XMLSignatureSigningStage (Shibboleth Metadata Aggregator :: Processing Pipeline 0.6.1 Java API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

net.shibboleth.metadata.dom
Class XMLSignatureSigningStage

java.lang.Object
  net.shibboleth.metadata.pipeline.AbstractComponent
      net.shibboleth.metadata.pipeline.BaseStage<ItemType>
          net.shibboleth.metadata.pipeline.BaseIteratingStage<DomElementItem>
              net.shibboleth.metadata.dom.XMLSignatureSigningStage

All Implemented Interfaces:: Component, Stage<DomElementItem>

@ThreadSafe public class XMLSignatureSigningStage
extends BaseIteratingStage<DomElementItem>
extends BaseIteratingStage<DomElementItem>

A pipeline stage that creates, and adds, an enveloped signature for each element in the given DomElementItem collection.

This stage requires the following properties be set prior to initialization:

privateKey

Nested Class Summary
`static class`	`XMLSignatureSigningStage.ShaVariant` The variant of SHA to use in the various signature algorithms.

Field Summary
`static String`	`ALGO_ID_C14N_EXCL_OMIT_COMMENTS` Exclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#" .
`static String`	`ALGO_ID_C14N_EXCL_WITH_COMMENTS` Exclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" .
`static String`	`ALGO_ID_C14N_OMIT_COMMENTS` Inclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" .
`static String`	`ALGO_ID_C14N_WITH_COMMENTS` Inclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" .
`static String`	`ALGO_ID_DIGEST_SHA1` SHA1 digest algorithm ID: "http://www.w3.org/2000/09/xmldsig#sha1" .
`static String`	`ALGO_ID_DIGEST_SHA256` SHA256 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha256" .
`static String`	`ALGO_ID_DIGEST_SHA384` SHA384 digest algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#sha384" .
`static String`	`ALGO_ID_DIGEST_SHA512` SHA512 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha512" .
`static String`	`ALGO_ID_SIGNATURE_RSA_SHA1` RSA-SHA1 signature algorithm ID: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" .
`static String`	`ALGO_ID_SIGNATURE_RSA_SHA256` RSA-SHA256 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" .
`static String`	`ALGO_ID_SIGNATURE_RSA_SHA384` RSA-SHA384 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" .
`static String`	`ALGO_ID_SIGNATURE_RSA_SHA512` RSA-SHA512 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" .
`private String`	`c14nAlgo` Canonicalization algorithm to use.
`private boolean`	`c14nExclusive` Whether to use exclusive canonicalization.
`private boolean`	`c14nWithComments` Whether to include comments in the canonicalized data.
`private List<X509Certificate>`	`certificates` Certificate chain, with end entity certificate as element 0, to be included with the signature.
`private List<X509CRL>`	`crls` CRLs to be included with the signature.
`private boolean`	`deriveKeyNames` Whether additional key names should be derived from the end-entity certificate, if present.
`private String`	`digestAlgo` Digest algorithm used.
`private List<QName>`	`idAttributeNames` Names of attributes to treat as ID attributes for signature referencing.
`private boolean`	`includeKeyNames` Whether key names should be included in the signature's KeyInfo.
`private boolean`	`includeKeyValue` Whether the public key should be included in the signature's KeyInfo.
`private boolean`	`includeX509Certificates` Whether the certificates chain should be included in the signature's KeyInfo.
`private boolean`	`includeX509Crls` Whether the CRLs should be included in the signature's KeyInfo.
`private boolean`	`includeX509IssuerSerial` Whether the end-entity certificate's issuer and serial number should be included in the signature's KeyInfo.
`private boolean`	`includeX509SubjectName` Whether the end-entity certificate's subject name should be included in the signature's KeyInfo.
`private List<String>`	`inclusivePrefixList` Inclusive prefix list used with exclusive canonicalization.
`private KeyInfoFactory`	`keyInfoFactory` Factory used to create KeyInfo objects.
`private List<String>`	`keyNames` Explicit names to associate with the given signing key.
`private Logger`	`log` Class logger.
`private PrivateKey`	`privKey` Private key used to sign data.
`private PublicKey`	`pubKey` Public key associated with the given private key.
`static String`	`RFC4501_BASE_URI` RFC4501 base URI: "http://www.w3.org/2001/04/xmldsig-more" .
`private XMLSignatureSigningStage.ShaVariant`	`shaVariant` SHA algorithm variant used in signature and digest algorithms.
`private String`	`sigAlgo` Signature algorithm used.
`static QName`	`SIGNATURE_NAME` QName of the Signature element.
`static String`	`TRANSFORM_ENVELOPED_SIGNATURE` Enveloped signature transform ID: "http://www.w3.org/2000/09/xmldsig#enveloped-signature" .
`static String`	`XML_ENC_NS_URI` XML Encryption base URI: "http://www.w3.org/2001/04/xmlenc#" .
`static String`	`XML_SIG_NS_URI` XML Signature base URI: "http://www.w3.org/2000/09/xmldsig#" .
`private XMLSignatureFactory`	`xmlSigFactory` Factory used to create XML signature objects.

