encryption algorithm.WSSException
public void sign(java.lang.String uri, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) throws WSSException
UsernameToken.deriveKey(char[], byte[], int)
to derive the password, and call the regular sign methoduri
- The URI of the element to encrypt.token
- The Username security token used to derive the signing HMAC key.keyDerivator
- The key derivation class.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
public void sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) throws WSSException
UsernameToken.deriveKey(char[], byte[], int)
to derive the password, and call the regular sign methoduris
- The URI list of org.w3c.dom.Elements
to encrypt.token
- The Username security token used to derive the signing HMAC key.keyDerivator
- The key derivation class.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
public void sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) throws WSSException
uris
- The URI list of org.w3c.dom.Elements
to encrypt.token
- The Username security token used to derive the signing HMAC key.keyDerivator
- The key derivation class.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.trans
- The list of ds:Reference transformsusingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
public oracle.security.xmlsec.dsig.XSSignature sign(java.lang.String[] uris, WSSignatureParams sigParams, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[][] trans) throws WSSException
Note
WSSignatureParams.setSOAPMessage(SOAPMessage)
so that the cid references can be resolved.WSSignatureParams.setKeyInfoId(String)
to set an id for the KeyInfo, and include that Id in the uris[]
WSSignatureParams.setUsingSTRTransform(boolean)
to true then all URIs that refer to KeyInfo or STRs will get automatically get an STRTransformtrans
to be null, and set the parametersWSSignatureParams.setAttachmentContentOnly(boolean)
,WSSignatureParams.setUsingSTRTransform(boolean)
WSSignatureParams.setUsingDecryptTranform(boolean)
WSSignatureParams.setCommonTrans(XSAlgorithmIdentifier[])
trans
array with the exact list of transformations for each reference. If trans is not null, trans.length must be equal to uris.length otherwise and IllegalArgumentException is thrown. Also if trans is non null, the parameters mentioned above are ignored
uris
- A list of references to be signed. Can have references to attachments as well i.e. cid: referencessigParams
- the signature parameterstrans
- advanced way of specifying transformsWSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, WSSEncryptionParams encParams) throws WSSException
encrypt(Element, boolean, String, SecretKey, PublicKey, String, String, byte[])
element
- The element to encrypt.contentOnly
- If true
only encrypt the children of the element
else encrypt the whole element.encParams
- The encryption algorithm and key parameters.WSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) throws WSSException
element
- The element to encrypt.contentOnly
- If true
only encrypt the children of the element
else encrypt the whole element.dataEncAlg
- The content encryption algorithm.dataEncKey
- The content encryption key. If set to null
, a randomly generated key will be used.keyEncKey
- The key encryption key that will be used to secure the content encryption key.keyEncAlg
- The key encryption algorithm.keyEncKeyName
- The optional key encryption key name.certId
- The optional key certificate identifier.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, WSSEncryptionParams encParams) throws WSSException
encrypt(List, boolean[], String, SecretKey, PublicKey, String, String, byte[])
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.encParams
- The encryption algorithm and key parameters.WSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.cert.X509Certificate keyEncCert, java.lang.String keyEncAlg) throws WSSException
element
- The org.w3c.dom.Elements
to encrypt.contentOnly
- If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlg
- The content encryption key.dataEncKey
- The content encryption key. If set to null
, a randomly generated key will be used.keyEncCert
- The key encryption certificate that will be used to secure the content encryption key.keyEncAlg
- The key encryption algorithm.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.cert.X509Certificate keyEncCert, java.lang.String keyEncAlg) throws WSSException
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlg
- The content encryption key.dataEncKey
- The content encryption key. If set to null
, a randomly generated key will be used.keyEncCert
- The key encryption certificate that will be used to secure the content encryption key.keyEncAlg
- The key encryption algorithm.WSSException
public void encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, javax.crypto.SecretKey dataEncKey, java.security.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) throws WSSException
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- The List of boolean values for each List
elements.If true
only encrypt the children of the corresponding List
element else encrypt the entire corresponding List
element.dataEncAlg
- The content encryption algorithmdataEncKey
- The content encryption key. If set to null
, a randomly generated key will be used.keyEncKey
- The key encryption key that will be used to secure the content encryption key.keyEncAlg
- The key encryption algorithm.keyEncKeyName
- The optional key encryption key name.certId
- The optional key certificate identifier.WSSException
public void encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String encDataId, WSSEncryptionParams encParam) throws WSSException
Convenience method to call encryptNoEncKey(List, boolean[], String[], WSSEncryptionParams[])
when there is only one element to encrypt
WSSException
public oracle.security.xmlsec.enc.XEReferenceList encryptNoEncKey(java.util.List elements, boolean[] contentOnlys, java.lang.String[] encDataIds, WSSEncryptionParams[] encParams) throws WSSException
This function :
elements
- The list of org.w3c.dom.Elements
to encrypt.contentOnlys
- For each element (or attachment) whether to encrypt the body of the element only (or body of attachment only) or encrypt the entire element (or attachment body + selected headers). If set to null
all items in this array are assumed to be false..encDataIds
- The IDs to put in each encrypted element. If set to null
the IDs are generatedencParams
- Used to obtain the parameters for encryption. If the same content encryption key is to be used for all elements (or attachments) pass in an array with only WSSEncryptionParam object.
