Class XMLSignatureUtil
- java.lang.Object
-
- org.keycloak.saml.processing.core.util.XMLSignatureUtil
-
public class XMLSignatureUtil extends Object
Utility for XML Signature Note: You can change the canonicalization method type by using the system property "picketlink.xmlsig.canonicalization"- Since:
- Dec 15, 2008
- Author:
- Anil.Saldhana@redhat.com, alessio.soldano@jboss.com
-
-
Constructor Summary
Constructors Constructor Description XMLSignatureUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static KeyInfocreateKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate)static KeyValueTypecreateKeyValue(PublicKey key)Creates aKeyValueTypethat wraps the specified public key.static DSAKeyValueTypegetDSAKeyValue(Element element)Given a dsig:DSAKeyValue element, returnDSAKeyValueTypestatic RSAKeyValueTypegetRSAKeyValue(Element element)Given a dsig:DSAKeyValue element, returnDSAKeyValueTypestatic X509CertificategetX509CertificateFromKeyInfoString(String certificateString)Given the X509Certificate in the keyinfo element, get aX509Certificatestatic voidmarshall(SignatureType signature, OutputStream os)Marshall a SignatureType to output streamstatic voidmarshall(Document signedDocument, OutputStream os)Marshall the signed document to an output streamstatic voidpropagateIDAttributeSetup(Node sourceNode, Element destElement)Setup the ID attribute intodestElementdepending on theisIdflag of an attribute ofsourceNode.static voidsetIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)Use this method to not include the KeyInfo in the signaturestatic Documentsign(SignatureUtilTransferObject dto, String canonicalizationMethodType)Sign the root elementstatic Documentsign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType)Sign the root elementstatic Documentsign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)Sign the root elementstatic Documentsign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)Sign a node in a documentstatic voidsign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType)Sign only specified element (assumption is that it already has ID attribute set)static voidsign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)Sign only specified element (assumption is that it already has ID attribute set)static booleanvalidate(Document signedDoc, KeyLocator locator)Validate a signed document with the given public key.static booleanvalidateSingleNode(Node signatureNode, KeyLocator locator)
-
-
-
Method Detail
-
setIncludeKeyInfoInSignature
public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
Use this method to not include the KeyInfo in the signature- Parameters:
includeKeyInfoInSignature-- Since:
- v2.0.1
-
sign
public static Document sign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
Sign a node in a document- Parameters:
doc-nodeToBeSigned-keyPair-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
ParserConfigurationExceptionXMLSignatureExceptionMarshalExceptionGeneralSecurityException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign- element to sign with set IDnextSibling- child of elementToSign, which will be used as next sibling of created signaturekeyPair-digestMethod-signatureMethod-referenceURI-- Throws:
GeneralSecurityExceptionMarshalExceptionXMLSignatureException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign- element to sign with set IDnextSibling- child of elementToSign, which will be used as next sibling of created signaturekeyPair-digestMethod-signatureMethod-referenceURI-x509Certificate-X509Certificateto be placed in SignedInfo- Throws:
GeneralSecurityExceptionMarshalExceptionXMLSignatureException- Since:
- 2.5.0
-
propagateIDAttributeSetup
public static void propagateIDAttributeSetup(Node sourceNode, Element destElement)
Setup the ID attribute intodestElementdepending on theisIdflag of an attribute ofsourceNode.- Parameters:
sourceNode-
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Parameters:
doc-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Parameters:
doc-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException- Since:
- 2.5.0
-
sign
public static Document sign(SignatureUtilTransferObject dto, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException
-
validate
public static boolean validate(Document signedDoc, KeyLocator locator) throws MarshalException, XMLSignatureException
Validate a signed document with the given public key. All elements that contain a Signature are checked, this way both assertions and the containing document are verified when signed.- Parameters:
signedDoc-publicKey-- Returns:
- Throws:
MarshalExceptionXMLSignatureException
-
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator) throws MarshalException, XMLSignatureException
-
marshall
public static void marshall(SignatureType signature, OutputStream os) throws javax.xml.bind.JAXBException, SAXException
Marshall a SignatureType to output stream- Parameters:
signature-os-- Throws:
SAXExceptionjavax.xml.bind.JAXBException
-
marshall
public static void marshall(Document signedDocument, OutputStream os) throws TransformerException
Marshall the signed document to an output stream- Parameters:
signedDocument-os-- Throws:
TransformerException
-
getX509CertificateFromKeyInfoString
public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString) throws ProcessingException
Given the X509Certificate in the keyinfo element, get aX509Certificate- Parameters:
certificateString-- Returns:
- Throws:
ProcessingException
-
getDSAKeyValue
public static DSAKeyValueType getDSAKeyValue(Element element) throws ParsingException
Given a dsig:DSAKeyValue element, returnDSAKeyValueType- Parameters:
element-- Returns:
- Throws:
ProcessingExceptionParsingException
-
getRSAKeyValue
public static RSAKeyValueType getRSAKeyValue(Element element) throws ParsingException
Given a dsig:DSAKeyValue element, returnDSAKeyValueType- Parameters:
element-- Returns:
- Throws:
ProcessingExceptionParsingException
-
createKeyValue
public static KeyValueType createKeyValue(PublicKey key)
Creates a
KeyValueTypethat wraps the specified public key. This method supports DSA and RSA keys.- Parameters:
key- thePublicKeythat will be represented as aKeyValueType.- Returns:
- the constructed
KeyValueTypeornullif the specified key is neither a DSA nor a RSA key.
-
createKeyInfo
public static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException
- Throws:
KeyException
-
-