Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.idoox.xml.security
Interface SignatureCreator

public interface SignatureCreator

The interface of the object that is able to create XML Signature for a given source represented by a tokenizer.

To create a signature we need data source to sign and

Example of the mostly used case - creating signature with private key and X509 certificate: 

        java.security.cert.X509Certificate certificate;
        Tokenizer source;
        java.security.PrivateKey privateKey;
        ...
        // obtain source, privateKey and certificate
        ...
        SignatureCreator creator = SignatureFactory.getInstance().getSignatureCreator();
        Tokenizer sign = creator.createSignature(source, privateKey, certificate);

During signing, data source may be transformed by some algorithms. If method addTransformAlgorithm is not used, the only canonicalization transformation is applied for data source. Application may implement other transformation (see Transform) and then apply it to data source using addTransformAlgorithm.

The KeyInfo element is derived from type of the given key resp. certificate. The common types of the KeyInfo element, specified by W3C, are DSAKeyValue, RSAKeyValue and X509Data. The user defined KeyInfo element may be also generated. Just issue setKeyContentData to declare that the KeyContent with the given name should be used.

Component:
Security-Providers

Method Summary
 void addAncestorNamespace(java.lang.String prefix, java.lang.String value)
          Adds namespace defined by the ancestor of the signature.
 void addAncestorNamespaces(java.util.Map namespaces)
          Adds namespace defined by the ancestor of the signature.
 void addTransformAlgorithm(java.lang.String transformAlgorithm)
          Adds transformation parameter for the signature.
 Tokenizer createSignature(Tokenizer source, java.security.PrivateKey privateKey, java.security.PublicKey publicKey)
          Creates Signature for the given source with PrivateKey and PublicKey.
 Tokenizer createSignature(Tokenizer source, java.security.PrivateKey privateKey, java.security.cert.X509Certificate certificate)
          Creates Signature for the given source with PrivateKey and PublicKey.
 Tokenizer createSignature(Tokenizer source, javax.crypto.SecretKey secretKey)
          Creates Signature for the given source with PrivateKey and PublicKey.
 void setCanonicalizationMethod(java.lang.String canonicalizationMethod)
          Sets Canonicalization for the signature.
 void setDigestMethod(java.lang.String digestMethod)
          Sets digestMethod for the signature
 void setKeyContentData(QName keyContentName, java.util.Map keyContentData)
          Adds KeyContent associates with a given keyContentName to the KeyInfo element that will be created by some of createSignature method.
 void setKeyName(java.lang.String keyName)
          Sets KeyName for the signature.
 void setPrefix(java.lang.String prefix)
          Sets prefix of the signature to the given value.
 void setReferenceURI(java.lang.String referenceURI)
          Set uri attribute of the refencence element in the SignedInfo structure to the given URI.
 void setSignatureMethod(java.lang.String signatureMethod)
          Sets SignatureMethod to a given string.
 

Method Detail

addTransformAlgorithm

public void addTransformAlgorithm(java.lang.String transformAlgorithm)
Adds transformation parameter for the signature.

Parameters:
transformAlgorithm - to be added to.

setDigestMethod

public void setDigestMethod(java.lang.String digestMethod)
Sets digestMethod for the signature

Parameters:
digestMethod - The new DigestMethod value

setCanonicalizationMethod

public void setCanonicalizationMethod(java.lang.String canonicalizationMethod)
Sets Canonicalization for the signature. The default canonicalization is "http://www.w3.org/TR/2001/REC-xml-c14n-20010315". Another possible canonicalization is "http://www.w3.org/2001/10/xml-exc-c14n#".

Parameters:
canonicalizationMethod - The new CanonicalizationMethod value

setSignatureMethod

public void setSignatureMethod(java.lang.String signatureMethod)
Sets SignatureMethod to a given string. If this method is not issued before createSignature() calling, signatureMethod is derived from type of the given publicKey.

Parameters:
signatureMethod - The new SignatureMethod value

setKeyName

public void setKeyName(java.lang.String keyName)
Sets KeyName for the signature. KeyName is an optional child element of the KeyInfo element, see http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/#sec-KeyName. If KeyInfo element is present (case of RSA, DSA, X509Certificate signature method), KeyName may be set to some given String.

Parameters:
keyName - The new KeyName value

setReferenceURI

public void setReferenceURI(java.lang.String referenceURI)
Set uri attribute of the refencence element in the SignedInfo structure to the given URI.

Parameters:
referenceURI - the given URI to set.

setPrefix

public void setPrefix(java.lang.String prefix)
Sets prefix of the signature to the given value. If this method is not issued, the default namespace is used to the signature.

Parameters:
prefix - the string to set to.

addAncestorNamespace

public void addAncestorNamespace(java.lang.String prefix,
                                 java.lang.String value)
Adds namespace defined by the ancestor of the signature. We need to know namespaces defined by the ancestor to create canonical form properly. These namespaces are propagated to the canonical form of sub element. For example canonical form of SignedInfo element.

Parameters:
prefix - namespace prefix
value - value of the namespace

addAncestorNamespaces

public void addAncestorNamespaces(java.util.Map namespaces)
Adds namespace defined by the ancestor of the signature. We need to know namespaces defined by the ancestor to create canonical form properly. These namespaces are propagated to the canonical form of sub element. For example canonical form of SignedInfo element.

Parameters:
namespaces - map of the namespaces defined by ancestor

createSignature

public Tokenizer createSignature(Tokenizer source,
                                 java.security.PrivateKey privateKey,
                                 java.security.PublicKey publicKey)
                          throws SignatureException
Creates Signature for the given source with PrivateKey and PublicKey. Additional parameters should be set before. Otherwise, default parameters are following: canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" signatureMethod is derived from type of the given publicKey ( "http://www.w3.org/2000/09/xmldsig#dsa-sha1" or "http://www.w3.org/2000/09/xmldsig#rsa-sha1") no transformation no KeyName element

Parameters:
source - the given data source
privateKey - private key (DSA or RSA algorithm)
publicKey - public key (DSA or RSA algorithm)
Returns:
the created signature
Throws:
SignatureException - thrown when error occurs

createSignature

public Tokenizer createSignature(Tokenizer source,
                                 java.security.PrivateKey privateKey,
                                 java.security.cert.X509Certificate certificate)
                          throws SignatureException
Creates Signature for the given source with PrivateKey and PublicKey. Additional parameters should be set before. Otherwise, default parameters are following: canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" signatureMethod is derived from type of the given certificate ( "http://www.w3.org/2000/09/xmldsig#dsa-sha1" or "http://www.w3.org/2000/09/xmldsig#rsa-sha1") no transformation no KeyName element

Parameters:
source - the given data source
privateKey - private key (DSA or RSA algorithm)
certificate - X509 certificate
Returns:
the created signature
Throws:
SignatureException - thrown when error occurs

createSignature

public Tokenizer createSignature(Tokenizer source,
                                 javax.crypto.SecretKey secretKey)
                          throws SignatureException
Creates Signature for the given source with PrivateKey and PublicKey. Additional parameters should be set before. Otherwise, default parameters are following: canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" signatureMethod is "http://www.w3.org/2000/09/xmldsig#hmac-sha1" no transformation no KeyName element

Parameters:
source - the given data source
secretKey - secret key (HMAC-SHA1 algorithm)
Returns:
the created signature
Throws:
SignatureException - thrown when error occurs

setKeyContentData

public void setKeyContentData(QName keyContentName,
                              java.util.Map keyContentData)
Adds KeyContent associates with a given keyContentName to the KeyInfo element that will be created by some of createSignature method. See KeyContent and KeyContentFactory for further information. If KeyContent is RSA, DSA or X509Certificate, keyContentData may be null. If KeyContent is LicenseLocation, keyContentData must contains a pair {KeyContent.LICENSE_LOCATION_URI, "a given URI of licenseLocation"}. If KeyContent is some other type, the neccessary information should be put into keyContentData map.

Parameters:
keyContentName - name of the keyContent
keyContentData - an additional information for constructing KeyContent object.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD