Class XMLSignatureUtil
java.lang.Object
org.keycloak.saml.processing.core.util.XMLSignatureUtil
Utility for XML Signature Note: You can change the canonicalization method type by using the system property
"picketlink.xmlsig.canonicalization"
- Since:
- Dec 15, 2008
- Author:
- Anil.Saldhana@redhat.com, alessio.soldano@jboss.com
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic KeyInfocreateKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) static KeyInfocreateKeyInfo(Element keyInfo) static KeyValueTypecreateKeyValue(PublicKey key) Creates aKeyValueTypethat wraps the specified public key.static DSAKeyValueTypegetDSAKeyValue(Element element) Given a dsig:DSAKeyValue element, returnDSAKeyValueTypestatic RSAKeyValueTypegetRSAKeyValue(Element element) Given a dsig:DSAKeyValue element, returnDSAKeyValueTypestatic ElementgetSignature(Element element) Returns the element that contains the signature for the passed element.static X509CertificategetX509CertificateFromKeyInfoString(String certificateString) Given the X509Certificate in the keyinfo element, get aX509Certificatestatic voidmarshall(SignatureType signature, OutputStream os) Marshall a SignatureType to output streamstatic voidmarshall(Document signedDocument, OutputStream os) Marshall the signed document to an output streamstatic voidpropagateIDAttributeSetup(Node sourceNode, Element destElement) Setup the ID attribute intodestElementdepending on theisIdflag of an attribute ofsourceNode.static voidsetIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature) Use this method to not include the KeyInfo in the signaturestatic Documentsign(SignatureUtilTransferObject dto, String canonicalizationMethodType) Sign the root elementstatic Documentsign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) Sign the root elementstatic Documentsign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign the root elementstatic Documentsign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign a node in a documentstatic voidsign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) Sign only specified element (assumption is that it already has ID attribute set)static voidsign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) Sign only specified element (assumption is that it already has ID attribute set)static booleanvalidate(Document signedDoc, KeyLocator locator) Validate a signed document with the given public key.static booleanvalidateSingleNode(Node signatureNode, KeyLocator locator) static booleanvalidateSingleNode(Node signatureNode, KeyLocator locator, Set<Node> signedNodes)
-
Constructor Details
-
XMLSignatureUtil
public XMLSignatureUtil()
-
-
Method Details
-
getSignature
Returns the element that contains the signature for the passed element.- Parameters:
element- The element to search for the signature- Returns:
- The signature element or null
-
setIncludeKeyInfoInSignature
public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature) Use this method to not include the KeyInfo in the signature- Parameters:
includeKeyInfoInSignature-- Since:
- v2.0.1
-
sign
public static Document sign(Document doc, Node nodeToBeSigned, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException Sign a node in a document- Parameters:
doc-nodeToBeSigned-keyPair-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
ParserConfigurationExceptionXMLSignatureExceptionMarshalExceptionGeneralSecurityException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign- element to sign with set IDnextSibling- child of elementToSign, which will be used as next sibling of created signaturekeyPair-digestMethod-signatureMethod-referenceURI-- Throws:
GeneralSecurityExceptionMarshalExceptionXMLSignatureException
-
sign
public static void sign(Element elementToSign, Node nextSibling, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign only specified element (assumption is that it already has ID attribute set)- Parameters:
elementToSign- element to sign with set IDnextSibling- child of elementToSign, which will be used as next sibling of created signaturekeyPair-digestMethod-signatureMethod-referenceURI-x509Certificate-X509Certificateto be placed in SignedInfo- Throws:
GeneralSecurityExceptionMarshalExceptionXMLSignatureException- Since:
- 2.5.0
-
propagateIDAttributeSetup
Setup the ID attribute intodestElementdepending on theisIdflag of an attribute ofsourceNode.- Parameters:
sourceNode-
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Parameters:
doc-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException
-
sign
public static Document sign(Document doc, String keyName, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Parameters:
doc-digestMethod-signatureMethod-referenceURI-- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException- Since:
- 2.5.0
-
sign
public static Document sign(SignatureUtilTransferObject dto, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException Sign the root element- Returns:
- Throws:
GeneralSecurityExceptionXMLSignatureExceptionMarshalException
-
validate
public static boolean validate(Document signedDoc, KeyLocator locator) throws MarshalException, XMLSignatureException Validate a signed document with the given public key. All elements that contain a Signature are checked, this way both assertions and the containing document are verified when signed.- Parameters:
signedDoc-locator-- Returns:
- Throws:
MarshalExceptionXMLSignatureException
-
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator) throws MarshalException, XMLSignatureException -
validateSingleNode
public static boolean validateSingleNode(Node signatureNode, KeyLocator locator, Set<Node> signedNodes) throws MarshalException, XMLSignatureException -
marshall
public static void marshall(SignatureType signature, OutputStream os) throws jakarta.xml.bind.JAXBException, SAXException Marshall a SignatureType to output stream- Parameters:
signature-os-- Throws:
SAXExceptionjakarta.xml.bind.JAXBException
-
marshall
Marshall the signed document to an output stream- Parameters:
signedDocument-os-- Throws:
TransformerException
-
getX509CertificateFromKeyInfoString
public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString) throws ProcessingException Given the X509Certificate in the keyinfo element, get aX509Certificate- Parameters:
certificateString-- Returns:
- Throws:
ProcessingException
-
getDSAKeyValue
Given a dsig:DSAKeyValue element, returnDSAKeyValueType- Parameters:
element-- Returns:
- Throws:
ProcessingExceptionParsingException
-
getRSAKeyValue
Given a dsig:DSAKeyValue element, returnDSAKeyValueType- Parameters:
element-- Returns:
- Throws:
ProcessingExceptionParsingException
-
createKeyValue
Creates a
KeyValueTypethat wraps the specified public key. This method supports DSA and RSA keys.- Parameters:
key- thePublicKeythat will be represented as aKeyValueType.- Returns:
- the constructed
KeyValueTypeornullif the specified key is neither a DSA nor a RSA key.
-
createKeyInfo
public static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException - Throws:
KeyException
-
createKeyInfo
- Throws:
MarshalException
-