|
Oracle Security Developer Tools XML Security Java API Reference 10g Release 2 (10.1.2.0.2) B15571-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.xmlsec.util.XMLNode
oracle.security.xmlsec.util.XMLElement
oracle.security.xmlsec.dsig.XSSignature
The top-level Signature element of the XML-DSIG schema. (See the XML Signature Syntax and Processing specification for details.)
To build a XML Signature, begin by using one of the newInstance()
methods to create a XSSignature
object. Continue by using the various createXXX
methods to instantiate the component elements of a XML-DSIG Signature. These elements can then be manipulated as needed, and assembled into a tree structure as defined in the XML-DSIG specification. To create KeyInfo child elements, use XSKeyInfo
's createXXX
methods.
By default, the tag name of each Element created in the XML-DSIG namespace will be qualified with a default namespace prefix of "dsig". See XMLElement.getDefaultNSPrefix(java.lang.String)
.
Field Summary |
Fields inherited from class oracle.security.xmlsec.util.XMLNode |
node, systemId |
Constructor Summary | |
XSSignature(org.w3c.dom.Element element) Creates a new XSSignature instance from the given Element node. |
|
XSSignature(org.w3c.dom.Element element, java.lang.String systemId) Creates a new XSSignature instance from the given Element node. |
Method Summary | |
void |
addObject(XSObject obj) Adds an Object to be signed to this Signature. |
XSSignatureValue |
computeSignature(PrivateKey key, java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature. |
XSSignatureValue |
computeSignature(java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature. |
XSAlgorithmIdentifier |
createAlgorithmIdentifier(java.lang.String tagName, java.lang.String algorithm) Creates a new algorithm identifier element in this Signature's document, but does not append it to any element. |
XSKeyInfo |
createKeyInfo() Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element. |
XSKeyInfo |
createKeyInfo(java.lang.String id) Creates a new KeyInfo element in this Signature's document, but does not append it to the Signature element. |
XSManifest |
createManifest() Creates a new Manifest element in this Signature's document, but does not append it to any element. |
XSManifest |
createManifest(java.lang.String id) Creates a new Manifest element in this Signature's document, but does not append it to any element. |
XSObject |
createObject() Creates a new Object element in this Signature's document, but does not append it to the Signature element. |
XSObject |
createObject(java.lang.String id, java.lang.String mimeType, java.lang.String encoding) Creates a new Object element in this Signature's document, but does not append it to the Signature element. |
XSReference |
createReference() Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element. |
XSReference |
createReference(java.lang.String id, java.lang.String uri, java.lang.String type, java.lang.String digestMethod) Creates a new Reference element in this Signature's document, but does not append it to the SignedInfo element. |
XSSignatureValue |
createSignatureValue() Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element. |
XSSignatureValue |
createSignatureValue(byte[] sigBytes, java.lang.String id) Creates a new SignatureValue element in this Signature's document, but does not append it to the Signature element. |
XSSignedInfo |
createSignedInfo() Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element. |
XSSignedInfo |
createSignedInfo(java.lang.String c14nMethod, java.lang.String signatureMethod, java.lang.String id) Creates a new SignedInfo element in this Signature's document, but does not append it to the Signature element. |
XSSigProperties |
createSigProperties() Creates a new SignatureProperties element in this Signature's document, but does not append it to any element. |
XSSigProperties |
createSigProperties(java.lang.String id) Creates a new SignatureProperties element in this Signature's document, but does not append it to any element. |
XSSigProperty |
createSigProperty() Creates a new SignatureProperty element in this Signature's document, but does not append it to any element. |
XSSigProperty |
createSigProperty(java.lang.String target, java.lang.String id) Creates a new SignatureProperty element in this Signature's document, but does not append it to any element. |
XSAlgorithmIdentifier |
