oracle.security.xmlsec.wss
Class WSSecurity

java.lang.Object
oracle.security.xmlsec.util.XMLNode
oracle.security.xmlsec.util.XMLElement
oracle.security.xmlsec.wss.WSSecurity

public class WSSecurity

extends oracle.security.xmlsec.util.XMLElement

This class represents a wsse:Security header block in a SOAPEnvelope. It provides methods for signing and encrypting messages and security tokens.

Field Summary

Fields inherited from class oracle.security.xmlsec.util.XMLNode

node, systemId

Constructor Summary

WSSecurity(org.w3c.dom.Element element)
Creates a new WSSecurity instance from the given Element node.

WSSecurity(org.w3c.dom.Element element, java.lang.String systemId)
Creates a new WSSecurity instance from the given Element node.

Method Summary

void	addKerberosToken(KerberosBinarySecurityToken token) Add a Kerberos Token.
void	addSAMLAssertionToken(SAMLAssertionToken token) Add a SAML Assertion Token.
void	addSecurityToken(org.w3c.dom.Element token) Add a Security Token.
void	addSecurityTokenReference(WSSecurityTokenReference ref) Add a Security Token Reference.
void	addUsernameToken(UsernameToken token) Add a Username Token.
static void	addWsuIdToElement(java.lang.String id, org.w3c.dom.Element element) Deprecated. replaced by WSSUtils.addWsuIdToElement(String, Element)
void	addX509CertificateToken(X509BinarySecurityToken token) Add a X.509 Certificate Token.
oracle.security.xmlsec.enc.XEEncryptedData	createEncryptedData(java.lang.String dataType) Creates a new XEEncryptedData element in this WSSecurity's document, but does not append it to the WSSecurity element.
oracle.security.xmlsec.enc.XEEncryptedKey	createEncryptedKey() Creates a new XEEncryptedKey element in this WSSecurity's document, but does not append it to the WSSecurity element.
oracle.security.xmlsec.dsig.XSSignature	createSignature() Creates a new XSSignature element in this WSSecurity's document, but does not append it to the WSSecurity element.
oracle.security.xmlsec.dsig.XSSignature	createSignature(java.lang.String id) Creates a new Signature element in this document, but does not append it to the WSSecurity element.
static void	decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData) Decrypts the EncrypedData element.
static void	decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey) Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.
static void	decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, oracle.security.crypto.core.PrivateKey keyDecKey) Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.
static void	decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey, oracle.security.crypto.core.SymmetricKey dataDecKey) Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.
static void	decrypt(oracle.security.xmlsec.enc.XEReferenceList refList, oracle.security.crypto.core.SymmetricKey symKey) Decrypts the EncrypedData element referenced by the given ReferenceList element in this structure.
void	decryptAll() Decrypts all the EncryptedData child elements and replaces the EncrypteData element with the decrypted XML result.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) Perform encryption of the Security Header content.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) Perform encryption of the Security Header content.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey) Perform encryption of the Security Header content.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey, oracle.security.crypto.core.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) Perform encryption of the Security Header content.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, java.lang.String dataEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey, oracle.security.crypto.cert.X509 keyEncCert, java.lang.String keyEncAlg) Perform encryption of the Security Header content.
void	encrypt(org.w3c.dom.Element element, boolean contentOnly, WSSEncryptionParams encParams) Deprecated. Replaced by encrypt(Element, boolean, String, SymmetricKey, PublicKey, String, String, byte[])
void	encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlgURI, java.lang.String usernameTokenURI, KeyDerivator keyDerivator) Perform encryption of the Security Header content.
void	encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String keyEncKeyURI, java.lang.String keyEncAlg) Perform encryption of the Security Header content.
void	encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, java.lang.String certTokenURI, java.lang.String keyEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey) Perform encryption of the Security Header content.
void	encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey, oracle.security.crypto.core.PublicKey keyEncKey, java.lang.String keyEncAlg, java.lang.String keyEncKeyName, byte[] certId) Perform encryption of the Security Header content.
void	encrypt(java.util.List elements, boolean[] contentOnlys, java.lang.String dataEncAlg, oracle.security.crypto.core.SymmetricKey dataEncKey, oracle.security.crypto.cert.X509 keyEncCert, java.lang.String keyEncAlg) Perform encryption of the Security Header content.
void	encrypt(java.util.List elements, boolean[] contentOnlys, WSSEncryptionParams encParams) Deprecated. Replaced by encrypt(List, boolean[], String, SymmetricKey, PublicKey, String, String, byte[])
java.util.List	getBinaryTokens() Returns the list of Binary Security Tokens.
java.util.List	getEncryptedKeys() Returns all the EncryptedKey elements in this WSSecurity block.
java.util.List	getReferenceLists() Returns all the ReferenceList elements in this WSSecurity block.
java.util.List	getSAMLAssertionTokens() Returns the list of SAML Assertion Security Tokens.
WSSecurityToken	getSecurityTokenByWsuID(java.lang.String id) Get the Security token corresponding to the WSU identifier.
java.util.List	getSignatures() Returns all the Signature elements in this WSSecurity header block.
WSUTimestamp	getTimestamp() Get the token Timestamp.
java.util.List	getUsernameTokens() Returns the list of Username Security Tokens.
static WSSecurity	newInstance(org.w3c.dom.Document owner) Creates a new WSSecurity instance using the given owner document, but does not append it to any element.
static WSSecurity	newInstance(org.w3c.dom.Document owner, java.lang.String id) Creates a new WSSecurity instance using the given owner document, but does not append it to any element.
static WSSecurity	newInstance(java.lang.String id) Creates a new WSSecurity instance in a new owner document, and makes it the root element of the document.
void	setTimestamp(WSUTimestamp timeStamp) Set the token Timestamp.
void	sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..
void	sign(java.lang.String[] uris, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..
void	sign(java.lang.String[] uris, WSSecurityTokenReference[] refs, WSSignatureParams sigParams) Sign the security tokens and token references.
void	sign(java.lang.String[] uris, WSSKeyIdentifier keyId, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String[] uris, WSSKeyIdentifier keyId, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String[] uris, X509BinarySecurityToken token, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String[] uris, X509BinarySecurityToken token, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String[] uris, X509IssuerSerial certIASN, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String[] uris, X509IssuerSerial certIASN, oracle.security.crypto.core.PrivateKey privKey, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans, boolean usingDecryptionTransform) Perform signing of the Security Header content.
void	sign(java.lang.String uri, UsernameToken token, KeyDerivator keyDerivator, java.lang.String digestAlg, java.lang.String c14NAlg, java.lang.String signatureAlg, boolean usingDecryptionTransform) Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..
void	sign(java.lang.String uri, WSSignatureParams sigParams) Sign the security token.
void	sign(WSSecurityTokenReference ref, WSSignatureParams sigParams) Sign the security token reference.
boolean	verify(oracle.security.xmlsec.dsig.XSSignature sig) Verifies the given XSSignature, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].
static boolean	verify(oracle.security.xmlsec.dsig.XSSignature sig, boolean searchDocument) Verifies the given XSSignature, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].
boolean	verifyAll() Verifies all of the XSSignatures in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG].

Methods inherited from class oracle.security.xmlsec.util.XMLElement

addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix

Methods inherited from class oracle.security.xmlsec.util.XMLNode

appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WSSecurity

public WSSecurity(org.w3c.dom.Element element)

Creates a new WSSecurity instance from the given Element node.

Parameters:

element - An org.w3c.dom.Element that conforms to the wsse:Security schema.

WSSecurity

public WSSecurity(org.w3c.dom.Element element,
                  java.lang.String systemId)

Creates a new WSSecurity instance from the given Element node.

Parameters:

element - An org.w3c.dom.Element that conforms to the wsse:WSSecurity schema.

systemId - The URI string system ID for this XSSignature.

Method Detail

newInstance

public static WSSecurity newInstance(java.lang.String id)

Creates a new WSSecurity instance in a new owner document, and makes it the root element of the document.

Parameters:

id - An optional string ID name for the wsse:Security element.

Returns:

The new WSSecurity instance.

newInstance

public static WSSecurity newInstance(org.w3c.dom.Document owner)

Creates a new WSSecurity instance using the given owner document, but does not append it to any element.

Parameters:

owner - The XML Document to be used as the owner document of this structure.

Returns:

The new WSSecurity instance.

newInstance

public static WSSecurity newInstance(org.w3c.dom.Document owner,
                                     java.lang.String id)

Creates a new WSSecurity instance using the given owner document, but does not append it to any element.

Parameters:

owner - The XML Document to be used as the owner document of this structure.

id - An optional string ID name for the wsse:Security element.

