Package org.opensaml.xmlsec.signature.support

Class SignatureSupport

  • public final class SignatureSupport
extends Object
    Helper methods for working with XML Signature.

    • Field Detail

      • C14N_ALGORITHMS

        private static final Set<String> C14N_ALGORITHMS
        Set of known canonicalization algorithm URIs.

    • Constructor Detail

      • SignatureSupport

        private SignatureSupport()
        Constructor.

    • Method Detail

      • getLogger

        @Nonnull
private static org.slf4j.Logger getLogger()
        Get an SLF4J Logger.
        Returns:
        a Logger instance

      • prepareSignatureParams

        public static void prepareSignatureParams​(@Nonnull
                                          Signature signature,
                                          @Nonnull
                                          SignatureSigningParameters parameters)
                                   throws org.opensaml.security.SecurityException
        Prepare a Signature with necessary additional information prior to signing.

        NOTE:Since this operation modifies the specified Signature object, it should be called prior to marshalling the Signature object.

        The following Signature values will be added:

        • signing credential
        • signature algorithm URI
        • canonicalization algorithm URI
        • reference digest method
        • HMAC output length (if applicable and a value is configured)
        • a KeyInfo element representing the signing credential

        Existing (non-null) values of these parameters on the specified signature will NOT be overwritten, however.

        All values are determined by the specified SignatureSigningParameters. If no value for a required parameter is specified or included on the passed signature, a SecurityException will be thrown.

        Parameters:
        signature - the Signature to be updated
        parameters - the signing parameters to use
        Throws:
        org.opensaml.security.SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

      • processKeyInfo

        private static void processKeyInfo​(Signature signature,
                                   SignatureSigningParameters parameters)
                            throws org.opensaml.security.SecurityException
        Prepare the content references.
        Parameters:
        signature - the Signature to be updated
        parameters - the signing parameters to use
        Throws:
        org.opensaml.security.SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

      • processContentReferences

        private static void processContentReferences​(@Nonnull
                                             Signature signature,
                                             @Nonnull
                                             SignatureSigningParameters parameters)
                                      throws org.opensaml.security.SecurityException
        Prepare the content references.
        Parameters:
        signature - the Signature to be updated
        parameters - the signing parameters to use
        Throws:
        org.opensaml.security.SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

      • addOrReplaceReferenceCanonicalizationTransform

        private static void addOrReplaceReferenceCanonicalizationTransform​(@Nullable
                                                                   ContentReference cr,
                                                                   @Nullable
                                                                   String uri)
        Process the indicated content reference and either add or replace its canonicalization Transform algorithm with the indicated algorithm.
        Parameters:
        cr - the content reference to process
        uri - the canonicalization algorithm to either add or replace

      • isCanonicalizationAlgorithm

        private static boolean isCanonicalizationAlgorithm​(@Nullable
                                                   String uri)
        Evaluate whether the indicated algorithm URI is a canonicalization algorithm URI.
        Parameters:
        uri - the algorithm URI to evaluate
        Returns:
        true if is a canonicalization algorithm, false otherwise

      • signObject

        public static void signObject​(@Nonnull
                              SignableXMLObject signable,
                              @Nonnull
                              SignatureSigningParameters parameters)
                       throws org.opensaml.security.SecurityException,
                              org.opensaml.core.xml.io.MarshallingException,
                              SignatureException
        Signs a SignableXMLObject.
        Parameters:
        signable - the signable XMLObject to sign
        parameters - the signing parameters to use
        Throws:
        org.opensaml.security.SecurityException - if there is a problem preparing the signature
        org.opensaml.core.xml.io.MarshallingException - if there is a problem marshalling the XMLObject
        SignatureException - if there is a problem with the signature operation