createTransform(java.lang.String algorithm) Creates a new dsig:Transform element in this Signature's document, but does not append it to any element. |
XSAlgorithmIdentifier |
createXPathTransform(java.lang.String xPath) Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element. |
XSAlgorithmIdentifier |
createXPathTransform(java.lang.String nsPrefix, java.lang.String nsURI, java.lang.String xPath) Creates a new XPath filter Transform element in this Signature's document, but does not append it to any element. |
java.lang.String |
getId() Returns the string value of the Id attribute of this Signature, or null if the attribute is missing. |
XSKeyInfo |
getKeyInfo() Returns the KeyInfo element for this Signature. |
java.util.Vector |
getObjects() Returns a list of XML-DSIG Object structures for this signature. |
XSSignatureValue |
getSignatureValue() Returns the SignatureValue for this Signature. |
XSSignedInfo |
getSignedInfo() Returns the SignedInfo element for this Signature. |
java.lang.String |
getType() Returns null , as there is no URI defined for the Signature element in the XML-DSIG space. |
static XSSignature |
newInstance(org.w3c.dom.Document owner, java.lang.String id) Creates a new XSSignature instance using the given owner document, but does not append it to any element. |
static XSSignature |
newInstance(java.lang.String id) Creates a new XSSignature instance in a new owner document, and makes it the root element of the document. |
void |
setId(java.lang.String id) Sets the Id attribute of this Signature. |
void |
setKeyInfo(XSKeyInfo keyInfo) Sets the KeyInfo element for this Signature, replacing any existing KeyInfo. |
void |
setSignatureValue(XSSignatureValue sigValue) Sets the SignatureValue element for this Signature. |
void |
setSignedInfo(XSSignedInfo signedInfo) Sets the SignedInfo element for this Signature, replacing any existing SignedInfo. |
XSSignatureValue |
sign(PrivateKey key, java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature. |
XSSignatureValue |
sign(java.lang.String sigValueId) Computes the XML digital signature over the SignedInfo element, after applying its canonicalization algorithm, creates a new XSSignatureValue element, and adds it to this Signature. |
boolean |
verify() Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated. |
boolean |
verify(boolean validateManifests) Verfies this Signature using a key obtained from the KeyRetriever facility, after validating each Reference in the SignedInfo. |
boolean |
verify(byte[] secret) Verfies this Signature's MAC using the given key or password, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated. |
boolean |
verify(PublicKey key, boolean validateManifests) Verfies this Signature using the given public key, after validating each Reference in the SignedInfo. |
boolean |
verifySignature() Verfies this Signature using a key obtained from the KeyRetriever facility, but does not validate the References in the SignedInfo. |
boolean |
verifySignature(PublicKey key) Verfies this Signature using the given public key, but does not validate the References in the SignedInfo. |
Methods inherited from class oracle.security.xmlsec.util.XMLNode |
appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public XSSignature(org.w3c.dom.Element element)
XSSignature
instance from the given Element node.public XSSignature(org.w3c.dom.Element element, java.lang.String systemId)
XSSignature
instance from the given Element node.element
- An org.w3c.dom.Element
that conforms to the dsig:Signature
schema.systemId
- The URI string system ID for this XSSignature
.XMLNode.setSystemId(java.lang.String)
Method Detail |
public static XSSignature newInstance(java.lang.String id) throws javax.xml.parsers.ParserConfigurationException
XSSignature
instance in a new owner document, and makes it the root element of the document. Use this factory method to create an enveloping or detached XML signature that will be the root element of the document.id
- An optional string ID name for the Signature element.javax.xml.parsers.ParserConfigurationException
public static XSSignature newInstance(org.w3c.dom.Document owner, java.lang.String id)
XSSignature
instance using the given owner document, but does not append it to any element. Use this factory method to create an enveloped or detached XML signature that will not be the root element of the document.id
- An optional string ID name for the Signature element.public XSSignedInfo createSignedInfo() throws org.w3c.dom.DOMException
XSSignedInfo
.org.w3c.dom.DOMException
setSignedInfo(oracle.security.xmlsec.dsig.XSSignedInfo)
public XSSignedInfo createSignedInfo(java.lang.String c14nMethod, java.lang.String signatureMethod, java.lang.String id) throws org.w3c.dom.DOMException
c14nMethod
- The URI identifying the canonicalization method to be applied to the SignedInfo structure.signatureMethod
- The URI identifying the signature algorithm to be used to sign the SignedInfo structure.id
- An optional string ID name for the SignedInfo element.XSSignedInfo
.org.w3c.dom.DOMException
setSignedInfo(oracle.security.xmlsec.dsig.XSSignedInfo)
public XSSignatureValue createSignatureValue() throws org.w3c.dom.DOMException
XSSignatureValue
.org.w3c.dom.DOMException
setSignatureValue(oracle.security.xmlsec.dsig.XSSignatureValue)
public XSSignatureValue createSignatureValue(byte[] sigBytes, java.lang.String id) throws org.w3c.dom.DOMException
sigBytes
- A byte array containing the signature.id
- An optional string ID name for the SignatureValue element.XSSignatureValue
.org.w3c.dom.DOMException
setSignatureValue(oracle.security.xmlsec.dsig.XSSignatureValue)
public XSKeyInfo createKeyInfo() throws org.w3c.dom.DOMException
XSKeyInfo
.org.w3c.dom.DOMException
setKeyInfo(oracle.security.xmlsec.dsig.XSKeyInfo)
public XSKeyInfo createKeyInfo(java.lang.String id) throws org.w3c.dom.DOMException
id
- An optional string ID name for the KeyInfo element.XSKeyInfo
.org.w3c.dom.DOMException
setKeyInfo(oracle.security.xmlsec.dsig.XSKeyInfo)
public XSObject createObject() throws org.w3c.dom.DOMException
XSObject
.org.w3c.dom.DOMException
addObject(XSObject)
public XSObject createObject(java.lang.String id, java.lang.String mimeType, java.lang.String encoding) throws org.w3c.dom.DOMException
id
- An optional string ID name for the Object element.mimeType
- An optional string describing the data within the object, as defined in the MIME specification.encoding
- An optional URI identifying the enclosed object's encoding method.XSObject
.org.w3c.dom.DOMException
addObject(XSObject)
public XSManifest createManifest() throws org.w3c.dom.DOMException
XSManifest
.org.w3c.dom.DOMException
public XSManifest createManifest(java.lang.String id) throws org.w3c.dom.DOMException
id
- An optional string ID name for the Manifest element.XSManifest
.org.w3c.dom.DOMException
public XSSigProperties createSigProperties() throws org.w3c.dom.DOMException
XSSigProperties
.org.w3c.dom.DOMException
createSigProperty()
public XSSigProperties createSigProperties(java.lang.String id) throws org.w3c.dom.DOMException
id
- An optional string ID name for the SignatureProperties element.XSSigProperties
.org.w3c.dom.DOMException
createSigProperty()
public XSSigProperty createSigProperty() throws org.w3c.dom.DOMException
XSSigProperty
.org.w3c.dom.DOMException
createSigProperties()
public XSSigProperty createSigProperty(java.lang.String target, java.lang.String id) throws org.w3c.dom.DOMException
target
- A URI identifying the Signature to which this SignatureProperty applies.id
- An optional string ID name for the SignatureProperty element.XSSigProperty
.org.w3c.dom.DOMException
createSigProperties()
public XSReference createReference() throws org.w3c.dom.DOMException
XSReference
.org.w3c.dom.DOMException
ReferenceList.addReference(oracle.security.xmlsec.dsig.XSReference)
public XSReference createReference(java.lang.String id, java.lang.String uri, java.lang.String type, java.lang.String digestMethod) throws org.w3c.dom.DOMException
id
- An optional string ID name for the Reference element.uri
- A URI identifying the data object being referenced.type
- An optional URI identifying the type of the referenced data object.digestMethod
- A URI identifying this Reference's digest algorithm.XSReference
.org.w3c.dom.DOMException
ReferenceList.addReference(oracle.security.xmlsec.dsig.XSReference)
public XSAlgorithmIdentifier createAlgorithmIdentifier(java.lang.String tagName, java.lang.String algorithm) throws org.w3c.dom.DOMException
tagName
- The name of the element to be created; for example, "DigestMethod" if this XSAlgorithmIdentifier
identifies the digest algorithm in a Reference element.algorithm
- The URI value of the Algorithm attribute.XSAlgorithmIdentifier
.org.w3c.dom.DOMException
XSSignedInfo.setC14NMethod(XSAlgorithmIdentifier)
, XSSignedInfo.setSignatureMethod(XSAlgorithmIdentifier)
, XSReference.setDigestMethod(XSAlgorithmIdentifier)
, ObjectReference.addTransform(XSAlgorithmIdentifier)
public XSAlgorithmIdentifier createTransform(java.lang.String algorithm) throws org.w3c.dom.DOMException
algorithm
- The URI value of the Algorithm attribute.XSAlgorithmIdentifier
with tag name "Transform".org.w3c.dom.DOMException
ObjectReference.addTransform(XSAlgorithmIdentifier)
, XSAlgorithmIdentifier.addParameter(Node)
, XSAlgorithmIdentifier.addParameter(String, String, String)
public XSAlgorithmIdentifier createXPathTransform(java.lang.String nsPrefix, java.lang.String nsURI, java.lang.String xPath) throws org.w3c.dom.DOMException
The XPath expression contained in a Transform's parameter element will often use one or more namespace prefixes which must resolve to namespace URIs. The typical mechanism to define namespace prefixes is to add them as "xmlns" attributes to the parameter element. For example, the XML-DSIG namespace might be mapped to the "dsig" prefix as follows:
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> ancestor-or-self::dsig:X509Data </XPath> </Transform>
This method provides, as a convenience, arguments that allow the definition of one namespace prefix. Additional prefixes may be defined using code like the following:
XSAlgorithmIdentifier transform = signature.createXPathTransform( "dsig", XMLURI.ns_xmldsig, "ancestor-or-self::dsig:X509Data"); Element parameter = (Element)transform.getParameters().item(0); XMLElement.addNSPrefixAttr(parameter, "foo", "http://www.foo.org/foo-ns"); XMLElement.addNSPrefixAttr(parameter, "bar", "http://www.foo.org/bar-ns");
nsPrefix
- An optional namespace prefix to be used in the XPath filter expression, which will be added as a "xmlns" attribute to the XPath parameter element.nsURI
- The namespace URI corresponding to the given prefix.xPath
- The XPath filter expression.XSAlgorithmIdentifier
with tag name "Transform" and algorithm XMLURI.alg_xpath
, and with a child parameter node named "XPath" that contains the given XPath expression.org.w3c.dom.DOMException
createXPathTransform(String xPath)
public XSAlgorithmIdentifier createXPathTransform(java.lang.String xPath) throws org.w3c.dom.DOMException
The XPath parameter element for the created Transform will have a "xmlns" attribute defining the default namespace prefix mapped for the XML-DSIG namespace URI. See XMLElement.getDefaultNSPrefix(java.lang.String)
.
Additional prefixes may be defined using code like the following:
XSAlgorithmIdentifier transform = signature.createXPathTransform("ancestor-or-self::dsig:X509Data"); Element parameter = (Element)transform.getParameters().item(0); XMLElement.addNSPrefixAttr(parameter, "foo", "http://www.foo.org/foo-ns"); XMLElement.addNSPrefixAttr(parameter, "bar", "http://www.foo.org/bar-ns");
xPath
- The XPath filter expression.XSAlgorithmIdentifier
with tag name "Transform" and algorithm XMLURI.alg_xpath
, and with a child parameter node named "XPath" that contains the given XPath expression.org.w3c.dom.DOMException
createXPathTransform(String nsPrefix, String nsURI, String xPath)
public void setSignedInfo(XSSignedInfo signedInfo) throws org.w3c.dom.DOMException
signedInfo
- A XSSignedInfo
.org.w3c.dom.DOMException
public XSSignedInfo getSignedInfo()
XSSignedInfo
, or null
if none has been set.public void setSignatureValue(XSSignatureValue sigValue) throws org.w3c.dom.DOMException
sigValue
- A XSSignatureValue
instance.org.w3c.dom.DOMException
public XSSignatureValue getSignatureValue() throws org.w3c.dom.DOMException
XSSignatureValue
for this Signature.org.w3c.dom.DOMException
public void setKeyInfo(XSKeyInfo keyInfo) throws org.w3c.dom.DOMException
keyInfo
- A XSKeyInfo
.org.w3c.dom.DOMException
public XSKeyInfo getKeyInfo()
XSKeyInfo
, or null
if none has been set.public void addObject(XSObject obj) throws org.w3c.dom.DOMException
obj
- The XSObject
to add to this signature.org.w3c.dom.DOMException
public java.util.Vector getObjects()
Vector
of XSObject
s.public XSSignatureValue computeSignature(java.lang.String sigValueId) throws TransformationException, SigningException
XSSignatureValue
element, and adds it to this Signature.
The Signature's KeyInfo is used to locate the signing private key using the KeyRetriever
facility. If no KeyInfo is present, or if the private key cannot be retrieved, a SigningException
is thrown.
