/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
/*
 * Copyright  1999-2004 The Apache Software Foundation.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */
package com.sun.org.apache.xml.internal.security.signature;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;

import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

Handles <ds:SignedInfo> elements This SignedInfo element includes the canonicalization algorithm, a signature algorithm, and one or more references.
Author:Christian Geuer-Pollmann
/** * Handles <code>&lt;ds:SignedInfo&gt;</code> elements * This <code>SignedInfo<code> element includes the canonicalization algorithm, * a signature algorithm, and one or more references. * * @author Christian Geuer-Pollmann */
public class SignedInfo extends Manifest {
Field _signatureAlgorithm
/** Field _signatureAlgorithm */
private SignatureAlgorithm _signatureAlgorithm = null;
Field _c14nizedBytes
/** Field _c14nizedBytes */
private byte[] _c14nizedBytes = null; private Element c14nMethod; private Element signatureMethod;
Overwrites Manifest.addDocument because it creates another Element.
Params:
  • doc – the Document in which XMLsignature will be placed
Throws:
/** * Overwrites {@link Manifest#addDocument} because it creates another * Element. * * @param doc the {@link Document} in which <code>XMLsignature</code> will * be placed * @throws XMLSecurityException */
public SignedInfo(Document doc) throws XMLSecurityException { this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); }
Constructs SignedInfo using given Canonicalization algorithm and Signature algorithm.
Params:
  • doc – SignedInfo is placed in this document
  • signatureMethodURI – URI representation of the Digest and Signature algorithm
  • canonicalizationMethodURI – URI representation of the Canonicalization method
Throws:
/** * Constructs {@link SignedInfo} using given Canonicalization algorithm and * Signature algorithm. * * @param doc <code>SignedInfo</code> is placed in this document * @param signatureMethodURI URI representation of the Digest and * Signature algorithm * @param canonicalizationMethodURI URI representation of the * Canonicalization method * @throws XMLSecurityException */
public SignedInfo(Document doc, String signatureMethodURI, String canonicalizationMethodURI) throws XMLSecurityException { this(doc, signatureMethodURI, 0, canonicalizationMethodURI); }
Constructor SignedInfo
Params:
  • doc – SignedInfo is placed in this document
  • signatureMethodURI – URI representation of the Digest and Signature algorithm
  • hMACOutputLength –
  • canonicalizationMethodURI – URI representation of the Canonicalization method
Throws:
/** * Constructor SignedInfo * * @param doc <code>SignedInfo</code> is placed in this document * @param signatureMethodURI URI representation of the Digest and * Signature algorithm * @param hMACOutputLength * @param canonicalizationMethodURI URI representation of the * Canonicalization method * @throws XMLSecurityException */
public SignedInfo(Document doc, String signatureMethodURI, int hMACOutputLength, String canonicalizationMethodURI) throws XMLSecurityException { super(doc); c14nMethod = XMLUtils.createElementInSignatureSpace(this._doc, Constants._TAG_CANONICALIZATIONMETHOD); c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI); this._constructionElement.appendChild(c14nMethod); XMLUtils.addReturnToElement(this._constructionElement); if (hMACOutputLength > 0) { this._signatureAlgorithm = new SignatureAlgorithm(this._doc, signatureMethodURI, hMACOutputLength); } else { this._signatureAlgorithm = new SignatureAlgorithm(this._doc, signatureMethodURI); } signatureMethod = this._signatureAlgorithm.getElement(); this._constructionElement.appendChild(signatureMethod); XMLUtils.addReturnToElement(this._constructionElement); }
Params:
  • doc –
  • signatureMethodElem –
  • canonicalizationMethodElem –
Throws:
/** * @param doc * @param signatureMethodElem * @param canonicalizationMethodElem * @throws XMLSecurityException */
public SignedInfo(Document doc, Element signatureMethodElem, Element canonicalizationMethodElem) throws XMLSecurityException { super(doc); // Check this? this.c14nMethod = canonicalizationMethodElem; this._constructionElement.appendChild(c14nMethod); XMLUtils.addReturnToElement(this._constructionElement); this._signatureAlgorithm = new SignatureAlgorithm(signatureMethodElem, null); signatureMethod = this._signatureAlgorithm.getElement(); this._constructionElement.appendChild(signatureMethod); XMLUtils.addReturnToElement(this._constructionElement); }
Build a SignedInfo from an Element
Params:
  • element – SignedInfo
  • baseURI – the URI of the resource where the XML instance was stored
Throws:
See Also:
/** * Build a {@link SignedInfo} from an {@link Element} * * @param element <code>SignedInfo</code> * @param baseURI the URI of the resource where the XML instance was stored * @throws XMLSecurityException * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">Question</A> * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">Answer</A> */
