ApacheXMLDSigner

public class ApacheXMLDSigner implements XMLDSigner

This class hides the details for digital signature. The digital signature routines are provided by the Apache XML Security library. We defined a standard way to have the document signed as interface. Different classes will implement the interface using different library behind.

Author:kcyee

Fields

ACTOR_NEXT_MSH_SCHEMAS

public static final String ACTOR_NEXT_MSH_SCHEMAS

ACTOR_NEXT_MSH_URN

public static final String ACTOR_NEXT_MSH_URN

DIGEST_METHOD

public static final String DIGEST_METHOD

Name of the Digest method required, qualified by namespace [XMLDSIG 6.1]

ELEMENT_KEY_INFO

public static final String ELEMENT_KEY_INFO

Name of the KeyInfo element which enables the recipient(s) to obtain the key needed to validate the signature [XMLDSIG 4.4]

ELEMENT_SIGNATURE

public static final String ELEMENT_SIGNATURE

Name of the Signature element [ebMSS 4.1.1, XMLDSIG 4.1]

ELEMENT_XPATH

public static final String ELEMENT_XPATH

Name of the XPath element [XMLDSIG 6.6.3]

NAMESPACE_PREFIX_DS

public static final String NAMESPACE_PREFIX_DS

Namespace prefix of Signature.

NAMESPACE_PREFIX_SOAP_ENVELOPE

public static final String NAMESPACE_PREFIX_SOAP_ENVELOPE

Namespace prefix of SOAP envelope.

NAMESPACE_URI_DS

public static final String NAMESPACE_URI_DS

Namespace URI of Signature.

NAMESPACE_URI_SOAP_ENVELOPE

public static final String NAMESPACE_URI_SOAP_ENVELOPE

Namespace URI of SOAP envelope.

NAMESPACE_URI_XML_NS

public static final String NAMESPACE_URI_XML_NS

Namespace URI of xmlns.

SIGNATURE_METHOD

public static final String SIGNATURE_METHOD

Name of the digital signature method required, qualified by the digital signature namespace [XMLDSIG 6.1]

TRANSFORM_ALGORITHM_XPATH

public static final String TRANSFORM_ALGORITHM_XPATH

Name of the XPath transform algorithm recommended [XMLDSIG 6.1]

TRANSFORM_XPATH

public static final String TRANSFORM_XPATH

XPath transform string used in the implementation.

documents

protected ArrayList documents

Internal variable for holding the documents needed to be referred in the signature.

envelope

protected Document envelope

Internal variable for holding the envelope of the signature.

logger

protected static Logger logger

Logger

signature

protected XMLSignature signature

Internal variable of the Apache XML Security library signature object for doing the actual signing/verifying algorithm.

trusted

protected CompositeKeyStore trusted

Internal variable for holding the trusted anchor for certificate path verification.

Constructors

ApacheXMLDSigner

public ApacheXMLDSigner()

Default constructor to initialize the internal variables.

Methods

addCertResolver

public void addCertResolver(CertResolver certResolver, Object obj)

addDocument

public void addDocument(String uri, InputStream is, String contentType)

Adds a reference to a document attachment to the signature.

Parameters:
  • uri – the URI of the document attachment
  • is – the input stream of the content of the document
  • contentType – the content type of the document

getElement

public Element getElement()

Gets the DOM element of the signature generated.

Returns:the DOM element of the signature

setEnvelope

public void setEnvelope(Document doc, String algo, String digestAlgo)

Set the envelope to host the Signature element. That is the XML document where the Signature element to be added. The digital signature here will always be an enveloped signature. The envelope will be included in the process of signing.

Parameters:
  • doc – the XML document to host the Signature element
  • algo – the algorithm used for digital signature. Currently, only two values are tested: dsa-sha1 and rsa-sha1.
  • digestAlgo – the algorithm used for making digest value. Currently, one value is supported: sha1
Throws:
  • SignException – internal exception when doing initialization on Apache XML Security library

setEnvelope

public void setEnvelope(Document doc, String algo)

Set the envelope to host the Signature element. That is the XML document where the Signature element to be added. The digital signature here will always be an enveloped signature. The envelope will be included in the process of signing.

Parameters:
  • doc – the XML document to host the Signature element
  • algo – the algorithm used for digital signature. Currently, only two values are tested: dsa-sha1 and rsa-sha1.
Throws:
  • SignException – internal exception when doing initialization on Apache XML Security library

setEnvelope

public void setEnvelope(Document doc)

Set the envelope to host the Signature element. That is the XML document where the Signature element to be added. The digital signature here will always be an enveloped signature. The envelope will be included in the process of signing.

Parameters:
  • doc – the XML document to host the Signature element
Throws:
  • SignException – internal exception when doing initialization on Apache XML Security library

setTrustAnchor

public void setTrustAnchor(CompositeKeyStore ks)

Sets the trust anchor for verfication of certificate path.

Parameters:
  • ks – the keystore providing the trusted certificates

sign

public void sign(CompositeKeyStore ks, String alias, char[] password)

Signs the envelope and documents by using the specified key in the keystore.

Parameters:
  • ks – the keystore holding the key for signing
  • alias – the alias of the key for signing
  • password – the password for accessing the key for signing
Throws:
  • SignException – when there is any error in the processing of signing

verify

public boolean verify()

Verifies the signature in the envelope passed in, which may reference the documents specified using the addDocument method.

Throws:
  • VerifyException – when there is any error in the processing of verification
Returns:

true if the signature can be verified successfully, false if otherwise.