Package com.sun.xml.wss.core

Class SignatureHeaderBlock

java.lang.Object
com.sun.xml.wss.impl.misc.SOAPElementExtension
com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl
com.sun.xml.wss.core.SignatureHeaderBlock
All Implemented Interfaces:
SecurityHeaderBlock, jakarta.xml.soap.Node, jakarta.xml.soap.SOAPElement, Element, Node
public class SignatureHeaderBlock extends SecurityHeaderBlockImpl

    <element name="Signature" type="ds:SignatureType"/>
    <complexType name="SignatureType">
    <sequence>
        <element ref="ds:SignedInfo"/>
        <element ref="ds:SignatureValue"/>
        <element ref="ds:KeyInfo" minOccurs="0"/>
        <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="Id" type="ID" use="optional"/>
    </complexType>

  • Field Details

  • Constructor Details

    • SignatureHeaderBlock

      public SignatureHeaderBlock(jakarta.xml.soap.SOAPElement elem) throws XWSSecurityException
      parse and create the Signature element
      Parameters:
      elem - the element representing an XML Signature NOTE : this constructor assumes a fully initialized XML Signature No modifications are allowed on the signature, We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
      Throws:
      XWSSecurityException

    • SignatureHeaderBlock

      public SignatureHeaderBlock(org.apache.xml.security.signature.XMLSignature signature) throws XWSSecurityException
      constructor that takes Apache Signature
      Parameters:
      signature - the XMLSignature from XML DSIG NOTE : No modifications are allowed on the signature, if a SIGN operation has already been performed on the argument signature. We can only get existing values. For example appendObject() would throw an Exception. If a KeyInfo was not present in the signature, then calling getKeyInfo() will not append a KeyInfo child to the signature.
      Throws:
      XWSSecurityException

    • SignatureHeaderBlock

      public SignatureHeaderBlock(Document doc, String signatureMethodURI) throws XWSSecurityException
      This creates a new ds:Signature Element and adds an empty ds:SignedInfo. The ds:SignedInfo is initialized with the specified Signature algorithm and Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS which is RECOMMENDED by the spec. This method's main use is for creating a new signature.
      Parameters:
      doc - The OwnerDocument of signature
      signatureMethodURI - signature algorithm to use.
      Throws:
      XWSSecurityException

  • Method Details

    • getSignature

      public org.apache.xml.security.signature.XMLSignature getSignature()
      return the Apache XML Signature corresponding to this Block
      Returns:
      the XMLSignature

    • sign

      public void sign(Key signingKey) throws XWSSecurityException
      Digests all References in the SignedInfo, calculates the signature value and sets it in the SignatureValue Element.
      Parameters:
      signingKey - the PrivateKey or SecretKey that is used to sign.
      Throws:
      XWSSecurityException

    • getSignedInfo

      public jakarta.xml.soap.SOAPElement getSignedInfo() throws XWSSecurityException
      Returns the completely parsed SignedInfo object.
      Returns:
      the SignedInfo as a SOAPElement
      Throws:
      XWSSecurityException

    • getDSSignedInfo

      public org.apache.xml.security.signature.SignedInfo getDSSignedInfo()

    • getKeyInfo

      public jakarta.xml.soap.SOAPElement getKeyInfo() throws XWSSecurityException
      Returns the KeyInfo child.
      Returns:
      the KeyInfo object
      Throws:
      XWSSecurityException

    • getKeyInfoHeaderBlock

      public KeyInfoHeaderBlock getKeyInfoHeaderBlock() throws XWSSecurityException
      Returns the KeyInfo as a HeaderBlock.
      Returns:
      the KeyInfoHeaderBlock object
      Throws:
      XWSSecurityException

    • getSignatureValue

      public byte[] getSignatureValue() throws XWSSecurityException
      Method getSignatureValue
      Throws:
      XWSSecurityException

    • addSignedInfoReference

      public void addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms transforms) throws XWSSecurityException
      Adds a Reference with just the URI and the transforms. This uses the SHA1 algorithm as a default digest algorithm.
      Parameters:
      referenceURI - URI according to the XML Signature specification.
      transforms - List of transformations to be applied.
      Throws:
      XWSSecurityException

    • addSignedInfoReference

      public void addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms trans, String digestURI) throws XWSSecurityException
      Adds a Reference with URI, transforms and Digest algorithm URI
      Parameters:
      referenceURI - URI according to the XML Signature specification.
      trans - List of transformations to be applied.
      digestURI - URI of the digest algorithm to be used.
      Throws:
      XWSSecurityException

    • addSignedInfoReference

      public void addSignedInfoReference(String referenceURI, org.apache.xml.security.transforms.Transforms trans, String digestURI, String referenceId, String referenceType) throws XWSSecurityException
      Add a Reference with full parameters to this Signature
      Parameters:
      referenceURI - URI of the resource to be signed.Can be null in which case the dereferencing is application specific. Can be "" in which it's the parent node (or parent document?). There can only be one "" in each signature.
      trans - Optional list of transformations to be done before digesting
      digestURI - Mandatory URI of the digesting algorithm to use.
      referenceId - Optional id attribute for this Reference
      referenceType - Optional mimetype for the URI
      Throws:
      XWSSecurityException

    • checkSignatureValue

      public boolean checkSignatureValue(X509Certificate cert) throws XWSSecurityException
      Extracts the public key from the certificate and verifies if the signature is valid by re-digesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
      Parameters:
      cert - Certificate that contains the public key part of the keypair that was used to sign.
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      XWSSecurityException

    • checkSignatureValue

      public boolean checkSignatureValue(Key pk) throws XWSSecurityException
      Verifies if the signature is valid by redigesting all References, comparing those against the stored DigestValues and then checking to see if the Signatures match on the SignedInfo.
      Parameters:
      pk - PublicKey part of the keypair or SecretKey that was used to sign
      Returns:
      true if the signature is valid, false otherwise
      Throws:
      XWSSecurityException

    • appendObject

      public void appendObject(jakarta.xml.soap.SOAPElement object) throws XWSSecurityException
      Method appendObject.
      Throws:
      XWSSecurityException

    • getObjectItem

      public jakarta.xml.soap.SOAPElement getObjectItem(int index) throws XWSSecurityException
      Returns the indexth ds:Object child of the signature or null if no such ds:Object element exists.
      Returns:
      the indexth ds:Object child of the signature or null if no such ds:Object element exists. 1 is the lowest index (not 0)
      Throws:
      XWSSecurityException

    • getObjectCount

      public int getObjectCount()
      Returns the number of all ds:Object elements.
      Returns:
      the number of all ds:Object elements.

    • setId

      public void setId(String id)
      Method setId

    • getId

      public String getId()
      Method getId
      Specified by:
      getId in interface SecurityHeaderBlock
      Overrides:
      getId in class SecurityHeaderBlockImpl
      Returns:
      the id

    • setBaseURI

      public void setBaseURI(String uri)
      Method setBaseURI : BaseURI needed by Apache KeyInfo Ctor
      Parameters:
      uri - URI to be used as context for all relative URIs.

    • getAsSoapElement

      public jakarta.xml.soap.SOAPElement getAsSoapElement() throws XWSSecurityException
      Method to return the Signature as a SOAPElement
      Specified by:
      getAsSoapElement in interface SecurityHeaderBlock
      Overrides:
      getAsSoapElement in class SecurityHeaderBlockImpl
      Returns:
      SOAPElement
      Throws:
      XWSSecurityException - If owner soap document is not set.
      See Also:

    • setDocument

      public void setDocument(Document doc)
      setDocument.
      Parameters:
      doc - The owner Document of this Signature

    • saveChanges

      public void saveChanges()
      This method should be called when changes are made inside an object through its reference obtained from any of the get methods of this class. As an example, if getKeyInfo() call is made and then changes are made inside the keyInfo, this method should be called to reflect changes when getAsSoapElement() is called finally.

    • setApacheResourceResolver

      public void setApacheResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolverSpi resolver)

    • fromSoapElement

      public static SecurityHeaderBlock fromSoapElement(jakarta.xml.soap.SOAPElement element) throws XWSSecurityException
      Throws:
      XWSSecurityException