Class XMLSignatureUtil
- java.lang.Object
-
- org.keycloak.saml.processing.core.util.XMLSignatureUtil
-
public class XMLSignatureUtil extends Object
Utility for XML Signature Note: You can change the canonicalization method type by using the system property "picketlink.xmlsig.canonicalization"- Since:
- Dec 15, 2008
- Author:
- Anil.Saldhana@redhat.com, alessio.soldano@jboss.com
-
-
Constructor Summary
Constructors Constructor Description XMLSignatureUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static KeyInfo
createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate)
static KeyValueType
createKeyValue(PublicKey key)
Creates aKeyValueType
that wraps the specified public key.static DSAKeyValueType
getDSAKeyValue(Element element)
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
static RSAKeyValueType
getRSAKeyValue(Element element)
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
static X509Certificate
getX509CertificateFromKeyInfoString(String certificateString)
Given the X509Certificate in the keyinfo element, get aX509Certificate
static void
marshall(SignatureType signature, OutputStream os)
Marshall a SignatureType to output streamstatic void
marshall(Document signedDocument, OutputStream os)
Marshall the signed document to an output streamstatic void
propagateIDAttributeSetup(Node sourceNode, Element destElement)
Setup the ID attribute intodestElement
depending on theisId
flag of an attribute ofsourceNode
.static void
setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
Use this method to not include the KeyInfo in the signaturestatic Document
sign(SignatureUtilTransferObject dto, String canonicalizationMethodType)
Sign the root elementstatic Document
sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType)
Sign the root elementstatic Document
sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)
Sign the root elementstatic Document
sign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)
Sign a node in a documentstatic void
sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType)
Sign only specified element (assumption is that it already has ID attribute set)static void
sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType)
Sign only specified element (assumption is that it already has ID attribute set)static boolean
validate(Document signedDoc, KeyLocator locator)
Validate a signed document with the given public key.static boolean
validateSingleNode(Node signatureNode, KeyLocator locator)
-
-
-
Method Detail
-
setIncludeKeyInfoInSignature
public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
Use this method to not include the KeyInfo in the signature- Parameters:
includeKeyInfoInSignature
-- Since:
- v2.0.1
-
sign
public static Document sign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
Sign a node in a document- Parameters:
doc
-nodeToBeSigned
-keyPair
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
ParserConfigurationException
XMLSignatureException
MarshalException
GeneralSecurityException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign
- element to sign with set IDnextSibling
- child of elementToSign, which will be used as next sibling of created signaturekeyPair
-digestMethod
-signatureMethod
-referenceURI
-- Throws:
GeneralSecurityException
MarshalException
XMLSignatureException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign
- element to sign with set IDnextSibling
- child of elementToSign, which will be used as next sibling of created signaturekeyPair
-digestMethod
-signatureMethod
-referenceURI
-x509Certificate
-X509Certificate
to be placed in SignedInfo- Throws:
GeneralSecurityException
MarshalException
XMLSignatureException
- Since:
- 2.5.0
-
propagateIDAttributeSetup
public static void propagateIDAttributeSetup(Node sourceNode, Element destElement)
Setup the ID attribute intodestElement
depending on theisId
flag of an attribute ofsourceNode
.- Parameters:
sourceNode
-
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Parameters:
doc
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Parameters:
doc
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
- Since:
- 2.5.0
-
sign
public static Document sign(SignatureUtilTransferObject dto, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException
Sign the root element- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
-
validate
public static boolean validate(Document signedDoc, KeyLocator locator) throws MarshalException, XMLSignatureException
Validate a signed document with the given public key. All elements that contain a Signature are checked, this way both assertions and the containing document are verified when signed.- Parameters:
signedDoc
-publicKey
-- Returns:
- Throws:
MarshalException
XMLSignatureException
-
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator) throws MarshalException, XMLSignatureException
-
marshall
public static void marshall(SignatureType signature, OutputStream os) throws javax.xml.bind.JAXBException, SAXException
Marshall a SignatureType to output stream- Parameters:
signature
-os
-- Throws:
SAXException
javax.xml.bind.JAXBException
-
marshall
public static void marshall(Document signedDocument, OutputStream os) throws TransformerException
Marshall the signed document to an output stream- Parameters:
signedDocument
-os
-- Throws:
TransformerException
-
getX509CertificateFromKeyInfoString
public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString) throws ProcessingException
Given the X509Certificate in the keyinfo element, get aX509Certificate
- Parameters:
certificateString
-- Returns:
- Throws:
ProcessingException
-
getDSAKeyValue
public static DSAKeyValueType getDSAKeyValue(Element element) throws ParsingException
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
- Parameters:
element
-- Returns:
- Throws:
ProcessingException
ParsingException
-
getRSAKeyValue
public static RSAKeyValueType getRSAKeyValue(Element element) throws ParsingException
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
- Parameters:
element
-- Returns:
- Throws:
ProcessingException
ParsingException
-
createKeyValue
public static KeyValueType createKeyValue(PublicKey key)
Creates a
KeyValueType
that wraps the specified public key. This method supports DSA and RSA keys.- Parameters:
key
- thePublicKey
that will be represented as aKeyValueType
.- Returns:
- the constructed
KeyValueType
ornull
if the specified key is neither a DSA nor a RSA key.
-
createKeyInfo
public static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException
- Throws:
KeyException
-
-