Constructor Summary
`XMLSignatureSigningStage()`

Method Summary
`protected void`	`addKeyNames(ArrayList<Object> keyInfoItems)` Adds key names to the KeyInfo, if key names are to be included.
`protected void`	`addKeyValue(ArrayList<Object> keyInfoItems)` Adds raw key values to the KeyInfo if key values are to be included.
`protected void`	`addX509Data(ArrayList<Object> keyInfoItems)` Adds X509 data (subject names, certificates, CRLs, and Issuer/Serial) set to be included, into the key info.
`protected KeyInfo`	`buildKeyInfo()` Builds the KeyInfo element to be included in the signature.
`protected Reference`	`buildSignatureReference(Element target)` Builds the references to the signed content.
`protected SignedInfo`	`buildSignedInfo(Element target)` Gets the descriptor of signed content.
`protected boolean`	`doExecute(DomElementItem item)` Processes a given Item.
`protected void`	`doInitialize()` Do the initialization of the component.
`List<X509Certificate>`	`getCertificates()` Gets the certificates associated with the key used to sign the content.
`List<X509CRL>`	`getCrls()` Gets the CRLs associated with certificates.
`String`	`getDigestAlgo()` Gets the digest algorithm used when signing.
`protected String`	`getElementId(Element target)` Determines the ID for the element to be signed.
`List<QName>`	`getIdAttributeNames()` Gets the names of the attributes treated as reference IDs.
`List<String>`	`getInclusivePrefixList()` Gets the inclusive prefix list used during exclusive canonicalization.
`List<String>`	`getKeyNames()` Gets the explicit key names added to the KeyInfo.
`PrivateKey`	`getPrivateKey()` Gets the private key used to sign the content.
`PublicKey`	`getPublicKey()` Gets the public key associated with private key used to sign the content.
`XMLSignatureSigningStage.ShaVariant`	`getShaVariant()` Gets the SHA algorithm variant used when computing the signature and digest.
`String`	`getSigAlgo()` Gets the signature algorithm used when signing.
`boolean`	`isC14nExclusive()` Gets whether exclusive canonicalization will be used.
`boolean`	`isC14nWithComments()` Gets whether comments are canonicalized.
`boolean`	`isDeriveKeyNames()` Gets whether key names are derived from the end-entity certificate, if present.
`boolean`	`isIncludeKeyNames()` Gets whether key names are included in the KeyInfo.
`boolean`	`isIncludeKeyValue()` Gets whether key values are included in the KeyInfo.
`boolean`	`isIncludeX509Certificates()` Gets whether X509 certificates are included in the KeyInfo.
`boolean`	`isIncludeX509Crls()` Gets whether CRLs are included in the KeyInfo.
`boolean`	`isIncludeX509IssuerSerial()` Gets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.
`boolean`	`isIncludeX509SubjectName()` Gets whether end-entity certifcate's subject name is included in the KeyInfo.
`void`	`setC14nExclusive(boolean isExclusive)` Sets whether exclusive canonicalization will be used.
`void`	`setC14nWithComments(boolean withComments)` Sets whether comments are canonicalized.
`void`	`setCertificates(List<X509Certificate> certs)` Sets the certificates associated with the key used to sign the content.
`void`	`setCrls(List<X509CRL> revocationLists)` Sets the CRLs associated with certificates.
`void`	`setDeriveKeyNames(boolean deriveNames)` Sets whether key names are derived from the end-entity certificate.
`void`	`setIdAttributeNames(List<QName> names)` Sets the names of the attributes treated as reference IDs.
`void`	`setIncludeKeyNames(boolean include)` Sets whether key names are included in the KeyInfo.
`void`	`setIncludeKeyValue(boolean included)` Sets whether key values are included in the KeyInfo.
`void`	`setIncludeX509Certificates(boolean include)` Sets whether X509 certificates are included in the KeyInfo.
`void`	`setIncludeX509Crls(boolean include)` Sets whether CRLs are included in the KeyInfo.
`void`	`setIncludeX509IssuerSerial(boolean include)` Sets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.
`void`	`setIncludeX509SubjectName(boolean include)` Sets whether end-entity certifcate's subject name is included in the KeyInfo.
`void`	`setInclusivePrefixList(List<String> prefixList)` Sets the inclusive prefix list used during exclusive canonicalization.
`void`	`setKeyNames(List<String> names)` Sets the explicit key names added to the KeyInfo.
`void`	`setPrivateKey(PrivateKey key)` Sets the private key used to sign the content.
`void`	`setPublicKey(PublicKey key)` Sets public key associated with private key used to sign the content.
`void`	`setShaVariant(XMLSignatureSigningStage.ShaVariant variant)` Sets the SHA algorithm variant used when computing the signature and digest.

Methods inherited from class net.shibboleth.metadata.pipeline.BaseIteratingStage
`doExecute`

Methods inherited from class net.shibboleth.metadata.pipeline.BaseStage
`execute`

Methods inherited from class net.shibboleth.metadata.pipeline.AbstractComponent
`equals, getId, getInitializationInstant, hashCode, initialize, isInitialized, setId`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface net.shibboleth.metadata.pipeline.Component
`getId, getInitializationInstant, initialize, isInitialized`

Field Detail

XML_SIG_NS_URI

public static final String XML_SIG_NS_URI

XML Signature base URI: "http://www.w3.org/2000/09/xmldsig#" .

See Also:: Constant Field Values

SIGNATURE_NAME

public static final QName SIGNATURE_NAME

QName of the Signature element.

XML_ENC_NS_URI

public static final String XML_ENC_NS_URI

XML Encryption base URI: "http://www.w3.org/2001/04/xmlenc#" .

See Also:: Constant Field Values

RFC4501_BASE_URI

public static final String RFC4501_BASE_URI

RFC4501 base URI: "http://www.w3.org/2001/04/xmldsig-more" .

See Also:: RFC 4501, Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA1

public static final String ALGO_ID_SIGNATURE_RSA_SHA1

RSA-SHA1 signature algorithm ID: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" .

See Also:: Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA256

public static final String ALGO_ID_SIGNATURE_RSA_SHA256

RSA-SHA256 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" .

See Also:: Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA384

public static final String ALGO_ID_SIGNATURE_RSA_SHA384

RSA-SHA384 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" .

See Also:: Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA512

public static final String ALGO_ID_SIGNATURE_RSA_SHA512

RSA-SHA512 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" .

See Also:: Constant Field Values

ALGO_ID_DIGEST_SHA1

public static final String ALGO_ID_DIGEST_SHA1

SHA1 digest algorithm ID: "http://www.w3.org/2000/09/xmldsig#sha1" .

See Also:: Constant Field Values

ALGO_ID_DIGEST_SHA256

public static final String ALGO_ID_DIGEST_SHA256

SHA256 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha256" .

See Also:: Constant Field Values

ALGO_ID_DIGEST_SHA384

public static final String ALGO_ID_DIGEST_SHA384

SHA384 digest algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#sha384" .

See Also:: Constant Field Values

ALGO_ID_DIGEST_SHA512

public static final String ALGO_ID_DIGEST_SHA512

SHA512 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha512" .

See Also:: Constant Field Values

ALGO_ID_C14N_OMIT_COMMENTS

public static final String ALGO_ID_C14N_OMIT_COMMENTS

Inclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" .

See Also:: Constant Field Values

ALGO_ID_C14N_WITH_COMMENTS

public static final String ALGO_ID_C14N_WITH_COMMENTS

Inclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" .

See Also:: Constant Field Values

ALGO_ID_C14N_EXCL_OMIT_COMMENTS

public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS

Exclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#" .

See Also:: Constant Field Values

ALGO_ID_C14N_EXCL_WITH_COMMENTS

public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS

Exclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" .

See Also:: Constant Field Values

TRANSFORM_ENVELOPED_SIGNATURE

public static final String TRANSFORM_ENVELOPED_SIGNATURE

Enveloped signature transform ID: "http://www.w3.org/2000/09/xmldsig#enveloped-signature" .

See Also:: Constant Field Values

log

private final Logger log

Class logger.

xmlSigFactory

private XMLSignatureFactory xmlSigFactory

Factory used to create XML signature objects.

keyInfoFactory

private KeyInfoFactory keyInfoFactory

Factory used to create KeyInfo objects.

shaVariant

private XMLSignatureSigningStage.ShaVariant shaVariant

SHA algorithm variant used in signature and digest algorithms. Default value: ShaVariant.SHA256

privKey

private PrivateKey privKey

Private key used to sign data.

pubKey

private PublicKey pubKey

Public key associated with the given private key.

certificates

private List<X509Certificate> certificates

Certificate chain, with end entity certificate as element 0, to be included with the signature. Default value: empty list

crls

private List<X509CRL> crls

CRLs to be included with the signature. Default value: empty list

sigAlgo

private String sigAlgo

Signature algorithm used.

digestAlgo

private String digestAlgo

Digest algorithm used.

c14nExclusive

private boolean c14nExclusive

Whether to use exclusive canonicalization. Default value: true

c14nWithComments

private boolean c14nWithComments

Whether to include comments in the canonicalized data. Default value: false

c14nAlgo

private String c14nAlgo

Canonicalization algorithm to use. This is determined from the c14nExclusive and c14nWithComments properties.

inclusivePrefixList

private List<String> inclusivePrefixList

Inclusive prefix list used with exclusive canonicalization. Default value: empty list

idAttributeNames

private List<QName> idAttributeNames

Names of attributes to treat as ID attributes for signature referencing. Default value: empty list

keyNames

private List<String> keyNames

Explicit names to associate with the given signing key. Default value: empty list

deriveKeyNames

private boolean deriveKeyNames

Whether additional key names should be derived from the end-entity certificate, if present. Default value: true

includeKeyNames

private boolean includeKeyNames

Whether key names should be included in the signature's KeyInfo. Default value: true

includeKeyValue

private boolean includeKeyValue

Whether the public key should be included in the signature's KeyInfo. Default value: false

includeX509SubjectName

private boolean includeX509SubjectName

Whether the end-entity certificate's subject name should be included in the signature's KeyInfo. Default value: false

includeX509Certificates

private boolean includeX509Certificates

Whether the certificates chain should be included in the signature's KeyInfo. Default value: true

includeX509Crls

private boolean includeX509Crls

Whether the CRLs should be included in the signature's KeyInfo. Default value: false

includeX509IssuerSerial

private boolean includeX509IssuerSerial

Whether the end-entity certificate's issuer and serial number should be included in the signature's KeyInfo. Default value: false

Constructor Detail

XMLSignatureSigningStage

public XMLSignatureSigningStage()

Method Detail

getShaVariant

public XMLSignatureSigningStage.ShaVariant getShaVariant()

Gets the SHA algorithm variant used when computing the signature and digest.

Returns:: SHA algorithm variant used when computing the signature and digest

setShaVariant

public void setShaVariant(XMLSignatureSigningStage.ShaVariant variant)

Sets the SHA algorithm variant used when computing the signature and digest.

Parameters:: variant - SHA algorithm variant used when computing the signature and digest

getPrivateKey

public PrivateKey getPrivateKey()

Gets the private key used to sign the content.

Returns:: the privKey private key used to sign the content

setPrivateKey

public void setPrivateKey(PrivateKey key)

Sets the private key used to sign the content.

Parameters:: key - private key used to sign the content

getPublicKey

public PublicKey getPublicKey()

Gets the public key associated with private key used to sign the content.

