XMLSignature object from a corresponding
* XML representation.
*
* Each instance of XMLSignatureFactory supports a specific
* XML mechanism type. To create an XMLSignatureFactory, call one
* of the static {@link #getInstance getInstance} methods, passing in the XML
* mechanism type desired, for example:
*
*
* XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
* The objects that this factory produces will be based * on DOM and abide by the DOM interoperability requirements as defined in the * * DOM Mechanism Requirements section of the API overview. See the * * Service Providers section of the API overview for a list of standard * mechanism types. * *
XMLSignatureFactory implementations are registered and loaded
* using the {@link java.security.Provider} mechanism.
* For example, a service provider that supports the
* DOM mechanism would be specified in the Provider subclass as:
*
* put("XMLSignatureFactory.DOM", "org.example.DOMXMLSignatureFactory");
*
*
* An implementation MUST minimally support the default mechanism type: DOM. * *
Note that a caller must use the same XMLSignatureFactory
* instance to create the XMLStructures of a particular
* XMLSignature that is to be generated. The behavior is
* undefined if XMLStructures from different providers or
* different mechanism types are used together.
*
*
Also, the XMLStructures that are created by this factory
* may contain state specific to the XMLSignature and are not
* intended to be reusable.
*
*
Once the XMLSignatureFactory has been created, objects
* can be instantiated by calling the appropriate method. For example, a
* {@link Reference} instance may be created by invoking one of the
* {@link #newReference newReference} methods.
*
*
Alternatively, an XMLSignature may be created from an
* existing XML representation by invoking the {@link #unmarshalXMLSignature
* unmarshalXMLSignature} method and passing it a mechanism-specific
* {@link XMLValidateContext} instance containing the XML content:
*
*
* DOMValidateContext context = new DOMValidateContext(key, signatureElement); * XMLSignature signature = factory.unmarshalXMLSignature(context); ** * Each
XMLSignatureFactory must support the required
* XMLValidateContext types for that factory type, but may support
* others. A DOM XMLSignatureFactory must support {@link
* DOMValidateContext} objects.
*
* XMLSignature created by the factory can also be
* marshalled to an XML representation and signed, by invoking the
* {@link XMLSignature#sign sign} method of the
* {@link XMLSignature} object and passing it a mechanism-specific
* {@link XMLSignContext} object containing the signing key and
* marshalling parameters (see {@link DOMSignContext}).
* For example:
*
* * DOMSignContext context = new DOMSignContext(privateKey, document); * signature.sign(context); ** * Concurrent Access *
The static methods of this class are guaranteed to be thread-safe. * Multiple threads may concurrently invoke the static methods defined in this * class with no ill effects. * *
However, this is not true for the non-static methods defined by this
* class. Unless otherwise documented by a specific provider, threads that
* need to access a single XMLSignatureFactory instance
* concurrently should synchronize amongst themselves and provide the
* necessary locking. Multiple threads each manipulating a different
* XMLSignatureFactory instance need not synchronize.
*
* @author Sean Mullan
* @author JSR 105 Expert Group
* @since 1.6
*/
public abstract class XMLSignatureFactory {
private String mechanismType;
private Provider provider;
/**
* Default constructor, for invocation by subclasses.
*/
protected XMLSignatureFactory() {}
/**
* Returns an XMLSignatureFactory that supports the
* specified XML processing mechanism and representation type (ex: "DOM").
*
*
This method uses the standard JCA provider lookup mechanism to
* locate and instantiate an XMLSignatureFactory
* implementation of the desired mechanism type. It traverses the list of
* registered security Providers, starting with the most
* preferred Provider. A new XMLSignatureFactory
* object from the first Provider that supports the specified
* mechanism is returned.
*
*
Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @implNote
* The JDK Reference Implementation additionally uses the
* {@code jdk.security.provider.preferred}
* {@link Security#getProperty(String) Security} property to determine
* the preferred provider order for the specified algorithm. This
* may be different than the order of providers returned by
* {@link Security#getProviders() Security.getProviders()}.
*
* @param mechanismType the type of the XML processing mechanism and
* representation. See the
* Service Providers section of the API overview for a list of
* standard mechanism types.
* @return a new XMLSignatureFactory
* @throws NullPointerException if mechanismType is
* null
* @throws NoSuchMechanismException if no Provider supports an
* XMLSignatureFactory implementation for the specified
* mechanism
* @see Provider
*/
public static XMLSignatureFactory getInstance(String mechanismType) {
if (mechanismType == null) {
throw new NullPointerException("mechanismType cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
}
/**
* Returns an XMLSignatureFactory that supports the
* requested XML processing mechanism and representation type (ex: "DOM"),
* as supplied by the specified provider. Note that the specified
* Provider object does not have to be registered in the
* provider list.
*
* @param mechanismType the type of the XML processing mechanism and
* representation. See the
* Service Providers section of the API overview for a list of
* standard mechanism types.
* @param provider the Provider object
* @return a new XMLSignatureFactory
* @throws NullPointerException if provider or
* mechanismType is null
* @throws NoSuchMechanismException if an XMLSignatureFactory
* implementation for the specified mechanism is not available
* from the specified Provider object
* @see Provider
*/
public static XMLSignatureFactory getInstance(String mechanismType,
Provider provider) {
if (mechanismType == null) {
throw new NullPointerException("mechanismType cannot be null");
} else if (provider == null) {
throw new NullPointerException("provider cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
}
/**
* Returns an XMLSignatureFactory that supports the
* requested XML processing mechanism and representation type (ex: "DOM"),
* as supplied by the specified provider. The specified provider must be
* registered in the security provider list.
*
*
Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @param mechanismType the type of the XML processing mechanism and
* representation. See the
* Service Providers section of the API overview for a list of
* standard mechanism types.
* @param provider the string name of the provider
* @return a new XMLSignatureFactory
* @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list
* @throws NullPointerException if provider or
* mechanismType is null
* @throws NoSuchMechanismException if an XMLSignatureFactory
* implementation for the specified mechanism is not
* available from the specified provider
* @see Provider
*/
public static XMLSignatureFactory getInstance(String mechanismType,
String provider) throws NoSuchProviderException {
if (mechanismType == null) {
throw new NullPointerException("mechanismType cannot be null");
} else if (provider == null) {
throw new NullPointerException("provider cannot be null");
} else if (provider.length() == 0) {
throw new NoSuchProviderException();
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
}
/**
* Returns an XMLSignatureFactory that supports the
* default XML processing mechanism and representation type ("DOM").
*
*
This method uses the standard JCA provider lookup mechanism to
* locate and instantiate an XMLSignatureFactory
* implementation of the default mechanism type. It traverses the list of
* registered security Providers, starting with the most
* preferred Provider. A new XMLSignatureFactory
* object from the first Provider that supports the DOM
* mechanism is returned.
*
*
Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @return a new XMLSignatureFactory
* @throws NoSuchMechanismException if no Provider supports an
* XMLSignatureFactory implementation for the DOM
* mechanism
* @see Provider
*/
public static XMLSignatureFactory getInstance() {
return getInstance("DOM");
}
/**
* Returns the type of the XML processing mechanism and representation
* supported by this XMLSignatureFactory (ex: "DOM").
*
* @return the XML processing mechanism type supported by this
* XMLSignatureFactory
*/
public final String getMechanismType() {
return mechanismType;
}
/**
* Returns the provider of this XMLSignatureFactory.
*
* @return the provider of this XMLSignatureFactory
*/
public final Provider getProvider() {
return provider;
}
/**
* Creates an XMLSignature and initializes it with the contents
* of the specified SignedInfo and KeyInfo
* objects.
*
* @param si the signed info
* @param ki the key info (may be null)
* @return an XMLSignature
* @throws NullPointerException if si is null
*/
public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki);
/**
* Creates an XMLSignature and initializes it with the
* specified parameters.
*
* @param si the signed info
* @param ki the key info (may be null)
* @param objects a list of {@link XMLObject}s (may be empty or
* null)
* @param id the Id (may be null)
* @param signatureValueId the SignatureValue Id (may be null)
* @return an XMLSignature
* @throws NullPointerException if si is null
* @throws ClassCastException if any of the objects are not of
* type XMLObject
*/
public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki,
List objects, String id, String signatureValueId);
/**
* Creates a Reference with the specified URI and digest
* method.
*
* @param uri the reference URI (may be null)
* @param dm the digest method
* @return a Reference
* @throws IllegalArgumentException if uri is not RFC 2396
* compliant
* @throws NullPointerException if dm is null
*/
public abstract Reference newReference(String uri, DigestMethod dm);
/**
* Creates a Reference with the specified parameters.
*
* @param uri the reference URI (may be null)
* @param dm the digest method
* @param transforms a list of {@link Transform}s. The list is defensively
* copied to protect against subsequent modification. May be
* null or empty.
* @param type the reference type, as a URI (may be null)
* @param id the reference ID (may be null)
* @return a Reference
* @throws ClassCastException if any of the transforms are
* not of type Transform
* @throws IllegalArgumentException if uri is not RFC 2396
* compliant
* @throws NullPointerException if dm is null
*/
public abstract Reference newReference(String uri, DigestMethod dm,
List transforms, String type, String id);
/**
* Creates a Reference with the specified parameters and
* pre-calculated digest value.
*
*
This method is useful when the digest value of a
* Reference has been previously computed. See for example,
* the
*
* OASIS-DSS (Digital Signature Services) specification.
*
* @param uri the reference URI (may be null)
* @param dm the digest method
* @param transforms a list of {@link Transform}s. The list is defensively
* copied to protect against subsequent modification. May be
* null or empty.
* @param type the reference type, as a URI (may be null)
* @param id the reference ID (may be null)
* @param digestValue the digest value. The array is cloned to protect
* against subsequent modification.
* @return a Reference
* @throws ClassCastException if any of the transforms are
* not of type Transform
* @throws IllegalArgumentException if uri is not RFC 2396
* compliant
* @throws NullPointerException if dm or
* digestValue is null
*/
public abstract Reference newReference(String uri, DigestMethod dm,
List transforms, String type, String id,
byte[] digestValue);
/**
* Creates a Reference with the specified parameters.
*
*
This method is useful when a list of transforms have already been
* applied to the Reference. See for example,
* the
*
* OASIS-DSS (Digital Signature Services) specification.
*
*
When an XMLSignature containing this reference is
* generated, the specified transforms (if non-null) are
* applied to the specified result. The
* Transforms element of the resulting Reference
* element is set to the concatenation of the
* appliedTransforms and transforms.
*
* @param uri the reference URI (may be null)
* @param dm the digest method
* @param appliedTransforms a list of {@link Transform}s that have
* already been applied. The list is defensively
* copied to protect against subsequent modification. The list must
* contain at least one entry.
* @param result the result of processing the sequence of
* appliedTransforms
* @param transforms a list of {@link Transform}s that are to be applied
* when generating the signature. The list is defensively copied to
* protect against subsequent modification. May be null
* or empty.
* @param type the reference type, as a URI (may be null)
* @param id the reference ID (may be null)
* @return a Reference
* @throws ClassCastException if any of the transforms (in either list)
* are not of type Transform
* @throws IllegalArgumentException if uri is not RFC 2396
* compliant or appliedTransforms is empty
* @throws NullPointerException if dm,
* appliedTransforms or result is
* null
*/
public abstract Reference newReference(String uri, DigestMethod dm,
List appliedTransforms, Data result,
List transforms, String type, String id);
/**
* Creates a SignedInfo with the specified canonicalization
* and signature methods, and list of one or more references.
*
* @param cm the canonicalization method
* @param sm the signature method
* @param references a list of one or more {@link Reference}s. The list is
* defensively copied to protect against subsequent modification.
* @return a SignedInfo
* @throws ClassCastException if any of the references are not of
* type Reference
* @throws IllegalArgumentException if references is empty
* @throws NullPointerException if any of the parameters
* are null
*/
public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm,
SignatureMethod sm, List references);
/**
* Creates a SignedInfo with the specified parameters.
*
* @param cm the canonicalization method
* @param sm the signature method
* @param references a list of one or more {@link Reference}s. The list is
* defensively copied to protect against subsequent modification.
* @param id the id (may be null)
* @return a SignedInfo
* @throws ClassCastException if any of the references are not of
* type Reference
* @throws IllegalArgumentException if references is empty
* @throws NullPointerException if cm, sm, or
* references are null
*/
public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm,
SignatureMethod sm, List references, String id);
// Object factory methods
/**
* Creates an XMLObject from the specified parameters.
*
* @param content a list of {@link XMLStructure}s. The list
* is defensively copied to protect against subsequent modification.
* May be null or empty.
* @param id the Id (may be null)
* @param mimeType the mime type (may be null)
* @param encoding the encoding (may be null)
* @return an XMLObject
* @throws ClassCastException if content contains any
* entries that are not of type {@link XMLStructure}
*/
public abstract XMLObject newXMLObject(List content,
String id, String mimeType, String encoding);
/**
* Creates a Manifest containing the specified
* list of {@link Reference}s.
*
* @param references a list of one or more References. The list
* is defensively copied to protect against subsequent modification.
* @return a Manifest
* @throws NullPointerException if references is
* null
* @throws IllegalArgumentException if references is empty
* @throws ClassCastException if references contains any
* entries that are not of type {@link Reference}
*/
public abstract Manifest newManifest(List references);
/**
* Creates a Manifest containing the specified
* list of {@link Reference}s and optional id.
*
* @param references a list of one or more References. The list
* is defensively copied to protect against subsequent modification.
* @param id the id (may be null)
* @return a Manifest
* @throws NullPointerException if references is
* null
* @throws IllegalArgumentException if references is empty
* @throws ClassCastException if references contains any
* entries that are not of type {@link Reference}
*/
public abstract Manifest newManifest(List references,
String id);
/**
* Creates a SignatureProperty containing the specified
* list of {@link XMLStructure}s, target URI and optional id.
*
* @param content a list of one or more XMLStructures. The list
* is defensively copied to protect against subsequent modification.
* @param target the target URI of the Signature that this property applies
* to
* @param id the id (may be null)
* @return a SignatureProperty
* @throws NullPointerException if content or
* target is null
* @throws IllegalArgumentException if content is empty
* @throws ClassCastException if content contains any
* entries that are not of type {@link XMLStructure}
*/
public abstract SignatureProperty newSignatureProperty
(List content, String target, String id);
/**
* Creates a SignatureProperties containing the specified
* list of {@link SignatureProperty}s and optional id.
*
* @param properties a list of one or more SignaturePropertys.
* The list is defensively copied to protect against subsequent
* modification.
* @param id the id (may be null)
* @return a SignatureProperties
* @throws NullPointerException if properties
* is null
* @throws IllegalArgumentException if properties is empty
* @throws ClassCastException if properties contains any
* entries that are not of type {@link SignatureProperty}
*/
public abstract SignatureProperties newSignatureProperties
(List properties, String id);
// Algorithm factory methods
/**
* Creates a DigestMethod for the specified algorithm URI
* and parameters.
*
* @param algorithm the URI identifying the digest algorithm
* @param params algorithm-specific digest parameters (may be
* null)
* @return the DigestMethod
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract DigestMethod newDigestMethod(String algorithm,
DigestMethodParameterSpec params) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException;
/**
* Creates a SignatureMethod for the specified algorithm URI
* and parameters.
*
* @param algorithm the URI identifying the signature algorithm
* @param params algorithm-specific signature parameters (may be
* null)
* @return the SignatureMethod
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract SignatureMethod newSignatureMethod(String algorithm,
SignatureMethodParameterSpec params) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException;
/**
* Creates a Transform for the specified algorithm URI
* and parameters.
*
* @param algorithm the URI identifying the transform algorithm
* @param params algorithm-specific transform parameters (may be
* null)
* @return the Transform
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract Transform newTransform(String algorithm,
TransformParameterSpec params) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException;
/**
* Creates a Transform for the specified algorithm URI
* and parameters. The parameters are specified as a mechanism-specific
* XMLStructure (ex: {@link DOMStructure}). This method is
* useful when the parameters are in XML form or there is no standard
* class for specifying the parameters.
*
* @param algorithm the URI identifying the transform algorithm
* @param params a mechanism-specific XML structure from which to
* unmarshal the parameters from (may be null if
* not required or optional)
* @return the Transform
* @throws ClassCastException if the type of params is
* inappropriate for this XMLSignatureFactory
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract Transform newTransform(String algorithm,
XMLStructure params) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException;
/**
* Creates a CanonicalizationMethod for the specified
* algorithm URI and parameters.
*
* @param algorithm the URI identifying the canonicalization algorithm
* @param params algorithm-specific canonicalization parameters (may be
* null)
* @return the CanonicalizationMethod
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract CanonicalizationMethod newCanonicalizationMethod(
String algorithm, C14NMethodParameterSpec params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Creates a CanonicalizationMethod for the specified
* algorithm URI and parameters. The parameters are specified as a
* mechanism-specific XMLStructure (ex: {@link DOMStructure}).
* This method is useful when the parameters are in XML form or there is
* no standard class for specifying the parameters.
*
* @param algorithm the URI identifying the canonicalization algorithm
* @param params a mechanism-specific XML structure from which to
* unmarshal the parameters from (may be null if
* not required or optional)
* @return the CanonicalizationMethod
* @throws ClassCastException if the type of params is
* inappropriate for this XMLSignatureFactory
* @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for the requested algorithm
* @throws NoSuchAlgorithmException if an implementation of the
* specified algorithm cannot be found
* @throws NullPointerException if algorithm is
* null
*/
public abstract CanonicalizationMethod newCanonicalizationMethod(
String algorithm, XMLStructure params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Returns a KeyInfoFactory that creates KeyInfo
* objects. The returned KeyInfoFactory has the same
* mechanism type and provider as this XMLSignatureFactory.
*
* @return a KeyInfoFactory
* @throws NoSuchMechanismException if a KeyFactory
* implementation with the same mechanism type and provider
* is not available
*/
public final KeyInfoFactory getKeyInfoFactory() {
return KeyInfoFactory.getInstance(getMechanismType(), getProvider());
}
/**
* Unmarshals a new XMLSignature instance from a
* mechanism-specific XMLValidateContext instance.
*
* @param context a mechanism-specific context from which to unmarshal the
* signature from
* @return the XMLSignature
* @throws NullPointerException if context is
* null
* @throws ClassCastException if the type of context is
* inappropriate for this factory
* @throws MarshalException if an unrecoverable exception occurs
* during unmarshalling
*/
public abstract XMLSignature unmarshalXMLSignature
(XMLValidateContext context) throws MarshalException;
/**
* Unmarshals a new XMLSignature instance from a
* mechanism-specific XMLStructure instance.
* This method is useful if you only want to unmarshal (and not
* validate) an XMLSignature.
*
* @param xmlStructure a mechanism-specific XML structure from which to
* unmarshal the signature from
* @return the XMLSignature
* @throws NullPointerException if xmlStructure is
* null
* @throws ClassCastException if the type of xmlStructure is
* inappropriate for this factory
* @throws MarshalException if an unrecoverable exception occurs
* during unmarshalling
*/
public abstract XMLSignature unmarshalXMLSignature
(XMLStructure xmlStructure) throws MarshalException;
/**
* Indicates whether a specified feature is supported.
*
* @param feature the feature name (as an absolute URI)
* @return true if the specified feature is supported,
* false otherwise
* @throws NullPointerException if feature is null
*/
public abstract boolean isFeatureSupported(String feature);
/**
* Returns a reference to the URIDereferencer that is used by
* default to dereference URIs in {@link Reference} objects.
*
* @return a reference to the default URIDereferencer (never
* null)
*/
public abstract URIDereferencer getURIDereferencer();
}