WSSEncryptionParams.getDataEncryptionAlg()
should return the content encryption Algorithm to be used for each element(or attachment)WSSEncryptionParams.getDataEncryptionKey()
should return the content encryption Key. to be used for each element (or attachment) If a null content encryption key set, a randomly generated key will be used.WSSEncryptionParams.getKeyInfoData()
should return the keyInfoData to be put inside each EncryptedData If set to null
no KeyInfo will be added to the EncryptedDataWSSEncryptionParams.getIv()
should return the Initialization vector, if null a random IV is generated. Use IV only for test programs where you want the cipher text to be the same in every run.WSSException
java.lang.IllegalArgumentException
public oracle.security.xmlsec.enc.XEEncryptedKey encryptWithEncKey(java.util.List elements, boolean[] contentOnlys, java.lang.String[] encDataIds, WSSEncryptionParams encParam) throws WSSException
This function :
elements
- The list of Element
(or AttachmentPart
) to encrypt.contentOnlys
- For each element (or attachment) whether to encrypt the body of the element only (or body of attachment only) or encrypt the entire element (or attachment body + selected headers). If set to null
all items in this array are assumed to be false.encDataIds
- The IDs to put in each encrypted element. If set to null
the IDs are generatedencParam
- Used to obtain the parameters for encryption
WSSEncryptionParams.getDataEncryptionAlg()
should return the content encryption AlgorithmWSSEncryptionParams.getDataEncryptionKey()
should return the content encryption Key. If a null content encryption key set, a randomly generated key will be used.WSSEncryptionParams.getKeyEncryptionAlg()
should return the content encryption AlgorithmWSSEncryptionParams.getKeyEncryptionKey()
should return the content encryption KeyWSSEncryptionParams.getKeyInfoData()
should return the keyInfoData to be put inside the EncryptedKey.WSSEncryptionParams.getIv()
should return the Initialization vector, if null a random IV is generated. Note, if you specify an IV, the same IV will be used for all the elements (or attachments), which is not secure. Use IV only for test programs where you want the cipher text to be the same in every run. If set to null
no KeyInfo will be added to the EncryptedKeyWSSException
java.lang.IllegalArgumentException
public void sign(java.lang.String[] uris, X509BinarySecurityToken token, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
createSTR_X509_IssuerSerial(X509Certificate)
to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The URI List
of the elements to encrypt.token
- The X.509 certificate security token.privKey
- The signing key.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String[] uris, X509BinarySecurityToken token, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
createSTR_X509_IssuerSerial(X509Certificate)
to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The URI List
of the elements to encrypt.token
- The X.509 certificate security token.privKey
- The signing key.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.trans
- The list of ds:Reference transforms.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String[] uris, X509IssuerSerial certIASN, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
createSTR_X509_IssuerSerial(X509Certificate)
to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The URI List
of the elements to encrypt.certIASN
- The issuer and serial number of signing certificate.privKey
- The signing key.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String[] uris, X509IssuerSerial certIASN, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
createSTR_X509_IssuerSerial(X509Certificate)
to create an STR, and then send that to sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The URI List
of the elements to encrypt.certIASN
- The issuer and serial number of signing certificate.privKey
- The signing key.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.trans
- The list of ds:Reference transforms.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String[] uris, WSSKeyIdentifier keyId, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
insteaduris
- The URI List
of the elements to encrypt.keyId
- The signing certificate public key identifier.privKey
- The signing key. If null
, the X509KeyIdentifierResolver will be used.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String[] uris, WSSKeyIdentifier keyId, java.security.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) throws WSSException, oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The URI List
of the elements to encrypt.keyId
- The signing certificate public key identifier.privKey
- The signing key. If null
, the X509KeyIdentifierResolver will be used.digestAlg
- The message digest algorithm.c14NAlg
- The canonicalization algorithm.signatureAlg
- The signature algorithm.trans
- The list of ds:Reference transforms.usingDecryptionTransform
- Indicates the use of the decryption transform.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public void sign(java.lang.String uri, WSSignatureParams sigParams) throws WSSException
sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
with only one uri and no transformations.uri
- The reference URI.sigParams
- The signature algorithm and key parameters.WSSException
public void sign(WSSecurityTokenReference ref, WSSignatureParams sigParams) throws WSSException
sign(String, WSSignatureParams)
which can sign both regular URIs and URIs to STRs.ref
- The security token reference.sigParams
- The signature algorithm and key parameters.WSSException
public void sign(java.lang.String[] uris, WSSecurityTokenReference[] refs, WSSignatureParams sigParams) throws WSSException
sign(String[], WSSignatureParams, XSAlgorithmIdentifier[][])
uris
- The reference URI list.refs
- The security token reference list.sigParams
- The signature algorithm and key parameters.WSSException
public void decryptAll() throws WSSException
WSSException
public void decryptAll(javax.xml.soap.SOAPMessage msg) throws WSSException
WSSException
public java.util.List getReferenceLists()
ReferenceList
elements in this WSSecurity block.List
of xenc:ReferenceList elements.public static java.util.List decrypt(oracle.security.xmlsec.enc.XEReferenceList refList, javax.crypto.SecretKey symKey) throws WSSException
refList
- The list of encrypted references.symKey
- The content decryption key.WSSException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEReferenceList refList, javax.crypto.SecretKey symKey, javax.xml.soap.SOAPMessage msg) throws WSSException
WSSException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEReferenceList refList) throws WSSException
refList
- The list of encrypted references.WSSException
public java.util.List getEncryptedKeys()
EncryptedKey
elements in this WSSecurity block.List
of EncryptedKey elements (oracle.security.xmlsec.enc.XEEncryptedKey).public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, java.security.PrivateKey keyDecKey) throws WSSException
encKey
- The EncryptedKey element whose references will be decrypted.keyDecKey
- The key to decrypt the content encryption key.WSSException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, java.security.PrivateKey keyDecKey, javax.xml.soap.SOAPMessage msg) throws WSSException
encKey
- The EncryptedKey element whose references will be decrypted.keyDecKey
- The key to decrypt the content encryption key.WSSException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey) throws WSSException
The decryption key is obtained from the KeyRetriever facility.
encKey
- The EncryptedKey element whose references are to be decrypted.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.xml.soap.SOAPMessage msg) throws WSSException
The decryption key is obtained from the KeyRetriever facility.
encKey
- The EncryptedKey element whose references are to be decrypted.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public static java.lang.Object decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData, javax.crypto.SecretKey dataDecKey) throws WSSException
encData
- The EncryptedData element.dataDecKey
- the key to be used for decrypting the dataWSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public static java.lang.Object decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData, javax.crypto.SecretKey dataDecKey, javax.xml.soap.SOAPMessage msg) throws WSSException
encData
- The EncryptedData element.dataDecKey
- the key to be used for decrypting the datamsg
-WSSException
public static java.lang.Object decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData) throws WSSException
The decryption key is obtained from the KeyRetriever facility.