Returns:: public key associated with private key used to sign the content

setPublicKey

public void setPublicKey(PublicKey key)

Sets public key associated with private key used to sign the content.

Parameters:: key - public key associated with private key used to sign the content

getCertificates

public List<X509Certificate> getCertificates()

Gets the certificates associated with the key used to sign the content. The end-entity certificate is the 0th element in the list.

Returns:: certificates associated with the key used to sign the content

setCertificates

public void setCertificates(List<X509Certificate> certs)

Sets the certificates associated with the key used to sign the content. The end-entity certificate must be the 0th element in the list.

Parameters:: certs - certificates associated with the key used to sign the content

getCrls

public List<X509CRL> getCrls()

Gets the CRLs associated with certificates.

Returns:: CRLs associated with certificates

setCrls

public void setCrls(List<X509CRL> revocationLists)

Sets the CRLs associated with certificates.

Parameters:: revocationLists - CRLs associated with certificates

isC14nExclusive

public boolean isC14nExclusive()

Gets whether exclusive canonicalization will be used.

Returns:: whether exclusive canonicalization will be used

setC14nExclusive

public void setC14nExclusive(boolean isExclusive)

Sets whether exclusive canonicalization will be used.

Parameters:: isExclusive - whether exclusive canonicalization will be used

isC14nWithComments

public boolean isC14nWithComments()

Gets whether comments are canonicalized.

Returns:: whether comments are canonicalized

setC14nWithComments

public void setC14nWithComments(boolean withComments)

Sets whether comments are canonicalized.

Parameters:: withComments - whether comments are canonicalized

getInclusivePrefixList

public List<String> getInclusivePrefixList()

Gets the inclusive prefix list used during exclusive canonicalization.

Returns:: inclusive prefix list used during exclusive canonicalization

setInclusivePrefixList

public void setInclusivePrefixList(List<String> prefixList)

Sets the inclusive prefix list used during exclusive canonicalization.

Parameters:: prefixList - inclusive prefix list used during exclusive canonicalization

getIdAttributeNames

public List<QName> getIdAttributeNames()

Gets the names of the attributes treated as reference IDs.

Returns:: names of the attributes treated as reference IDs

setIdAttributeNames

public void setIdAttributeNames(List<QName> names)

Sets the names of the attributes treated as reference IDs.

Parameters:: names - names of the attributes treated as reference IDs

getKeyNames

public List<String> getKeyNames()

Gets the explicit key names added to the KeyInfo.

Returns:: explicit key names added to the KeyInfo

setKeyNames

public void setKeyNames(List<String> names)

Sets the explicit key names added to the KeyInfo.

Parameters:: names - explicit key names added to the KeyInfo

isDeriveKeyNames

public boolean isDeriveKeyNames()

Gets whether key names are derived from the end-entity certificate, if present. TODO describe was is derived

Returns:: whether key names are derived from the end-entity certificate

setDeriveKeyNames

public void setDeriveKeyNames(boolean deriveNames)

Sets whether key names are derived from the end-entity certificate.

Parameters:: deriveNames - whether key names are derived from the end-entity certificate

isIncludeKeyNames

public boolean isIncludeKeyNames()

Gets whether key names are included in the KeyInfo.

Returns:: whether key names are included in the KeyInfo

setIncludeKeyNames

public void setIncludeKeyNames(boolean include)

Sets whether key names are included in the KeyInfo.

Parameters:: include - whether key names are included in the KeyInfo

isIncludeKeyValue

public boolean isIncludeKeyValue()

Gets whether key values are included in the KeyInfo.

Returns:: whether key values are included in the KeyInfo

setIncludeKeyValue

public void setIncludeKeyValue(boolean included)

Sets whether key values are included in the KeyInfo.

Parameters:: included - whether key values are included in the KeyInfo

isIncludeX509SubjectName

public boolean isIncludeX509SubjectName()

Gets whether end-entity certifcate's subject name is included in the KeyInfo.

Returns:: whether end-entity certifcate's subject name is included in the KeyInfo

setIncludeX509SubjectName

public void setIncludeX509SubjectName(boolean include)

Sets whether end-entity certifcate's subject name is included in the KeyInfo.

Parameters:: include - whether end-entity certifcate's subject name is included in the KeyInfo

isIncludeX509Certificates

public boolean isIncludeX509Certificates()

Gets whether X509 certificates are included in the KeyInfo.

Returns:: whether X509 certificates are included in the KeyInfo

setIncludeX509Certificates

public void setIncludeX509Certificates(boolean include)

Sets whether X509 certificates are included in the KeyInfo.

Parameters:: include - whether X509 certificates are included in the KeyInfo

isIncludeX509Crls

public boolean isIncludeX509Crls()

Gets whether CRLs are included in the KeyInfo.

Returns:: whether CRLs are included in the KeyInfo

setIncludeX509Crls

public void setIncludeX509Crls(boolean include)

Sets whether CRLs are included in the KeyInfo.

Parameters:: include - whether CRLs are included in the KeyInfo

isIncludeX509IssuerSerial

public boolean isIncludeX509IssuerSerial()

Gets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.

Returns:: whether the end-entity certificate's issuer and serial number are included in the KeyInfo

setIncludeX509IssuerSerial

public void setIncludeX509IssuerSerial(boolean include)

Sets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.

Parameters:: include - whether the end-entity certificate's issuer and serial number are included in the KeyInfo

getSigAlgo

public String getSigAlgo()

Gets the signature algorithm used when signing.

Returns:: signature algorithm used when signing

getDigestAlgo

public String getDigestAlgo()

Gets the digest algorithm used when signing.

Returns:: digest algorithm used when signing

doExecute

protected boolean doExecute(DomElementItem item)
                     throws StageProcessingException

Processes a given Item.

Specified by:: doExecute in class BaseIteratingStage<DomElementItem>

Parameters:: item - Item on which to operate
Returns:: true if the Item should be retained in the collection, false if not
Throws:: StageProcessingException - thrown if there is a problem with the stage processing

buildSignedInfo

protected SignedInfo buildSignedInfo(Element target)
                              throws StageProcessingException

Gets the descriptor of signed content.

Parameters:: target - the element that will be signed
Returns:: signed content descriptor
Throws:: StageProcessingException - thrown if there is a problem create the signed content descriptor

buildSignatureReference

protected Reference buildSignatureReference(Element target)
                                     throws StageProcessingException

Builds the references to the signed content.

Parameters:: target - the element to be signed
Returns:: reference to signed content
Throws:: StageProcessingException - thrown if there is a problem creating the reference to the element

getElementId

protected String getElementId(Element target)

Determines the ID for the element to be signed. To determine the ID first, all the element attributes are inspected, if one matches the provided idAttributeNames then the value of the attribute is used as the ID value. If no ID attribute names are given, or none of the given ones match, and one or more of the attributes is marked as an ID attribute (i.e. Attr.isId() is true), then the value of one of those attributes is used.

Parameters:: target - an element to be referenced by the signature
Returns:: the ID value for the element, or null

buildKeyInfo

protected KeyInfo buildKeyInfo()
                        throws StageProcessingException

Builds the KeyInfo element to be included in the signature.

Returns:: KeyInfo element to be included in the signature
Throws:: StageProcessingException - thrown if there is a problem creating the KeyInfo descriptor

addKeyNames

protected void addKeyNames(ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds key names to the KeyInfo, if key names are to be included.

Parameters:: keyInfoItems - collector for KeyInfo children
Throws:: StageProcessingException - thrown if there is a problem creating the KeyName content

addKeyValue

protected void addKeyValue(ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds raw key values to the KeyInfo if key values are to be included.

Parameters:: keyInfoItems - collector for KeyInfo children
Throws:: StageProcessingException - thrown if there is a problem creating the KeyValue content

addX509Data

protected void addX509Data(ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds X509 data (subject names, certificates, CRLs, and Issuer/Serial) set to be included, into the key info.

Parameters:: keyInfoItems - collector for KeyInfo children
Throws:: StageProcessingException - thrown if there is a problem creating the X509Data content

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Do the initialization of the component. Default implementation of this method is a no-op. Extending classes should override this method to perform any initialization logic necessary.

Overrides:: doInitialize in class AbstractComponent

Throws:: ComponentInitializationException - throw if there is a problem initializing the component