oracle.security.xmlsec.saml2.metadata

Class Descriptor

java.lang.Object

oracle.security.xmlsec.util.XMLNode

oracle.security.xmlsec.util.XMLElement

oracle.security.xmlsec.saml2.metadata.Descriptor

Direct Known Subclasses:

AffiliationDescriptor, EntitiesDescriptor, EntityDescriptor, RoleDescriptor

public abstract class Descriptor
extends oracle.security.xmlsec.util.XMLElement

Represents an abstract class for all meta Descriptor elements.

Field Summary

Fields inherited from class oracle.security.xmlsec.util.XMLNode

node, systemId

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Descriptor(org.w3c.dom.Document owner, java.lang.String nsURI, java.lang.String localName) Creates a new Descriptor instance.
	Descriptor(org.w3c.dom.Element element) Creates a new Descriptor instance from the given Element node.
	Descriptor(org.w3c.dom.Element element, java.lang.String systemId) Creates a new Descriptor instance from the given Element node.

Method Summary

Methods

Modifier and Type	Method and Description
oracle.security.xmlsec.dsig.XSSignature	addSignature(java.lang.String signatureMethod, java.lang.String c14nMethod) Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.
oracle.security.xmlsec.dsig.XSSignature	addSignature(java.lang.String signatureMethod, java.lang.String c14nMethod, java.lang.String digestMethod) Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.
protected void	clearSignature() Removes any exisiting XML-DSIG Signature elements from this message.
java.lang.String	getCacheDuration() Returns the cache duration.
Extensions	getExtensions() Returns the metadata extensions.
java.lang.String	getID() Returns the ID attribute.
oracle.security.xmlsec.dsig.XSSignature	getSignature() Returns the XML Signature child element from this element.
java.util.Date	getValidUntil() Returns the time until which the assertion is valid.
boolean	isSigned() Indicates if this element was signed.
void	setCacheDuration(java.lang.String duration) Sets the cache duration.
void	setExtensions(Extensions extension) Sets the metadata extension.
void	setID(java.lang.String id) Sets the ID attribute.
void	setValidUntil(java.util.Date validUntil) Sets the time until which this message is valid.
void	sign(java.security.PrivateKey privateKey, java.security.cert.X509Certificate cert) Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.
void	sign(java.security.PrivateKey privateKey, java.security.cert.X509Certificate cert, java.lang.String c14nMethod) Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.
boolean	verify() Verifies the signature using a key obtained either from the KeyInfo element (if any is present) or via the oracle.security.xmlsec.keys.retrieval.KeyRetriever mechanism.
boolean	verify(java.security.PublicKey publicKey) Verifies the signature with the given public key.

Methods inherited from class oracle.security.xmlsec.util.XMLElement

addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElement, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix

Methods inherited from class oracle.security.xmlsec.util.XMLNode

appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Descriptor

public Descriptor(org.w3c.dom.Element element)
           throws org.w3c.dom.DOMException

Creates a new Descriptor instance from the given Element node.

Parameters:

element - An Descriptor element.

Throws:

org.w3c.dom.DOMException

Descriptor

public Descriptor(org.w3c.dom.Element element,
          java.lang.String systemId)
           throws org.w3c.dom.DOMException

Creates a new Descriptor instance from the given Element node.

Parameters:

element - An Descriptor element.

systemId - The URI string system ID for the Descriptor.

Throws:

org.w3c.dom.DOMException

Descriptor

protected Descriptor(org.w3c.dom.Document owner,
          java.lang.String nsURI,
          java.lang.String localName)
              throws org.w3c.dom.DOMException

Creates a new Descriptor instance. This constructor is for use in subclass for extension of the Descriptor element.

Parameters:

owner - The owner document of the new Descriptor.

nsURI - The namespace URI in which the new Descriptor is to be created.

localName - The localName of the element represented by the class that extends this class.

Throws:

org.w3c.dom.DOMException

Method Detail

setID

public void setID(java.lang.String id)

Sets the ID attribute.

Parameters:

id - A unique identifier String.

getID

public java.lang.String getID()

Returns the ID attribute.

Returns:

The String value or null if none was found.

setValidUntil

public void setValidUntil(java.util.Date validUntil)

Sets the time until which this message is valid.

Parameters:

validUntil - The time instant.

getValidUntil

public java.util.Date getValidUntil()

Returns the time until which the assertion is valid.

Returns:

The Date indicating the time instant or null if none was found.

setCacheDuration

public void setCacheDuration(java.lang.String duration)

Sets the cache duration.

Parameters:

duration - A ISO 8601 duration String.

getCacheDuration

public java.lang.String getCacheDuration()

Returns the cache duration.

