org.apache.ws.security.message
Class WSSignEnvelope

java.lang.Object
  extended byorg.apache.ws.security.message.WSBaseMessage
      extended byorg.apache.ws.security.message.WSSignEnvelope

public class WSSignEnvelope
extends WSBaseMessage

Signs a SOAP envelope according to WS Specification, X509 profile, and adds the signature data.

Author:
Davanum Srinivas (dims@yahoo.com), Werner Dittmann (Werner.Dittman@siemens.com)

Field Summary
protected  java.lang.String canonAlgo
           
protected  java.lang.String sigAlgo
           
protected  WSSAddUsernameToken usernameToken
           
protected  boolean useSingleCert
           
 
Fields inherited from class org.apache.ws.security.message.WSBaseMessage
actor, doDebug, keyIdentifierType, mustunderstand, parts, password, timeToLive, user, wssConfig
 
Constructor Summary
WSSignEnvelope()
          Constructor.
WSSignEnvelope(java.lang.String actor)
          Constructor.
WSSignEnvelope(java.lang.String actor, boolean mu)
          Constructor.
WSSignEnvelope(WSSConfig wssConfig, java.lang.String actor, boolean mu)
          Constructor.
 
Method Summary
 org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto crypto)
          Builds a signed soap envelope.
 org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto userCrypto, org.opensaml.SAMLAssertion assertion, Crypto issuerCrypto, java.lang.String issuerKeyName, java.lang.String issuerKeyPW)
          Builds a signed soap envelope with SAML token.
protected  java.util.Set getInclusivePrefixes(org.w3c.dom.Element target)
           
protected  java.util.Set getInclusivePrefixes(org.w3c.dom.Element target, boolean excludeVisible)
           
 java.lang.String getSigCanonicalization()
          Get the canonicalization method.
 java.lang.String getSignatureAlgorithm()
          Get the name of the signature algorithm that is being used

If the algorithm is not set then RSA is default.

 boolean isUseSingleCertificate()
          Get the single cert flag.
 void setSigCanonicalization(java.lang.String algo)
          Set the canonicalization method to use.
 void setSignatureAlgorithm(java.lang.String algo)
          Set the name of the signature encryption algorithm to use

If the algorithm is not set then Triple RSA is used.

 void setUsernameToken(WSSAddUsernameToken usernameToken)
           
 void setUseSingleCertificate(boolean useSingleCert)
          set the single cert flag.
 
Methods inherited from class org.apache.ws.security.message.WSBaseMessage
getKeyIdentifierType, insertSecurityHeader, setActor, setBodyID, setKeyIdentifierType, setMustUnderstand, setParts, setTimeToLive, setUserInfo, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

useSingleCert

protected boolean useSingleCert

sigAlgo

protected java.lang.String sigAlgo

canonAlgo

protected java.lang.String canonAlgo

usernameToken

protected WSSAddUsernameToken usernameToken
Constructor Detail

WSSignEnvelope

public WSSignEnvelope()
Constructor.


WSSignEnvelope

public WSSignEnvelope(java.lang.String actor)
Constructor.

Parameters:
actor - The actor name of the wsse:Security header

WSSignEnvelope

public WSSignEnvelope(java.lang.String actor,
                      boolean mu)
Constructor.

Parameters:
actor - The actor name of the wsse:Security header
mu - Set mustUnderstand to true or false

WSSignEnvelope

public WSSignEnvelope(WSSConfig wssConfig,
                      java.lang.String actor,
                      boolean mu)
Constructor.

Parameters:
wssConfig - Configuration options for processing and building security headers
actor - The actor name of the wsse:Security header
mu - Set mustUnderstand to true or false
Method Detail

setUseSingleCertificate

public void setUseSingleCertificate(boolean useSingleCert)
set the single cert flag.

Parameters:
useSingleCert -

isUseSingleCertificate

public boolean isUseSingleCertificate()
Get the single cert flag.

Returns:

setSignatureAlgorithm

public void setSignatureAlgorithm(java.lang.String algo)
Set the name of the signature encryption algorithm to use

If the algorithm is not set then Triple RSA is used. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the signature algorithm
See Also:
WSConstants.RSA, WSConstants.DSA

getSignatureAlgorithm

public java.lang.String getSignatureAlgorithm()
Get the name of the signature algorithm that is being used

If the algorithm is not set then RSA is default.

Returns:

setSigCanonicalization

public void setSigCanonicalization(java.lang.String algo)
Set the canonicalization method to use.

If the canonicalization method is not set then the recommended Exclusive XML Canonicalization is used by default Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the signature algorithm
See Also:
WSConstants.C14N_OMIT_COMMENTS, WSConstants.C14N_WITH_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_WITH_COMMENTS

getSigCanonicalization

public java.lang.String getSigCanonicalization()
Get the canonicalization method.

If the canonicalization method was not set then Exclusive XML Canonicalization is used by default.

Returns:

setUsernameToken

public void setUsernameToken(WSSAddUsernameToken usernameToken)
Parameters:
usernameToken - The usernameToken to set.

build

public org.w3c.dom.Document build(org.w3c.dom.Document doc,
                                  Crypto crypto)
                           throws WSSecurityException
Builds a signed soap envelope.

The method first gets an appropriate security header. According to the defined parameters for certificate handling the signature elements are constructed and inserted into the wsse:Signature

Parameters:
doc - The unsigned SOAP envelope as Document
crypto - An instance of the Crypto API to handle keystore and certificates
Returns:
A signed SOAP envelope as Document
Throws:
WSSecurityException

build

public org.w3c.dom.Document build(org.w3c.dom.Document doc,
                                  Crypto userCrypto,
                                  org.opensaml.SAMLAssertion assertion,
                                  Crypto issuerCrypto,
                                  java.lang.String issuerKeyName,
                                  java.lang.String issuerKeyPW)
                           throws WSSecurityException
Builds a signed soap envelope with SAML token.

The method first gets an appropriate security header. According to the defined parameters for certificate handling the signature elements are constructed and inserted into the wsse:Signature

Parameters:
doc - The unsigned SOAP envelope as Document
assertion - the complete SAML assertion
issuerCrypto - An instance of the Crypto API to handle keystore SAML token issuer and to generate certificates
issuerKeyName - Private key to use in case of "sender-Vouches"
issuerKeyPW - Password for issuer private key
Returns:
A signed SOAP envelope as Document
Throws:
WSSecurityException

getInclusivePrefixes

protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target)

getInclusivePrefixes

protected java.util.Set getInclusivePrefixes(org.w3c.dom.Element target,
                                             boolean excludeVisible)