Package org.opensaml.xmlsec.signature.support

Class SignatureSupport

java.lang.Object

org.opensaml.xmlsec.signature.support.SignatureSupport

public final class SignatureSupport
extends Object

Helper methods for working with XML Signature.

Field Summary

Fields

Modifier and Type	Field	Description
private static Set<String>	C14N_ALGORITHMS	Set of known canonicalization algorithm URIs.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	SignatureSupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
private static void	addOrReplaceReferenceCanonicalizationTransform(ContentReference cr, String uri)	Process the indicated content reference and either add or replace its canonicalization Transform algorithm with the indicated algorithm.
private static org.slf4j.Logger	getLogger()	Get an SLF4J Logger.
private static boolean	isCanonicalizationAlgorithm(String uri)	Evaluate whether the indicated algorithm URI is a canonicalization algorithm URI.
static void	prepareSignatureParams(Signature signature, SignatureSigningParameters parameters)	Prepare a Signature with necessary additional information prior to signing.
private static void	processContentReferences(Signature signature, SignatureSigningParameters parameters)	Prepare the content references.
private static void	processKeyInfo(Signature signature, SignatureSigningParameters parameters)	Prepare the content references.
static void	signObject(SignableXMLObject signable, SignatureSigningParameters parameters)	Signs a SignableXMLObject.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

C14N_ALGORITHMS

private static final Set<String> C14N_ALGORITHMS

Set of known canonicalization algorithm URIs.

Constructor Detail

SignatureSupport

private SignatureSupport()

Constructor.

Method Detail

getLogger

@Nonnull
private static org.slf4j.Logger getLogger()

Get an SLF4J Logger.

Returns:

a Logger instance

prepareSignatureParams

public static void prepareSignatureParams(@Nonnull
                                          Signature signature,
                                          @Nonnull
                                          SignatureSigningParameters parameters)
                                   throws SecurityException

Prepare a Signature with necessary additional information prior to signing.

NOTE:Since this operation modifies the specified Signature object, it should be called prior to marshalling the Signature object.

The following Signature values will be added:

• signing credential
• signature algorithm URI
• canonicalization algorithm URI
• reference digest method
• HMAC output length (if applicable and a value is configured)
• a KeyInfo element representing the signing credential

Existing (non-null) values of these parameters on the specified signature will NOT be overwritten, however.

All values are determined by the specified SignatureSigningParameters. If no value for a required parameter is specified or included on the passed signature, a SecurityException will be thrown.

Parameters:

signature - the Signature to be updated

parameters - the signing parameters to use

Throws:

SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

processKeyInfo

private static void processKeyInfo(Signature signature,
                                   SignatureSigningParameters parameters)
                            throws SecurityException

Prepare the content references.

Parameters:

signature - the Signature to be updated

parameters - the signing parameters to use

Throws:

SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

processContentReferences

private static void processContentReferences(@Nonnull
                                             Signature signature,
                                             @Nonnull
                                             SignatureSigningParameters parameters)
                                      throws SecurityException

Prepare the content references.

Parameters:

signature - the Signature to be updated

parameters - the signing parameters to use

Throws:

SecurityException - thrown if a required parameter is not supplied in the parameters instance or available on the Signature instance

addOrReplaceReferenceCanonicalizationTransform

private static void addOrReplaceReferenceCanonicalizationTransform(@Nullable
                                                                   ContentReference cr,
                                                                   @Nullable
                                                                   String uri)

Process the indicated content reference and either add or replace its canonicalization Transform algorithm with the indicated algorithm.

Parameters:

cr - the content reference to process

uri - the canonicalization algorithm to either add or replace

isCanonicalizationAlgorithm

private static boolean isCanonicalizationAlgorithm(@Nullable
                                                   String uri)

Evaluate whether the indicated algorithm URI is a canonicalization algorithm URI.

Parameters:

uri - the algorithm URI to evaluate

Returns:

true if is a canonicalization algorithm, false otherwise

signObject

public static void signObject(@Nonnull
                              SignableXMLObject signable,
                              @Nonnull
                              SignatureSigningParameters parameters)
                       throws SecurityException,
                              MarshallingException,
                              SignatureException

Signs a SignableXMLObject.

Parameters:

signable - the signable XMLObject to sign

parameters - the signing parameters to use

Throws:

SecurityException - if there is a problem preparing the signature

MarshallingException - if there is a problem marshalling the XMLObject

SignatureException - if there is a problem with the signature operation