public SignedInfo(Element element, String baseURI) throws XMLSecurityException { // Parse the Reference children and Id attribute in the Manifest super(element, baseURI); /* canonicalize ds:SignedInfo, reparse it into a new document * and replace the original not-canonicalized ds:SignedInfo by * the re-parsed canonicalized one. */ c14nMethod = XMLUtils.getNextElement(element.getFirstChild()); String c14nMethodURI = this.getCanonicalizationMethodURI(); if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS))) { // the c14n is not a secure one and can rewrite the URIs or like // that reparse the SignedInfo to be sure try { Canonicalizer c14nizer = Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); this._c14nizedBytes = c14nizer.canonicalizeSubtree(this._constructionElement); javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); Document newdoc = db.parse(new ByteArrayInputStream(this._c14nizedBytes)); Node imported = this._doc.importNode(newdoc.getDocumentElement(), true); this._constructionElement.getParentNode().replaceChild(imported, this._constructionElement); this._constructionElement = (Element) imported; } catch (ParserConfigurationException ex) { throw new XMLSecurityException("empty", ex); } catch (IOException ex) { throw new XMLSecurityException("empty", ex); } catch (SAXException ex) { throw new XMLSecurityException("empty", ex); } } signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling()); this._signatureAlgorithm = new SignatureAlgorithm(signatureMethod, this.getBaseURI()); }
Tests core validation process
Throws:
Returns:true if verification was successful
/** * Tests core validation process * * @return true if verification was successful * @throws MissingResourceFailureException * @throws XMLSecurityException */
public boolean verify() throws MissingResourceFailureException, XMLSecurityException { return super.verifyReferences(false); }
Tests core validation process
Params:
  • followManifests – defines whether the verification process has to verify referenced ds:Manifests, too
Throws:
Returns:true if verification was successful
/** * Tests core validation process * * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too * @return true if verification was successful * @throws MissingResourceFailureException * @throws XMLSecurityException */
public boolean verify(boolean followManifests) throws MissingResourceFailureException, XMLSecurityException { return super.verifyReferences(followManifests); }
Returns getCanonicalizedOctetStream
Throws:
Returns:the canonicalization result octedt stream of SignedInfo element
/** * Returns getCanonicalizedOctetStream * * @return the canonicalization result octedt stream of <code>SignedInfo</code> element * @throws CanonicalizationException * @throws InvalidCanonicalizerException * @throws XMLSecurityException */
public byte[] getCanonicalizedOctetStream() throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException { if ((this._c14nizedBytes == null) /*&& (this._state == ElementProxy.MODE_SIGN)*/) { Canonicalizer c14nizer = Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); this._c14nizedBytes = c14nizer.canonicalizeSubtree(this._constructionElement); } // make defensive copy byte[] output = new byte[this._c14nizedBytes.length]; System.arraycopy(this._c14nizedBytes, 0, output, 0, output.length); return output; }
Output the C14n stream to the give outputstream.
Params:
  • os –
Throws:
/** * Output the C14n stream to the give outputstream. * @param os * @throws CanonicalizationException * @throws InvalidCanonicalizerException * @throws XMLSecurityException */
public void signInOctectStream(OutputStream os) throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException { if ((this._c14nizedBytes == null)) { Canonicalizer c14nizer = Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); c14nizer.setWriter(os); String inclusiveNamespaces = this.getInclusiveNamespaces(); if(inclusiveNamespaces == null) c14nizer.canonicalizeSubtree(this._constructionElement); else c14nizer.canonicalizeSubtree(this._constructionElement, inclusiveNamespaces); } else { try { os.write(this._c14nizedBytes); } catch (IOException e) { throw new RuntimeException(""+e); } } }
Returns the Canonicalization method URI
Returns:the Canonicalization method URI
/** * Returns the Canonicalization method URI * * @return the Canonicalization method URI */
public String getCanonicalizationMethodURI() { return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); }
Returns the Signature method URI
Returns:the Signature method URI
/** * Returns the Signature method URI * * @return the Signature method URI */
public String getSignatureMethodURI() { Element signatureElement = this.getSignatureMethodElement(); if (signatureElement != null) { return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM); } return null; }
Method getSignatureMethodElement
Returns:gets The SignatureMethod Node.
/** * Method getSignatureMethodElement * @return gets The SignatureMethod Node. * */
public Element getSignatureMethodElement() { return signatureMethod; }
Creates a SecretKey for the appropriate Mac algorithm based on a byte[] array password.
Params:
  • secretKeyBytes –
Returns:the secret key for the SignedInfo element.
/** * Creates a SecretKey for the appropriate Mac algorithm based on a * byte[] array password. * * @param secretKeyBytes * @return the secret key for the SignedInfo element. */
public SecretKey createSecretKey(byte[] secretKeyBytes) { return new SecretKeySpec(secretKeyBytes, this._signatureAlgorithm .getJCEAlgorithmString()); } protected SignatureAlgorithm getSignatureAlgorithm() { return _signatureAlgorithm; }
Method getBaseLocalName
@inheritDoc
/** * Method getBaseLocalName * @inheritDoc * */
public String getBaseLocalName() { return Constants._TAG_SIGNEDINFO; } public String getInclusiveNamespaces() { String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); if(!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) { return null; } Element inclusiveElement = XMLUtils.getNextElement( c14nMethod.getFirstChild()); if(inclusiveElement != null) { try { String inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, InclusiveNamespaces.ExclusiveCanonicalizationNamespace).getInclusiveNamespaces(); return inclusiveNamespaces; } catch (XMLSecurityException e) { return null; } } return null; } }