src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
Print this page
*** 1,29 ****
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
! /*
! * Copyright 1999-2004 The Apache Software Foundation.
! *
! * Licensed under the Apache License, Version 2.0 (the "License");
! * you may not use this file except in compliance with the License.
! * You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
! * Unless required by applicable law or agreed to in writing, software
! * distributed under the License is distributed on an "AS IS" BASIS,
! * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
! * See the License for the specific language governing permissions and
! * limitations under the License.
! *
*/
package com.sun.org.apache.xml.internal.security.signature;
-
-
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
--- 1,29 ----
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
! /**
! * Licensed to the Apache Software Foundation (ASF) under one
! * or more contributor license agreements. See the NOTICE file
! * distributed with this work for additional information
! * regarding copyright ownership. The ASF licenses this file
! * to you under the Apache License, Version 2.0 (the
! * "License"); you may not use this file except in compliance
! * with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
! * Unless required by applicable law or agreed to in writing,
! * software distributed under the License is distributed on an
! * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
! * KIND, either express or implied. See the License for the
! * specific language governing permissions and limitations
! * under the License.
*/
package com.sun.org.apache.xml.internal.security.signature;
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
*** 40,50 ****
import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.I18n;
- import com.sun.org.apache.xml.internal.security.utils.IdResolver;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.SignerOutputStream;
import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
--- 40,49 ----
*** 54,72 ****
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-
/**
* Handles <code><ds:Signature></code> elements.
* This is the main class that deals with creating and verifying signatures.
*
* <p>There are 2 types of constructors for this class. The ones that take a
* document, baseURI and 1 or more Java Objects. This is mostly used for
* signing purposes.
! * The other constructor is the one that takes a DOM Element and a BaseURI.
* This is used mostly with for verifying, when you have a SignatureElement.
*
* There are a few different types of methods:
* <ul><li>The addDocument* methods are used to add References with optional
* transforms during signing. </li>
--- 53,70 ----
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
/**
* Handles <code><ds:Signature></code> elements.
* This is the main class that deals with creating and verifying signatures.
*
* <p>There are 2 types of constructors for this class. The ones that take a
* document, baseURI and 1 or more Java Objects. This is mostly used for
* signing purposes.
! * The other constructor is the one that takes a DOM Element and a baseURI.
* This is used mostly with for verifying, when you have a SignatureElement.
*
* There are a few different types of methods:
* <ul><li>The addDocument* methods are used to add References with optional
* transforms during signing. </li>
*** 74,328 ****
* KeyInfo tags during signing. </li>
* <li>appendObject allows a user to add any XML Structure as an
* ObjectContainer during signing.</li>
* <li>sign and checkSignatureValue methods are used to sign and validate the
* signature. </li></ul>
- *
- * @author $Author: mullan $
*/
public final class XMLSignature extends SignatureElementProxy {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(XMLSignature.class.getName());
-
- //J-
/** MAC - Required HMAC-SHA1 */
! public static final String ALGO_ID_MAC_HMAC_SHA1 = Constants.SignatureSpecNS + "hmac-sha1";
/** Signature - Required DSAwithSHA1 (DSS) */
! public static final String ALGO_ID_SIGNATURE_DSA = Constants.SignatureSpecNS + "dsa-sha1";
/** Signature - Recommended RSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_RSA = Constants.SignatureSpecNS + "rsa-sha1";
/** Signature - Recommended RSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = Constants.SignatureSpecNS + "rsa-sha1";
/** Signature - NOT Recommended RSAwithMD5 */
! public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = Constants.MoreAlgorithmsSpecNS + "rsa-md5";
/** Signature - Optional RSAwithRIPEMD160 */
! public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
/** Signature - Optional RSAwithSHA256 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
/** Signature - Optional RSAwithSHA384 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = Constants.MoreAlgorithmsSpecNS + "rsa-sha384";
/** Signature - Optional RSAwithSHA512 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
/** HMAC - NOT Recommended HMAC-MD5 */
! public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "hmac-md5";
/** HMAC - Optional HMAC-RIPEMD160 */
! public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
/** HMAC - Optional HMAC-SHA256 */
! public static final String ALGO_ID_MAC_HMAC_SHA256 = Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
/** HMAC - Optional HMAC-SHA284 */
! public static final String ALGO_ID_MAC_HMAC_SHA384 = Constants.MoreAlgorithmsSpecNS + "hmac-sha384";
/** HMAC - Optional HMAC-SHA512 */
! public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
/**Signature - Optional ECDSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
! //J+
/** ds:Signature.ds:SignedInfo element */
! private SignedInfo _signedInfo = null;
/** ds:Signature.ds:KeyInfo */
! private KeyInfo _keyInfo = null;
/**
* Checking the digests in References in a Signature are mandatory, but for
* References inside a Manifest it is application specific. This boolean is
* to indicate that the References inside Manifests should be validated.
*/
! private boolean _followManifestsDuringValidation = false;
! private Element signatureValueElement;
/**
* This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
* <CODE>ds:SignedInfo</CODE>.
* The <code>ds:SignedInfo</code> is initialized with the specified Signature
* algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
* by the spec. This method's main use is for creating a new signature.
*
* @param doc Document in which the signature will be appended after creation.
! * @param BaseURI URI to be used as context for all relative URIs.
! * @param SignatureMethodURI signature algorithm to use.
* @throws XMLSecurityException
*/
! public XMLSignature(Document doc, String BaseURI, String SignatureMethodURI)
throws XMLSecurityException {
! this(doc, BaseURI, SignatureMethodURI, 0,
! Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param BaseURI
! * @param SignatureMethodURI the Signature method to be used.
! * @param HMACOutputLength
* @throws XMLSecurityException
*/
! public XMLSignature(
! Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength)
! throws XMLSecurityException {
! this(doc, BaseURI, SignatureMethodURI, HMACOutputLength,
! Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param BaseURI
! * @param SignatureMethodURI the Signature method to be used.
! * @param CanonicalizationMethodURI the canonicalization algorithm to be used to c14nize the SignedInfo element.
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc, String BaseURI, String SignatureMethodURI, String CanonicalizationMethodURI)
! throws XMLSecurityException {
! this(doc, BaseURI, SignatureMethodURI, 0, CanonicalizationMethodURI);
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param BaseURI
! * @param SignatureMethodURI
! * @param HMACOutputLength
! * @param CanonicalizationMethodURI
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength, String CanonicalizationMethodURI)
! throws XMLSecurityException {
!
super(doc);
String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
! if (xmlnsDsPrefix == null) {
! this._constructionElement.setAttributeNS
! (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else {
! this._constructionElement.setAttributeNS
! (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
! }
! XMLUtils.addReturnToElement(this._constructionElement);
!
! this._baseURI = BaseURI;
! this._signedInfo = new SignedInfo(this._doc, SignatureMethodURI,
! HMACOutputLength,
! CanonicalizationMethodURI);
! this._constructionElement.appendChild(this._signedInfo.getElement());
! XMLUtils.addReturnToElement(this._constructionElement);
// create an empty SignatureValue; this is filled by setSignatureValueElement
signatureValueElement =
! XMLUtils.createElementInSignatureSpace(this._doc,
! Constants._TAG_SIGNATUREVALUE);
! this._constructionElement.appendChild(signatureValueElement);
! XMLUtils.addReturnToElement(this._constructionElement);
}
/**
* Creates a XMLSignature in a Document
* @param doc
! * @param BaseURI
* @param SignatureMethodElem
* @param CanonicalizationMethodElem
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc, String BaseURI, Element SignatureMethodElem, Element CanonicalizationMethodElem)
! throws XMLSecurityException {
!
super(doc);
String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
! if (xmlnsDsPrefix == null) {
! this._constructionElement.setAttributeNS
! (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else {
! this._constructionElement.setAttributeNS
! (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
! }
! XMLUtils.addReturnToElement(this._constructionElement);
!
! this._baseURI = BaseURI;
! this._signedInfo = new SignedInfo(this._doc, SignatureMethodElem, CanonicalizationMethodElem);
! this._constructionElement.appendChild(this._signedInfo.getElement());
! XMLUtils.addReturnToElement(this._constructionElement);
// create an empty SignatureValue; this is filled by setSignatureValueElement
signatureValueElement =
! XMLUtils.createElementInSignatureSpace(this._doc,
! Constants._TAG_SIGNATUREVALUE);
! this._constructionElement.appendChild(signatureValueElement);
! XMLUtils.addReturnToElement(this._constructionElement);
}
/**
* This will parse the element and construct the Java Objects.
* That will allow a user to validate the signature.
*
* @param element ds:Signature element that contains the whole signature
! * @param BaseURI URI to be prepended to all relative URIs
* @throws XMLSecurityException
* @throws XMLSignatureException if the signature is badly formatted
*/
! public XMLSignature(Element element, String BaseURI)
throws XMLSignatureException, XMLSecurityException {
! super(element, BaseURI);
// check out SignedInfo child
! Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());// XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
! //Constants._TAG_SIGNEDINFO,0);
// check to see if it is there
if (signedInfoElem == null) {
! Object exArgs[] = { Constants._TAG_SIGNEDINFO,
! Constants._TAG_SIGNATURE };
!
throw new XMLSignatureException("xml.WrongContent", exArgs);
}
// create a SignedInfo object from that element
! this._signedInfo = new SignedInfo(signedInfoElem, BaseURI);
// check out SignatureValue child
! this.signatureValueElement =XMLUtils.getNextElement(signedInfoElem.getNextSibling()); //XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
! // Constants._TAG_SIGNATUREVALUE,0);
// check to see if it exists
if (signatureValueElement == null) {
! Object exArgs[] = { Constants._TAG_SIGNATUREVALUE,
! Constants._TAG_SIGNATURE };
!
throw new XMLSignatureException("xml.WrongContent", exArgs);
}
Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
if (signatureValueAttr != null) {
signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
}
// <element ref="ds:KeyInfo" minOccurs="0"/>
! Element keyInfoElem = XMLUtils.getNextElement(signatureValueElement.getNextSibling());//XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
! // Constants._TAG_KEYINFO,0);
// If it exists use it, but it's not mandatory
! if ((keyInfoElem != null) && (keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS) &&
! keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) ) {
! this._keyInfo = new KeyInfo(keyInfoElem, BaseURI);
}
// <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
Element objectElem =
XMLUtils.getNextElement(signatureValueElement.getNextSibling());
--- 72,389 ----
* KeyInfo tags during signing. </li>
* <li>appendObject allows a user to add any XML Structure as an
* ObjectContainer during signing.</li>
* <li>sign and checkSignatureValue methods are used to sign and validate the
* signature. </li></ul>
*/
public final class XMLSignature extends SignatureElementProxy {
/** MAC - Required HMAC-SHA1 */
! public static final String ALGO_ID_MAC_HMAC_SHA1 =
! Constants.SignatureSpecNS + "hmac-sha1";
/** Signature - Required DSAwithSHA1 (DSS) */
! public static final String ALGO_ID_SIGNATURE_DSA =
! Constants.SignatureSpecNS + "dsa-sha1";
/** Signature - Recommended RSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_RSA =
! Constants.SignatureSpecNS + "rsa-sha1";
!
/** Signature - Recommended RSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
! Constants.SignatureSpecNS + "rsa-sha1";
!
/** Signature - NOT Recommended RSAwithMD5 */
! public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
! Constants.MoreAlgorithmsSpecNS + "rsa-md5";
!
/** Signature - Optional RSAwithRIPEMD160 */
! public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 =
! Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
!
/** Signature - Optional RSAwithSHA256 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
! Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
!
/** Signature - Optional RSAwithSHA384 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA384 =
! Constants.MoreAlgorithmsSpecNS + "rsa-sha384";
!
/** Signature - Optional RSAwithSHA512 */
! public static final String ALGO_ID_SIGNATURE_RSA_SHA512 =
! Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
/** HMAC - NOT Recommended HMAC-MD5 */
! public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
! Constants.MoreAlgorithmsSpecNS + "hmac-md5";
!
/** HMAC - Optional HMAC-RIPEMD160 */
! public static final String ALGO_ID_MAC_HMAC_RIPEMD160 =
! Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
!
/** HMAC - Optional HMAC-SHA256 */
! public static final String ALGO_ID_MAC_HMAC_SHA256 =
! Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
!
/** HMAC - Optional HMAC-SHA284 */
! public static final String ALGO_ID_MAC_HMAC_SHA384 =
! Constants.MoreAlgorithmsSpecNS + "hmac-sha384";
!
/** HMAC - Optional HMAC-SHA512 */
! public static final String ALGO_ID_MAC_HMAC_SHA512 =
! Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
!
/**Signature - Optional ECDSAwithSHA1 */
! public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =
! "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ /**Signature - Optional ECDSAwithSHA256 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+
+ /**Signature - Optional ECDSAwithSHA384 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+
+ /**Signature - Optional ECDSAwithSHA512 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
! /** {@link org.apache.commons.logging} logging facility */
! private static java.util.logging.Logger log =
! java.util.logging.Logger.getLogger(XMLSignature.class.getName());
/** ds:Signature.ds:SignedInfo element */
! private SignedInfo signedInfo;
/** ds:Signature.ds:KeyInfo */
! private KeyInfo keyInfo;
/**
* Checking the digests in References in a Signature are mandatory, but for
* References inside a Manifest it is application specific. This boolean is
* to indicate that the References inside Manifests should be validated.
*/
! private boolean followManifestsDuringValidation = false;
! private Element signatureValueElement;
!
! private static final int MODE_SIGN = 0;
! private static final int MODE_VERIFY = 1;
! private int state = MODE_SIGN;
/**
* This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
* <CODE>ds:SignedInfo</CODE>.
* The <code>ds:SignedInfo</code> is initialized with the specified Signature
* algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
* by the spec. This method's main use is for creating a new signature.
*
* @param doc Document in which the signature will be appended after creation.
! * @param baseURI URI to be used as context for all relative URIs.
! * @param signatureMethodURI signature algorithm to use.
* @throws XMLSecurityException
*/
! public XMLSignature(Document doc, String baseURI, String signatureMethodURI)
throws XMLSecurityException {
! this(doc, baseURI, signatureMethodURI, 0, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param baseURI
! * @param signatureMethodURI the Signature method to be used.
! * @param hmacOutputLength
* @throws XMLSecurityException
*/
! public XMLSignature(Document doc, String baseURI, String signatureMethodURI,
! int hmacOutputLength) throws XMLSecurityException {
! this(
! doc, baseURI, signatureMethodURI, hmacOutputLength,
! Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS
! );
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param baseURI
! * @param signatureMethodURI the Signature method to be used.
! * @param canonicalizationMethodURI the canonicalization algorithm to be
! * used to c14nize the SignedInfo element.
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc,
! String baseURI,
! String signatureMethodURI,
! String canonicalizationMethodURI
! ) throws XMLSecurityException {
! this(doc, baseURI, signatureMethodURI, 0, canonicalizationMethodURI);
}
/**
* Constructor XMLSignature
*
* @param doc
! * @param baseURI
! * @param signatureMethodURI
! * @param hmacOutputLength
! * @param canonicalizationMethodURI
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc,
! String baseURI,
! String signatureMethodURI,
! int hmacOutputLength,
! String canonicalizationMethodURI
! ) throws XMLSecurityException {
super(doc);
String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
! if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
! this.constructionElement.setAttributeNS(
! Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
! );
} else {
! this.constructionElement.setAttributeNS(
! Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
! );
! }
! XMLUtils.addReturnToElement(this.constructionElement);
!
! this.baseURI = baseURI;
! this.signedInfo =
! new SignedInfo(
! this.doc, signatureMethodURI, hmacOutputLength, canonicalizationMethodURI
! );
! this.constructionElement.appendChild(this.signedInfo.getElement());
! XMLUtils.addReturnToElement(this.constructionElement);
// create an empty SignatureValue; this is filled by setSignatureValueElement
signatureValueElement =
! XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
! this.constructionElement.appendChild(signatureValueElement);
! XMLUtils.addReturnToElement(this.constructionElement);
}
+
/**
* Creates a XMLSignature in a Document
* @param doc
! * @param baseURI
* @param SignatureMethodElem
* @param CanonicalizationMethodElem
* @throws XMLSecurityException
*/
public XMLSignature(
! Document doc,
! String baseURI,
! Element SignatureMethodElem,
! Element CanonicalizationMethodElem
! ) throws XMLSecurityException {
super(doc);
String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
! if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
! this.constructionElement.setAttributeNS(
! Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
! );
} else {
! this.constructionElement.setAttributeNS(
! Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
! );
! }
! XMLUtils.addReturnToElement(this.constructionElement);
!
! this.baseURI = baseURI;
! this.signedInfo =
! new SignedInfo(this.doc, SignatureMethodElem, CanonicalizationMethodElem);
! this.constructionElement.appendChild(this.signedInfo.getElement());
! XMLUtils.addReturnToElement(this.constructionElement);
// create an empty SignatureValue; this is filled by setSignatureValueElement
signatureValueElement =
! XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
! this.constructionElement.appendChild(signatureValueElement);
! XMLUtils.addReturnToElement(this.constructionElement);
}
/**
* This will parse the element and construct the Java Objects.
* That will allow a user to validate the signature.
*
* @param element ds:Signature element that contains the whole signature
! * @param baseURI URI to be prepended to all relative URIs
* @throws XMLSecurityException
* @throws XMLSignatureException if the signature is badly formatted
*/
! public XMLSignature(Element element, String baseURI)
throws XMLSignatureException, XMLSecurityException {
+ this(element, baseURI, false);
+ }
! /**
! * This will parse the element and construct the Java Objects.
! * That will allow a user to validate the signature.
! *
! * @param element ds:Signature element that contains the whole signature
! * @param baseURI URI to be prepended to all relative URIs
! * @param secureValidation whether secure secureValidation is enabled or not
! * @throws XMLSecurityException
! * @throws XMLSignatureException if the signature is badly formatted
! */
! public XMLSignature(Element element, String baseURI, boolean secureValidation)
! throws XMLSignatureException, XMLSecurityException {
! super(element, baseURI);
// check out SignedInfo child
! Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
// check to see if it is there
if (signedInfoElem == null) {
! Object exArgs[] = { Constants._TAG_SIGNEDINFO, Constants._TAG_SIGNATURE };
throw new XMLSignatureException("xml.WrongContent", exArgs);
}
// create a SignedInfo object from that element
! this.signedInfo = new SignedInfo(signedInfoElem, baseURI, secureValidation);
! // get signedInfoElem again in case it has changed
! signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
// check out SignatureValue child
! this.signatureValueElement =
! XMLUtils.getNextElement(signedInfoElem.getNextSibling());
// check to see if it exists
if (signatureValueElement == null) {
! Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, Constants._TAG_SIGNATURE };
throw new XMLSignatureException("xml.WrongContent", exArgs);
}
Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
if (signatureValueAttr != null) {
signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
}
// <element ref="ds:KeyInfo" minOccurs="0"/>
! Element keyInfoElem =
! XMLUtils.getNextElement(signatureValueElement.getNextSibling());
// If it exists use it, but it's not mandatory
! if (keyInfoElem != null
! && keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS)
! && keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) {
! this.keyInfo = new KeyInfo(keyInfoElem, baseURI);
! this.keyInfo.setSecureValidation(secureValidation);
}
// <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
Element objectElem =
XMLUtils.getNextElement(signatureValueElement.getNextSibling());
*** 339,402 ****
Node child = nodes.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element)child;
String tag = childElem.getLocalName();
if (tag.equals("Manifest")) {
! new Manifest(childElem, BaseURI);
} else if (tag.equals("SignatureProperties")) {
! new SignatureProperties(childElem, BaseURI);
}
}
}
objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
}
}
/**
* Sets the <code>Id</code> attribute
*
! * @param Id Id value to be used by the id attribute on the Signature Element
*/
! public void setId(String Id) {
!
! if (Id != null) {
! setLocalIdAttribute(Constants._ATT_ID, Id);
}
}
/**
* Returns the <code>Id</code> attribute
*
* @return the <code>Id</code> attribute
*/
public String getId() {
! return this._constructionElement.getAttributeNS(null, Constants._ATT_ID);
}
/**
* Returns the completely parsed <code>SignedInfo</code> object.
*
* @return the completely parsed <code>SignedInfo</code> object.
*/
public SignedInfo getSignedInfo() {
! return this._signedInfo;
}
/**
* Returns the octet value of the SignatureValue element.
* Throws an XMLSignatureException if it has no or wrong content.
*
* @return the value of the SignatureValue element.
* @throws XMLSignatureException If there is no content
*/
public byte[] getSignatureValue() throws XMLSignatureException {
-
try {
! byte[] signatureValue = Base64.decode(signatureValueElement);
!
! return signatureValue;
} catch (Base64DecodingException ex) {
throw new XMLSignatureException("empty", ex);
}
}
--- 400,462 ----
Node child = nodes.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element)child;
String tag = childElem.getLocalName();
if (tag.equals("Manifest")) {
! new Manifest(childElem, baseURI);
} else if (tag.equals("SignatureProperties")) {
! new SignatureProperties(childElem, baseURI);
}
}
}
objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
}
+
+ this.state = MODE_VERIFY;
}
/**
* Sets the <code>Id</code> attribute
*
! * @param id Id value for the id attribute on the Signature Element
*/
! public void setId(String id) {
! if (id != null) {
! this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
! this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
/**
* Returns the <code>Id</code> attribute
*
* @return the <code>Id</code> attribute
*/
public String getId() {
! return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
}
/**
* Returns the completely parsed <code>SignedInfo</code> object.
*
* @return the completely parsed <code>SignedInfo</code> object.
*/
public SignedInfo getSignedInfo() {
! return this.signedInfo;
}
/**
* Returns the octet value of the SignatureValue element.
* Throws an XMLSignatureException if it has no or wrong content.
*
* @return the value of the SignatureValue element.
* @throws XMLSignatureException If there is no content
*/
public byte[] getSignatureValue() throws XMLSignatureException {
try {
! return Base64.decode(signatureValueElement);
} catch (Base64DecodingException ex) {
throw new XMLSignatureException("empty", ex);
}
}
*** 407,427 ****
* @param bytes bytes to be used by SignatureValue before Base64 encoding
*/
private void setSignatureValueElement(byte[] bytes) {
while (signatureValueElement.hasChildNodes()) {
! signatureValueElement.removeChild
! (signatureValueElement.getFirstChild());
}
String base64codedValue = Base64.encode(bytes);
if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
base64codedValue = "\n" + base64codedValue + "\n";
}
! Text t = this._doc.createTextNode(base64codedValue);
signatureValueElement.appendChild(t);
}
/**
* Returns the KeyInfo child. If we are in signing mode and the KeyInfo
--- 467,486 ----
* @param bytes bytes to be used by SignatureValue before Base64 encoding
*/
private void setSignatureValueElement(byte[] bytes) {
while (signatureValueElement.hasChildNodes()) {
! signatureValueElement.removeChild(signatureValueElement.getFirstChild());
}
String base64codedValue = Base64.encode(bytes);
if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
base64codedValue = "\n" + base64codedValue + "\n";
}
! Text t = this.doc.createTextNode(base64codedValue);
signatureValueElement.appendChild(t);
}
/**
* Returns the KeyInfo child. If we are in signing mode and the KeyInfo
*** 430,507 ****
* This allows to add arbitrary content to the KeyInfo during signing.
*
* @return the KeyInfo object
*/
public KeyInfo getKeyInfo() {
-
// check to see if we are signing and if we have to create a keyinfo
! if ( (this._keyInfo == null)) {
// create the KeyInfo
! this._keyInfo = new KeyInfo(this._doc);
// get the Element from KeyInfo
! Element keyInfoElement = this._keyInfo.getElement();
! Element firstObject=null;
! Node sibling= this._constructionElement.getFirstChild();
! firstObject = XMLUtils.selectDsNode(sibling,Constants._TAG_OBJECT,0);
if (firstObject != null) {
-
// add it before the object
! this._constructionElement.insertBefore(keyInfoElement,
! firstObject);
! XMLUtils.addReturnBeforeChild(this._constructionElement, firstObject);
} else {
-
// add it as the last element to the signature
! this._constructionElement.appendChild(keyInfoElement);
! XMLUtils.addReturnToElement(this._constructionElement);
}
}
! return this._keyInfo;
}
/**
* Appends an Object (not a <code>java.lang.Object</code> but an Object
* element) to the Signature. Please note that this is only possible
* when signing.
*
* @param object ds:Object to be appended.
* @throws XMLSignatureException When this object is used to verify.
*/
! public void appendObject(ObjectContainer object)
! throws XMLSignatureException {
!
//try {
! //if (this._state != MODE_SIGN) {
// throw new XMLSignatureException(
// "signature.operationOnlyBeforeSign");
//}
! this._constructionElement.appendChild(object.getElement());
! XMLUtils.addReturnToElement(this._constructionElement);
//} catch (XMLSecurityException ex) {
// throw new XMLSignatureException("empty", ex);
//}
}
/**
* Returns the <code>i<code>th <code>ds:Object</code> child of the signature
* or null if no such <code>ds:Object</code> element exists.
*
* @param i
! * @return the <code>i<code>th <code>ds:Object</code> child of the signature or null if no such <code>ds:Object</code> element exists.
*/
public ObjectContainer getObjectItem(int i) {
!
! Element objElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
! Constants._TAG_OBJECT,i);
try {
! return new ObjectContainer(objElem, this._baseURI);
} catch (XMLSecurityException ex) {
return null;
}
}
--- 489,563 ----
* This allows to add arbitrary content to the KeyInfo during signing.
*
* @return the KeyInfo object
*/
public KeyInfo getKeyInfo() {
// check to see if we are signing and if we have to create a keyinfo
! if (this.state == MODE_SIGN && this.keyInfo == null) {
// create the KeyInfo
! this.keyInfo = new KeyInfo(this.doc);
// get the Element from KeyInfo
! Element keyInfoElement = this.keyInfo.getElement();
! Element firstObject =
! XMLUtils.selectDsNode(
! this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0
! );
if (firstObject != null) {
// add it before the object
! this.constructionElement.insertBefore(keyInfoElement, firstObject);
! XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
} else {
// add it as the last element to the signature
! this.constructionElement.appendChild(keyInfoElement);
! XMLUtils.addReturnToElement(this.constructionElement);
}
}
! return this.keyInfo;
}
/**
* Appends an Object (not a <code>java.lang.Object</code> but an Object
* element) to the Signature. Please note that this is only possible
* when signing.
*
* @param object ds:Object to be appended.
* @throws XMLSignatureException When this object is used to verify.
*/
! public void appendObject(ObjectContainer object) throws XMLSignatureException {
//try {
! //if (this.state != MODE_SIGN) {
// throw new XMLSignatureException(
// "signature.operationOnlyBeforeSign");
//}
! this.constructionElement.appendChild(object.getElement());
! XMLUtils.addReturnToElement(this.constructionElement);
//} catch (XMLSecurityException ex) {
// throw new XMLSignatureException("empty", ex);
//}
}
/**
* Returns the <code>i<code>th <code>ds:Object</code> child of the signature
* or null if no such <code>ds:Object</code> element exists.
*
* @param i
! * @return the <code>i<code>th <code>ds:Object</code> child of the signature
! * or null if no such <code>ds:Object</code> element exists.
*/
public ObjectContainer getObjectItem(int i) {
! Element objElem =
! XMLUtils.selectDsNode(
! this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, i
! );
try {
! return new ObjectContainer(objElem, this.baseURI);
} catch (XMLSecurityException ex) {
return null;
}
}
*** 513,559 ****
public int getObjectLength() {
return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
}
/**
! * Digests all References in the SignedInfo, calculates the signature value and
! * sets it in the SignatureValue Element.
*
! * @param signingKey the {@link java.security.PrivateKey} or {@link javax.crypto.SecretKey} that is used to sign.
* @throws XMLSignatureException
*/
public void sign(Key signingKey) throws XMLSignatureException {
if (signingKey instanceof PublicKey) {
! throw new IllegalArgumentException(I18n
! .translate("algorithms.operationOnlyVerification"));
}
try {
- // if (this._state == MODE_SIGN) {
//Create a SignatureAlgorithm object
SignedInfo si = this.getSignedInfo();
SignatureAlgorithm sa = si.getSignatureAlgorithm();
// initialize SignatureAlgorithm for signing
sa.initSign(signingKey);
// generate digest values for all References in this SignedInfo
si.generateDigestValues();
! OutputStream so=new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
try {
so.close();
! } catch (IOException e) {
! //Imposible
}
- // get the canonicalized bytes from SignedInfo
- si.signInOctectStream(so);
-
- byte jcebytes[] = sa.sign();
! // set them on the SignateValue element
! this.setSignatureValueElement(jcebytes);
! //}
} catch (CanonicalizationException ex) {
throw new XMLSignatureException("empty", ex);
} catch (InvalidCanonicalizerException ex) {
throw new XMLSignatureException("empty", ex);
} catch (XMLSecurityException ex) {
--- 569,625 ----
public int getObjectLength() {
return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
}
/**
! * Digests all References in the SignedInfo, calculates the signature value
! * and sets it in the SignatureValue Element.
*
! * @param signingKey the {@link java.security.PrivateKey} or
! * {@link javax.crypto.SecretKey} that is used to sign.
* @throws XMLSignatureException
*/
public void sign(Key signingKey) throws XMLSignatureException {
if (signingKey instanceof PublicKey) {
! throw new IllegalArgumentException(
! I18n.translate("algorithms.operationOnlyVerification")
! );
}
try {
//Create a SignatureAlgorithm object
SignedInfo si = this.getSignedInfo();
SignatureAlgorithm sa = si.getSignatureAlgorithm();
+ OutputStream so = null;
+ try {
// initialize SignatureAlgorithm for signing
sa.initSign(signingKey);
// generate digest values for all References in this SignedInfo
si.generateDigestValues();
! so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
! // get the canonicalized bytes from SignedInfo
! si.signInOctetStream(so);
! } catch (XMLSecurityException ex) {
! throw ex;
! } finally {
! if (so != null) {
try {
so.close();
! } catch (IOException ex) {
! if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
! }
! }
! }
}
! // set them on the SignatureValue element
! this.setSignatureValueElement(sa.sign());
! } catch (XMLSignatureException ex) {
! throw ex;
} catch (CanonicalizationException ex) {
throw new XMLSignatureException("empty", ex);
} catch (InvalidCanonicalizerException ex) {
throw new XMLSignatureException("empty", ex);
} catch (XMLSecurityException ex) {
*** 583,691 ****
* Extracts the public key from the certificate and verifies if the signature
* is valid by re-digesting all References, comparing those against the
* stored DigestValues and then checking to see if the Signatures match on
* the SignedInfo.
*
! * @param cert Certificate that contains the public key part of the keypair that was used to sign.
* @return true if the signature is valid, false otherwise
* @throws XMLSignatureException
*/
public boolean checkSignatureValue(X509Certificate cert)
throws XMLSignatureException {
-
// see if cert is null
if (cert != null) {
!
! //check the values with the public key from the cert
return this.checkSignatureValue(cert.getPublicKey());
}
Object exArgs[] = { "Didn't get a certificate" };
throw new XMLSignatureException("empty", exArgs);
-
}
/**
* Verifies if the signature is valid by redigesting all References,
* comparing those against the stored DigestValues and then checking to see
* if the Signatures match on the SignedInfo.
*
! * @param pk {@link java.security.PublicKey} part of the keypair or {@link javax.crypto.SecretKey} that was used to sign
* @return true if the signature is valid, false otherwise
* @throws XMLSignatureException
*/
public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
-
//COMMENT: pk suggests it can only be a public key?
//check to see if the key is not null
if (pk == null) {
Object exArgs[] = { "Didn't get a key" };
-
throw new XMLSignatureException("empty", exArgs);
}
// all references inside the signedinfo need to be dereferenced and
// digested again to see if the outcome matches the stored value in the
// SignedInfo.
! // If _followManifestsDuringValidation is true it will do the same for
// References inside a Manifest.
try {
! SignedInfo si=this.getSignedInfo();
//create a SignatureAlgorithms from the SignatureMethod inside
//SignedInfo. This is used to validate the signature.
! SignatureAlgorithm sa =si.getSignatureAlgorithm();
if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI());
log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
}
sa.initVerify(pk);
// Get the canonicalized (normalized) SignedInfo
! SignerOutputStream so=new SignerOutputStream(sa);
! OutputStream bos=new UnsyncBufferedOutputStream(so);
! si.signInOctectStream(bos);
! try {
bos.close();
! } catch (IOException e) {
! //Imposible
}
! //retrieve the byte[] from the stored signature
! byte sigBytes[] = this.getSignatureValue();
!
! //Have SignatureAlgorithm sign the input bytes and compare them to the
! //bytes that were stored in the signature.
if (!sa.verify(sigBytes)) {
log.log(java.util.logging.Level.WARNING, "Signature verification failed.");
return false;
}
! return si.verify(this._followManifestsDuringValidation);
} catch (XMLSecurityException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/**
* Add a Reference with full parameters to this Signature
*
! * @param referenceURI URI of the resource to be signed. Can be null in which
! * case the dereferencing is application specific. Can be "" in which it's
! * the parent node (or parent document?). There can only be one "" in each
! * signature.
* @param trans Optional list of transformations to be done before digesting
* @param digestURI Mandatory URI of the digesting algorithm to use.
! * @param ReferenceId Optional id attribute for this Reference
! * @param ReferenceType Optional mimetype for the URI
* @throws XMLSignatureException
*/
public void addDocument(
! String referenceURI, Transforms trans, String digestURI, String ReferenceId, String ReferenceType)
! throws XMLSignatureException {
! this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
! digestURI, ReferenceId, ReferenceType);
}
/**
* This method is a proxy method for the {@link Manifest#addDocument} method.
*
--- 649,767 ----
* Extracts the public key from the certificate and verifies if the signature
* is valid by re-digesting all References, comparing those against the
* stored DigestValues and then checking to see if the Signatures match on
* the SignedInfo.
*
! * @param cert Certificate that contains the public key part of the keypair
! * that was used to sign.
* @return true if the signature is valid, false otherwise
* @throws XMLSignatureException
*/
public boolean checkSignatureValue(X509Certificate cert)
throws XMLSignatureException {
// see if cert is null
if (cert != null) {
! // check the values with the public key from the cert
return this.checkSignatureValue(cert.getPublicKey());
}
Object exArgs[] = { "Didn't get a certificate" };
throw new XMLSignatureException("empty", exArgs);
}
/**
* Verifies if the signature is valid by redigesting all References,
* comparing those against the stored DigestValues and then checking to see
* if the Signatures match on the SignedInfo.
*
! * @param pk {@link java.security.PublicKey} part of the keypair or
! * {@link javax.crypto.SecretKey} that was used to sign
* @return true if the signature is valid, false otherwise
* @throws XMLSignatureException
*/
public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
//COMMENT: pk suggests it can only be a public key?
//check to see if the key is not null
if (pk == null) {
Object exArgs[] = { "Didn't get a key" };
throw new XMLSignatureException("empty", exArgs);
}
// all references inside the signedinfo need to be dereferenced and
// digested again to see if the outcome matches the stored value in the
// SignedInfo.
! // If followManifestsDuringValidation is true it will do the same for
// References inside a Manifest.
try {
! SignedInfo si = this.getSignedInfo();
//create a SignatureAlgorithms from the SignatureMethod inside
//SignedInfo. This is used to validate the signature.
! SignatureAlgorithm sa = si.getSignatureAlgorithm();
if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, "signatureMethodURI = " + sa.getAlgorithmURI());
log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
}
+ byte sigBytes[] = null;
+ try {
sa.initVerify(pk);
// Get the canonicalized (normalized) SignedInfo
! SignerOutputStream so = new SignerOutputStream(sa);
! OutputStream bos = new UnsyncBufferedOutputStream(so);
!
! si.signInOctetStream(bos);
bos.close();
! // retrieve the byte[] from the stored signature
! sigBytes = this.getSignatureValue();
! } catch (IOException ex) {
! if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
! }
! // Impossible...
! } catch (XMLSecurityException ex) {
! throw ex;
}
! // have SignatureAlgorithm sign the input bytes and compare them to
! // the bytes that were stored in the signature.
if (!sa.verify(sigBytes)) {
log.log(java.util.logging.Level.WARNING, "Signature verification failed.");
return false;
}
! return si.verify(this.followManifestsDuringValidation);
! } catch (XMLSignatureException ex) {
! throw ex;
} catch (XMLSecurityException ex) {
throw new XMLSignatureException("empty", ex);
}
}
/**
* Add a Reference with full parameters to this Signature
*
! * @param referenceURI URI of the resource to be signed. Can be null in
! * which case the dereferencing is application specific. Can be "" in which
! * it's the parent node (or parent document?). There can only be one "" in
! * each signature.
* @param trans Optional list of transformations to be done before digesting
* @param digestURI Mandatory URI of the digesting algorithm to use.
! * @param referenceId Optional id attribute for this Reference
! * @param referenceType Optional mimetype for the URI
* @throws XMLSignatureException
*/
public void addDocument(
! String referenceURI,
! Transforms trans,
! String digestURI,
! String referenceId,
! String referenceType
! ) throws XMLSignatureException {
! this.signedInfo.addDocument(
! this.baseURI, referenceURI, trans, digestURI, referenceId, referenceType
! );
}
/**
* This method is a proxy method for the {@link Manifest#addDocument} method.
*
*** 694,707 ****
* @param digestURI URI of the digest algorithm to be used.
* @see Manifest#addDocument
* @throws XMLSignatureException
*/
public void addDocument(
! String referenceURI, Transforms trans, String digestURI)
! throws XMLSignatureException {
! this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
! digestURI, null, null);
}
/**
* Adds a Reference with just the URI and the transforms. This used the
* SHA1 algorithm as a default digest algorithm.
--- 770,784 ----
* @param digestURI URI of the digest algorithm to be used.
* @see Manifest#addDocument
* @throws XMLSignatureException
*/
public void addDocument(
! String referenceURI,
! Transforms trans,
! String digestURI
! ) throws XMLSignatureException {
! this.signedInfo.addDocument(this.baseURI, referenceURI, trans, digestURI, null, null);
}
/**
* Adds a Reference with just the URI and the transforms. This used the
* SHA1 algorithm as a default digest algorithm.
*** 710,745 ****
* @param trans List of transformations to be applied.
* @throws XMLSignatureException
*/
public void addDocument(String referenceURI, Transforms trans)
throws XMLSignatureException {
! this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
! Constants.ALGO_ID_DIGEST_SHA1, null, null);
}
/**
* Add a Reference with just this URI. It uses SHA1 by default as the digest
* algorithm
*
* @param referenceURI URI according to the XML Signature specification.
* @throws XMLSignatureException
*/
public void addDocument(String referenceURI) throws XMLSignatureException {
! this._signedInfo.addDocument(this._baseURI, referenceURI, null,
! Constants.ALGO_ID_DIGEST_SHA1, null, null);
}
/**
* Add an X509 Certificate to the KeyInfo. This will include the whole cert
* inside X509Data/X509Certificate tags.
*
! * @param cert Certificate to be included. This should be the certificate of the key that was used to sign.
* @throws XMLSecurityException
*/
public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
!
! X509Data x509data = new X509Data(this._doc);
x509data.addCertificate(cert);
this.getKeyInfo().add(x509data);
}
--- 787,824 ----
* @param trans List of transformations to be applied.
* @throws XMLSignatureException
*/
public void addDocument(String referenceURI, Transforms trans)
throws XMLSignatureException {
! this.signedInfo.addDocument(
! this.baseURI, referenceURI, trans, Constants.ALGO_ID_DIGEST_SHA1, null, null
! );
}
/**
* Add a Reference with just this URI. It uses SHA1 by default as the digest
* algorithm
*
* @param referenceURI URI according to the XML Signature specification.
* @throws XMLSignatureException
*/
public void addDocument(String referenceURI) throws XMLSignatureException {
! this.signedInfo.addDocument(
! this.baseURI, referenceURI, null, Constants.ALGO_ID_DIGEST_SHA1, null, null
! );
}
/**
* Add an X509 Certificate to the KeyInfo. This will include the whole cert
* inside X509Data/X509Certificate tags.
*
! * @param cert Certificate to be included. This should be the certificate of
! * the key that was used to sign.
* @throws XMLSecurityException
*/
public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
! X509Data x509data = new X509Data(this.doc);
x509data.addCertificate(cert);
this.getKeyInfo().add(x509data);
}
*** 752,791 ****
public void addKeyInfo(PublicKey pk) {
this.getKeyInfo().add(pk);
}
/**
! * Proxy method for {@link SignedInfo#createSecretKey(byte[])}. If you want to
! * create a MAC, this method helps you to obtain the {@link javax.crypto.SecretKey}
! * from octets.
*
* @param secretKeyBytes
* @return the secret key created.
* @see SignedInfo#createSecretKey(byte[])
*/
! public SecretKey createSecretKey(byte[] secretKeyBytes)
! {
return this.getSignedInfo().createSecretKey(secretKeyBytes);
}
/**
* Signal wether Manifest should be automatically validated.
* Checking the digests in References in a Signature are mandatory, but for
* References inside a Manifest it is application specific. This boolean is
* to indicate that the References inside Manifests should be validated.
*
* @param followManifests
! * @see <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">Core validation section in the XML Signature Rec.</a>
*/
public void setFollowNestedManifests(boolean followManifests) {
! this._followManifestsDuringValidation = followManifests;
}
/**
* Get the local name of this element
*
! * @return Constant._TAG_SIGNATURE
*/
public String getBaseLocalName() {
return Constants._TAG_SIGNATURE;
}
}
--- 831,870 ----
public void addKeyInfo(PublicKey pk) {
this.getKeyInfo().add(pk);
}
/**
! * Proxy method for {@link SignedInfo#createSecretKey(byte[])}. If you want
! * to create a MAC, this method helps you to obtain the
! * {@link javax.crypto.SecretKey} from octets.
*
* @param secretKeyBytes
* @return the secret key created.
* @see SignedInfo#createSecretKey(byte[])
*/
! public SecretKey createSecretKey(byte[] secretKeyBytes) {
return this.getSignedInfo().createSecretKey(secretKeyBytes);
}
/**
* Signal wether Manifest should be automatically validated.
* Checking the digests in References in a Signature are mandatory, but for
* References inside a Manifest it is application specific. This boolean is
* to indicate that the References inside Manifests should be validated.
*
* @param followManifests
! * @see <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">
! * Core validation section in the XML Signature Rec.</a>
*/
public void setFollowNestedManifests(boolean followManifests) {
! this.followManifestsDuringValidation = followManifests;
}
/**
* Get the local name of this element
*
! * @return Constants._TAG_SIGNATURE
*/
public String getBaseLocalName() {
return Constants._TAG_SIGNATURE;
}
}