Returns:

The new WSSecurity instance.

createSignature

public oracle.security.xmlsec.dsig.XSSignature createSignature(java.lang.String id)

Creates a new Signature element in this document, but does not append it to the WSSecurity element.

Parameters:

id - An optional string ID name for the Signature element.

Returns:

A new XSSignature instance.

addUsernameToken

public void addUsernameToken(UsernameToken token)

Add a Username Token.

The Username Token will be imported if it is in a different org.w3c.dom.Document.

Parameters:

token - The Security Token to add.

addX509CertificateToken

public void addX509CertificateToken(X509BinarySecurityToken token)

Add a X.509 Certificate Token.

The X.509 Certificate Token will be imported if it is in a different org.w3c.dom.Document.

Parameters:

token - The Security Token to add.

addKerberosToken

public void addKerberosToken(KerberosBinarySecurityToken token)

Add a Kerberos Token.

The Kerberos Token will be imported if it is in a different org.w3c.dom.Document.

Parameters:

token - The Security Token to add.

addSAMLAssertionToken

public void addSAMLAssertionToken(SAMLAssertionToken token)

Add a SAML Assertion Token.

The SAML Assertione Token will be imported if it is in a different org.w3c.dom.Document.

Parameters:

token - The Security Token to add.

addSecurityToken

public void addSecurityToken(org.w3c.dom.Element token)

Add a Security Token.

The input token element is not schema validated.

The Security Token will be imported if it is in a different org.w3c.dom.Document.

Parameters:

token - The Security Token element to add.

addSecurityTokenReference

public void addSecurityTokenReference(WSSecurityTokenReference ref)

Add a Security Token Reference.

Parameters:

ref - The Security Token reference to add.

setTimestamp

public void setTimestamp(WSUTimestamp timeStamp)

Set the token Timestamp.

Parameters:

timeStamp - The timestamp.

getTimestamp

public WSUTimestamp getTimestamp()

Get the token Timestamp.

Returns:

The timestamp.

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    java.lang.String dataEncAlg,
                    java.lang.String usernameTokenURI,
                    KeyDerivator keyDerivator)
             throws WSSException

Perform encryption of the Security Header content.

The keyEncKeyURI must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.

Parameters:

element - The element to encrypt.

contentOnly - If true only encrypt the children of the element else encrypt the whole element.

dataEncAlg - The content encryption algorithm.

usernameTokenURI - The UsernameToken URI.

keyDerivator - The key derivation interface to use.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    java.lang.String dataEncAlgURI,
                    java.lang.String usernameTokenURI,
                    KeyDerivator keyDerivator)
             throws WSSException

Perform encryption of the Security Header content.

The usernameTokenURI must be a reference to an Username Token.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlgURI - The content encryption algorithm.

usernameTokenURI - The UsernameToken URI.

keyDerivator - The key derivation interface to use.

Throws:

WSSException

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    java.lang.String dataEncAlg,
                    java.lang.String certTokenURI,
                    java.lang.String keyEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey)
             throws WSSException

Perform encryption of the Security Header content.

The keyEncKeyURI must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.

Parameters:

element - The element to encrypt.

contentOnly - If true only encrypt the children of the element else encrypt the whole element.

dataEncAlg - The content encryption algorithm.

certTokenURI - The X.509 certificate token URI.

keyEncAlg - The key key encryption algorithm.

dataEncKey - The content encryption key.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    java.lang.String dataEncAlg,
                    java.lang.String certTokenURI,
                    java.lang.String keyEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey)
             throws WSSException

Perform encryption of the Security Header content.

The keyEncKeyURI must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlg - The content encryption algorithm.

certTokenURI - The X.509 certificate token URI.

keyEncAlg - The key key encryption algorithm.

dataEncKey - The content encryption key.

Throws:

WSSException

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    java.lang.String dataEncAlg,
                    java.lang.String keyEncKeyURI,
                    java.lang.String keyEncAlg)
             throws WSSException

Perform encryption of the Security Header content.

The keyEncKeyURI must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.

Parameters:

element - The element to encrypt.

contentOnly - If true only encrypt the children of the element else encrypt the whole element.

dataEncAlg - The content encryption algorithm.

keyEncKeyURI - The key encryption certificate URI.

keyEncAlg - The key encryption algorithm.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    java.lang.String dataEncAlg,
                    java.lang.String keyEncKeyURI,
                    java.lang.String keyEncAlg)
             throws WSSException

Perform encryption of the Security Header content.

The keyEncKeyURI must be a reference to a X.509 Token or a SAML Assertion token with a Holder of Key saml:ConfirmationMethod.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlg - The content encryption algorithm.

keyEncKeyURI - The key encryption certificate URI.

keyEncAlg - The key encryption algorithm.

Throws:

WSSException

sign

public void sign(java.lang.String uri,
                 UsernameToken token,
                 KeyDerivator keyDerivator,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 boolean usingDecryptionTransform)
          throws WSSException

Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..

Parameters:

uri - The URI of the element to encrypt.

token - The Username security token used to derive the signing HMAC key.

keyDerivator - The key derivation class.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

sign

public void sign(java.lang.String[] uris,
                 UsernameToken token,
                 KeyDerivator keyDerivator,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 boolean usingDecryptionTransform)
          throws WSSException

Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..

Parameters:

uris - The URI list of org.w3c.dom.Elements to encrypt.

token - The Username security token used to derive the signing HMAC key.

keyDerivator - The key derivation class.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

sign

public void sign(java.lang.String[] uris,
                 UsernameToken token,
                 KeyDerivator keyDerivator,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans,
                 boolean usingDecryptionTransform)
          throws WSSException

Perform signing of the Security Header content using an HMAC key that is derived from the Username security token..

Parameters:

uris - The URI list of org.w3c.dom.Elements to encrypt.

token - The Username security token used to derive the signing HMAC key.

keyDerivator - The key derivation class.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

trans - The list of ds:Reference transforms

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    WSSEncryptionParams encParams)
             throws WSSException

Deprecated. Replaced by encrypt(Element, boolean, String, SymmetricKey, PublicKey, String, String, byte[])

Perform encryption of the Security Header content.

Parameters:

element - The element to encrypt.

contentOnly - If true only encrypt the children of the element else encrypt the whole element.

encParams - The encryption algorithm and key parameters.

Throws:

WSSException

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    java.lang.String dataEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey,
                    oracle.security.crypto.core.PublicKey keyEncKey,
                    java.lang.String keyEncAlg,
                    java.lang.String keyEncKeyName,
                    byte[] certId)
             throws WSSException

Perform encryption of the Security Header content.

Parameters:

element - The element to encrypt.

contentOnly - If true only encrypt the children of the element else encrypt the whole element.

dataEncAlg - The content encryption algorithm.

dataEncKey - The content encryption key. If set to null</null>, a randomly generated key will be used.

keyEncKey - The key encryption key that will be used to secure the content encryption key.

keyEncAlg - The key encryption algorithm.

keyEncKeyName - The optional key encryption key name.

certId - The optional key certificate identifier.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    WSSEncryptionParams encParams)
             throws WSSException

Deprecated. Replaced by encrypt(List, boolean[], String, SymmetricKey, PublicKey, String, String, byte[])

Perform encryption of the Security Header content.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

encParams - The encryption algorithm and key parameters.

Throws:

WSSException

encrypt

public void encrypt(org.w3c.dom.Element element,
                    boolean contentOnly,
                    java.lang.String dataEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey,
                    oracle.security.crypto.cert.X509 keyEncCert,
                    java.lang.String keyEncAlg)
             throws WSSException

Perform encryption of the Security Header content.

Parameters:

element - The org.w3c.dom.Elements to encrypt.

contentOnly - If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlg - The content encryption key.

dataEncKey - The content encryption key. If set to null</null>, a randomly generated key will be used.

keyEncCert - The key encryption certificate that will be used to secure the content encryption key.

keyEncAlg - The key encryption algorithm.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    java.lang.String dataEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey,
                    oracle.security.crypto.cert.X509 keyEncCert,
                    java.lang.String keyEncAlg)
             throws WSSException

Perform encryption of the Security Header content.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlg - The content encryption key.

dataEncKey - The content encryption key. If set to null</null>, a randomly generated key will be used.

keyEncCert - The key encryption certificate that will be used to secure the content encryption key.

keyEncAlg - The key encryption algorithm.

Throws:

WSSException

encrypt

public void encrypt(java.util.List elements,
                    boolean[] contentOnlys,
                    java.lang.String dataEncAlg,
                    oracle.security.crypto.core.SymmetricKey dataEncKey,
                    oracle.security.crypto.core.PublicKey keyEncKey,
                    java.lang.String keyEncAlg,
                    java.lang.String keyEncKeyName,
                    byte[] certId)
             throws WSSException

Perform encryption of the Security Header content.

Parameters:

elements - The list of org.w3c.dom.Elements to encrypt.

contentOnlys - The List of boolean values for each List elements.If true only encrypt the children of the corresponding List element else encrypt the entire corresponding List element.

dataEncAlg - The content encryption key.

dataEncKey - The content encryption key. If set to null</null>, a randomly generated key will be used.

keyEncKey - The key encryption key that will be used to secure the content encryption key.

keyEncAlg - The key encryption algorithm.

keyEncKeyName - The optional key encryption key name.

certId - The optional key certificate identifier.

Throws:

WSSException

sign

public void sign(java.lang.String[] uris,
                 X509BinarySecurityToken token,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

token - The X.509 certificate security token.

privKey - The signing key.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String[] uris,
                 X509BinarySecurityToken token,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

token - The X.509 certificate security token.

privKey - The signing key.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

trans - The list of ds:Reference transforms.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String[] uris,
                 X509IssuerSerial certIASN,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

certIASN - The issuer and serial number of signing certificate.

privKey - The signing key.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String[] uris,
                 X509IssuerSerial certIASN,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

certIASN - The issuer and serial number of signing certificate.

privKey - The signing key.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

trans - The list of ds:Reference transforms.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String[] uris,
                 WSSKeyIdentifier keyId,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

keyId - The signing certificate public key identifier.

privKey - The signing key. If null, the X509KeyIdentifierResolver will be used.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String[] uris,
                 WSSKeyIdentifier keyId,
                 oracle.security.crypto.core.PrivateKey privKey,
                 java.lang.String digestAlg,
                 java.lang.String c14NAlg,
                 java.lang.String signatureAlg,
                 oracle.security.xmlsec.dsig.XSAlgorithmIdentifier[] trans,
                 boolean usingDecryptionTransform)
          throws WSSException,
                 oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

Perform signing of the Security Header content.

Parameters:

uris - The URI List of the elements to encrypt.

keyId - The signing certificate public key identifier.

privKey - The signing key. If null, the X509KeyIdentifierResolver will be used.

digestAlg - The message digest algorithm.

c14NAlg - The canonicalization algorithm.

signatureAlg - The signature algorithm.

trans - The list of ds:Reference transforms.

usingDecryptionTransform - Indicates the use of the decryption transform.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

sign

public void sign(java.lang.String uri,
                 WSSignatureParams sigParams)
          throws WSSException

Sign the security token.

Parameters:

uri - The reference URI.

sigParams - The signature algorithm and key parameters.

Throws:

WSSException

sign

public void sign(WSSecurityTokenReference ref,
                 WSSignatureParams sigParams)
          throws WSSException

Sign the security token reference.

Parameters:

ref - The security token reference.

sigParams - The signature algorithm and key parameters.

Throws:

WSSException

sign

public void sign(java.lang.String[] uris,
                 WSSecurityTokenReference[] refs,
                 WSSignatureParams sigParams)
          throws WSSException

Sign the security tokens and token references.

Parameters:

uris - The reference URI list.

refs - The security token reference list.

sigParams - The signature algorithm and key parameters.

Throws:

WSSException

decryptAll

public void decryptAll()
                throws WSSException

Decrypts all the EncryptedData child elements and replaces the EncrypteData element with the decrypted XML result. The decryption key is obtained by resolving the KeyInfo element. The decryption key for the bottom of the EncryptedData/EncryptedKey chain is obtained using the KeyRetriever facility.

Throws:

WSSException

getReferenceLists

public java.util.List getReferenceLists()

Returns all the ReferenceList elements in this WSSecurity block.

Returns:

The List of xenc:ReferenceList elements.

decrypt

public static void decrypt(oracle.security.xmlsec.enc.XEReferenceList refList,
                           oracle.security.crypto.core.SymmetricKey symKey)
                    throws WSSException

Decrypts the EncrypedData element referenced by the given ReferenceList element in this structure.

Parameters:

refList - The list of encrypted references.

symKey - The content decryption key.

Throws:

WSSException

getEncryptedKeys

public java.util.List getEncryptedKeys()

Returns all the EncryptedKey elements in this WSSecurity block.

Returns:

The List of EncryptedKey elements (oracle.security.xmlsec.enc.XEEncryptedKey).

decrypt

public static void decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey,
                           oracle.security.crypto.core.PrivateKey keyDecKey)
                    throws WSSException

Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.

Parameters:

encKey - The EncryptedKey element whose references will be decrypted.

keyDecKey - The key to decrypt the content encryption key.

