Package org.apache.wss4j.dom.message
Class WSSecDKSign
- java.lang.Object
-
- org.apache.wss4j.dom.message.WSSecBase
-
- org.apache.wss4j.dom.message.WSSecSignatureBase
-
- org.apache.wss4j.dom.message.WSSecDerivedKeyBase
-
- org.apache.wss4j.dom.message.WSSecDKSign
-
public class WSSecDKSign extends WSSecDerivedKeyBase
Builder to sign with derived keys
-
-
Field Summary
-
Fields inherited from class org.apache.wss4j.dom.message.WSSecBase
addWSUNamespace, attachmentCallbackHandler, callbackLookup, expandXopInclude, keyIdentifierType, password, storeBytesInAttachment, user
-
-
Constructor Summary
Constructors Constructor Description WSSecDKSign(WSSecHeader securityHeader)
WSSecDKSign(Document doc)
WSSecDKSign(Document doc, Provider provider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<Reference>
addReferencesToSign(List<WSEncryptionPart> references)
This method adds references to the Signature.Document
build(byte[] ephemeralKey)
void
computeSignature(List<Reference> referenceList)
Compute the Signature over the references.void
computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement)
Compute the Signature over the references.protected int
getDerivedKeyLength()
The derived key will change depending on the sig/encr algorithm.String
getDigestAlgorithm()
String
getSigCanonicalization()
Get the canonicalization method.String
getSignatureAlgorithm()
Element
getSignatureElement()
Returns the SignatureElement.String
getSignatureId()
Returns the the value of wsu:Id attribute of the Signature element.byte[]
getSignatureValue()
boolean
isAddInclusivePrefixes()
void
prepare(byte[] ephemeralKey)
Initialize a WSSec Derived key.void
setAddInclusivePrefixes(boolean addInclusivePrefixes)
void
setDerivedKeyLength(int keyLength)
void
setDigestAlgorithm(String algorithm)
Set the digest algorithm to use.void
setSigCanonicalization(String algo)
Set the canonicalization method to use.void
setSignatureAlgorithm(String algorithm)
Set the signature algorithm to use.-
Methods inherited from class org.apache.wss4j.dom.message.WSSecDerivedKeyBase
appendDKElementToHeader, clean, getDerivedKey, getdktElement, getId, getStrElem, getTokenIdentifier, getWscVersion, prependDKElementToHeader, setClientLabel, setCrypto, setCustomValueType, setServiceLabel, setStrElem, setTokenIdDirectId, setTokenIdentifier, setWscVersion, setX509Certificate
-
Methods inherited from class org.apache.wss4j.dom.message.WSSecSignatureBase
addReferencesToSign, cleanup, createSTRParameter, getInclusivePrefixes, getInclusivePrefixes
-
Methods inherited from class org.apache.wss4j.dom.message.WSSecBase
getDocument, getIdAllocator, getKeyIdentifierType, getParts, getSecurityHeader, getWsDocInfo, isExpandXopInclude, setAttachmentCallbackHandler, setBodyID, setCallbackLookup, setExpandXopInclude, setIdAllocator, setKeyIdentifierType, setStoreBytesInAttachment, setUserInfo, setWsDocInfo, setWsuId
-
-
-
-
Constructor Detail
-
WSSecDKSign
public WSSecDKSign(WSSecHeader securityHeader)
-
WSSecDKSign
public WSSecDKSign(Document doc)
-
-
Method Detail
-
build
public Document build(byte[] ephemeralKey) throws WSSecurityException
- Throws:
WSSecurityException
-
prepare
public void prepare(byte[] ephemeralKey) throws WSSecurityException
Description copied from class:WSSecDerivedKeyBase
Initialize a WSSec Derived key. The method prepares and initializes a WSSec derived key structure after the relevant information was set. This method also creates and initializes the derived token using the ephemeral key. After preparation references can be added, encrypted and signed as required. This method does not add any element to the security header. This must be done explicitly.- Overrides:
prepare
in classWSSecDerivedKeyBase
- Parameters:
ephemeralKey
- The ephemeral key to use for derivation- Throws:
WSSecurityException
-
getSignatureElement
public Element getSignatureElement()
Returns the SignatureElement. The method can be called any time afterprepare()
.- Returns:
- The DOM Element of the signature.
-
addReferencesToSign
public List<Reference> addReferencesToSign(List<WSEncryptionPart> references) throws WSSecurityException
This method adds references to the Signature.- Parameters:
references
- The list of references to sign- Throws:
WSSecurityException
-
computeSignature
public void computeSignature(List<Reference> referenceList) throws WSSecurityException
Compute the Signature over the references. After references are set this method computes the Signature for them. This method can be called any time after the references were set. SeeaddReferencesToSign()
.- Throws:
WSSecurityException
-
computeSignature
public void computeSignature(List<Reference> referenceList, boolean prepend, Element siblingElement) throws WSSecurityException
Compute the Signature over the references. After references are set this method computes the Signature for them. This method can be called any time after the references were set. SeeaddReferencesToSign()
.- Throws:
WSSecurityException
-
getDerivedKeyLength
protected int getDerivedKeyLength() throws WSSecurityException
Description copied from class:WSSecDerivedKeyBase
The derived key will change depending on the sig/encr algorithm. Therefore the child classes are expected to provide this value.- Specified by:
getDerivedKeyLength
in classWSSecDerivedKeyBase
- Returns:
- the derived key length
- Throws:
WSSecurityException
-
setDerivedKeyLength
public void setDerivedKeyLength(int keyLength)
-
setSignatureAlgorithm
public void setSignatureAlgorithm(String algorithm)
Set the signature algorithm to use. The default is WSConstants.SHA1.- Parameters:
algorithm
- the signature algorithm to use.
-
getSignatureAlgorithm
public String getSignatureAlgorithm()
- Returns:
- the signature algorithm to use
-
getSignatureId
public String getSignatureId()
Returns the the value of wsu:Id attribute of the Signature element.- Returns:
- Return the wsu:Id of this token or null if the signature has not been generated.
-
setDigestAlgorithm
public void setDigestAlgorithm(String algorithm)
Set the digest algorithm to use. The default is WSConstants.SHA1.- Parameters:
algorithm
- the digest algorithm to use.
-
getDigestAlgorithm
public String getDigestAlgorithm()
- Returns:
- the digest algorithm to use
-
getSignatureValue
public byte[] getSignatureValue()
- Returns:
- Returns the signatureValue.
-
setSigCanonicalization
public void setSigCanonicalization(String algo)
Set the canonicalization method to use. If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default Refer to WSConstants which algorithms are supported.- Parameters:
algo
- Is the name of the signature algorithm- See Also:
WSS4JConstants.C14N_OMIT_COMMENTS
,WSS4JConstants.C14N_WITH_COMMENTS
,WSS4JConstants.C14N_EXCL_OMIT_COMMENTS
,WSS4JConstants.C14N_EXCL_WITH_COMMENTS
-
getSigCanonicalization
public String getSigCanonicalization()
Get the canonicalization method. If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.- Returns:
- The string describing the canonicalization algorithm.
-
isAddInclusivePrefixes
public boolean isAddInclusivePrefixes()
-
setAddInclusivePrefixes
public void setAddInclusivePrefixes(boolean addInclusivePrefixes)
-
-