encData
- The EncryptedData element.WSSException
oracle.security.xmlsec.keys.retrieval.KeyRetrievalException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.crypto.SecretKey dataDecKey) throws WSSException
encKey
- The encrypted key instance.dataDecKey
- The content decryption key to use to decrypt the EncryptedData elements, if null is passed, then the EncryptedKey will be decrypted with a key obtained from the keyretriever to get the dataDecKeyWSSException
public static java.util.List decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, javax.crypto.SecretKey dataDecKey, javax.xml.soap.SOAPMessage msg) throws WSSException
encKey
- The encrypted key instance.dataDecKey
- The content decryption key to use to decrypt the EncryptedData elements, if null is passed, then the EncryptedKey will be decrypted with a key obtained from the keyretriever to get the dataDecKeymsg
- required for decrypting attachmentsWSSException
public java.util.List getSignatures()
List
of Signature elements.public boolean verify(oracle.security.xmlsec.dsig.XSSignature sig) throws WSSException
XSSignature
, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].sig
- The signature instance to verify.true
if the signature verifies correctly, false
if the signature cannot be verified.WSSException
public boolean verify(oracle.security.xmlsec.dsig.XSSignature sig, javax.xml.soap.SOAPMessage msg) throws WSSException
XSSignature
, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].sig
- The signature instance to verify.msg
- The SOAPMessage for resolving attachment referencestrue
if the signature verifies correctly, false
if the signature cannot be verified.WSSException
public static boolean verify(oracle.security.xmlsec.dsig.XSSignature sig, boolean searchDocument) throws WSSException
XSSignature
, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].sig
- The signature instance to verify.searchDocument
- If available, use the signing certificate present in the same Document.true
if the signature verifies correctly, false
if the signature cannot be verified.WSSException
public static boolean verify(oracle.security.xmlsec.dsig.XSSignature sig, byte[] hmacKey, java.security.PublicKey pubKey, javax.xml.soap.SOAPMessage msg) throws WSSException
XSSignature
using either the hmacKey or the pubKey, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].sig
- The signature instance to verify.hmacKey
- hmac verification keypubKey
- public key for vertificationmsg
- used only for attachment verificationtrue
if the signature verifies correctly, false
if the signature cannot be verified.WSSException
java.lang.NullPointerException
- if both hmacKey and pubKey are nullpublic static boolean verify(oracle.security.xmlsec.dsig.XSSignature sig, boolean searchDocument, javax.xml.soap.SOAPMessage msg) throws WSSException
XSSignature
, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].sig
- The signature instance to verify.searchDocument
- If available, use the signing certificate present in the same Document.msg
- used only for attachment verificationtrue
if the signature verifies correctly, false
if the signature cannot be verified.WSSException
public boolean verifyAll() throws WSSException
XSSignature
s in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG].true
if all the signatures verify correctly, false
if at least one signature cannot be verified.WSSException
public boolean verifyAll(javax.xml.soap.SOAPMessage msg) throws WSSException
XSSignature
s in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG].msg
- The SOAPMessage for resolving attachment referencestrue
if all the signatures verify correctly, false
if at least one signature cannot be verified.WSSException
public static void addWsuIdToElement(java.lang.String id, org.w3c.dom.Element element)
WSSUtils.addWsuIdToElement(String, Element)
id
- The attribute value.element
- The org.w3c.dom.Element
whose wsu:Id attribute will be set.public oracle.security.xmlsec.dsig.XSSignature createSignature() throws org.w3c.dom.DOMException
XSSignature
.org.w3c.dom.DOMException
public oracle.security.xmlsec.enc.XEEncryptedData createEncryptedData(java.lang.String dataType) throws org.w3c.dom.DOMException
dataType
- Type information identifying the content.XEEncryptedData
.org.w3c.dom.DOMException
public oracle.security.xmlsec.enc.XEEncryptedKey createEncryptedKey() throws org.w3c.dom.DOMException
XEEncryptedKey
.org.w3c.dom.DOMException
public WSSecurityToken getSecurityTokenByWsuID(java.lang.String id)
id
- The wsu:Id value.null
otherwise.public java.util.List getUsernameTokens()
UsernameToken
elements.public java.util.List getBinaryTokens()
BinarySecurityToken
elements.public java.util.List getSAML2AssertionTokens()
SAML2AssertionToken
elements.public java.util.List getSAMLAssertionTokens()
SAMLAssertionToken
elements.public void addSignatureConfirmation(WSSignatureConfirmation sigConfirm)
sigConfirm
-public WSSignatureConfirmation addSignatureConfirmation(java.lang.String signatureValue)
signatureValue
-public java.util.List createSignatureConfirmations(org.w3c.dom.Document doc)
The signatureConfirmationElements are not inserted into the document
doc
- The Document in which the SignatureConfirmation elements should be createdpublic java.lang.String[] getSignatureValues()
public boolean verifySignatureConfirmations(java.lang.String[] sigValues)
sigValues
- an array of signature values. Use getSignatureValues to construct such an an array from the response packet.public WSSecurityTokenReference createSTR_X509_SKI(java.security.cert.X509Certificate cert)
<wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="...#Base64Binary" ValueType="...#X509SubjectKeyIdentifier"> base64 SKI </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
cert
-java.lang.IllegalArgumentException
- if no SKI was found in the certpublic WSSecurityTokenReference createSTR_X509_IssuerSerial(java.security.cert.X509Certificate cert)
<wsse:SecurityTokenReference> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>issuer</ds:X509IssuerName> <ds:X509SerialNumber>serial</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference>
cert
-public WSSecurityTokenReference createSTR_X509_ThumbprintSHA1(java.security.cert.X509Certificate cert)
<wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="...#Base64Binary" ValueType="...#ThumbPrintSHA1""> base64 SHA1 of cert bytes </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
cert
-public WSSecurityTokenReference createSTR_X509_Ref(java.lang.String uri)
<wsse:SecurityTokenReference> <wsse:Reference URI="..."/> </wsse:SecurityTokenReference>
uri
-public X509BinarySecurityToken createBST_X509(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateEncodingException
<wsse:BinarySecurityToken ValueType="...#X509v3" EncodingType="...#Base64Binary"> base64 encoded cert contents </wsse:BinarySecurityToken>
cert
-java.security.cert.CertificateEncodingException
public X509BinarySecurityToken createBST_X509(java.security.cert.CertPath certpath) throws java.security.cert.CertificateEncodingException
<wsse:BinarySecurityToken ValueType="..."#X509PKIPathv1" EncodingType="...#Base64Binary"> base64 encoded PKI path contents </wsse:BinarySecurityToken>
certpath
-java.security.cert.CertificateEncodingException
public KerberosBinarySecurityToken createBST_Kerberos(byte[] ap_req, java.lang.String valueType)
<wsse:BinarySecurityToken ValueType="valueType" EncodingType="...#Base64Binary"> base64 encoded AP_REQ contents </wsse:BinarySecurityToken>
ap_req
-valueType
-public WSSecurityTokenReference createSTR_Username_Ref(java.lang.String uri)
<wsse:SecurityTokenReference> <wsse:Reference URI="..." ValueType="...#UsernameToken" /> </wsse:SecurityTokenReference>
uri
-public WSSecurityTokenReference createSTR_SAML_AssertionIdv11(byte[] assertionId)
<wsse:SecurityTokenReference TokenType="...#SAMLV1.1"> <wsse:KeyIdentifier ValueType="...#SAMLAssertionID"> assertion id </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
assertionId
-public WSSecurityTokenReference createSTR_SAML_AssertionIdv11(byte[] assertionId, oracle.security.xmlsec.saml.AuthorityBinding authorityBinding)
<wsse:SecurityTokenReference TokenType="...#SAMLV1.1"> <saml:AuthorityBinding ... /> <wsse:KeyIdentifier ValueType="...#SAMLAssertionID"> assertion id </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
assertionId
-authorityBinding
-public WSSecurityTokenReference createSTR_SAML_AssertionIdv20(byte[] assertionId)
<wsse:SecurityTokenReference TokenType="...#SAMLV2.0"> <wsse:KeyIdentifier ValueType="...#SAMLID"> assertion id </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
assertionId
-public WSSecurityTokenReference createSTR_SAML_Assertion_Ref20(java.lang.String uri)
<wsse:SecurityTokenReference TokenType="...#SAMLV2.0"> <wsse:Reference URI="uri"/> </wsse:SecurityTokenReference>
uri
-WSSException
public WSSecurityTokenReference createSTR_EncKeyRef(java.lang.String uri)
<wsse:SecurityTokenReference > <wsse:Reference URI="uri"/> </wsse:SecurityTokenReference>
uri
-public WSSecurityTokenReference createSTR_KerberosKeyRef(java.lang.String uri, java.lang.String valueType)
<wsse:SecurityTokenReference TokenType="valueType"> <wsse:Reference URI="uri"/> </wsse:SecurityTokenReference>
uri
-valueType
- should be one of the WSSURI.vt_Kerberos* or WSSURI.vt_GSSKerberos*public WSSecurityTokenReference createSTR_KerberosKeyIdSHA1(byte[] ap_req, java.lang.String valueType)
<wsse:SecurityTokenReference TokenType="valueType"> <wsse:KeyIdentifier ValueType="...#Kerberosv5APREQSHA1"> base64 encoding of the Sha1 dgested ap_req bytes </wsse:KeyIdentifier> </wsse:SecurityTokenReference>
ap_req
- Kerberos AP_REQ packet or GSS wrapped AP_REQ packetvalueType
- should be one of the WSSURI.vt_Kerberos* or WSSURI.vt_GSSKerberos*public static byte[] computeEncKeySHA1(oracle.security.xmlsec.enc.XEEncryptedKey encKey)
encKey
-public WSSecurityTokenReference createSTR_EncKeySHA1(byte[] sha1)
<wsse:SecurityTokenReference TokenType="...#EncrytpedKey" > <wsse:KeyIdentifier EncodingType="...#Base64Binary" ValueType="...#EncrpytedKeySHA1"> assertion id </wsse:KeyIdenfier> </wsse:SecurityTokenReference>
sha1
-computeEncKeySHA1(XEEncryptedKey)
|
Oracle Security Developer Tools Web Services Security Java API Reference 11g (11.1.1) E10678-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |