PicketLink Federation Core 2.1.6.Final-redhat-2

org.picketlink.identity.federation.core.util
Class XMLSignatureUtil

java.lang.Object
  extended by org.picketlink.identity.federation.core.util.XMLSignatureUtil

public class XMLSignatureUtil
extends Object

Utility for XML Signature Note: You can change the canonicalization method type by using the system property "picketlink.xmlsig.canonicalization"

Since:
Dec 15, 2008
Author:
Anil.Saldhana@redhat.com, alessio.soldano@jboss.com

Constructor Summary
XMLSignatureUtil()
           
 
Method Summary
static KeyValueType createKeyValue(PublicKey key)
           Creates a KeyValueType that wraps the specified public key.
static DSAKeyValueType getDSAKeyValue(Element element)
          Given a dsig:DSAKeyValue element, return DSAKeyValueType
static RSAKeyValueType getRSAKeyValue(Element element)
          Given a dsig:DSAKeyValue element, return DSAKeyValueType
static X509Certificate getX509CertificateFromKeyInfoString(String certificateString)
          Given the X509Certificate in the keyinfo element, get a X509Certificate
static void marshall(Document signedDocument, OutputStream os)
          Marshall the signed document to an output stream
static void marshall(SignatureType signature, OutputStream os)
          Marshall a SignatureType to output stream
static boolean preCheckSignedInfo(Document doc)
          Precheck whether the document that will be validated has the right signedinfo
static void propagateIDAttributeSetup(Node sourceNode, Element destElement)
          Setup the ID attribute into destElement depending on the isId flag of an attribute of sourceNode.
static void setCanonicalizationMethodType(String canonical)
          Set the canonicalization method type
static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
          Use this method to not include the KeyInfo in the signature
static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
          Sign the root element
static Document sign(Document doc, Node nodeToBeSigned, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
          Sign a node in a document
static Document sign(Document doc, Node parentOfNodeToBeSigned, PrivateKey signingKey, X509Certificate certificate, String digestMethod, String signatureMethod, String referenceURI)
          Sign a node in a document
static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
          Sign only specified element (assumption is that it already has ID attribute set)
static Document sign(SignatureUtilTransferObject dto)
          Sign the root element
static boolean validate(Document signedDoc, Key publicKey)
          Validate a signed document with the given public key
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

XMLSignatureUtil

public XMLSignatureUtil()
Method Detail

setCanonicalizationMethodType

public static void setCanonicalizationMethodType(String canonical)
Set the canonicalization method type

Parameters:
canonical -

setIncludeKeyInfoInSignature

public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
Use this method to not include the KeyInfo in the signature

Parameters:
includeKeyInfoInSignature -
Since:
v2.0.1

preCheckSignedInfo

public static boolean preCheckSignedInfo(Document doc)
Precheck whether the document that will be validated has the right signedinfo

Parameters:
doc -
Returns:

sign

public static Document sign(Document doc,
                            Node parentOfNodeToBeSigned,
                            PrivateKey signingKey,
                            X509Certificate certificate,
                            String digestMethod,
                            String signatureMethod,
                            String referenceURI)
                     throws ParserConfigurationException,
                            GeneralSecurityException,
                            MarshalException,
                            XMLSignatureException
Sign a node in a document

Parameters:
doc - Document
parentOfNodeToBeSigned - Parent Node of the node to be signed
signingKey - Private Key
certificate - X509 Certificate holding the public key
digestMethod - (Example: DigestMethod.SHA1)
signatureMethod - (Example: SignatureMethod.DSA_SHA1)
referenceURI -
Returns:
Document that contains the signed node
Throws:
XMLSignatureException
MarshalException
GeneralSecurityException
ParserConfigurationException

sign

public static Document sign(Document doc,
                            Node nodeToBeSigned,
                            KeyPair keyPair,
                            String digestMethod,
                            String signatureMethod,
                            String referenceURI)
                     throws ParserConfigurationException,
                            GeneralSecurityException,
                            MarshalException,
                            XMLSignatureException
Sign a node in a document

Parameters:
doc -
nodeToBeSigned -
keyPair -
publicKey -
digestMethod -
signatureMethod -
referenceURI -
Returns:
Throws:
ParserConfigurationException
XMLSignatureException
MarshalException
GeneralSecurityException

sign

public static void sign(Element elementToSign,
                        Node nextSibling,
                        KeyPair keyPair,
                        String digestMethod,
                        String signatureMethod,
                        String referenceURI)
                 throws GeneralSecurityException,
                        MarshalException,
                        XMLSignatureException
Sign only specified element (assumption is that it already has ID attribute set)

Parameters:
elementToSign - element to sign with set ID
nextSibling - child of elementToSign, which will be used as next sibling of created signature
keyPair -
digestMethod -
signatureMethod -
referenceURI -
Throws:
GeneralSecurityException
MarshalException
XMLSignatureException

propagateIDAttributeSetup

public static void propagateIDAttributeSetup(Node sourceNode,
                                             Element destElement)
Setup the ID attribute into destElement depending on the isId flag of an attribute of sourceNode.

Parameters:
sourceNode -
destDocElement -

sign

public static Document sign(Document doc,
                            KeyPair keyPair,
                            String digestMethod,
                            String signatureMethod,
                            String referenceURI)
                     throws GeneralSecurityException,
                            MarshalException,
                            XMLSignatureException
Sign the root element

Parameters:
doc -
signingKey -
publicKey -
digestMethod -
signatureMethod -
referenceURI -
Returns:
Throws:
GeneralSecurityException
XMLSignatureException
MarshalException

sign

public static Document sign(SignatureUtilTransferObject dto)
                     throws GeneralSecurityException,
                            MarshalException,
                            XMLSignatureException
Sign the root element

Parameters:
doc -
signingKey -
publicKey -
digestMethod -
signatureMethod -
referenceURI -
Returns:
Throws:
GeneralSecurityException
XMLSignatureException
MarshalException

validate

public static boolean validate(Document signedDoc,
                               Key publicKey)
                        throws MarshalException,
                               XMLSignatureException
Validate a signed document with the given public key

Parameters:
signedDoc -
publicKey -
Returns:
Throws:
MarshalException
XMLSignatureException

marshall

public static void marshall(SignatureType signature,
                            OutputStream os)
                     throws JAXBException,
                            SAXException
Marshall a SignatureType to output stream

Parameters:
signature -
os -
Throws:
SAXException
JAXBException

marshall

public static void marshall(Document signedDocument,
                            OutputStream os)
                     throws TransformerException
Marshall the signed document to an output stream

Parameters:
signedDocument -
os -
Throws:
TransformerException

getX509CertificateFromKeyInfoString

public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString)
                                                           throws ProcessingException
Given the X509Certificate in the keyinfo element, get a X509Certificate

Parameters:
certificateString -
Returns:
Throws:
ProcessingException

getDSAKeyValue

public static DSAKeyValueType getDSAKeyValue(Element element)
                                      throws ParsingException
Given a dsig:DSAKeyValue element, return DSAKeyValueType

Parameters:
element -
Returns:
Throws:
ProcessingException
ParsingException

getRSAKeyValue

public static RSAKeyValueType getRSAKeyValue(Element element)
                                      throws ParsingException
Given a dsig:DSAKeyValue element, return DSAKeyValueType

Parameters:
element -
Returns:
Throws:
ProcessingException
ParsingException

createKeyValue

public static KeyValueType createKeyValue(PublicKey key)

Creates a KeyValueType that wraps the specified public key. This method supports DSA and RSA keys.

Parameters:
key - the PublicKey that will be represented as a KeyValueType.
Returns:
the constructed KeyValueType or null if the specified key is neither a DSA nor a RSA key.

PicketLink Federation Core 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.