Class XMLSignatureUtil
java.lang.Object
org.keycloak.saml.processing.core.util.XMLSignatureUtil
Utility for XML Signature Note: You can change the canonicalization method type by using the system property
"picketlink.xmlsig.canonicalization"
- Since:
- Dec 15, 2008
- Author:
- Anil.Saldhana@redhat.com, alessio.soldano@jboss.com
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic KeyInfo
createKeyInfo
(String keyName, PublicKey publicKey, X509Certificate x509Certificate) static KeyInfo
createKeyInfo
(Element keyInfo) static KeyValueType
createKeyValue
(PublicKey key) Creates aKeyValueType
that wraps the specified public key.static DSAKeyValueType
getDSAKeyValue
(Element element) Given a dsig:DSAKeyValue element, returnDSAKeyValueType
static RSAKeyValueType
getRSAKeyValue
(Element element) Given a dsig:DSAKeyValue element, returnDSAKeyValueType
static Element
getSignature
(Element element) Returns the element that contains the signature for the passed element.static X509Certificate
getX509CertificateFromKeyInfoString
(String certificateString) Given the X509Certificate in the keyinfo element, get aX509Certificate
static void
marshall
(SignatureType signature, OutputStream os) Marshall a SignatureType to output streamstatic void
marshall
(Document signedDocument, OutputStream os) Marshall the signed document to an output streamstatic void
propagateIDAttributeSetup
(Node sourceNode, Element destElement) Setup the ID attribute intodestElement
depending on theisId
flag of an attribute ofsourceNode
.static void
setIncludeKeyInfoInSignature
(boolean includeKeyInfoInSignature) Use this method to not include the KeyInfo in the signaturestatic Document
sign
(SignatureUtilTransferObject dto, String canonicalizationMethodType) Sign the root elementstatic Document
sign
(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) Sign the root elementstatic Document
sign
(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign the root elementstatic Document
sign
(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign a node in a documentstatic void
sign
(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) Sign only specified element (assumption is that it already has ID attribute set)static void
sign
(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign only specified element (assumption is that it already has ID attribute set)static boolean
validate
(Document signedDoc, KeyLocator locator) Validate a signed document with the given public key.static boolean
validateSingleNode
(Node signatureNode, KeyLocator locator) static boolean
validateSingleNode
(Node signatureNode, KeyLocator locator, Set<Node> signedNodes)
-
Constructor Details
-
XMLSignatureUtil
public XMLSignatureUtil()
-
-
Method Details
-
getSignature
Returns the element that contains the signature for the passed element.- Parameters:
element
- The element to search for the signature- Returns:
- The signature element or null
-
setIncludeKeyInfoInSignature
public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature) Use this method to not include the KeyInfo in the signature- Parameters:
includeKeyInfoInSignature
-- Since:
- v2.0.1
-
sign
public static Document sign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException Sign a node in a document- Parameters:
doc
-nodeToBeSigned
-keyPair
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
ParserConfigurationException
XMLSignatureException
MarshalException
GeneralSecurityException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign
- element to sign with set IDnextSibling
- child of elementToSign, which will be used as next sibling of created signaturekeyPair
-digestMethod
-signatureMethod
-referenceURI
-- Throws:
GeneralSecurityException
MarshalException
XMLSignatureException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign
- element to sign with set IDnextSibling
- child of elementToSign, which will be used as next sibling of created signaturekeyPair
-digestMethod
-signatureMethod
-referenceURI
-x509Certificate
-X509Certificate
to be placed in SignedInfo- Throws:
GeneralSecurityException
MarshalException
XMLSignatureException
- Since:
- 2.5.0
-
propagateIDAttributeSetup
Setup the ID attribute intodestElement
depending on theisId
flag of an attribute ofsourceNode
.- Parameters:
sourceNode
-
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Parameters:
doc
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Parameters:
doc
-digestMethod
-signatureMethod
-referenceURI
-- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
- Since:
- 2.5.0
-
sign
public static Document sign(SignatureUtilTransferObject dto, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Returns:
- Throws:
GeneralSecurityException
XMLSignatureException
MarshalException
-
validate
public static boolean validate(Document signedDoc, KeyLocator locator) throws MarshalException, XMLSignatureException Validate a signed document with the given public key. All elements that contain a Signature are checked, this way both assertions and the containing document are verified when signed.- Parameters:
signedDoc
-locator
-- Returns:
- Throws:
MarshalException
XMLSignatureException
-
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator) throws MarshalException, XMLSignatureException -
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator, Set<Node> signedNodes) throws MarshalException, XMLSignatureException -
marshall
public static void marshall(SignatureType signature, OutputStream os) throws jakarta.xml.bind.JAXBException, SAXException Marshall a SignatureType to output stream- Parameters:
signature
-os
-- Throws:
SAXException
jakarta.xml.bind.JAXBException
-
marshall
Marshall the signed document to an output stream- Parameters:
signedDocument
-os
-- Throws:
TransformerException
-
getX509CertificateFromKeyInfoString
public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString) throws ProcessingException Given the X509Certificate in the keyinfo element, get aX509Certificate
- Parameters:
certificateString
-- Returns:
- Throws:
ProcessingException
-
getDSAKeyValue
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
- Parameters:
element
-- Returns:
- Throws:
ProcessingException
ParsingException
-
getRSAKeyValue
Given a dsig:DSAKeyValue element, returnDSAKeyValueType
- Parameters:
element
-- Returns:
- Throws:
ProcessingException
ParsingException
-
createKeyValue
Creates a
KeyValueType
that wraps the specified public key. This method supports DSA and RSA keys.- Parameters:
key
- thePublicKey
that will be represented as aKeyValueType
.- Returns:
- the constructed
KeyValueType
ornull
if the specified key is neither a DSA nor a RSA key.
-
createKeyInfo
public static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException - Throws:
KeyException
-
createKeyInfo
- Throws:
MarshalException
-