Returns:

A ISO 8601 duration String or null if none has been set.

setExtensions

public void setExtensions(Extensions extension)

Sets the metadata extension.

Parameters:

extension - An Extensions object.

getExtensions

public Extensions getExtensions()

Returns the metadata extensions.

Returns:

An Extension object or null if none has been set.

getSignature

public oracle.security.xmlsec.dsig.XSSignature getSignature()

Returns the XML Signature child element from this element.

Returns:

A XSSignature object or null if no signature is present.

isSigned

public boolean isSigned()

Indicates if this element was signed.

Returns:

true if a signature is present or false otherwise.

sign

public void sign(java.security.PrivateKey privateKey,
        java.security.cert.X509Certificate cert)
          throws oracle.security.xmlsec.dsig.SigningException

Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element. The default canonicalization method is XML-EXCLUSIVE-C14N.

Parameters:

privateKey - The private key to use for the signature computation.

cert - The X509 certificate corresponding to the private key.

Throws:

oracle.security.xmlsec.dsig.SigningException

sign

public void sign(java.security.PrivateKey privateKey,
        java.security.cert.X509Certificate cert,
        java.lang.String c14nMethod)
          throws oracle.security.xmlsec.dsig.SigningException

Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.

Parameters:

privateKey - The private key to use for the signature computation.

cert - The X509 certificate corresponding to the private key.

c14nMethod - The URI identifying the canonicalization method to be applied to the SignedInfo structure.

Throws:

oracle.security.xmlsec.dsig.SigningException

addSignature

public oracle.security.xmlsec.dsig.XSSignature addSignature(java.lang.String signatureMethod,
                                                   java.lang.String c14nMethod)

Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element. The default message digest algorithm is SHA-1.

Note: This method does not compute the SignatureValue or create a KeyInfo child element for the Signature element so, at a minimum, one of the sign() methods must be invoked on the returned XSSignature object.

This method is intended for use by developers who need to customize the Signature element (e.g., add custom Transform elements) the computation of the SignatureValue (e.g., using an HMAC signature algorithm) or the KeyInfo element. For most developers, either the #sign(PrivateKey, X509) or #sign(PrivateKey, X509, String) method should be sufficient.

Parameters:

signatureMethod - The value of the Algorithm attribute of the SignatureMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_rsaWithSHA1).

c14nMethod - The value of the Algorithm attribute of the CanonicalizationMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_c14nWithComments).

Returns:

The new oracle.security.xmlsec.dsig.XSSignature object.

addSignature

public oracle.security.xmlsec.dsig.XSSignature addSignature(java.lang.String signatureMethod,
                                                   java.lang.String c14nMethod,
                                                   java.lang.String digestMethod)

Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.

Note: This method does not compute the SignatureValue or create a KeyInfo child element for the Signature element so, at a minimum, one of the sign() methods must be invoked on the returned XSSignature object.

This method is intended for use by developers who need to customize the Signature element (e.g., add custom Transform elements) the computation of the SignatureValue (e.g., using an HMAC signature algorithm) or the KeyInfo element. For most developers, either the #sign(PrivateKey, X509) or #sign(PrivateKey, X509, String) method should be sufficient.

Parameters:

signatureMethod - The value of the Algorithm attribute of the SignatureMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_rsaWithSHA1).

c14nMethod - The value of the Algorithm attribute of the CanonicalizationMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_c14nWithComments).

digestMethod - The value of the Algorithm attribute of the DigestMethod element contained within the new Signature element's Reference child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_sha1).

Returns:

The new oracle.security.xmlsec.dsig.XSSignature object.

verify

public boolean verify()
               throws oracle.security.xmlsec.dsig.VerifyException

Verifies the signature using a key obtained either from the KeyInfo element (if any is present) or via the oracle.security.xmlsec.keys.retrieval.KeyRetriever mechanism. Any Manifests referenced by the signature will be validated.

Returns:

true if the verification succeeded, or false if the verification failed.

Throws:

oracle.security.xmlsec.dsig.VerifyException - If an error occurs while verifying the signature, or if no signature is present in this message.

verify

public boolean verify(java.security.PublicKey publicKey)
               throws oracle.security.xmlsec.dsig.VerifyException

Verifies the signature with the given public key. Any Manifests referenced by the signature will be validated.

Parameters:

publicKey - The public key used for verifying the signature.

Returns:

true if the verification succeeded, or false if the verification failed.

Throws:

oracle.security.xmlsec.dsig.VerifyException - If an error occurs while verifying the signature, or if no signature is present in this message.

clearSignature

protected void clearSignature()

Removes any exisiting XML-DSIG Signature elements from this message.