--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java Thu Jun 20 18:53:57 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java Fri Jul 05 15:54:42 2013 -0400
@@ -2,26 +2,26 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-/*
- * Copyright 1999-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package com.sun.org.apache.xml.internal.security.signature;
-
-
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
@@ -42,7 +42,6 @@
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.I18n;
-import com.sun.org.apache.xml.internal.security.utils.IdResolver;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.SignerOutputStream;
import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
@@ -56,7 +55,6 @@
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-
/**
* Handles <code><ds:Signature></code> elements.
* This is the main class that deals with creating and verifying signatures.
@@ -64,7 +62,7 @@
* <p>There are 2 types of constructors for this class. The ones that take a
* document, baseURI and 1 or more Java Objects. This is mostly used for
* signing purposes.
- * The other constructor is the one that takes a DOM Element and a BaseURI.
+ * The other constructor is the one that takes a DOM Element and a baseURI.
* This is used mostly with for verifying, when you have a SignatureElement.
*
* There are a few different types of methods:
@@ -76,329 +74,391 @@
* ObjectContainer during signing.</li>
* <li>sign and checkSignatureValue methods are used to sign and validate the
* signature. </li></ul>
- *
- * @author $Author: mullan $
*/
public final class XMLSignature extends SignatureElementProxy {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
+ /** MAC - Required HMAC-SHA1 */
+ public static final String ALGO_ID_MAC_HMAC_SHA1 =
+ Constants.SignatureSpecNS + "hmac-sha1";
+
+ /** Signature - Required DSAwithSHA1 (DSS) */
+ public static final String ALGO_ID_SIGNATURE_DSA =
+ Constants.SignatureSpecNS + "dsa-sha1";
+
+ /** Signature - Recommended RSAwithSHA1 */
+ public static final String ALGO_ID_SIGNATURE_RSA =
+ Constants.SignatureSpecNS + "rsa-sha1";
+
+ /** Signature - Recommended RSAwithSHA1 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
+ Constants.SignatureSpecNS + "rsa-sha1";
+
+ /** Signature - NOT Recommended RSAwithMD5 */
+ public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
+ Constants.MoreAlgorithmsSpecNS + "rsa-md5";
+
+ /** Signature - Optional RSAwithRIPEMD160 */
+ public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 =
+ Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
+
+ /** Signature - Optional RSAwithSHA256 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
+ Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
+
+ /** Signature - Optional RSAwithSHA384 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA384 =
+ Constants.MoreAlgorithmsSpecNS + "rsa-sha384";
+
+ /** Signature - Optional RSAwithSHA512 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA512 =
+ Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
+
+ /** HMAC - NOT Recommended HMAC-MD5 */
+ public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
+ Constants.MoreAlgorithmsSpecNS + "hmac-md5";
+
+ /** HMAC - Optional HMAC-RIPEMD160 */
+ public static final String ALGO_ID_MAC_HMAC_RIPEMD160 =
+ Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
+
+ /** HMAC - Optional HMAC-SHA256 */
+ public static final String ALGO_ID_MAC_HMAC_SHA256 =
+ Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
+
+ /** HMAC - Optional HMAC-SHA284 */
+ public static final String ALGO_ID_MAC_HMAC_SHA384 =
+ Constants.MoreAlgorithmsSpecNS + "hmac-sha384";
+
+ /** HMAC - Optional HMAC-SHA512 */
+ public static final String ALGO_ID_MAC_HMAC_SHA512 =
+ Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
+
+ /**Signature - Optional ECDSAwithSHA1 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+
+ /**Signature - Optional ECDSAwithSHA256 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+
+ /**Signature - Optional ECDSAwithSHA384 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+
+ /**Signature - Optional ECDSAwithSHA512 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+
+ /** {@link org.apache.commons.logging} logging facility */
+ private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(XMLSignature.class.getName());
- //J-
- /** MAC - Required HMAC-SHA1 */
- public static final String ALGO_ID_MAC_HMAC_SHA1 = Constants.SignatureSpecNS + "hmac-sha1";
+ /** ds:Signature.ds:SignedInfo element */
+ private SignedInfo signedInfo;
+
+ /** ds:Signature.ds:KeyInfo */
+ private KeyInfo keyInfo;
- /** Signature - Required DSAwithSHA1 (DSS) */
- public static final String ALGO_ID_SIGNATURE_DSA = Constants.SignatureSpecNS + "dsa-sha1";
+ /**
+ * Checking the digests in References in a Signature are mandatory, but for
+ * References inside a Manifest it is application specific. This boolean is
+ * to indicate that the References inside Manifests should be validated.
+ */
+ private boolean followManifestsDuringValidation = false;
+
+ private Element signatureValueElement;
- /** Signature - Recommended RSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_RSA = Constants.SignatureSpecNS + "rsa-sha1";
- /** Signature - Recommended RSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = Constants.SignatureSpecNS + "rsa-sha1";
- /** Signature - NOT Recommended RSAwithMD5 */
- public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = Constants.MoreAlgorithmsSpecNS + "rsa-md5";
- /** Signature - Optional RSAwithRIPEMD160 */
- public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
- /** Signature - Optional RSAwithSHA256 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
- /** Signature - Optional RSAwithSHA384 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = Constants.MoreAlgorithmsSpecNS + "rsa-sha384";
- /** Signature - Optional RSAwithSHA512 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
+ private static final int MODE_SIGN = 0;
+ private static final int MODE_VERIFY = 1;
+ private int state = MODE_SIGN;
- /** HMAC - NOT Recommended HMAC-MD5 */
- public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "hmac-md5";
- /** HMAC - Optional HMAC-RIPEMD160 */
- public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
- /** HMAC - Optional HMAC-SHA256 */
- public static final String ALGO_ID_MAC_HMAC_SHA256 = Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
- /** HMAC - Optional HMAC-SHA284 */
- public static final String ALGO_ID_MAC_HMAC_SHA384 = Constants.MoreAlgorithmsSpecNS + "hmac-sha384";
- /** HMAC - Optional HMAC-SHA512 */
- public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
- /**Signature - Optional ECDSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ /**
+ * This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
+ * <CODE>ds:SignedInfo</CODE>.
