net.shibboleth.metadata.dom

Class XMLSignatureSigningStage

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

net.shibboleth.metadata.pipeline.BaseStage<T>

net.shibboleth.metadata.pipeline.BaseIteratingStage<Element>

net.shibboleth.metadata.dom.XMLSignatureSigningStage

All Implemented Interfaces:

Stage<Element>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent

@ThreadSafe
public class XMLSignatureSigningStage
extends BaseIteratingStage<Element>

A pipeline stage that creates, and adds, an enveloped signature for each element in the given DOMElementItem collection.

This stage requires the following properties be set prior to initialization:

• privateKey

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	XMLSignatureSigningStage.ShaVariant The variant of SHA to use in the various signature algorithms.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ALGO_ID_C14N_EXCL_OMIT_COMMENTS Exclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#" .
static String	ALGO_ID_C14N_EXCL_WITH_COMMENTS Exclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" .
static String	ALGO_ID_C14N_OMIT_COMMENTS Inclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" .
static String	ALGO_ID_C14N_WITH_COMMENTS Inclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" .
static String	ALGO_ID_DIGEST_SHA1 SHA1 digest algorithm ID: "http://www.w3.org/2000/09/xmldsig#sha1" .
static String	ALGO_ID_DIGEST_SHA256 SHA256 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha256" .
static String	ALGO_ID_DIGEST_SHA384 SHA384 digest algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#sha384" .
static String	ALGO_ID_DIGEST_SHA512 SHA512 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha512" .
static String	ALGO_ID_SIGNATURE_RSA_SHA1 RSA-SHA1 signature algorithm ID: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" .
static String	ALGO_ID_SIGNATURE_RSA_SHA256 RSA-SHA256 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" .
static String	ALGO_ID_SIGNATURE_RSA_SHA384 RSA-SHA384 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" .
static String	ALGO_ID_SIGNATURE_RSA_SHA512 RSA-SHA512 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" .
private String	c14nAlgo Canonicalization algorithm to use.
private boolean	c14nExclusive Whether to use exclusive canonicalization.
private boolean	c14nWithComments Whether to include comments in the canonicalized data.
private List<X509Certificate>	certificates Certificate chain, with end entity certificate as element 0, to be included with the signature.
private List<X509CRL>	crls CRLs to be included with the signature.
private boolean	debugPreDigest Whether to debug digest operations by logging the pre-digest data stream.
private String	digestAlgo Digest algorithm used.
private List<QName>	idAttributeNames Names of attributes to treat as ID attributes for signature referencing.
private boolean	includeKeyNames Whether key names should be included in the signature's KeyInfo.
private boolean	includeKeyValue Whether the public key should be included in the signature's KeyInfo.
private boolean	includeX509Certificates Whether the certificates chain should be included in the signature's KeyInfo.
private boolean	includeX509Crls Whether the CRLs should be included in the signature's KeyInfo.
private boolean	includeX509IssuerSerial Whether the end-entity certificate's issuer and serial number should be included in the signature's KeyInfo.
private boolean	includeX509SubjectName Whether the end-entity certificate's subject name should be included in the signature's KeyInfo.
private List<String>	inclusivePrefixList Inclusive prefix list used with exclusive canonicalization.
private KeyInfoFactory	keyInfoFactory Factory used to create KeyInfo objects.
private List<String>	keyNames Explicit names to associate with the given signing key.
private Logger	log Class logger.
private PrivateKey	privKey Private key used to sign data.
private PublicKey	pubKey Public key associated with the given private key.
static String	RFC4501_BASE_URI RFC4501 base URI: "http://www.w3.org/2001/04/xmldsig-more" .
private XMLSignatureSigningStage.ShaVariant	shaVariant SHA algorithm variant used in signature and digest algorithms.
private String	sigAlgo Signature algorithm used.
static QName	SIGNATURE_NAME QName of the Signature element.
static String	TRANSFORM_ENVELOPED_SIGNATURE Enveloped signature transform ID: "http://www.w3.org/2000/09/xmldsig#enveloped-signature" .
static String	XML_ENC_NS_URI XML Encryption base URI: "http://www.w3.org/2001/04/xmlenc#" .
static String	XML_SIG_NS_URI XML Signature base URI: "http://www.w3.org/2000/09/xmldsig#" .
private XMLSignatureFactory	xmlSigFactory Factory used to create XML signature objects.