Throws:

WSSException

decrypt

public static void decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey)
                    throws WSSException

Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.

The decryption key is obtained from the KeyRetriever facility.

Parameters:

encKey - The EncryptedKey element whose references are to be decrypted.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

decrypt

public static void decrypt(oracle.security.xmlsec.enc.XEEncryptedData encData)
                    throws WSSException

Decrypts the EncrypedData element.

The decryption key is obtained from the KeyRetriever facility.

Parameters:

encData - The EncryptedData element.

Throws:

WSSException

oracle.security.xmlsec.keys.retrieval.KeyRetrievalException

decrypt

public static void decrypt(oracle.security.xmlsec.enc.XEEncryptedKey encKey,
                           oracle.security.crypto.core.SymmetricKey dataDecKey)
                    throws WSSException

Decrypts the EncrypedData element referenced by the given EncryptedKey element in this structure.

Parameters:

encKey - The encreypted key instance.

dataDecKey - The decryption key to use to decrypted the data reference list.

Throws:

WSSException

getSignatures

public java.util.List getSignatures()

Returns all the Signature elements in this WSSecurity header block.

Returns:

The List of signature (com.phaos.xml.dsig.XSSignature) elements.

verify

public boolean verify(oracle.security.xmlsec.dsig.XSSignature sig)
               throws WSSException

Verifies the given XSSignature, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].

Parameters:

sig - The signature instance to verify.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

WSSException

verify

public static boolean verify(oracle.security.xmlsec.dsig.XSSignature sig,
                             boolean searchDocument)
                      throws WSSException

Verifies the given XSSignature, following the ds:Signature and ds:Reference validation process defined in [XML-SIG].

Parameters:

sig - The signature instance to verify.

searchDocument - If available, use the signing certificate present in the same Document.

Returns:

true if the signature verifies correctly, false if the signature cannot be verified.

Throws:

WSSException

verifyAll

public boolean verifyAll()
                  throws WSSException

Verifies all of the XSSignatures in this wsse:Security header in accordance with the ds:Signature and ds:Reference validation process defined in [XML-SIG].

Returns:

true if all the signatures verify correctly, false if at least one signature cannot be verified.

Throws:

WSSException

addWsuIdToElement

public static void addWsuIdToElement(java.lang.String id,
                                     org.w3c.dom.Element element)

Deprecated. replaced by WSSUtils.addWsuIdToElement(String, Element)

Adds a global wsu:Id attribute to the given element in this SOAPEnvelope.

Parameters:

id - The attribute value.

element - The org.w3c.dom.Element whose wsu:Id attribute will be set.

createSignature

public oracle.security.xmlsec.dsig.XSSignature createSignature()
                                                        throws org.w3c.dom.DOMException

Creates a new XSSignature element in this WSSecurity's document, but does not append it to the WSSecurity element.

Returns:

A new XSSignature.

Throws:

org.w3c.dom.DOMException

createEncryptedData

public oracle.security.xmlsec.enc.XEEncryptedData createEncryptedData(java.lang.String dataType)
                                                               throws org.w3c.dom.DOMException

Creates a new XEEncryptedData element in this WSSecurity's document, but does not append it to the WSSecurity element.

Parameters:

dataType - Type information identifying the content.

Returns:

A new XEEncryptedData.

Throws:

org.w3c.dom.DOMException

createEncryptedKey

public oracle.security.xmlsec.enc.XEEncryptedKey createEncryptedKey()
                                                             throws org.w3c.dom.DOMException

Creates a new XEEncryptedKey element in this WSSecurity's document, but does not append it to the WSSecurity element.

Returns:

A new XEEncryptedKey.

Throws:

org.w3c.dom.DOMException

getSecurityTokenByWsuID

public WSSecurityToken getSecurityTokenByWsuID(java.lang.String id)

Get the Security token corresponding to the WSU identifier.

Parameters:

id - The wsu:Id value.

Returns:

The security token if present or null otherwise.

getUsernameTokens

public java.util.List getUsernameTokens()

Returns the list of Username Security Tokens.

Returns:

The list of UsernameToken elements.

getBinaryTokens

public java.util.List getBinaryTokens()

Returns the list of Binary Security Tokens.

Returns:

The list of BinarySecurityToken elements.

getSAMLAssertionTokens

public java.util.List getSAMLAssertionTokens()

Returns the list of SAML Assertion Security Tokens.

Returns:

The list of SAMLAssertionToken elements.