+ * The <code>ds:SignedInfo</code> is initialized with the specified Signature
+ * algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
+ * by the spec. This method's main use is for creating a new signature.
+ *
+ * @param doc Document in which the signature will be appended after creation.
+ * @param baseURI URI to be used as context for all relative URIs.
+ * @param signatureMethodURI signature algorithm to use.
+ * @throws XMLSecurityException
+ */
+ public XMLSignature(Document doc, String baseURI, String signatureMethodURI)
+ throws XMLSecurityException {
+ this(doc, baseURI, signatureMethodURI, 0, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
+ }
-
- //J+
-
- /** ds:Signature.ds:SignedInfo element */
- private SignedInfo _signedInfo = null;
-
- /** ds:Signature.ds:KeyInfo */
- private KeyInfo _keyInfo = null;
-
- /**
- * Checking the digests in References in a Signature are mandatory, but for
- * References inside a Manifest it is application specific. This boolean is
- * to indicate that the References inside Manifests should be validated.
- */
- private boolean _followManifestsDuringValidation = false;
-
-private Element signatureValueElement;
+ /**
+ * Constructor XMLSignature
+ *
+ * @param doc
+ * @param baseURI
+ * @param signatureMethodURI the Signature method to be used.
+ * @param hmacOutputLength
+ * @throws XMLSecurityException
+ */
+ public XMLSignature(Document doc, String baseURI, String signatureMethodURI,
+ int hmacOutputLength) throws XMLSecurityException {
+ this(
+ doc, baseURI, signatureMethodURI, hmacOutputLength,
+ Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS
+ );
+ }
- /**
- * This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
- * <CODE>ds:SignedInfo</CODE>.
- * The <code>ds:SignedInfo</code> is initialized with the specified Signature
- * algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
- * by the spec. This method's main use is for creating a new signature.
- *
- * @param doc Document in which the signature will be appended after creation.
- * @param BaseURI URI to be used as context for all relative URIs.
- * @param SignatureMethodURI signature algorithm to use.
- * @throws XMLSecurityException
- */
- public XMLSignature(Document doc, String BaseURI, String SignatureMethodURI)
- throws XMLSecurityException {
- this(doc, BaseURI, SignatureMethodURI, 0,
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
- }
+ /**
+ * Constructor XMLSignature
+ *
+ * @param doc
+ * @param baseURI
+ * @param signatureMethodURI the Signature method to be used.
+ * @param canonicalizationMethodURI the canonicalization algorithm to be
+ * used to c14nize the SignedInfo element.
+ * @throws XMLSecurityException
+ */
+ public XMLSignature(
+ Document doc,
+ String baseURI,
+ String signatureMethodURI,
+ String canonicalizationMethodURI
+ ) throws XMLSecurityException {
+ this(doc, baseURI, signatureMethodURI, 0, canonicalizationMethodURI);
+ }
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param BaseURI
- * @param SignatureMethodURI the Signature method to be used.
- * @param HMACOutputLength
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength)
- throws XMLSecurityException {
- this(doc, BaseURI, SignatureMethodURI, HMACOutputLength,
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
- }
+ /**
+ * Constructor XMLSignature
+ *
+ * @param doc
+ * @param baseURI
+ * @param signatureMethodURI
+ * @param hmacOutputLength
+ * @param canonicalizationMethodURI
+ * @throws XMLSecurityException
+ */
+ public XMLSignature(
+ Document doc,
+ String baseURI,
+ String signatureMethodURI,
+ int hmacOutputLength,
+ String canonicalizationMethodURI
+ ) throws XMLSecurityException {
+ super(doc);
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param BaseURI
- * @param SignatureMethodURI the Signature method to be used.
- * @param CanonicalizationMethodURI the canonicalization algorithm to be used to c14nize the SignedInfo element.
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc, String BaseURI, String SignatureMethodURI, String CanonicalizationMethodURI)
- throws XMLSecurityException {
- this(doc, BaseURI, SignatureMethodURI, 0, CanonicalizationMethodURI);
- }
+ String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
+ if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
+ this.constructionElement.setAttributeNS(
+ Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
+ );
+ } else {
+ this.constructionElement.setAttributeNS(
+ Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
+ );
+ }
+ XMLUtils.addReturnToElement(this.constructionElement);
+
+ this.baseURI = baseURI;
+ this.signedInfo =
+ new SignedInfo(
+ this.doc, signatureMethodURI, hmacOutputLength, canonicalizationMethodURI
+ );
+
+ this.constructionElement.appendChild(this.signedInfo.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param BaseURI
- * @param SignatureMethodURI
- * @param HMACOutputLength
- * @param CanonicalizationMethodURI
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength, String CanonicalizationMethodURI)
- throws XMLSecurityException {
+ // create an empty SignatureValue; this is filled by setSignatureValueElement
+ signatureValueElement =
+ XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
- super(doc);
-
- String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
- if (xmlnsDsPrefix == null) {
- this._constructionElement.setAttributeNS
- (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
- } else {
- this._constructionElement.setAttributeNS
- (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
- }
- XMLUtils.addReturnToElement(this._constructionElement);
+ this.constructionElement.appendChild(signatureValueElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
- this._baseURI = BaseURI;
- this._signedInfo = new SignedInfo(this._doc, SignatureMethodURI,
- HMACOutputLength,
- CanonicalizationMethodURI);
-
- this._constructionElement.appendChild(this._signedInfo.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
-
- // create an empty SignatureValue; this is filled by setSignatureValueElement
- signatureValueElement =
- XMLUtils.createElementInSignatureSpace(this._doc,
- Constants._TAG_SIGNATUREVALUE);
+ /**
+ * Creates a XMLSignature in a Document
+ * @param doc
+ * @param baseURI
+ * @param SignatureMethodElem
+ * @param CanonicalizationMethodElem
+ * @throws XMLSecurityException
+ */
+ public XMLSignature(
+ Document doc,
+ String baseURI,
+ Element SignatureMethodElem,
+ Element CanonicalizationMethodElem
+ ) throws XMLSecurityException {
+ super(doc);
- this._constructionElement.appendChild(signatureValueElement);
- XMLUtils.addReturnToElement(this._constructionElement);
- }
- /**
- * Creates a XMLSignature in a Document
- * @param doc
- * @param BaseURI
- * @param SignatureMethodElem
- * @param CanonicalizationMethodElem
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc, String BaseURI, Element SignatureMethodElem, Element CanonicalizationMethodElem)
- throws XMLSecurityException {
+ String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
+ if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
+ this.constructionElement.setAttributeNS(
+ Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
+ );
+ } else {
+ this.constructionElement.setAttributeNS(
+ Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
+ );
+ }
+ XMLUtils.addReturnToElement(this.constructionElement);
+
+ this.baseURI = baseURI;
+ this.signedInfo =
+ new SignedInfo(this.doc, SignatureMethodElem, CanonicalizationMethodElem);
- super(doc);
+ this.constructionElement.appendChild(this.signedInfo.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
- String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
- if (xmlnsDsPrefix == null) {
- this._constructionElement.setAttributeNS
- (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
- } else {
- this._constructionElement.setAttributeNS
- (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
- }
- XMLUtils.addReturnToElement(this._constructionElement);
+ // create an empty SignatureValue; this is filled by setSignatureValueElement
+ signatureValueElement =
+ XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
+
+ this.constructionElement.appendChild(signatureValueElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
- this._baseURI = BaseURI;
- this._signedInfo = new SignedInfo(this._doc, SignatureMethodElem, CanonicalizationMethodElem);
-
- this._constructionElement.appendChild(this._signedInfo.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
-
- // create an empty SignatureValue; this is filled by setSignatureValueElement
- signatureValueElement =
- XMLUtils.createElementInSignatureSpace(this._doc,
- Constants._TAG_SIGNATUREVALUE);
-
- this._constructionElement.appendChild(signatureValueElement);
- XMLUtils.addReturnToElement(this._constructionElement);
- }
+ /**
+ * This will parse the element and construct the Java Objects.
+ * That will allow a user to validate the signature.
+ *
+ * @param element ds:Signature element that contains the whole signature
+ * @param baseURI URI to be prepended to all relative URIs
+ * @throws XMLSecurityException
+ * @throws XMLSignatureException if the signature is badly formatted
+ */
+ public XMLSignature(Element element, String baseURI)
+ throws XMLSignatureException, XMLSecurityException {
+ this(element, baseURI, false);
+ }
- /**
- * This will parse the element and construct the Java Objects.
- * That will allow a user to validate the signature.
- *
- * @param element ds:Signature element that contains the whole signature
- * @param BaseURI URI to be prepended to all relative URIs
- * @throws XMLSecurityException
- * @throws XMLSignatureException if the signature is badly formatted
- */
- public XMLSignature(Element element, String BaseURI)
- throws XMLSignatureException, XMLSecurityException {
+ /**
+ * This will parse the element and construct the Java Objects.
+ * That will allow a user to validate the signature.
+ *
+ * @param element ds:Signature element that contains the whole signature
+ * @param baseURI URI to be prepended to all relative URIs
+ * @param secureValidation whether secure secureValidation is enabled or not
+ * @throws XMLSecurityException
+ * @throws XMLSignatureException if the signature is badly formatted
+ */
+ public XMLSignature(Element element, String baseURI, boolean secureValidation)
+ throws XMLSignatureException, XMLSecurityException {
+ super(element, baseURI);
- super(element, BaseURI);
+ // check out SignedInfo child
+ Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
- // check out SignedInfo child
- Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());// XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
- //Constants._TAG_SIGNEDINFO,0);
-
- // check to see if it is there
- if (signedInfoElem == null) {
- Object exArgs[] = { Constants._TAG_SIGNEDINFO,
- Constants._TAG_SIGNATURE };
+ // check to see if it is there
+ if (signedInfoElem == null) {
+ Object exArgs[] = { Constants._TAG_SIGNEDINFO, Constants._TAG_SIGNATURE };
+ throw new XMLSignatureException("xml.WrongContent", exArgs);
+ }
- throw new XMLSignatureException("xml.WrongContent", exArgs);
- }
+ // create a SignedInfo object from that element
+ this.signedInfo = new SignedInfo(signedInfoElem, baseURI, secureValidation);
+ // get signedInfoElem again in case it has changed
+ signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
- // create a SignedInfo object from that element
- this._signedInfo = new SignedInfo(signedInfoElem, BaseURI);
-
- // check out SignatureValue child
- this.signatureValueElement =XMLUtils.getNextElement(signedInfoElem.getNextSibling()); //XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
- // Constants._TAG_SIGNATUREVALUE,0);
+ // check out SignatureValue child
+ this.signatureValueElement =
+ XMLUtils.getNextElement(signedInfoElem.getNextSibling());
- // check to see if it exists
- if (signatureValueElement == null) {
- Object exArgs[] = { Constants._TAG_SIGNATUREVALUE,
- Constants._TAG_SIGNATURE };
+ // check to see if it exists
+ if (signatureValueElement == null) {
+ Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, Constants._TAG_SIGNATURE };
+ throw new XMLSignatureException("xml.WrongContent", exArgs);
+ }
+ Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
+ if (signatureValueAttr != null) {
+ signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
+ }
- throw new XMLSignatureException("xml.WrongContent", exArgs);
- }
- Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
- if (signatureValueAttr != null) {
- signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
- }
-
- // <element ref="ds:KeyInfo" minOccurs="0"/>
- Element keyInfoElem = XMLUtils.getNextElement(signatureValueElement.getNextSibling());//XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
- // Constants._TAG_KEYINFO,0);
+ // <element ref="ds:KeyInfo" minOccurs="0"/>
+ Element keyInfoElem =
+ XMLUtils.getNextElement(signatureValueElement.getNextSibling());
- // If it exists use it, but it's not mandatory
- if ((keyInfoElem != null) && (keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS) &&
- keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) ) {
- this._keyInfo = new KeyInfo(keyInfoElem, BaseURI);
- }
+ // If it exists use it, but it's not mandatory
+ if (keyInfoElem != null
+ && keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS)
+ && keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) {
+ this.keyInfo = new KeyInfo(keyInfoElem, baseURI);
+ this.keyInfo.setSecureValidation(secureValidation);
+ }
- // <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- Element objectElem =
- XMLUtils.getNextElement(signatureValueElement.getNextSibling());
- while (objectElem != null) {
- Attr objectAttr = objectElem.getAttributeNodeNS(null, "Id");
- if (objectAttr != null) {
- objectElem.setIdAttributeNode(objectAttr, true);
- }
+ // <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ Element objectElem =
+ XMLUtils.getNextElement(signatureValueElement.getNextSibling());
+ while (objectElem != null) {
+ Attr objectAttr = objectElem.getAttributeNodeNS(null, "Id");
+ if (objectAttr != null) {
+ objectElem.setIdAttributeNode(objectAttr, true);
+ }
- NodeList nodes = objectElem.getChildNodes();
- int length = nodes.getLength();
- // Register Ids of the Object child elements
- for (int i = 0; i < length; i++) {
- Node child = nodes.item(i);
- if (child.getNodeType() == Node.ELEMENT_NODE) {
- Element childElem = (Element)child;
- String tag = childElem.getLocalName();
- if (tag.equals("Manifest")) {
- new Manifest(childElem, BaseURI);
- } else if (tag.equals("SignatureProperties")) {
- new SignatureProperties(childElem, BaseURI);
- }
- }
- }
+ NodeList nodes = objectElem.getChildNodes();
+ int length = nodes.getLength();
+ // Register Ids of the Object child elements
+ for (int i = 0; i < length; i++) {
+ Node child = nodes.item(i);
+ if (child.getNodeType() == Node.ELEMENT_NODE) {
+ Element childElem = (Element)child;
+ String tag = childElem.getLocalName();
+ if (tag.equals("Manifest")) {
+ new Manifest(childElem, baseURI);
+ } else if (tag.equals("SignatureProperties")) {
+ new SignatureProperties(childElem, baseURI);
+ }
+ }
+ }
- objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
- }
- }
+ objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
+ }
+
+ this.state = MODE_VERIFY;
+ }
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id Id value to be used by the id attribute on the Signature Element
- */
- public void setId(String Id) {
+ /**
+ * Sets the <code>Id</code> attribute
+ *
+ * @param id Id value for the id attribute on the Signature Element
+ */
+ public void setId(String id) {
+ if (id != null) {
+ this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+ }
+ }
- if (Id != null) {
- setLocalIdAttribute(Constants._ATT_ID, Id);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this._constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
+ /**
+ * Returns the <code>Id</code> attribute
+ *
+ * @return the <code>Id</code> attribute
+ */
+ public String getId() {
+ return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+ }
- /**
- * Returns the completely parsed <code>SignedInfo</code> object.
- *
- * @return the completely parsed <code>SignedInfo</code> object.
- */
- public SignedInfo getSignedInfo() {
- return this._signedInfo;
- }
+ /**
+ * Returns the completely parsed <code>SignedInfo</code> object.
+ *
+ * @return the completely parsed <code>SignedInfo</code> object.
+ */
+ public SignedInfo getSignedInfo() {
+ return this.signedInfo;
+ }
- /**
- * Returns the octet value of the SignatureValue element.
- * Throws an XMLSignatureException if it has no or wrong content.
- *
- * @return the value of the SignatureValue element.
- * @throws XMLSignatureException If there is no content
- */
- public byte[] getSignatureValue() throws XMLSignatureException {
-
- try {
- byte[] signatureValue = Base64.decode(signatureValueElement);
-
- return signatureValue;
- } catch (Base64DecodingException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * Returns the octet value of the SignatureValue element.
+ * Throws an XMLSignatureException if it has no or wrong content.
+ *
+ * @return the value of the SignatureValue element.
+ * @throws XMLSignatureException If there is no content
+ */
+ public byte[] getSignatureValue() throws XMLSignatureException {
+ try {
+ return Base64.decode(signatureValueElement);
+ } catch (Base64DecodingException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
/**
* Base64 encodes and sets the bytes as the content of the SignatureValue
@@ -409,8 +469,7 @@
private void setSignatureValueElement(byte[] bytes) {
while (signatureValueElement.hasChildNodes()) {
- signatureValueElement.removeChild
- (signatureValueElement.getFirstChild());
+ signatureValueElement.removeChild(signatureValueElement.getFirstChild());
}
String base64codedValue = Base64.encode(bytes);
@@ -419,373 +478,393 @@
base64codedValue = "\n" + base64codedValue + "\n";
}
- Text t = this._doc.createTextNode(base64codedValue);
+ Text t = this.doc.createTextNode(base64codedValue);
signatureValueElement.appendChild(t);
}
- /**
- * Returns the KeyInfo child. If we are in signing mode and the KeyInfo
- * does not exist yet, it is created on demand and added to the Signature.
- * <br>
- * This allows to add arbitrary content to the KeyInfo during signing.
- *
- * @return the KeyInfo object
- */
- public KeyInfo getKeyInfo() {
+ /**
+ * Returns the KeyInfo child. If we are in signing mode and the KeyInfo
+ * does not exist yet, it is created on demand and added to the Signature.
+ * <br>
+ * This allows to add arbitrary content to the KeyInfo during signing.
+ *
+ * @return the KeyInfo object
+ */
+ public KeyInfo getKeyInfo() {
+ // check to see if we are signing and if we have to create a keyinfo
+ if (this.state == MODE_SIGN && this.keyInfo == null) {
- // check to see if we are signing and if we have to create a keyinfo
- if ( (this._keyInfo == null)) {
-
- // create the KeyInfo
- this._keyInfo = new KeyInfo(this._doc);
+ // create the KeyInfo
+ this.keyInfo = new KeyInfo(this.doc);
- // get the Element from KeyInfo
- Element keyInfoElement = this._keyInfo.getElement();
- Element firstObject=null;
- Node sibling= this._constructionElement.getFirstChild();
- firstObject = XMLUtils.selectDsNode(sibling,Constants._TAG_OBJECT,0);
+ // get the Element from KeyInfo
+ Element keyInfoElement = this.keyInfo.getElement();
+ Element firstObject =
+ XMLUtils.selectDsNode(
+ this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0
+ );
if (firstObject != null) {
-
- // add it before the object
- this._constructionElement.insertBefore(keyInfoElement,
- firstObject);
- XMLUtils.addReturnBeforeChild(this._constructionElement, firstObject);
+ // add it before the object
+ this.constructionElement.insertBefore(keyInfoElement, firstObject);
+ XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
} else {
+ // add it as the last element to the signature
+ this.constructionElement.appendChild(keyInfoElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
+ }
- // add it as the last element to the signature
- this._constructionElement.appendChild(keyInfoElement);
- XMLUtils.addReturnToElement(this._constructionElement);
- }
- }
-
- return this._keyInfo;
- }
+ return this.keyInfo;
+ }
- /**
- * Appends an Object (not a <code>java.lang.Object</code> but an Object
- * element) to the Signature. Please note that this is only possible
- * when signing.
- *
- * @param object ds:Object to be appended.
- * @throws XMLSignatureException When this object is used to verify.
- */
- public void appendObject(ObjectContainer object)
- throws XMLSignatureException {
+ /**
+ * Appends an Object (not a <code>java.lang.Object</code> but an Object
+ * element) to the Signature. Please note that this is only possible
+ * when signing.
+ *
+ * @param object ds:Object to be appended.
+ * @throws XMLSignatureException When this object is used to verify.
+ */
+ public void appendObject(ObjectContainer object) throws XMLSignatureException {
+ //try {
+ //if (this.state != MODE_SIGN) {
+ // throw new XMLSignatureException(
+ // "signature.operationOnlyBeforeSign");
+ //}
- //try {
- //if (this._state != MODE_SIGN) {
- // throw new XMLSignatureException(
- // "signature.operationOnlyBeforeSign");
- //}
-
- this._constructionElement.appendChild(object.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
- //} catch (XMLSecurityException ex) {
+ this.constructionElement.appendChild(object.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
+ //} catch (XMLSecurityException ex) {
// throw new XMLSignatureException("empty", ex);
- //}
- }
+ //}
+ }
- /**
- * Returns the <code>i<code>th <code>ds:Object</code> child of the signature
- * or null if no such <code>ds:Object</code> element exists.
- *
- * @param i
- * @return the <code>i<code>th <code>ds:Object</code> child of the signature or null if no such <code>ds:Object</code> element exists.
- */
- public ObjectContainer getObjectItem(int i) {
+ /**
+ * Returns the <code>i<code>th <code>ds:Object</code> child of the signature
+ * or null if no such <code>ds:Object</code> element exists.
+ *
+ * @param i
+ * @return the <code>i<code>th <code>ds:Object</code> child of the signature
+ * or null if no such <code>ds:Object</code> element exists.
+ */
+ public ObjectContainer getObjectItem(int i) {
+ Element objElem =
+ XMLUtils.selectDsNode(
+ this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, i
+ );
- Element objElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
- Constants._TAG_OBJECT,i);
-
- try {
- return new ObjectContainer(objElem, this._baseURI);
- } catch (XMLSecurityException ex) {
- return null;
- }
- }
+ try {
+ return new ObjectContainer(objElem, this.baseURI);
+ } catch (XMLSecurityException ex) {
+ return null;
+ }
+ }
- /**
- * Returns the number of all <code>ds:Object</code> elements.
- *
- * @return the number of all <code>ds:Object</code> elements.
- */
- public int getObjectLength() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
- }
+ /**
+ * Returns the number of all <code>ds:Object</code> elements.
+ *
+ * @return the number of all <code>ds:Object</code> elements.
+ */
+ public int getObjectLength() {
+ return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
+ }
- /**
- * Digests all References in the SignedInfo, calculates the signature value and
- * sets it in the SignatureValue Element.
- *
- * @param signingKey the {@link java.security.PrivateKey} or {@link javax.crypto.SecretKey} that is used to sign.
- * @throws XMLSignatureException
- */
- public void sign(Key signingKey) throws XMLSignatureException {
+ /**
+ * Digests all References in the SignedInfo, calculates the signature value
+ * and sets it in the SignatureValue Element.
+ *
+ * @param signingKey the {@link java.security.PrivateKey} or
+ * {@link javax.crypto.SecretKey} that is used to sign.
+ * @throws XMLSignatureException
+ */
+ public void sign(Key signingKey) throws XMLSignatureException {
- if (signingKey instanceof PublicKey) {
- throw new IllegalArgumentException(I18n
- .translate("algorithms.operationOnlyVerification"));
- }
+ if (signingKey instanceof PublicKey) {
+ throw new IllegalArgumentException(
+ I18n.translate("algorithms.operationOnlyVerification")
+ );
+ }
- try {
- // if (this._state == MODE_SIGN) {
+ try {
//Create a SignatureAlgorithm object
- SignedInfo si = this.getSignedInfo();
+ SignedInfo si = this.getSignedInfo();
SignatureAlgorithm sa = si.getSignatureAlgorithm();
- // initialize SignatureAlgorithm for signing
- sa.initSign(signingKey);
-
- // generate digest values for all References in this SignedInfo
- si.generateDigestValues();
- OutputStream so=new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
+ OutputStream so = null;
try {
- so.close();
- } catch (IOException e) {
- //Imposible
+ // initialize SignatureAlgorithm for signing
+ sa.initSign(signingKey);
+
+ // generate digest values for all References in this SignedInfo
+ si.generateDigestValues();
+ so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
+ // get the canonicalized bytes from SignedInfo
+ si.signInOctetStream(so);
+ } catch (XMLSecurityException ex) {
+ throw ex;
+ } finally {
+ if (so != null) {
+ try {
+ so.close();
+ } catch (IOException ex) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
+ }
+ }
+ }
}
- // get the canonicalized bytes from SignedInfo
- si.signInOctectStream(so);
-
- byte jcebytes[] = sa.sign();
- // set them on the SignateValue element
- this.setSignatureValueElement(jcebytes);
- //}
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ // set them on the SignatureValue element
+ this.setSignatureValueElement(sa.sign());
+ } catch (XMLSignatureException ex) {
+ throw ex;
+ } catch (CanonicalizationException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (InvalidCanonicalizerException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (XMLSecurityException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * Adds a {@link ResourceResolver} to enable the retrieval of resources.
- *
- * @param resolver
- */
- public void addResourceResolver(ResourceResolver resolver) {
- this.getSignedInfo().addResourceResolver(resolver);
- }
+ /**
+ * Adds a {@link ResourceResolver} to enable the retrieval of resources.
+ *
+ * @param resolver
+ */
+ public void addResourceResolver(ResourceResolver resolver) {
+ this.getSignedInfo().addResourceResolver(resolver);
+ }
- /**
- * Adds a {@link ResourceResolverSpi} to enable the retrieval of resources.
- *
- * @param resolver
- */
- public void addResourceResolver(ResourceResolverSpi resolver) {
- this.getSignedInfo().addResourceResolver(resolver);
- }
+ /**
+ * Adds a {@link ResourceResolverSpi} to enable the retrieval of resources.
+ *
+ * @param resolver
+ */
+ public void addResourceResolver(ResourceResolverSpi resolver) {
+ this.getSignedInfo().addResourceResolver(resolver);
+ }
- /**
- * Extracts the public key from the certificate and verifies if the signature
- * is valid by re-digesting all References, comparing those against the
- * stored DigestValues and then checking to see if the Signatures match on
- * the SignedInfo.
- *
- * @param cert Certificate that contains the public key part of the keypair that was used to sign.
- * @return true if the signature is valid, false otherwise
- * @throws XMLSignatureException
- */
- public boolean checkSignatureValue(X509Certificate cert)
- throws XMLSignatureException {
+ /**
+ * Extracts the public key from the certificate and verifies if the signature
+ * is valid by re-digesting all References, comparing those against the
+ * stored DigestValues and then checking to see if the Signatures match on
+ * the SignedInfo.
+ *
+ * @param cert Certificate that contains the public key part of the keypair
+ * that was used to sign.
+ * @return true if the signature is valid, false otherwise
+ * @throws XMLSignatureException
+ */
+ public boolean checkSignatureValue(X509Certificate cert)
+ throws XMLSignatureException {
+ // see if cert is null
+ if (cert != null) {
+ // check the values with the public key from the cert
+ return this.checkSignatureValue(cert.getPublicKey());
+ }
- // see if cert is null
- if (cert != null) {
-
- //check the values with the public key from the cert
- return this.checkSignatureValue(cert.getPublicKey());
- }
-
- Object exArgs[] = { "Didn't get a certificate" };
- throw new XMLSignatureException("empty", exArgs);
-
- }
+ Object exArgs[] = { "Didn't get a certificate" };
+ throw new XMLSignatureException("empty", exArgs);
+ }
- /**
- * Verifies if the signature is valid by redigesting all References,
- * comparing those against the stored DigestValues and then checking to see
- * if the Signatures match on the SignedInfo.
- *
- * @param pk {@link java.security.PublicKey} part of the keypair or {@link javax.crypto.SecretKey} that was used to sign
- * @return true if the signature is valid, false otherwise
- * @throws XMLSignatureException
- */
- public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
-
- //COMMENT: pk suggests it can only be a public key?
- //check to see if the key is not null
- if (pk == null) {
- Object exArgs[] = { "Didn't get a key" };
-
- throw new XMLSignatureException("empty", exArgs);
- }
- // all references inside the signedinfo need to be dereferenced and
- // digested again to see if the outcome matches the stored value in the
- // SignedInfo.
- // If _followManifestsDuringValidation is true it will do the same for
- // References inside a Manifest.
- try {
- SignedInfo si=this.getSignedInfo();
- //create a SignatureAlgorithms from the SignatureMethod inside
- //SignedInfo. This is used to validate the signature.
- SignatureAlgorithm sa =si.getSignatureAlgorithm();
- if (log.isLoggable(java.util.logging.Level.FINE)) {
- log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI());
+ /**
+ * Verifies if the signature is valid by redigesting all References,
+ * comparing those against the stored DigestValues and then checking to see
+ * if the Signatures match on the SignedInfo.
+ *
+ * @param pk {@link java.security.PublicKey} part of the keypair or
+ * {@link javax.crypto.SecretKey} that was used to sign
+ * @return true if the signature is valid, false otherwise
+ * @throws XMLSignatureException
+ */
+ public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
+ //COMMENT: pk suggests it can only be a public key?
+ //check to see if the key is not null
+ if (pk == null) {
+ Object exArgs[] = { "Didn't get a key" };
+ throw new XMLSignatureException("empty", exArgs);
+ }
+ // all references inside the signedinfo need to be dereferenced and
+ // digested again to see if the outcome matches the stored value in the
+ // SignedInfo.
+ // If followManifestsDuringValidation is true it will do the same for
+ // References inside a Manifest.
+ try {
+ SignedInfo si = this.getSignedInfo();
+ //create a SignatureAlgorithms from the SignatureMethod inside
+ //SignedInfo. This is used to validate the signature.
+ SignatureAlgorithm sa = si.getSignatureAlgorithm();
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "signatureMethodURI = " + sa.getAlgorithmURI());
log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
- }
- sa.initVerify(pk);
+ }
+ byte sigBytes[] = null;
+ try {
+ sa.initVerify(pk);
- // Get the canonicalized (normalized) SignedInfo
- SignerOutputStream so=new SignerOutputStream(sa);
- OutputStream bos=new UnsyncBufferedOutputStream(so);
- si.signInOctectStream(bos);
- try {
- bos.close();
- } catch (IOException e) {
- //Imposible
- }
+ // Get the canonicalized (normalized) SignedInfo
+ SignerOutputStream so = new SignerOutputStream(sa);
+ OutputStream bos = new UnsyncBufferedOutputStream(so);
- //retrieve the byte[] from the stored signature
- byte sigBytes[] = this.getSignatureValue();
+ si.signInOctetStream(bos);
+ bos.close();
+ // retrieve the byte[] from the stored signature
+ sigBytes = this.getSignatureValue();
+ } catch (IOException ex) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
+ }
+ // Impossible...
+ } catch (XMLSecurityException ex) {
+ throw ex;
+ }
- //Have SignatureAlgorithm sign the input bytes and compare them to the
- //bytes that were stored in the signature.
- if (!sa.verify(sigBytes)) {
- log.log(java.util.logging.Level.WARNING, "Signature verification failed.");
- return false;
- }
+ // have SignatureAlgorithm sign the input bytes and compare them to
+ // the bytes that were stored in the signature.
+ if (!sa.verify(sigBytes)) {
+ log.log(java.util.logging.Level.WARNING, "Signature verification failed.");
+ return false;
+ }
- return si.verify(this._followManifestsDuringValidation);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ return si.verify(this.followManifestsDuringValidation);
+ } catch (XMLSignatureException ex) {
+ throw ex;
+ } catch (XMLSecurityException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * Add a Reference with full parameters to this Signature
- *
- * @param referenceURI URI of the resource to be signed. Can be null in which
- * case the dereferencing is application specific. Can be "" in which it's
- * the parent node (or parent document?). There can only be one "" in each
- * signature.
- * @param trans Optional list of transformations to be done before digesting
- * @param digestURI Mandatory URI of the digesting algorithm to use.
- * @param ReferenceId Optional id attribute for this Reference
- * @param ReferenceType Optional mimetype for the URI
- * @throws XMLSignatureException
- */
- public void addDocument(
- String referenceURI, Transforms trans, String digestURI, String ReferenceId, String ReferenceType)
- throws XMLSignatureException {
- this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
- digestURI, ReferenceId, ReferenceType);
- }
+ /**
+ * Add a Reference with full parameters to this Signature
+ *
+ * @param referenceURI URI of the resource to be signed. Can be null in
+ * which case the dereferencing is application specific. Can be "" in which
+ * it's the parent node (or parent document?). There can only be one "" in
+ * each signature.
+ * @param trans Optional list of transformations to be done before digesting
+ * @param digestURI Mandatory URI of the digesting algorithm to use.
+ * @param referenceId Optional id attribute for this Reference
+ * @param referenceType Optional mimetype for the URI
+ * @throws XMLSignatureException
+ */
+ public void addDocument(
+ String referenceURI,
+ Transforms trans,
+ String digestURI,
+ String referenceId,
+ String referenceType
+ ) throws XMLSignatureException {
+ this.signedInfo.addDocument(
+ this.baseURI, referenceURI, trans, digestURI, referenceId, referenceType
+ );
+ }
- /**
- * This method is a proxy method for the {@link Manifest#addDocument} method.
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @param trans List of transformations to be applied.
- * @param digestURI URI of the digest algorithm to be used.
- * @see Manifest#addDocument
- * @throws XMLSignatureException
- */
- public void addDocument(
- String referenceURI, Transforms trans, String digestURI)
- throws XMLSignatureException {
- this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
- digestURI, null, null);
- }
+ /**
+ * This method is a proxy method for the {@link Manifest#addDocument} method.
+ *
+ * @param referenceURI URI according to the XML Signature specification.
+ * @param trans List of transformations to be applied.
+ * @param digestURI URI of the digest algorithm to be used.
+ * @see Manifest#addDocument
+ * @throws XMLSignatureException
+ */
+ public void addDocument(
+ String referenceURI,
+ Transforms trans,
+ String digestURI
+ ) throws XMLSignatureException {
+ this.signedInfo.addDocument(this.baseURI, referenceURI, trans, digestURI, null, null);
+ }
- /**
- * Adds a Reference with just the URI and the transforms. This used the
- * SHA1 algorithm as a default digest algorithm.
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @param trans List of transformations to be applied.
- * @throws XMLSignatureException
- */
- public void addDocument(String referenceURI, Transforms trans)
- throws XMLSignatureException {
- this._signedInfo.addDocument(this._baseURI, referenceURI, trans,
- Constants.ALGO_ID_DIGEST_SHA1, null, null);
- }
+ /**
+ * Adds a Reference with just the URI and the transforms. This used the
+ * SHA1 algorithm as a default digest algorithm.
+ *
+ * @param referenceURI URI according to the XML Signature specification.
+ * @param trans List of transformations to be applied.
+ * @throws XMLSignatureException
+ */
+ public void addDocument(String referenceURI, Transforms trans)
+ throws XMLSignatureException {
+ this.signedInfo.addDocument(
+ this.baseURI, referenceURI, trans, Constants.ALGO_ID_DIGEST_SHA1, null, null
+ );
+ }
- /**
- * Add a Reference with just this URI. It uses SHA1 by default as the digest
- * algorithm
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @throws XMLSignatureException
- */
- public void addDocument(String referenceURI) throws XMLSignatureException {
- this._signedInfo.addDocument(this._baseURI, referenceURI, null,
- Constants.ALGO_ID_DIGEST_SHA1, null, null);
- }
+ /**
+ * Add a Reference with just this URI. It uses SHA1 by default as the digest
+ * algorithm
+ *
+ * @param referenceURI URI according to the XML Signature specification.
+ * @throws XMLSignatureException
+ */
+ public void addDocument(String referenceURI) throws XMLSignatureException {
+ this.signedInfo.addDocument(
+ this.baseURI, referenceURI, null, Constants.ALGO_ID_DIGEST_SHA1, null, null
+ );
+ }
- /**
- * Add an X509 Certificate to the KeyInfo. This will include the whole cert
- * inside X509Data/X509Certificate tags.
- *
- * @param cert Certificate to be included. This should be the certificate of the key that was used to sign.
- * @throws XMLSecurityException
- */
- public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
+ /**
+ * Add an X509 Certificate to the KeyInfo. This will include the whole cert
+ * inside X509Data/X509Certificate tags.
+ *
+ * @param cert Certificate to be included. This should be the certificate of
+ * the key that was used to sign.
+ * @throws XMLSecurityException
+ */
+ public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
+ X509Data x509data = new X509Data(this.doc);
- X509Data x509data = new X509Data(this._doc);
-
- x509data.addCertificate(cert);
- this.getKeyInfo().add(x509data);
- }
+ x509data.addCertificate(cert);
+ this.getKeyInfo().add(x509data);
+ }
- /**
- * Add this public key to the KeyInfo. This will include the complete key in
- * the KeyInfo structure.
- *
- * @param pk
- */
- public void addKeyInfo(PublicKey pk) {
- this.getKeyInfo().add(pk);
- }
+ /**
+ * Add this public key to the KeyInfo. This will include the complete key in
+ * the KeyInfo structure.
+ *
+ * @param pk
+ */
+ public void addKeyInfo(PublicKey pk) {
+ this.getKeyInfo().add(pk);
+ }
+
+ /**
+ * Proxy method for {@link SignedInfo#createSecretKey(byte[])}. If you want
+ * to create a MAC, this method helps you to obtain the
+ * {@link javax.crypto.SecretKey} from octets.
+ *
+ * @param secretKeyBytes
+ * @return the secret key created.
+ * @see SignedInfo#createSecretKey(byte[])
+ */
+ public SecretKey createSecretKey(byte[] secretKeyBytes) {
+ return this.getSignedInfo().createSecretKey(secretKeyBytes);
+ }
- /**
- * Proxy method for {@link SignedInfo#createSecretKey(byte[])}. If you want to
- * create a MAC, this method helps you to obtain the {@link javax.crypto.SecretKey}
- * from octets.
- *
- * @param secretKeyBytes
- * @return the secret key created.
- * @see SignedInfo#createSecretKey(byte[])
- */
- public SecretKey createSecretKey(byte[] secretKeyBytes)
- {
- return this.getSignedInfo().createSecretKey(secretKeyBytes);
- }
+ /**
+ * Signal wether Manifest should be automatically validated.
+ * Checking the digests in References in a Signature are mandatory, but for
+ * References inside a Manifest it is application specific. This boolean is
+ * to indicate that the References inside Manifests should be validated.
+ *
+ * @param followManifests
+ * @see <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">
+ * Core validation section in the XML Signature Rec.</a>
+ */
+ public void setFollowNestedManifests(boolean followManifests) {
+ this.followManifestsDuringValidation = followManifests;
+ }
- /**
- * Signal wether Manifest should be automatically validated.
- * Checking the digests in References in a Signature are mandatory, but for
- * References inside a Manifest it is application specific. This boolean is
- * to indicate that the References inside Manifests should be validated.
- *
- * @param followManifests
- * @see <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">Core validation section in the XML Signature Rec.</a>
- */
- public void setFollowNestedManifests(boolean followManifests) {
- this._followManifestsDuringValidation = followManifests;
- }
-
- /**
- * Get the local name of this element
- *
- * @return Constant._TAG_SIGNATURE
- */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNATURE;
- }
+ /**
+ * Get the local name of this element
+ *
+ * @return Constants._TAG_SIGNATURE
+ */
+ public String getBaseLocalName() {
+ return Constants._TAG_SIGNATURE;
+ }
}