Constructor Summary

Constructors

Constructor and Description
XMLSignatureSigningStage() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addKeyNames(ArrayList<Object> keyInfoItems) Adds key names to the KeyInfo, if key names are to be included.
protected void	addKeyValue(ArrayList<Object> keyInfoItems) Adds raw key values to the KeyInfo if key values are to be included.
protected void	addX509Data(ArrayList<Object> keyInfoItems) Adds X509 data (subject names, certificates, CRLs, and Issuer/Serial) set to be included, into the key info.
protected KeyInfo	buildKeyInfo() Builds the KeyInfo element to be included in the signature.
protected Reference	buildSignatureReference(Element target) Builds the references to the signed content.
protected SignedInfo	buildSignedInfo(Element target) Gets the descriptor of signed content.
protected void	doDestroy()
protected boolean	doExecute(Item<Element> item) Processes a given Item.
protected void	doInitialize()
List<X509Certificate>	getCertificates() Gets the certificates associated with the key used to sign the content.
List<X509CRL>	getCrls() Gets the CRLs associated with certificates.
String	getDigestAlgo() Gets the digest algorithm used when signing.
protected String	getElementId(Element target) Determines the ID for the element to be signed.
List<QName>	getIdAttributeNames() Gets the names of the attributes treated as reference IDs.
List<String>	getInclusivePrefixList() Gets the inclusive prefix list used during exclusive canonicalization.
List<String>	getKeyNames() Gets the explicit key names added to the KeyInfo.
PrivateKey	getPrivateKey() Gets the private key used to sign the content.
PublicKey	getPublicKey() Gets the public key associated with private key used to sign the content.
XMLSignatureSigningStage.ShaVariant	getShaVariant() Gets the SHA algorithm variant used when computing the signature and digest.
String	getSigAlgo() Gets the signature algorithm used when signing.
boolean	isC14nExclusive() Gets whether exclusive canonicalization will be used.
boolean	isC14nWithComments() Gets whether comments are canonicalized.
boolean	isDebugPreDigest() Gets whether logging of the pre-digest data stream is enabled.
boolean	isIncludeKeyNames() Gets whether key names are included in the KeyInfo.
boolean	isIncludeKeyValue() Gets whether key values are included in the KeyInfo.
boolean	isIncludeX509Certificates() Gets whether X509 certificates are included in the KeyInfo.
boolean	isIncludeX509Crls() Gets whether CRLs are included in the KeyInfo.
boolean	isIncludeX509IssuerSerial() Gets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.
boolean	isIncludeX509SubjectName() Gets whether end-entity certifcate's subject name is included in the KeyInfo.
void	setC14nExclusive(boolean isExclusive) Sets whether exclusive canonicalization will be used.
void	setC14nWithComments(boolean withComments) Sets whether comments are canonicalized.
void	setCertificates(List<X509Certificate> certs) Sets the certificates associated with the key used to sign the content.
void	setCrls(List<X509CRL> revocationLists) Sets the CRLs associated with certificates.
void	setDebugPreDigest(boolean debug) Sets whether logging of the pre-digest data stream is enabled.
void	setIdAttributeNames(List<QName> names) Sets the names of the attributes treated as reference IDs.
void	setIncludeKeyNames(boolean include) Sets whether key names are included in the KeyInfo.
void	setIncludeKeyValue(boolean included) Sets whether key values are included in the KeyInfo.
void	setIncludeX509Certificates(boolean include) Sets whether X509 certificates are included in the KeyInfo.
void	setIncludeX509Crls(boolean include) Sets whether CRLs are included in the KeyInfo.
void	setIncludeX509IssuerSerial(boolean include) Sets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.
void	setIncludeX509SubjectName(boolean include) Sets whether end-entity certifcate's subject name is included in the KeyInfo.
void	setInclusivePrefixList(List<String> prefixList) Sets the inclusive prefix list used during exclusive canonicalization.
void	setKeyNames(List<String> names) Sets the explicit key names added to the KeyInfo.
void	setPrivateKey(PrivateKey key) Sets the private key used to sign the content.
void	setPublicKey(PublicKey key) Sets public key associated with private key used to sign the content.
void	setShaVariant(XMLSignatureSigningStage.ShaVariant variant) Sets the SHA algorithm variant used when computing the signature and digest.

