org.apache.ws.security.processor
Class SignatureProcessor
java.lang.Object
org.apache.ws.security.processor.SignatureProcessor
- All Implemented Interfaces:
- Processor
public class SignatureProcessor
- extends java.lang.Object
- implements Processor
Method Summary |
java.security.cert.X509Certificate[] |
getCertificatesTokenReference(org.w3c.dom.Element elem,
Crypto crypto)
Extracts the certificate(s) from the Binary Security token reference. |
java.lang.String |
getId()
Get the Id of the processoer. |
void |
handleToken(org.w3c.dom.Element elem,
Crypto crypto,
Crypto decCrypto,
javax.security.auth.callback.CallbackHandler cb,
WSDocInfo wsDocInfo,
java.util.Vector returnResults,
WSSConfig wsc)
|
protected java.security.Principal |
verifyXMLSignature(org.w3c.dom.Element elem,
Crypto crypto,
java.security.cert.X509Certificate[] returnCert,
java.util.Set returnElements,
java.util.Set protectedElements,
byte[][] signatureValue,
javax.security.auth.callback.CallbackHandler cb)
Verify the WS-Security signature. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SignatureProcessor
public SignatureProcessor()
handleToken
public void handleToken(org.w3c.dom.Element elem,
Crypto crypto,
Crypto decCrypto,
javax.security.auth.callback.CallbackHandler cb,
WSDocInfo wsDocInfo,
java.util.Vector returnResults,
WSSConfig wsc)
throws WSSecurityException
- Specified by:
handleToken
in interface Processor
- Throws:
WSSecurityException
verifyXMLSignature
protected java.security.Principal verifyXMLSignature(org.w3c.dom.Element elem,
Crypto crypto,
java.security.cert.X509Certificate[] returnCert,
java.util.Set returnElements,
java.util.Set protectedElements,
byte[][] signatureValue,
javax.security.auth.callback.CallbackHandler cb)
throws WSSecurityException
- Verify the WS-Security signature.
The functions at first checks if then
KeyInfo
that is
contained in the signature contains standard X509 data. If yes then
get the certificate data via the standard KeyInfo
methods.
Otherwise, if the KeyInfo
info does not contain X509 data, check
if we can find a wsse:SecurityTokenReference
element. If yes, the next
step is to check how to get the certificate. Two methods are currently supported
here:
- A URI reference to a binary security token contained in the
wsse:Security
header. If the derefenced token is
of the correct type the contained certificate is extracted.
- Issuer name an serial number of the certificate. In this case the method
looks up the certificate in the keystore via the
crypto
parameter.
The methods checks is the certificate is valid and calls the
verfication
function.
- Parameters:
elem
- the XMLSignature DOM Element.crypto
- the object that implements the access to the keystore and the
handling of certificates.returnCert
- verifyXMLSignature stores the certificate in the first
entry of this array. Ther caller may then further validate
the certificatereturnElements
- verifyXMLSignature adds the wsu:ID attribute values for
the signed elements to this Setcb
- CallbackHandler instance to extract key passwords
- Returns:
- the subject principal of the validated X509 certificate (the
authenticated subject). The calling function may use this
principal for further authentication or authorization.
- Throws:
WSSecurityException
getCertificatesTokenReference
public java.security.cert.X509Certificate[] getCertificatesTokenReference(org.w3c.dom.Element elem,
Crypto crypto)
throws WSSecurityException
- Extracts the certificate(s) from the Binary Security token reference.
- Parameters:
elem
- The element containing the binary security token. This is
either X509 certificate(s) or a PKIPath.
- Returns:
- an array of X509 certificates
- Throws:
WSSecurityException
getId
public java.lang.String getId()
- Description copied from interface:
Processor
- Get the Id of the processoer.
- Specified by:
getId
in interface Processor
- Returns:
- The Id string
Copyright © 2004-2010 Apache Web Services. All Rights Reserved.