oracle.security.xmlsec.dsig

Class DSigUtils

java.lang.Object

oracle.security.xmlsec.dsig.DSigUtils

public class DSigUtils
extends java.lang.Object

Simple API for creating and verifying XML signatures.

Since:

1.1

Method Summary

Modifier and Type	Method and Description
static org.w3c.dom.Document	signDetached(java.lang.String url, java.security.PrivateKey privKey, java.security.cert.X509Certificate cert) Creates a detached XML signature for the data object residing at the given URL.
static org.w3c.dom.Document	signEnveloped(org.w3c.dom.Document doc, java.security.PrivateKey privKey, java.security.cert.X509Certificate cert) Creates an enveloped XML signature over the given XML document.
static org.w3c.dom.Document	signEnveloping(org.w3c.dom.Document doc, java.security.PrivateKey privKey, java.security.cert.X509Certificate cert) Creates an enveloping XML signature over the given XML document.
static org.w3c.dom.Document	signSubTree(org.w3c.dom.Element subTree, java.lang.String idAttrName, java.security.PrivateKey privKey, java.security.cert.X509Certificate cert) Creates an enveloping XML signature over a sub-tree of the given XML document that is rooted in the given element.
static boolean	verify(org.w3c.dom.Document doc) Verifies all Signatures in the input XML document, including Reference validation.
static boolean	verify(org.w3c.dom.Document doc, java.security.PublicKey pubKey) Verifies all Signatures in the input XML document, including Reference validation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

signDetached

public static org.w3c.dom.Document signDetached(java.lang.String url,
                                                java.security.PrivateKey privKey,
                                                java.security.cert.X509Certificate cert)
                                         throws java.io.IOException,
                                                SigningException

Creates a detached XML signature for the data object residing at the given URL. The Signature is created in a new document, and does not contain the input data object.

The signing parameters used are:

• SignatureMethod: RSA with SHA-1 or DSA with SHA-1
• CanonicalizationMethod: XML-C14N
• DigestMethod: SHA-1
• Transforms: none

Parameters:

url - The URL of the data object to be signed.

privKey - The signer's private key. The private key determines which signature algorithm will be used.

cert - The signer's public key certificate.

Returns:

A new org.w3c.dom.Document whose root element is a Signature over the data object.

Throws:

java.io.IOException - If an error occurs retrieving the data object.

SigningException - If an error occurs constructing the XML signature.

signEnveloped

public static org.w3c.dom.Document signEnveloped(org.w3c.dom.Document doc,
                                                 java.security.PrivateKey privKey,
                                                 java.security.cert.X509Certificate cert)
                                          throws SigningException

Creates an enveloped XML signature over the given XML document. The signature is appended to the input document's root element.

The signing parameters used are:

• SignatureMethod: RSA with SHA-1 or DSA with SHA-1
• CanonicalizationMethod: XML-C14N
• DigestMethod: SHA-1
• Transforms: Enveloped Signature

Parameters:

doc - An org.w3c.dom.Document to be signed.

privKey - The signer's private key. The private key determines which signature algorithm will be used.

cert - The signer's public key certificate.

Returns:

The org.w3c.dom.Document containing the Signature.

Throws:

SigningException - If an error occurs constructing the XML signature.

signEnveloping

public static org.w3c.dom.Document signEnveloping(org.w3c.dom.Document doc,
                                                  java.security.PrivateKey privKey,
                                                  java.security.cert.X509Certificate cert)
                                           throws SigningException

Creates an enveloping XML signature over the given XML document. The signature is created in a new Document, and contains the input XML in a dsig:Object element.

Note: Any DOCTYPE definition in the input document will be omitted from the signed document. To output the DOCTYPE before the document, the DocTypeUtil class may be used.

The signing parameters used are:

• SignatureMethod: RSA with SHA-1 or DSA with SHA-1
• CanonicalizationMethod: XML-C14N
• DigestMethod: SHA-1
• Transforms: none

Parameters:

doc - An org.w3c.dom.Document to be signed.

privKey - The signer's private key. The private key determines which signature algorithm will be used.

cert - The signer's public key certificate.

Returns:

A new org.w3c.dom.Document containing the Signature.

Throws:

SigningException - If an error occurs constructing the XML signature.

signSubTree

public static org.w3c.dom.Document signSubTree(org.w3c.dom.Element subTree,
                                               java.lang.String idAttrName,
                                               java.security.PrivateKey privKey,
                                               java.security.cert.X509Certificate cert)
                                        throws SigningException

Creates an enveloping XML signature over a sub-tree of the given XML document that is rooted in the given element. The signature is appended to the input document's root element.

The signing parameters used are:

• SignatureMethod: RSA with SHA-1 or DSA with SHA-1
• CanonicalizationMethod: XML-C14N
• DigestMethod: SHA-1
• Transforms: none

Parameters:

subTree - The root element of the sub-tree to be signed. This sub-tree must not be rooted in the document root element node; for that case use the signEnveloped method instead.

idAttrName - The qualified name of the ID attribute that will be used to identify and locate the sub-tree root element (e.g., "Id").

privKey - The signer's private key. The private key determines which signature algorithm will be used.

cert - The signer's public key certificate.

Returns:

The org.w3c.dom.Document containing the Signature.

Throws:

SigningException - If an error occurs constructing the XML signature.

Since:

2.0

verify

public static boolean verify(org.w3c.dom.Document doc)
                      throws VerifyException

Verifies all Signatures in the input XML document, including Reference validation. References in Manifests are not validated.

This method expects to find each signature's verification public key or certificate by using the data in a KeyInfo element. If the key cannot be found, a VerifyException is thrown. To verify a signature that does not contain information sufficient to retrieve the public key, use the verify(Document doc, PublicKey pubKey) method. (See KeyRetriever for more information on automating key retrieval using KeyInfo data.)

Parameters:

doc - An org.w3c.dom.Document containing one or more Signature elements.

Returns:

true if all signatures are valid, false if any signature is invalid.

Throws:

VerifyException - If an error occurs during signature verification.

java.lang.IllegalArgumentException - If the input document contains no Signature element(s).

verify

public static boolean verify(org.w3c.dom.Document doc,
                             java.security.PublicKey pubKey)
                      throws VerifyException

Verifies all Signatures in the input XML document, including Reference validation. References in Manifests are not validated.

Parameters:

doc - An org.w3c.dom.Document containing one or more Signature elements.

pubKey - The public key to be used to verify the signature(s). If this is null, the each signature's verification key must be found in a KeyInfo element, or a VerifyException is thrown.

Returns:

true if all signatures are valid, false if any signature is invalid.

Throws:

VerifyException - If an error occurs during signature verification.

java.lang.IllegalArgumentException - If the input document contains no Signature element(s).