Methods inherited from class net.shibboleth.metadata.pipeline.BaseIteratingStage

doExecute

Methods inherited from class net.shibboleth.metadata.pipeline.BaseStage

execute, getCollectionPredicate, setCollectionPredicate

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

XML_SIG_NS_URI

public static final String XML_SIG_NS_URI

XML Signature base URI: "http://www.w3.org/2000/09/xmldsig#" .

See Also:

Constant Field Values

SIGNATURE_NAME

public static final QName SIGNATURE_NAME

QName of the Signature element.

XML_ENC_NS_URI

public static final String XML_ENC_NS_URI

XML Encryption base URI: "http://www.w3.org/2001/04/xmlenc#" .

See Also:

Constant Field Values

RFC4501_BASE_URI

public static final String RFC4501_BASE_URI

RFC4501 base URI: "http://www.w3.org/2001/04/xmldsig-more" .

See Also:

RFC 4501, Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA1

public static final String ALGO_ID_SIGNATURE_RSA_SHA1

RSA-SHA1 signature algorithm ID: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" .

See Also:

Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA256

public static final String ALGO_ID_SIGNATURE_RSA_SHA256

RSA-SHA256 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" .

See Also:

Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA384

public static final String ALGO_ID_SIGNATURE_RSA_SHA384

RSA-SHA384 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" .

See Also:

Constant Field Values

ALGO_ID_SIGNATURE_RSA_SHA512

public static final String ALGO_ID_SIGNATURE_RSA_SHA512

RSA-SHA512 signature algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" .

See Also:

Constant Field Values

ALGO_ID_DIGEST_SHA1

public static final String ALGO_ID_DIGEST_SHA1

SHA1 digest algorithm ID: "http://www.w3.org/2000/09/xmldsig#sha1" .

See Also:

Constant Field Values

ALGO_ID_DIGEST_SHA256

public static final String ALGO_ID_DIGEST_SHA256

SHA256 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha256" .

See Also:

Constant Field Values

ALGO_ID_DIGEST_SHA384

public static final String ALGO_ID_DIGEST_SHA384

SHA384 digest algorithm ID: "http://www.w3.org/2001/04/xmldsig-more#sha384" .

See Also:

Constant Field Values

ALGO_ID_DIGEST_SHA512

public static final String ALGO_ID_DIGEST_SHA512

SHA512 digest algorithm ID: "http://www.w3.org/2001/04/xmlenc#sha512" .

See Also:

Constant Field Values

ALGO_ID_C14N_OMIT_COMMENTS

public static final String ALGO_ID_C14N_OMIT_COMMENTS

Inclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" .

See Also:

Constant Field Values

ALGO_ID_C14N_WITH_COMMENTS

public static final String ALGO_ID_C14N_WITH_COMMENTS

Inclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" .

See Also:

Constant Field Values

ALGO_ID_C14N_EXCL_OMIT_COMMENTS

public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS

Exclusive canonicalization, WITHOUT comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#" .

See Also:

Constant Field Values

ALGO_ID_C14N_EXCL_WITH_COMMENTS

public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS

Exclusive canonicalization, WITH comments, algorithm ID: "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" .

See Also:

Constant Field Values

TRANSFORM_ENVELOPED_SIGNATURE

public static final String TRANSFORM_ENVELOPED_SIGNATURE

Enveloped signature transform ID: "http://www.w3.org/2000/09/xmldsig#enveloped-signature" .

See Also:

Constant Field Values

log

private final Logger log

Class logger.

xmlSigFactory

private XMLSignatureFactory xmlSigFactory

Factory used to create XML signature objects.

keyInfoFactory

private KeyInfoFactory keyInfoFactory

Factory used to create KeyInfo objects.

shaVariant

private XMLSignatureSigningStage.ShaVariant shaVariant

SHA algorithm variant used in signature and digest algorithms. Default value: ShaVariant.SHA256

privKey

private PrivateKey privKey

Private key used to sign data.

pubKey

private PublicKey pubKey

Public key associated with the given private key.

certificates

private List<X509Certificate> certificates

Certificate chain, with end entity certificate as element 0, to be included with the signature. Default value: empty list

crls

private List<X509CRL> crls

CRLs to be included with the signature. Default value: empty list

sigAlgo

private String sigAlgo

Signature algorithm used.

digestAlgo

private String digestAlgo

Digest algorithm used.

c14nExclusive

private boolean c14nExclusive

Whether to use exclusive canonicalization. Default value: true

c14nWithComments

private boolean c14nWithComments

Whether to include comments in the canonicalized data. Default value: false

c14nAlgo

private String c14nAlgo

Canonicalization algorithm to use. This is determined from the c14nExclusive and c14nWithComments properties.

inclusivePrefixList

private List<String> inclusivePrefixList

Inclusive prefix list used with exclusive canonicalization. Default value: empty list

idAttributeNames

private List<QName> idAttributeNames

Names of attributes to treat as ID attributes for signature referencing. Default value: list containing the non-namespace-qualified attributes 'ID', 'Id', 'id'

keyNames

private List<String> keyNames

Explicit names to associate with the given signing key. Default value: empty list

includeKeyNames

private boolean includeKeyNames

Whether key names should be included in the signature's KeyInfo. Default value: true

includeKeyValue

private boolean includeKeyValue

Whether the public key should be included in the signature's KeyInfo. Default value: false

includeX509SubjectName

private boolean includeX509SubjectName

Whether the end-entity certificate's subject name should be included in the signature's KeyInfo. Default value: false

includeX509Certificates

private boolean includeX509Certificates

Whether the certificates chain should be included in the signature's KeyInfo. Default value: true

includeX509Crls

private boolean includeX509Crls

Whether the CRLs should be included in the signature's KeyInfo. Default value: false

includeX509IssuerSerial

private boolean includeX509IssuerSerial

Whether the end-entity certificate's issuer and serial number should be included in the signature's KeyInfo. Default value: false

debugPreDigest

private boolean debugPreDigest

Whether to debug digest operations by logging the pre-digest data stream. Default value: false

Constructor Detail

XMLSignatureSigningStage

public XMLSignatureSigningStage()

Constructor.

Method Detail

getShaVariant

@Nonnull
public XMLSignatureSigningStage.ShaVariant getShaVariant()

Gets the SHA algorithm variant used when computing the signature and digest.

Returns:

SHA algorithm variant used when computing the signature and digest

setShaVariant

public void setShaVariant(@Nonnull
                 XMLSignatureSigningStage.ShaVariant variant)

Sets the SHA algorithm variant used when computing the signature and digest.

Parameters:

variant - SHA algorithm variant used when computing the signature and digest

getPrivateKey

@Nullable
public PrivateKey getPrivateKey()

Gets the private key used to sign the content.

Returns:

the privKey private key used to sign the content

setPrivateKey

public void setPrivateKey(@Nonnull
                 PrivateKey key)

Sets the private key used to sign the content.

Parameters:

key - private key used to sign the content

getPublicKey

@Nullable
public PublicKey getPublicKey()

Gets the public key associated with private key used to sign the content.

Returns:

public key associated with private key used to sign the content

setPublicKey

public void setPublicKey(@Nullable
                PublicKey key)

Sets public key associated with private key used to sign the content.

Parameters:

key - public key associated with private key used to sign the content

getCertificates

@Nonnull
@NonnullElements
@Unmodifiable
public List<X509Certificate> getCertificates()

Gets the certificates associated with the key used to sign the content. The end-entity certificate is the 0th element in the list.

Returns:

certificates associated with the key used to sign the content

setCertificates

public void setCertificates(@Nullable@NullableElements
                   List<X509Certificate> certs)

Sets the certificates associated with the key used to sign the content. The end-entity certificate must be the 0th element in the list.

Parameters:

certs - certificates associated with the key used to sign the content

getCrls

@Nonnull
@NonnullElements
@Unmodifiable
public List<X509CRL> getCrls()

Gets the CRLs associated with certificates.

Returns:

CRLs associated with certificates

setCrls

public void setCrls(@Nullable@NullableElements
           List<X509CRL> revocationLists)

Sets the CRLs associated with certificates.

Parameters:

revocationLists - CRLs associated with certificates

isC14nExclusive

public boolean isC14nExclusive()

Gets whether exclusive canonicalization will be used.

Returns:

whether exclusive canonicalization will be used

setC14nExclusive

public void setC14nExclusive(boolean isExclusive)

Sets whether exclusive canonicalization will be used.

Parameters:

isExclusive - whether exclusive canonicalization will be used

isC14nWithComments

public boolean isC14nWithComments()

Gets whether comments are canonicalized.

Returns:

whether comments are canonicalized

setC14nWithComments

public void setC14nWithComments(boolean withComments)

Sets whether comments are canonicalized.

Parameters:

withComments - whether comments are canonicalized

getInclusivePrefixList

@Nonnull
@NonnullElements
@Unmodifiable
public List<String> getInclusivePrefixList()

Gets the inclusive prefix list used during exclusive canonicalization.

Returns:

inclusive prefix list used during exclusive canonicalization

setInclusivePrefixList

public void setInclusivePrefixList(@Nullable@NullableElements
                          List<String> prefixList)

Sets the inclusive prefix list used during exclusive canonicalization.

Parameters:

prefixList - inclusive prefix list used during exclusive canonicalization

getIdAttributeNames

@Nonnull
@NonnullElements
@Unmodifiable
public List<QName> getIdAttributeNames()

Gets the names of the attributes treated as reference IDs.

Returns:

names of the attributes treated as reference IDs

setIdAttributeNames

public void setIdAttributeNames(@Nonnull@NullableElements
                       List<QName> names)

Sets the names of the attributes treated as reference IDs.

Parameters:

names - names of the attributes treated as reference IDs

getKeyNames

@Nonnull
@NonnullElements
public List<String> getKeyNames()

Gets the explicit key names added to the KeyInfo.

Returns:

explicit key names added to the KeyInfo

setKeyNames

public void setKeyNames(@Nullable@NullableElements
               List<String> names)

Sets the explicit key names added to the KeyInfo.

Parameters:

names - explicit key names added to the KeyInfo

isIncludeKeyNames

public boolean isIncludeKeyNames()

Gets whether key names are included in the KeyInfo.

Returns:

whether key names are included in the KeyInfo

setIncludeKeyNames

public void setIncludeKeyNames(boolean include)

Sets whether key names are included in the KeyInfo.

Parameters:

include - whether key names are included in the KeyInfo

isIncludeKeyValue

public boolean isIncludeKeyValue()

Gets whether key values are included in the KeyInfo.

Returns:

whether key values are included in the KeyInfo

setIncludeKeyValue

public void setIncludeKeyValue(boolean included)

Sets whether key values are included in the KeyInfo.

Parameters:

included - whether key values are included in the KeyInfo

isIncludeX509SubjectName

public boolean isIncludeX509SubjectName()

Gets whether end-entity certifcate's subject name is included in the KeyInfo.

Returns:

whether end-entity certifcate's subject name is included in the KeyInfo

setIncludeX509SubjectName

public void setIncludeX509SubjectName(boolean include)

Sets whether end-entity certifcate's subject name is included in the KeyInfo.

Parameters:

include - whether end-entity certifcate's subject name is included in the KeyInfo

isIncludeX509Certificates

public boolean isIncludeX509Certificates()

Gets whether X509 certificates are included in the KeyInfo.

Returns:

whether X509 certificates are included in the KeyInfo

setIncludeX509Certificates

public void setIncludeX509Certificates(boolean include)

Sets whether X509 certificates are included in the KeyInfo.

Parameters:

include - whether X509 certificates are included in the KeyInfo

isIncludeX509Crls

public boolean isIncludeX509Crls()

Gets whether CRLs are included in the KeyInfo.

Returns:

whether CRLs are included in the KeyInfo

setIncludeX509Crls

public void setIncludeX509Crls(boolean include)

Sets whether CRLs are included in the KeyInfo.

Parameters:

include - whether CRLs are included in the KeyInfo

isIncludeX509IssuerSerial

public boolean isIncludeX509IssuerSerial()

Gets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.

Returns:

whether the end-entity certificate's issuer and serial number are included in the KeyInfo

setIncludeX509IssuerSerial

public void setIncludeX509IssuerSerial(boolean include)

Sets whether the end-entity certificate's issuer and serial number are included in the KeyInfo.

Parameters:

include - whether the end-entity certificate's issuer and serial number are included in the KeyInfo

isDebugPreDigest

public boolean isDebugPreDigest()

Gets whether logging of the pre-digest data stream is enabled.

Returns:

whether logging of the pre-digest data stream is enabled

setDebugPreDigest

public void setDebugPreDigest(boolean debug)

Sets whether logging of the pre-digest data stream is enabled.

Parameters:

debug - whether logging of the pre-digest data stream is enabled

getSigAlgo

public String getSigAlgo()

Gets the signature algorithm used when signing.

Returns:

signature algorithm used when signing

getDigestAlgo

public String getDigestAlgo()

Gets the digest algorithm used when signing.

Returns:

digest algorithm used when signing

doExecute

protected boolean doExecute(@Nonnull
                Item<Element> item)
                     throws StageProcessingException

Processes a given Item.

Specified by:

doExecute in class BaseIteratingStage<Element>

Parameters:

item - Item on which to operate

Returns:

true if the Item should be retained in the collection, false if not

Throws:

StageProcessingException - thrown if there is a problem with the stage processing

buildSignedInfo

@Nonnull
protected SignedInfo buildSignedInfo(@Nonnull
                                 Element target)
                              throws StageProcessingException

Gets the descriptor of signed content.

Parameters:

target - the element that will be signed

Returns:

signed content descriptor

Throws:

StageProcessingException - thrown if there is a problem create the signed content descriptor

buildSignatureReference

@Nonnull
protected Reference buildSignatureReference(@Nonnull
                                        Element target)
                                     throws StageProcessingException

Builds the references to the signed content.

Parameters:

target - the element to be signed

Returns:

reference to signed content

Throws:

StageProcessingException - thrown if there is a problem creating the reference to the element

getElementId

@Nullable
protected String getElementId(@Nonnull
                           Element target)

Determines the ID for the element to be signed. To determine the ID first, all the element attributes are inspected, if one matches the provided idAttributeNames then the value of the attribute is used as the ID value. If no ID attribute names are given, or none of the given ones match, and one or more of the attributes is marked as an ID attribute (i.e. Attr.isId() is true), then the value of one of those attributes is used.

Parameters:

target - an element to be referenced by the signature

Returns:

the ID value for the element, or null

buildKeyInfo

@Nonnull
protected KeyInfo buildKeyInfo()
                        throws StageProcessingException

Builds the KeyInfo element to be included in the signature.

Returns:

KeyInfo element to be included in the signature

Throws:

StageProcessingException - thrown if there is a problem creating the KeyInfo descriptor

addKeyNames

protected void addKeyNames(@Nonnull@NonnullElements@Live
               ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds key names to the KeyInfo, if key names are to be included.

Parameters:

keyInfoItems - collector for KeyInfo children

Throws:

StageProcessingException - thrown if there is a problem creating the KeyName content

addKeyValue

protected void addKeyValue(@Nonnull@NonnullElements@Live
               ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds raw key values to the KeyInfo if key values are to be included.

Parameters:

keyInfoItems - collector for KeyInfo children

Throws:

StageProcessingException - thrown if there is a problem creating the KeyValue content

addX509Data

protected void addX509Data(@Nonnull@NonnullElements@Live
               ArrayList<Object> keyInfoItems)
                    throws StageProcessingException

Adds X509 data (subject names, certificates, CRLs, and Issuer/Serial) set to be included, into the key info.

Parameters:

keyInfoItems - collector for KeyInfo children

Throws:

StageProcessingException - thrown if there is a problem creating the X509Data content

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException