org.apache.ws.security.processor

Class SignatureProcessor

java.lang.Object

org.apache.ws.security.processor.SignatureProcessor

All Implemented Interfaces:

Processor

public class SignatureProcessor
extends Object
implements Processor

Constructor Summary

Constructors

Constructor and Description
SignatureProcessor()

Method Summary

Methods

Modifier and Type	Method and Description
X509Certificate[]	getCertificatesTokenReference(org.w3c.dom.Element elem, Crypto crypto) Extracts the certificate(s) from the Binary Security token reference.
String	getId() Get the Id of the processor.
void	handleToken(org.w3c.dom.Element elem, Crypto crypto, Crypto decCrypto, javax.security.auth.callback.CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc)
protected Principal	verifyXMLSignature(org.w3c.dom.Element elem, Crypto crypto, X509Certificate[] returnCert, Set returnElements, List protectedElements, byte[][] signatureValue, javax.security.auth.callback.CallbackHandler cb, WSDocInfo wsDocInfo) Verify the WS-Security signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignatureProcessor

public SignatureProcessor()

Method Detail

handleToken

public void handleToken(org.w3c.dom.Element elem,
               Crypto crypto,
               Crypto decCrypto,
               javax.security.auth.callback.CallbackHandler cb,
               WSDocInfo wsDocInfo,
               Vector returnResults,
               WSSConfig wsc)
                 throws WSSecurityException

Specified by:

handleToken in interface Processor

Throws:

WSSecurityException

verifyXMLSignature

protected Principal verifyXMLSignature(org.w3c.dom.Element elem,
                           Crypto crypto,
                           X509Certificate[] returnCert,
                           Set returnElements,
                           List protectedElements,
                           byte[][] signatureValue,
                           javax.security.auth.callback.CallbackHandler cb,
                           WSDocInfo wsDocInfo)
                                throws WSSecurityException

Verify the WS-Security signature. The functions at first checks if then KeyInfo that is contained in the signature contains standard X509 data. If yes then get the certificate data via the standard KeyInfo methods. Otherwise, if the KeyInfo info does not contain X509 data, check if we can find a wsse:SecurityTokenReference element. If yes, the next step is to check how to get the certificate. Two methods are currently supported here:

• A URI reference to a binary security token contained in the wsse:Security header. If the dereferenced token is of the correct type the contained certificate is extracted.
• Issuer name an serial number of the certificate. In this case the method looks up the certificate in the keystore via the crypto parameter.

The methods checks is the certificate is valid and calls the verification function.

Parameters:

elem - the XMLSignature DOM Element.

crypto - the object that implements the access to the keystore and the handling of certificates.

returnCert - verifyXMLSignature stores the certificate in the first entry of this array. The caller may then further validate the certificate

returnElements - verifyXMLSignature adds the wsu:ID attribute values for the signed elements to this Set

cb - CallbackHandler instance to extract key passwords

Returns:

the subject principal of the validated X509 certificate (the authenticated subject). The calling function may use this principal for further authentication or authorization.

Throws:

WSSecurityException

getCertificatesTokenReference

public X509Certificate[] getCertificatesTokenReference(org.w3c.dom.Element elem,
                                              Crypto crypto)
                                                throws WSSecurityException

Extracts the certificate(s) from the Binary Security token reference.

Parameters:

elem - The element containing the binary security token. This is either X509 certificate(s) or a PKIPath.

Returns:

an array of X509 certificates

Throws:

WSSecurityException

getId

public String getId()

Description copied from interface: Processor

Get the Id of the processor.

Specified by:

getId in interface Processor

Returns:

The Id string