Reference DigestValues are not computed here. If that behavior is needed, use the sign(String)
method instead.
sigValueId
- An optional string ID name for the SignatureValue element to be created.XSSignatureValue
that was added to this Signature.TransformationException
- If an error occurs canonicalizing the SignedInfo element.SigningException
- If an error occurs while computing the signature.public XSSignatureValue computeSignature(PrivateKey key, java.lang.String sigValueId) throws TransformationException, SigningException
XSSignatureValue
element, and adds it to this Signature.
Reference DigestValues are not computed here. If that behavior is needed, use the sign(PrivateKey, String)
method instead.
key
- The private key to be used to compute the signature.sigValueId
- An optional string ID name for the SignatureValue element to be created.XSSignatureValue
that was added to this Signature.TransformationException
- If an error occurs canonicalizing the SignedInfo element.SigningException
- If an error occurs while computing the signature.public XSSignatureValue sign(java.lang.String sigValueId) throws TransformationException, SigningException
XSSignatureValue
element, and adds it to this Signature.
The Signature's KeyInfo is used to locate the signing private key using the KeyRetriever
facility. If no KeyInfo is present, or if the private key cannot be retrieved, a SigningException
is thrown.
The DigestValue for each Reference in this Signature's SignedInfo element is also computed here via a call to the XSReference.computeDigest()
method. If specialized Reference digest computation has been performed (e.g., there are Reference elements that omit the URI attribute), use the computeSignature(String)
method instead.
sigValueId
- An optional string ID name for the SignatureValue element to be created.XSSignatureValue
that was added to this Signature.TransformationException
- If an error occurs applying transforms or canonicalizing the data to be signed.SigningException
- If an error occurs while computing the signature.public XSSignatureValue sign(PrivateKey key, java.lang.String sigValueId) throws TransformationException, SigningException
XSSignatureValue
element, and adds it to this Signature.
The DigestValue for each Reference in this Signature's SignedInfo element is also computed here via a call to the XSReference.computeDigest()
method. If specialized Reference digest computation has been performed (e.g., there are Reference elements that omit the URI attribute), use the computeSignature(PrivateKey, String)
method instead.
key
- The private key to be used to compute the signature.sigValueId
- An optional string ID name for the SignatureValue element to be created.XSSignatureValue
that was added to this Signature.TransformationException
- If an error occurs applying transforms or canonicalizing the data to be signed.SigningException
- If an error occurs while computing the signature.public boolean verifySignature() throws VerifyException
KeyRetriever
facility, but does not validate the References in the SignedInfo.true
if the signature verifies correctly, false
if the signature cannot be verified.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the signature.public boolean verifySignature(PublicKey key) throws VerifyException
true
if the signature verifies correctly, false
if the signature cannot be verified.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the signature.public boolean verify() throws VerifyException
KeyRetriever
facility, after validating each Reference in the SignedInfo; nested References in Manifests will not be validated.true
if the signature verifies correctly, false
if the signature cannot be verified.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the signature.public boolean verify(boolean validateManifests) throws VerifyException
KeyRetriever
facility, after validating each Reference in the SignedInfo.validateManifests
- If true
, nested Manifests pointed to by References will have their enclosed References validated as well.true
if the signature verifies correctly, false
if the signature cannot be verified.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the signature.public boolean verify(PublicKey key, boolean validateManifests) throws VerifyException
validateManifests
- If true
, nested Manifests pointed to by References will have their enclosed References validated as well.true
if the signature verifies correctly, false
if the signature cannot be verified or if Reference validation fails.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the signature.public boolean verify(byte[] secret) throws VerifyException
secret
- The MAC key or password.true
if the MAC verifies correctly, false
if the MAC cannot be verified or if Reference validation fails.VerifyException
- If an error occurs applying transforms, canonicalizing the data or verifying the MAC.public void setId(java.lang.String id) throws org.w3c.dom.DOMException
setId
in interface Referable
id
- The ID name of this object.org.w3c.dom.DOMException
public java.lang.String getId()
null
if the attribute is missing.getId
in interface Referable
public java.lang.String getType()
null
, as there is no URI defined for the Signature element in the XML-DSIG space.getType
in interface Referable
null
if none is defined.
|
Oracle Security Developer Tools XML Security Java API Reference 10g Release 2 (10.1.2.0.2) B15571-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |