|
JSR 105, v0.13 (Proposed Final Draft) | ||||||||||
PREV NEXT | FRAMES NO FRAMES |
See:
Description
JSR 105 Packages | |
javax.xml.crypto | Common classes for XML cryptography. |
javax.xml.crypto.dom | DOM-specific classes for the javax.xml.crypto package. |
javax.xml.crypto.dsig | Classes for generating and validating XML digital signatures. |
javax.xml.crypto.dsig.dom | DOM-specific classes for the javax.xml.crypto.dsig package. |
javax.xml.crypto.dsig.keyinfo | Classes for parsing and processing KeyInfo elements and structures. |
javax.xml.crypto.dsig.spec | Parameter classes for XML digital signatures. |
Please send all comments to: jsr-105-comments@sun.com. We appreciate your comments and the time taken to review the API.
When this specification is final, there will be a Reference Implementation which will demonstrate the capabilities of this API and will provide an operational definition of this specification. A Technology Compatibility Kit (TCK) will also be available that will verify whether an implementation of the specification is compliant. These are required as per the Java Community Process SM 2.1.
The JSR 105 API is intended to target the following two types of users:
javax.xml.crypto.dom
and javax.xml.crypto.dsig.dom
packages.
KeySelector
class,
the purpose of which is to allow developers to supply implementations which
locate and optionally validate keys using the information contained in a
KeyInfo
object, and the URIDereferencer
class which allows developers to create and specify their
own URI dereferencing implementations.
The javax.xml.crypto.dsig package includes interfaces that represent
the core elements defined in the W3C XML digital signature specification. Of
primary significance is the
XMLSignature
class, which allows
you to sign and validate an XML digital signature. Most of the XML signature
structures or elements are represented by a corresponding interface
(except for the KeyInfo
structures, which are included in their
own package, and discussed in the next paragraph). These interfaces include:
SignedInfo
,
CanonicalizationMethod
,
SignatureMethod
,
Reference
,
Transform
,
DigestMethod
,
XMLObject
,
Manifest
,
SignatureProperty
, and
SignatureProperties
. The
XMLSignatureFactory
class is
an abstract factory that is used to create objects that implement these
interfaces.
The javax.xml.crypto.dsig.keyinfo package contains interfaces
that represent most of the KeyInfo
structures defined in the W3C
XML digital signature recommendation, including
KeyInfo
,
KeyName
,
KeyValue
,
X509Data
,
X509IssuerSerial
,
RetrievalMethod
,
and PGPData
. The
KeyInfoFactory
class is an
abstract factory that is used to create objects that implement these
interfaces.
The javax.xml.crypto.dsig.spec package contains interfaces and classes representing input parameters for the digest, signature, transform, or canonicalization algorithms used in the processing of XML signatures.
Finally, the javax.xml.crypto.dom and javax.xml.crypto.dsig.dom
packages contains DOM-specific classes for the javax.xml.crypto and
javax.xml.crypto.dsig packages, respectively.
Only developers and users who are creating or using a DOM-based
XMLSignatureFactory
or
KeyInfoFactory
implementation should need to make direct use of these packages.
XMLSignatureFactory
and
KeyInfoFactory
classes and
is responsible for creating objects and algorithms that parse, generate and
validate XML Signatures and KeyInfo structures. A concrete implementation of
XMLSignatureFactory
MUST provide support for each of the
REQUIRED algorithms as specified by the W3C recommendation for XML Signatures.
It MAY support other algorithms as defined by the W3C recommendation or
other specifications.
JSR 105 leverages the
JCA provider model for registering and loading
XMLSignatureFactory
and KeyInfoFactory
implementations.
Each concrete XMLSignatureFactory
or KeyInfoFactory
implementation supports a specific XML mechanism type that identifies
the XML processing mechanism that an implementation uses internally to parse
and generate XML signature and KeyInfo structures. This JSR supports one
standard type: DOM.
Support for new standard types (such as JDOM) MAY be added in the future.
A JSR 105 implementation SHOULD use underlying JCA engine classes, such as
java.security.Signature
and
java.security.MessageDigest
to perform
cryptographic operations.
XMLSignatureFactory
or KeyInfoFactory
, in order to
minimize interoperability problems:
unmarshalXMLSignature
method of XMLSignatureFactory
MUST support DOMValidateContext
types. If the type is DOMValidateContext
,
it SHOULD contain an Element
of type
Signature
. Additionally, the
unmarshalXMLSignature
method MAY populate the
DOMIdMap
of the passed-in DOMValidateContext
.
sign
method of
XMLSignature
s produced by
XMLSignatureFactory
MUST support
DOMSignContext
types and
the validate
method
MUST support DOMValidateContext
types. This requirement also applies to the validate
method of SignatureValue
and the validate
method of Reference
.
DOMStructure
s as the mechanism for the application to specify
extensible content (any elements or mixed content).
dereference
method of user-specified URIDereferencer
s
returns NodeSetData
objects, they MUST be of
type DOMNodeSetData
.
URIReference
objects passed to the dereference
method of user-specified URIDereferencer
s MUST be
of type DOMURIReference
and XMLCryptoContext
objects MUST implement
DOMIdMap
.
URIDereferencer
s
returned by the getURIDereferencer
method of
XMLSignatureFactory
and KeyInfoFactory
.
XMLSignatureFactory
might use
a SAX parser internally to canonicalize data.
<Reference URI="document.xml">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>id("foo")</XPath>
</Transform>
</Transforms>
</Reference>
Dereferencing the external document results in an octet stream which
is subsequently converted to a NodeSet by the JSR 105 implementation.
But the API does not provide a mechanism for registering ID attributes
of external documents and therefore the XPath Transform implementation
may be unable to identify the "foo" ID.XMLStructure
, AlgorithmMethod
to a new package
(ex: javax.xml.security
) for use by other XML
security JSRs such as JSR 106, JSR 104, & JSR 183.javax.xml.crypto
and moving existing packages to the
new hierarchy.
String
to avoid API dependencies
on java.net.URI
class introduced in J2SE 1.4 (see API
dependency requirements).
DOMIdMap
to register
ID/Element pairs in v0.8.
XMLCryptoContext.setURIDereferencer
method for overriding provider's default URIDereferencer
implementation.URIDereferencer
overrides default. Added methods to
XMLSignatureFactory
and KeyInfoFactory
that
return a reference to the default URIDereferencer
.
Signature
elements with empty DigestValue
and
SignatureValue
elements).XMLSignature
and re-signing it. If new key
info needs to be inserted, it can be specified by constructing a new
XMLSignature
with the signed info & embedded objects
of an unmarshaled signature, along with the new key info structure.
KeyInfo
types or
XMLObject
s of an existing XMLSignature
.DOMKeyValue
& RSAKeyValue
so
that keys of these types can be unmarshalled and processed by a
KeySelector
that supports resolving
RetrievalMethod
structures.java.security.KeyFactory
class to decode XML key
values.
XMLSignContext
property that allows the user to
specify a source of randomness for signing (i.e, a
SecureRandom
object).
Resolution: no changes made
DOMNodeSetData
a class to make it easier to implement
DOM-based URIDereferencer
s.
Resolution: fixed in v0.10
KeySelector.Purpose
class.
Resolution: no changes made
KeySelector
that finds a trusted key from X.509 content
contained in X509Data
KeyInfo
types.
Example 6 demonstrates how to construct, sign and validate a SOAP message
using the SAAJ and JSR 105 APIs.
|
JSR 105, v0.13 (Proposed Final Draft) | ||||||||||
PREV NEXT | FRAMES NO FRAMES |