Skip navigation links

oracle.security.xmlsec.dsig
Class XSSignature

java.lang.Object
oracle.security.xmlsec.util.XMLNode
oracle.security.xmlsec.util.XMLElement
oracle.security.xmlsec.dsig.XSSignature

All Implemented Interfaces:

Referable

public class XSSignature

extends XMLElement

implements Referable

The top-level Signature element of the XML-DSIG schema. (See the XML Signature Syntax and Processing specification for details.)

To build a XML Signature, begin by using one of the newInstance() methods to create a XSSignature object. Continue by using the various createXXX methods to instantiate the component elements of a XML-DSIG Signature. These elements can then be manipulated as needed, and assembled into a tree structure as defined in the XML-DSIG specification. To create KeyInfo child elements, use XSKeyInfo's createXXX methods.

By default, the tag name of each Element created in the XML-DSIG namespace will be qualified with a default namespace prefix of "dsig". See XMLElement.getDefaultNSPrefix(java.lang.String).

Field Summary

Fields inherited from class oracle.security.xmlsec.util.XMLNode

node, systemId

Constructor Summary

XSSignature(org.w3c.dom.Element element)
Creates a new XSSignature instance from the given Element node.

XSSignature(org.w3c.dom.Element element, java.lang.String systemId)
Creates a new XSSignature instance from the given Element node.

Method Summary

void	addObject(XSObject obj) Adds an Object to be signed to this Signature.
XSSignatureValue	computeSignature(byte[] secret, java.lang.String sigValueId) Computes the MAC signature bytes over the SignedInfo element, after applying its canonicalization algorithm.
XSSignatureValue	computeSignature(java.security.PrivateKey key, java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.
XSSignatureValue	computeSignature(java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.
XSAlgorithmIdentifier	createAlgorithmIdentifier(java.lang.String tagName, java.lang.String algorithm) Creates a new algorithm identifier element in this Signature's document, but does not append it to any element.
XSKeyInfo	createKeyInfo() Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element.
XSKeyInfo	createKeyInfo(java.lang.String id) Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element.
XSManifest	createManifest() Creates a new Manifest element in this Signature's document, but does not append it to any element.
XSManifest	createManifest(java.lang.String id) Creates a new Manifest element in this Signature's document, but does not append it to any element.
XSObject	createObject() Creates a new Object element in this Signature's document, but does not append it to the Signature element.
XSObject	createObject(java.lang.String id, java.lang.String mimeType, java.lang.String encoding) Creates a new Object element in this Signature's document, but does not append it to the Signature element.
XSReference	createReference() Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element.
XSReference	createReference(java.lang.String id, java.lang.String uri, java.lang.String type, java.lang.String digestMethod) Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element.
XSSignatureValue	createSignatureValue() Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element.
XSSignatureValue	createSignatureValue(byte[] sigBytes, java.lang.String id) Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element.
XSSignedInfo	createSignedInfo() Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element.
XSSignedInfo	createSignedInfo(java.lang.String c14nMethod, java.lang.String signatureMethod, java.lang.String id) Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element.
XSSigProperties	createSigProperties() Creates a new SignatureProperties element in this Signature's document, but does not append it to any element.
XSSigProperties	createSigProperties(java.lang.String id) Creates a new SignatureProperties element in this Signature's document, but does not append it to any element.
XSSigProperty	createSigProperty() Creates a new SignatureProperty element in this Signature's document, but does not append it to any element.
XSSigProperty	createSigProperty(java.lang.String target, java.lang.String id) Creates a new SignatureProperty element in this Signature's document, but does not append it to any element.
XSAlgorithmIdentifier	createTransform(java.lang.String algorithm) Creates a new dsig:Transform element in this Signature's document, but does not append it to any element.
XSAlgorithmIdentifier	createXPathTransform(java.lang.String xPath) Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element.
XSAlgorithmIdentifier	createXPathTransform(java.lang.String nsPrefix, java.lang.String nsURI, java.lang.String xPath) Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element.
java.lang.String	getId() Returns the string value of the Id attribute of this Signature, or null if the attribute is missing.
XSKeyInfo	getKeyInfo() Returns the KeyInfo element for this Signature.
java.util.Vector	getObjects() Returns a list of XML-DSIG Object structures for this signature.
java.util.ArrayList<byte[]>	getPreDigestedData() Return the pre Digested data for every reference.
java.lang.StringBuilder	getSignatureDetails() Return the digested data for signature and references.
XSSignatureValue	getSignatureValue() Returns the SignatureValue for this Signature.
XSSignedInfo	getSignedInfo() Returns the SignedInfo element for this Signature.
byte[]	getSignedInfoData() Return the canonicalized signature value.
java.lang.String	getType() Returns null, as there is no URI defined for the Signature element in the XML-DSIG space.
java.lang.StringBuilder	getValidationErrorMessage() Return the digested data and related details for failed signature or reference verification.
static XSSignature	newInstance(org.w3c.dom.Document owner, java.lang.String id) Creates a new XSSignature instance using the given owner document, but does not append it to any element.
static XSSignature	newInstance(java.lang.String id) Creates a new XSSignature instance in a new owner document, and makes it the root element of the document.
void	setId(java.lang.String id) Sets the Id attribute of this Signature.
void	setKeyInfo(XSKeyInfo keyInfo) Sets the KeyInfo element for this Signature, replacing any existing KeyInfo.
void	setSignatureValue(XSSignatureValue sigValue) Sets the SignatureValue element for this Signature.
void	setSignedInfo(XSSignedInfo signedInfo) Sets the SignedInfo element for this Signature, replacing any existing SignedInfo.
XSSignatureValue	sign(byte[] secret, java.lang.String sigValueId) Computes the MAC signature bytes over the SignedInfo element, after applying its canonicalization algorithm.
XSSignatureValue	sign(java.security.PrivateKey key, java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.
XSSignatureValue	sign(java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.
XSSignatureValue	signUsingJSR105(java.security.PrivateKey key, byte[] secret, java.lang.String sigValueId) FOR INTERNAL USE
boolean	verify() Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.
boolean	verify(boolean validateManifests) Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo.
boolean	verify(byte[] secret) Verfies this Signature's MAC using the given key or password, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.
boolean	verify(byte[] secret, boolean validateManifests) Verfies this Signature's MAC using the given key or password, after validating each Reference in the SignedInfo.
boolean	verify(java.security.PublicKey key) Verfies this Signature using the given public key, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.
boolean	verify(java.security.PublicKey key, boolean validateManifests) Verfies this Signature using the given public key, after validating each Reference in the SignedInfo.
boolean	verifySignature() Verfies this Signature using a key obtained from the KeyRetriever facility, but does not validate the References in the SignedInfo.
boolean	verifySignature(byte[] secret) Verfies this Signature's MAC using the given key or password, but does not validate the References in the SignedInfo.
boolean	verifySignature(java.security.PublicKey key) Verfies this Signature using the given public key, but does not validate the References in the SignedInfo.
boolean	verifyUsingJSR105(java.security.PublicKey key, byte[] secret, boolean validateManifests) FOR INTERNAL USE

Methods inherited from class oracle.security.xmlsec.util.XMLElement

addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElement, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix

Methods inherited from class oracle.security.xmlsec.util.XMLNode

appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XSSignature

public XSSignature(org.w3c.dom.Element element)

Creates a new XSSignature instance from the given Element node.

XSSignature

public XSSignature(org.w3c.dom.Element element,
                   java.lang.String systemId)

Creates a new XSSignature instance from the given Element node.

Parameters:

element - An org.w3c.dom.Element that conforms to the dsig:Signature schema.

systemId - The URI string system ID for this XSSignature.

Since:

2.0

See Also:

XMLNode.setSystemId(java.lang.String)

Method Detail

newInstance

public static XSSignature newInstance(java.lang.String id)
                               throws javax.xml.parsers.ParserConfigurationException

Creates a new XSSignature instance in a new owner document, and makes it the root element of the document. Use this factory method to create an enveloping or detached XML signature that will be the root element of the document.

Parameters:

id - An optional string ID name for the Signature element.

Throws:

javax.xml.parsers.ParserConfigurationException

newInstance

public static XSSignature newInstance(org.w3c.dom.Document owner,
                                      java.lang.String id)

Creates a new XSSignature instance using the given owner document, but does not append it to any element. Use this factory method to create an enveloped or detached XML signature that will not be the root element of the document.

Parameters:

id - An optional string ID name for the Signature element.

createSignedInfo

public XSSignedInfo createSignedInfo()
                              throws org.w3c.dom.DOMException

Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element.

Returns:

A new XSSignedInfo.

Throws:

org.w3c.dom.DOMException

See Also:

setSignedInfo(oracle.security.xmlsec.dsig.XSSignedInfo)

createSignedInfo

public XSSignedInfo createSignedInfo(java.lang.String c14nMethod,
                                     java.lang.String signatureMethod,
                                     java.lang.String id)
                              throws org.w3c.dom.DOMException

Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element.

Parameters:

c14nMethod - The URI identifying the canonicalization method to be applied to the SignedInfo structure.

signatureMethod - The URI identifying the signature algorithm to be used to sign the SignedInfo structure.

id - An optional string ID name for the SignedInfo element.

Returns:

A new XSSignedInfo.

Throws:

org.w3c.dom.DOMException

See Also:

setSignedInfo(oracle.security.xmlsec.dsig.XSSignedInfo)

createSignatureValue

public XSSignatureValue createSignatureValue()
                                      throws org.w3c.dom.DOMException

Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element.

Returns:

A new XSSignatureValue.

Throws:

org.w3c.dom.DOMException

See Also:

setSignatureValue(oracle.security.xmlsec.dsig.XSSignatureValue)

createSignatureValue

public XSSignatureValue createSignatureValue(byte[] sigBytes,
                                             java.lang.String id)
                                      throws org.w3c.dom.DOMException

Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element.

Parameters:

sigBytes - A byte array containing the signature.

id - An optional string ID name for the SignatureValue element.

Returns:

A new XSSignatureValue.

Throws:

org.w3c.dom.DOMException

See Also:

setSignatureValue(oracle.security.xmlsec.dsig.XSSignatureValue)

createKeyInfo

public XSKeyInfo createKeyInfo()
                        throws org.w3c.dom.DOMException

Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element.

Returns:

A new XSKeyInfo.

Throws:

org.w3c.dom.DOMException

See Also:

setKeyInfo(oracle.security.xmlsec.dsig.XSKeyInfo)

createKeyInfo

public XSKeyInfo createKeyInfo(java.lang.String id)
                        throws org.w3c.dom.DOMException

Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element.

Parameters:

id - An optional string ID name for the KeyInfo element.

Returns:

A new XSKeyInfo.

Throws:

org.w3c.dom.DOMException

See Also:

setKeyInfo(oracle.security.xmlsec.dsig.XSKeyInfo)

createObject

public XSObject createObject()
                      throws org.w3c.dom.DOMException

Creates a new Object element in this Signature's document, but does not append it to the Signature element.

Returns:

A new XSObject.

Throws:

org.w3c.dom.DOMException

See Also:

addObject(XSObject)

createObject

public XSObject createObject(java.lang.String id,
                             java.lang.String mimeType,
                             java.lang.String encoding)
                      throws org.w3c.dom.DOMException

Creates a new Object element in this Signature's document, but does not append it to the Signature element.

Parameters:

id - An optional string ID name for the Object element.

mimeType - An optional string describing the data within the object, as defined in the MIME specification.

encoding - An optional URI identifying the enclosed object's encoding method.

Returns:

A new XSObject.

Throws:

org.w3c.dom.DOMException

See Also:

addObject(XSObject)

createManifest

public XSManifest createManifest()
                          throws org.w3c.dom.DOMException

Creates a new Manifest element in this Signature's document, but does not append it to any element.

Returns:

A new XSManifest.

Throws:

org.w3c.dom.DOMException

createManifest

public XSManifest createManifest(java.lang.String id)
                          throws org.w3c.dom.DOMException

Creates a new Manifest element in this Signature's document, but does not append it to any element.

Parameters:

id - An optional string ID name for the Manifest element.

Returns:

A new XSManifest.

Throws:

org.w3c.dom.DOMException

createSigProperties

public XSSigProperties createSigProperties()
                                    throws org.w3c.dom.DOMException

Creates a new SignatureProperties element in this Signature's document, but does not append it to any element.

Returns:

A new XSSigProperties.

Throws:

org.w3c.dom.DOMException

See Also:

createSigProperty()

createSigProperties

public XSSigProperties createSigProperties(java.lang.String id)
                                    throws org.w3c.dom.DOMException

Creates a new SignatureProperties element in this Signature's document, but does not append it to any element.

Parameters:

id - An optional string ID name for the SignatureProperties element.

Returns:

A new XSSigProperties.

Throws:

org.w3c.dom.DOMException

See Also:

createSigProperty()

createSigProperty

public XSSigProperty createSigProperty()
                                throws org.w3c.dom.DOMException

Creates a new SignatureProperty element in this Signature's document, but does not append it to any element.

Returns:

A new XSSigProperty.

Throws:

org.w3c.dom.DOMException

See Also:

createSigProperties()

createSigProperty

public XSSigProperty createSigProperty(java.lang.String target,
                                       java.lang.String id)
                                throws org.w3c.dom.DOMException

Creates a new SignatureProperty element in this Signature's document, but does not append it to any element.

Parameters:

target - A URI identifying the Signature to which this SignatureProperty applies.

id - An optional string ID name for the SignatureProperty element.

Returns:

A new XSSigProperty.

Throws:

org.w3c.dom.DOMException

See Also:

createSigProperties()

createReference

public XSReference createReference()
                            throws org.w3c.dom.DOMException

Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element.

Returns:

A new XSReference.

Throws:

org.w3c.dom.DOMException

See Also:

ReferenceList.addReference(oracle.security.xmlsec.dsig.XSReference)

createReference

public XSReference createReference(java.lang.String id,
                                   java.lang.String uri,
                                   java.lang.String type,
                                   java.lang.String digestMethod)
                            throws org.w3c.dom.DOMException

Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element.

Parameters:

id - An optional string ID name for the Reference element.

uri - A URI identifying the data object being referenced.

type - An optional URI identifying the type of the referenced data object.

digestMethod - A URI identifying this Reference's digest algorithm.

Returns:

A new XSReference.

Throws:

org.w3c.dom.DOMException

See Also:

ReferenceList.addReference(oracle.security.xmlsec.dsig.XSReference)

createAlgorithmIdentifier

public XSAlgorithmIdentifier createAlgorithmIdentifier(java.lang.String tagName,
                                                       java.lang.String algorithm)
                                                throws org.w3c.dom.DOMException

Creates a new algorithm identifier element in this Signature's document, but does not append it to any element.

Parameters:

tagName - The name of the element to be created; for example, "DigestMethod" if this XSAlgorithmIdentifier identifies the digest algorithm in a Reference element.

algorithm - The URI value of the Algorithm attribute.

Returns:

A new XSAlgorithmIdentifier.

Throws:

org.w3c.dom.DOMException

See Also:

XSSignedInfo.setC14NMethod(XSAlgorithmIdentifier), XSSignedInfo.setSignatureMethod(XSAlgorithmIdentifier), XSReference.setDigestMethod(XSAlgorithmIdentifier), ObjectReference.addTransform(XSAlgorithmIdentifier)

createTransform

public XSAlgorithmIdentifier createTransform(java.lang.String algorithm)
                                      throws org.w3c.dom.DOMException

Creates a new dsig:Transform element in this Signature's document, but does not append it to any element.

Parameters:

algorithm - The URI value of the Algorithm attribute.

Returns:

A new XSAlgorithmIdentifier with tag name "Transform".

Throws:

org.w3c.dom.DOMException

See Also:

ObjectReference.addTransform(XSAlgorithmIdentifier), XSAlgorithmIdentifier.addParameter(Node), XSAlgorithmIdentifier.addParameter(String, String, String)

createXPathTransform

public XSAlgorithmIdentifier createXPathTransform(java.lang.String nsPrefix,
                                                  java.lang.String nsURI,
                                                  java.lang.String xPath)
                                           throws org.w3c.dom.DOMException

Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element.

The XPath expression contained in a Transform's parameter element will often use one or more namespace prefixes which must resolve to namespace URIs. The typical mechanism to define namespace prefixes is to add them as "xmlns" attributes to the parameter element. For example, the XML-DSIG namespace might be mapped to the "dsig" prefix as follows:

      <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
        <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
          ancestor-or-self::dsig:X509Data
        </XPath>
      </Transform>
    

This method provides, as a convenience, arguments that allow the definition of one namespace prefix. Additional prefixes may be defined using code like the following:

      XSAlgorithmIdentifier transform = signature.createXPathTransform(
          "dsig", XMLURI.ns_xmldsig, "ancestor-or-self::dsig:X509Data");
      Element parameter = (Element)transform.getParameters().item(0);
      XMLElement.addNSPrefixAttr(parameter, "foo", "http://www.foo.org/foo-ns");
      XMLElement.addNSPrefixAttr(parameter, "bar", "http://www.foo.org/bar-ns");
    

Parameters:

nsPrefix - An optional namespace prefix to be used in the XPath filter expression, which will be added as a "xmlns" attribute to the XPath parameter element.

nsURI - The namespace URI corresponding to the given prefix.

xPath - The XPath filter expression.

Returns:

A new XSAlgorithmIdentifier with tag name "Transform" and algorithm XMLURI.alg_xpath, and with a child parameter node named "XPath" that contains the given XPath expression.

Throws:

org.w3c.dom.DOMException

See Also:

createXPathTransform(String xPath)

createXPathTransform

public XSAlgorithmIdentifier createXPathTransform(java.lang.String xPath)
                                           throws org.w3c.dom.DOMException

Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element.

The XPath parameter element for the created Transform will have a "xmlns" attribute defining the default namespace prefix mapped for the XML-DSIG namespace URI. See XMLElement.getDefaultNSPrefix(java.lang.String).

Additional prefixes may be defined using code like the following:

      XSAlgorithmIdentifier transform =
          signature.createXPathTransform("ancestor-or-self::dsig:X509Data");
      Element parameter = (Element)transform.getParameters().item(0);
      XMLElement.addNSPrefixAttr(parameter, "foo", "http://www.foo.org/foo-ns");
      XMLElement.addNSPrefixAttr(parameter, "bar", "http://www.foo.org/bar-ns");
    

Parameters:

xPath - The XPath filter expression.

Returns:

A new XSAlgorithmIdentifier with tag name "Transform" and algorithm XMLURI.alg_xpath, and with a child parameter node named "XPath" that contains the given XPath expression.

Throws:

org.w3c.dom.DOMException

See Also:

createXPathTransform(String nsPrefix, String nsURI, String xPath)

setSignedInfo

public void setSignedInfo(XSSignedInfo signedInfo)
                   throws org.w3c.dom.DOMException

Sets the SignedInfo element for this Signature, replacing any existing SignedInfo.

Parameters:

signedInfo - A XSSignedInfo.

Throws:

org.w3c.dom.DOMException

getSignedInfo

public XSSignedInfo getSignedInfo()

Returns the SignedInfo element for this Signature.

Returns:

A XSSignedInfo, or null if none has been set.

setSignatureValue

public void setSignatureValue(XSSignatureValue sigValue)
                       throws org.w3c.dom.DOMException

Sets the SignatureValue element for this Signature.

Parameters:

sigValue - A XSSignatureValue instance.

Throws:

org.w3c.dom.DOMException

getSignatureValue

public XSSignatureValue getSignatureValue()
                                   throws org.w3c.dom.DOMException

Returns the SignatureValue for this Signature.

Returns:

The XSSignatureValue for this Signature.

Throws:

org.w3c.dom.DOMException

setKeyInfo

public void setKeyInfo(XSKeyInfo keyInfo)
                throws org.w3c.dom.DOMException

Sets the KeyInfo element for this Signature, replacing any existing KeyInfo.

Parameters:

keyInfo - A XSKeyInfo.

Throws:

org.w3c.dom.DOMException

getKeyInfo

public XSKeyInfo getKeyInfo()

Returns the KeyInfo element for this Signature.

Returns:

A XSKeyInfo, or null if none has been set.

addObject

public void addObject(XSObject obj)
               throws org.w3c.dom.DOMException

Adds an Object to be signed to this Signature. To include the Object in the signature calculation, add a Reference targeting the Object to this Signature's SignedInfo element.

Parameters:

obj - The XSObject to add to this signature.

Throws:

org.w3c.dom.DOMException

getObjects

public java.util.Vector getObjects()

Returns a list of XML-DSIG Object structures for this signature.

Returns:

A Vector of XSObjects.

computeSignature

public XSSignatureValue computeSignature(java.lang.String sigValueId)
                                  throws TransformationException,
                                         SigningException

Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.

The Signature's KeyInfo is used to locate the signing private key using the KeyRetriever facility. If no KeyInfo is present, or if the private key cannot be retrieved, a SigningException is thrown.

Reference DigestValues are not computed here. If that behavior is needed, use the sign(String) method instead.

Parameters:

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs canonicalizing the SignedInfo element.

SigningException - If an error occurs while computing the signature.

Since:

1.3

computeSignature

public XSSignatureValue computeSignature(java.security.PrivateKey key,
                                         java.lang.String sigValueId)
                                  throws TransformationException,
                                         SigningException

Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.

Reference DigestValues are not computed here. If that behavior is needed, use the sign(PrivateKey, String) method instead.

Parameters:

key - The private key to be used to compute the signature.

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs canonicalizing the SignedInfo element.

SigningException - If an error occurs while computing the signature.

Since:

1.3

computeSignature

public XSSignatureValue computeSignature(byte[] secret,
                                         java.lang.String sigValueId)
                                  throws TransformationException,
                                         SigningException

Computes the MAC signature bytes over the SignedInfo element, after applying its canonicalization algorithm.

Reference DigestValues are not computed here. If that behavior is needed, use the sign(byte[], String) method instead.

Parameters:

secret - The MAC key or password to be used to compute the signature.

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs applying canonicalizing the data to be signed.

SigningException - If an error occurs while computing the signature.

Since:

1.3

sign

public XSSignatureValue sign(java.lang.String sigValueId)
                      throws TransformationException,
                             SigningException

Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.

The Signature's KeyInfo is used to locate the signing private key using the KeyRetriever facility. If no KeyInfo is present, or if the private key cannot be retrieved, a SigningException is thrown.

The DigestValue for each Reference in this Signature's SignedInfo element is also computed here via a call to the XSReference.computeDigest() method. If specialized Reference digest computation has been performed (e.g., there are Reference elements that omit the URI attribute), use the computeSignature(String) method instead.

Parameters:

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs applying transforms or canonicalizing the data to be signed.

SigningException - If an error occurs while computing the signature.

Since:

1.2

sign

public XSSignatureValue sign(java.security.PrivateKey key,
                             java.lang.String sigValueId)
                      throws TransformationException,
                             SigningException

Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature.

The DigestValue for each Reference in this Signature's SignedInfo element is also computed here via a call to the XSReference.computeDigest() method. If specialized Reference digest computation has been performed (e.g., there are Reference elements that omit the URI attribute), use the computeSignature(PrivateKey, String) method instead.

Parameters:

key - The private key to be used to compute the signature.

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs applying transforms or canonicalizing the data to be signed.

SigningException - If an error occurs while computing the signature.

sign

public XSSignatureValue sign(byte[] secret,
                             java.lang.String sigValueId)
                      throws TransformationException,
                             SigningException

Computes the MAC signature bytes over the SignedInfo element, after applying its canonicalization algorithm.

The DigestValue for each Reference in this Signature's SignedInfo element is also computed here via a call to the XSReference.computeDigest() method. If specialized Reference digest computation has been performed (e.g., there are Reference elements that omit the URI attribute), use the computeSignature(byte[], String) method instead.

Parameters:

secret - The MAC key or password to be used to compute the signature.

sigValueId - An optional string ID name for the SignatureValue element to be created.

Returns:

The XSSignatureValue that was added to this Signature.

Throws:

TransformationException - If an error occurs applying transforms or canonicalizing the data to be signed.

SigningException - If an error occurs while computing the signature.

verifySignature

public boolean verifySignature()
                        throws VerifyException

Verfies this Signature using a key obtained from the KeyRetriever facility, but does not validate the References in the SignedInfo.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

Since:

1.2

verifySignature

public boolean verifySignature(java.security.PublicKey key)
                        throws VerifyException

Verfies this Signature using the given public key, but does not validate the References in the SignedInfo.

Parameters:

pubKey - The public verification key.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

verify

public boolean verify()
               throws VerifyException

Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

Since:

1.2

verify

public boolean verify(boolean validateManifests)
               throws VerifyException

Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo.

Parameters:

validateManifests - If true, nested Manifests pointed to by References will have their enclosed References validated as well.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

Since:

2.0

verify

public boolean verify(java.security.PublicKey key)
               throws VerifyException

Verfies this Signature using the given public key, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.

Parameters:

pubKey - The public verification key.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

verify

public boolean verify(java.security.PublicKey key,
                      boolean validateManifests)
               throws VerifyException

Verfies this Signature using the given public key, after validating each Reference in the SignedInfo.

Parameters:

pubKey - The public verification key.

validateManifests - If true, nested Manifests pointed to by References will have their enclosed References validated as well.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified or if Reference validation fails.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the signature.

verifySignature

public boolean verifySignature(byte[] secret)
                        throws VerifyException

Verfies this Signature's MAC using the given key or password, but does not validate the References in the SignedInfo.

Parameters:

secret - The MAC key or password.

Returns:

true if the MAC verifies correctly, false if the MAC cannot be verified.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the MAC.

verify

public boolean verify(byte[] secret)
               throws VerifyException

Verfies this Signature's MAC using the given key or password, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.

Parameters:

secret - The MAC key or password.

Returns:

true if the MAC verifies correctly, false if the MAC cannot be verified or if Reference validation fails.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the MAC.

verify

public boolean verify(byte[] secret,
                      boolean validateManifests)
               throws VerifyException

Verfies this Signature's MAC using the given key or password, after validating each Reference in the SignedInfo.

Parameters:

secret - The MAC key or password.

validateManifests - If true, nested Manifests pointed to by References will have their enclosed References validated as well.

Returns:

true if the MAC verifies correctly, false if the MAC cannot be verified or if Reference validation fails.

Throws:

VerifyException - If an error occurs applying transforms, canonicalizing the data or verifying the MAC.

setId

public void setId(java.lang.String id)
           throws org.w3c.dom.DOMException

Sets the Id attribute of this Signature.

Specified by:

setId in interface Referable

Parameters:

id - The ID name of this object.

Throws:

org.w3c.dom.DOMException

getId

public java.lang.String getId()

Returns the string value of the Id attribute of this Signature, or null if the attribute is missing.

Specified by:

getId in interface Referable

Returns:

A string containing the ID name of this object.

getType

public java.lang.String getType()

Returns null, as there is no URI defined for the Signature element in the XML-DSIG space.

Specified by:

getType in interface Referable

Returns:

A URI identifying the type of this object, or null if none is defined.

getPreDigestedData

public java.util.ArrayList<byte[]> getPreDigestedData()

Return the pre Digested data for every reference. Digests are available only if you set system properties -Dxml.debug.digest or -Dxml.debug.verify. Note use these for properties for debugging only as setting them affects performance by preventing streaming digest computation.
-Dxml.debug.digest will cause all digest computations to be printed to System.err
-Dxml.debug.verify will cause only those digest computations to be printed to System.err which result in verification failures

Returns:

getSignedInfoData

public byte[] getSignedInfoData()

Return the canonicalized signature value.

Returns:

signUsingJSR105

public final XSSignatureValue signUsingJSR105(java.security.PrivateKey key,
                                              byte[] secret,
                                              java.lang.String sigValueId)
                                       throws SigningException

FOR INTERNAL USE

Parameters:

key -

secret -

sigValueId -

Returns:

Throws:

SigningException

verifyUsingJSR105

public final boolean verifyUsingJSR105(java.security.PublicKey key,
                                       byte[] secret,
                                       boolean validateManifests)
                                throws VerifyException

FOR INTERNAL USE

Parameters:

key -

secret -

validateManifests -

Returns:

Throws:

VerifyException

getValidationErrorMessage

public java.lang.StringBuilder getValidationErrorMessage()

Return the digested data and related details for failed signature or reference verification. Digests are available only if you set xml.debug.verify

Returns:

getSignatureDetails

public java.lang.StringBuilder getSignatureDetails()

Return the digested data for signature and references. Digests are available only if you set xml.debug.digest

Returns:

Skip navigation links