File Doc Category Size Date Package
XMLSignatureFactory.java API Doc Java SE 6 API 34627 Tue Jun 10 00:27:06 BST 2008 javax.xml.crypto.dsig

XMLSignatureFactory

java.lang.Object

public abstract class XMLSignatureFactory extends Object

A factory for creating {@link XMLSignature} objects from scratch or for unmarshalling an XMLSignature object from a corresponding XML representation.

XMLSignatureFactory Type

Each instance of XMLSignatureFactory supports a specific XML mechanism type. To create an XMLSignatureFactory, call one of the static {@link #getInstance getInstance} methods, passing in the XML mechanism type desired, for example:

XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");

The objects that this factory produces will be based on DOM and abide by the DOM interoperability requirements as defined in the DOM Mechanism Requirements section of the API overview. See the Service Providers section of the API overview for a list of standard mechanism types.

XMLSignatureFactory implementations are registered and loaded using the {@link java.security.Provider} mechanism. For example, a service provider that supports the DOM mechanism would be specified in the Provider subclass as:

put("XMLSignatureFactory.DOM", "org.example.DOMXMLSignatureFactory");

An implementation MUST minimally support the default mechanism type: DOM.

Note that a caller must use the same XMLSignatureFactory instance to create the XMLStructures of a particular XMLSignature that is to be generated. The behavior is undefined if XMLStructures from different providers or different mechanism types are used together.

Also, the XMLStructures that are created by this factory may contain state specific to the XMLSignature and are not intended to be reusable.

Creating XMLSignatures from scratch

Once the XMLSignatureFactory has been created, objects can be instantiated by calling the appropriate method. For example, a {@link Reference} instance may be created by invoking one of the {@link #newReference newReference} methods.

Unmarshalling XMLSignatures from XML

Alternatively, an XMLSignature may be created from an existing XML representation by invoking the {@link #unmarshalXMLSignature unmarshalXMLSignature} method and passing it a mechanism-specific {@link XMLValidateContext} instance containing the XML content:

DOMValidateContext context = new DOMValidateContext(key, signatureElement);
XMLSignature signature = factory.unmarshalXMLSignature(context);

Each XMLSignatureFactory must support the required XMLValidateContext types for that factory type, but may support others. A DOM XMLSignatureFactory must support {@link DOMValidateContext} objects.

Signing and marshalling XMLSignatures to XML

Each XMLSignature created by the factory can also be marshalled to an XML representation and signed, by invoking the {@link XMLSignature#sign sign} method of the {@link XMLSignature} object and passing it a mechanism-specific {@link XMLSignContext} object containing the signing key and marshalling parameters (see {@link DOMSignContext}). For example:

DOMSignContext context = new DOMSignContext(privateKey, document);
signature.sign(context);

Concurrent Access

The static methods of this class are guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

However, this is not true for the non-static methods defined by this class. Unless otherwise documented by a specific provider, threads that need to access a single XMLSignatureFactory instance concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating a different XMLSignatureFactory instance need not synchronize.

author: Sean Mullan
author: JSR 105 Expert Group
since: 1.6

Fields Summary
private String
mechanismType
private Provider
provider
Constructors Summary
protected XMLSignatureFactory()
Default constructor, for invocation by subclasses.
Methods Summary
public static javax.xml.crypto.dsig.XMLSignatureFactory getInstance(java.lang.String mechanismType)
Returns an XMLSignatureFactory that supports the specified XML processing mechanism and representation type (ex: "DOM").
This method uses the standard JCA provider lookup mechanism to locate and instantiate an XMLSignatureFactory implementation of the desired mechanism type. It traverses the list of registered security Providers, starting with the most preferred Provider. A new XMLSignatureFactory object from the first Provider that supports the specified mechanism is returned.
Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.
param
mechanismType the type of the XML processing mechanism and representation. See the Service Providers section of the API overview for a list of standard mechanism types.
return
a new XMLSignatureFactory
throws
NullPointerException if mechanismType is null
throws
NoSuchMechanismException if no Provider supports an XMLSignatureFactory implementation for the specified mechanism
see
Provider
if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } Instance instance; try { instance = GetInstance.getInstance ("XMLSignatureFactory", null, mechanismType); } catch (NoSuchAlgorithmException nsae) { throw new NoSuchMechanismException(nsae); } XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl; factory.mechanismType = mechanismType; factory.provider = instance.provider; return factory;
public static javax.xml.crypto.dsig.XMLSignatureFactory getInstance(java.lang.String mechanismType, java.security.Provider provider)
Returns an XMLSignatureFactory that supports the requested XML processing mechanism and representation type (ex: "DOM"), as supplied by the specified provider. Note that the specified Provider object does not have to be registered in the provider list.
param
mechanismType the type of the XML processing mechanism and representation. See the Service Providers section of the API overview for a list of standard mechanism types.
param
provider the Provider object
return
a new XMLSignatureFactory
throws
NullPointerException if provider or mechanismType is null
throws
NoSuchMechanismException if an XMLSignatureFactory implementation for the specified mechanism is not available from the specified Provider object
see
Provider
if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } else if (provider == null) { throw new NullPointerException("provider cannot be null"); } Instance instance; try { instance = GetInstance.getInstance ("XMLSignatureFactory", null, mechanismType, provider); } catch (NoSuchAlgorithmException nsae) { throw new NoSuchMechanismException(nsae); } XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl; factory.mechanismType = mechanismType; factory.provider = instance.provider; return factory;
public static javax.xml.crypto.dsig.XMLSignatureFactory getInstance(java.lang.String mechanismType, java.lang.String provider)
Returns an XMLSignatureFactory that supports the requested XML processing mechanism and representation type (ex: "DOM"), as supplied by the specified provider. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.
param
mechanismType the type of the XML processing mechanism and representation. See the Service Providers section of the API overview for a list of standard mechanism types.
param
provider the string name of the provider
return
a new XMLSignatureFactory
throws
NoSuchProviderException if the specified provider is not registered in the security provider list
throws
NullPointerException if provider or mechanismType is null
throws
NoSuchMechanismException if an XMLSignatureFactory implementation for the specified mechanism is not available from the specified provider
see
Provider
if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } else if (provider == null) { throw new NullPointerException("provider cannot be null"); } else if (provider.length() == 0) { throw new NoSuchProviderException(); } Instance instance; try { instance = GetInstance.getInstance ("XMLSignatureFactory", null, mechanismType, provider); } catch (NoSuchAlgorithmException nsae) { throw new NoSuchMechanismException(nsae); } XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl; factory.mechanismType = mechanismType; factory.provider = instance.provider; return factory;
public static javax.xml.crypto.dsig.XMLSignatureFactory getInstance()
Returns an XMLSignatureFactory that supports the default XML processing mechanism and representation type ("DOM").
This method uses the standard JCA provider lookup mechanism to locate and instantiate an XMLSignatureFactory implementation of the default mechanism type. It traverses the list of registered security Providers, starting with the most preferred Provider. A new XMLSignatureFactory object from the first Provider that supports the DOM mechanism is returned.
Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.
return
a new XMLSignatureFactory
throws
NoSuchMechanismException if no Provider supports an XMLSignatureFactory implementation for the DOM mechanism
see
Provider
return getInstance("DOM");
public final javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
Returns a KeyInfoFactory that creates KeyInfo objects. The returned KeyInfoFactory has the same mechanism type and provider as this XMLSignatureFactory.
return
a KeyInfoFactory
throws
NoSuchMechanismException if a KeyFactory implementation with the same mechanism type and provider is not available
return KeyInfoFactory.getInstance(getMechanismType(), getProvider());
public final java.lang.String getMechanismType()
Returns the type of the XML processing mechanism and representation supported by this XMLSignatureFactory (ex: "DOM").
return
the XML processing mechanism type supported by this XMLSignatureFactory
return mechanismType;
public final java.security.Provider getProvider()
Returns the provider of this XMLSignatureFactory.
return
the provider of this XMLSignatureFactory
return provider;
public abstract javax.xml.crypto.URIDereferencer getURIDereferencer()
Returns a reference to the URIDereferencer that is used by default to dereference URIs in {@link Reference} objects.
return
a reference to the default URIDereferencer (never null)
public abstract boolean isFeatureSupported(java.lang.String feature)
Indicates whether a specified feature is supported.
param
feature the feature name (as an absolute URI)
return
true if the specified feature is supported, false otherwise
throws
NullPointerException if feature is null
public abstract javax.xml.crypto.dsig.CanonicalizationMethod newCanonicalizationMethod(java.lang.String algorithm, javax.xml.crypto.dsig.spec.C14NMethodParameterSpec params)
Creates a CanonicalizationMethod for the specified algorithm URI and parameters.
param
algorithm the URI identifying the canonicalization algorithm
param
params algorithm-specific canonicalization parameters (may be null)
return
the CanonicalizationMethod
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.CanonicalizationMethod newCanonicalizationMethod(java.lang.String algorithm, javax.xml.crypto.XMLStructure params)
Creates a CanonicalizationMethod for the specified algorithm URI and parameters. The parameters are specified as a mechanism-specific XMLStructure (ex: {@link DOMStructure}). This method is useful when the parameters are in XML form or there is no standard class for specifying the parameters.
param
algorithm the URI identifying the canonicalization algorithm
param
params a mechanism-specific XML structure from which to unmarshal the parameters from (may be null if not required or optional)
return
the CanonicalizationMethod
throws
ClassCastException if the type of params is inappropriate for this XMLSignatureFactory
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.DigestMethod newDigestMethod(java.lang.String algorithm, javax.xml.crypto.dsig.spec.DigestMethodParameterSpec params)
Creates a DigestMethod for the specified algorithm URI and parameters.
param
algorithm the URI identifying the digest algorithm
param
params algorithm-specific digest parameters (may be null)
return
the DigestMethod
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.Manifest newManifest(java.util.List references)
Creates a Manifest containing the specified list of {@link Reference}s.
param
references a list of one or more References. The list is defensively copied to protect against subsequent modification.
return
a Manifest
throws
NullPointerException if references is null
throws
IllegalArgumentException if references is empty
throws
ClassCastException if references contains any entries that are not of type {@link Reference}
public abstract javax.xml.crypto.dsig.Manifest newManifest(java.util.List references, java.lang.String id)
Creates a Manifest containing the specified list of {@link Reference}s and optional id.
param
references a list of one or more References. The list is defensively copied to protect against subsequent modification.
param
id the id (may be null)
return
a Manifest
throws
NullPointerException if references is null
throws
IllegalArgumentException if references is empty
throws
ClassCastException if references contains any entries that are not of type {@link Reference}
public abstract javax.xml.crypto.dsig.Reference newReference(java.lang.String uri, javax.xml.crypto.dsig.DigestMethod dm)
Creates a Reference with the specified URI and digest method.
param
uri the reference URI (may be null)
param
dm the digest method
return
a Reference
throws
IllegalArgumentException if uri is not RFC 2396 compliant
throws
NullPointerException if dm is null
public abstract javax.xml.crypto.dsig.Reference newReference(java.lang.String uri, javax.xml.crypto.dsig.DigestMethod dm, java.util.List transforms, java.lang.String type, java.lang.String id)
Creates a Reference with the specified parameters.
param
uri the reference URI (may be null)
param
dm the digest method
param
transforms a list of {@link Transform}s. The list is defensively copied to protect against subsequent modification. May be null or empty.
param
type the reference type, as a URI (may be null)
param
id the reference ID (may be null)
return
a Reference
throws
ClassCastException if any of the transforms are not of type Transform
throws
IllegalArgumentException if uri is not RFC 2396 compliant
throws
NullPointerException if dm is null
public abstract javax.xml.crypto.dsig.Reference newReference(java.lang.String uri, javax.xml.crypto.dsig.DigestMethod dm, java.util.List transforms, java.lang.String type, java.lang.String id, byte[] digestValue)
Creates a Reference with the specified parameters and pre-calculated digest value.
This method is useful when the digest value of a Reference has been previously computed. See for example, the OASIS-DSS (Digital Signature Services) specification.
param
uri the reference URI (may be null)
param
dm the digest method
param
transforms a list of {@link Transform}s. The list is defensively copied to protect against subsequent modification. May be null or empty.
param
type the reference type, as a URI (may be null)
param
id the reference ID (may be null)
param
digestValue the digest value. The array is cloned to protect against subsequent modification.
return
a Reference
throws
ClassCastException if any of the transforms are not of type Transform
throws
IllegalArgumentException if uri is not RFC 2396 compliant
throws
NullPointerException if dm or digestValue is null
public abstract javax.xml.crypto.dsig.Reference newReference(java.lang.String uri, javax.xml.crypto.dsig.DigestMethod dm, java.util.List appliedTransforms, javax.xml.crypto.Data result, java.util.List transforms, java.lang.String type, java.lang.String id)
Creates a Reference with the specified parameters.
This method is useful when a list of transforms have already been applied to the Reference. See for example, the OASIS-DSS (Digital Signature Services) specification.
When an XMLSignature containing this reference is generated, the specified transforms (if non-null) are applied to the specified result. The Transforms element of the resulting Reference element is set to the concatenation of the appliedTransforms and transforms.
param
uri the reference URI (may be null)
param
dm the digest method
param
appliedTransforms a list of {@link Transform}s that have already been applied. The list is defensively copied to protect against subsequent modification. The list must contain at least one entry.
param
result the result of processing the sequence of appliedTransforms
param
transforms a list of {@link Transform}s that are to be applied when generating the signature. The list is defensively copied to protect against subsequent modification. May be null or empty.
param
type the reference type, as a URI (may be null)
param
id the reference ID (may be null)
return
a Reference
throws
ClassCastException if any of the transforms (in either list) are not of type Transform
throws
IllegalArgumentException if uri is not RFC 2396 compliant or appliedTransforms is empty
throws
NullPointerException if dm, appliedTransforms or result is null
public abstract javax.xml.crypto.dsig.SignatureMethod newSignatureMethod(java.lang.String algorithm, javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec params)
Creates a SignatureMethod for the specified algorithm URI and parameters.
param
algorithm the URI identifying the signature algorithm
param
params algorithm-specific signature parameters (may be null)
return
the SignatureMethod
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.SignatureProperties newSignatureProperties(java.util.List properties, java.lang.String id)
Creates a SignatureProperties containing the specified list of {@link SignatureProperty}s and optional id.
param
properties a list of one or more SignaturePropertys. The list is defensively copied to protect against subsequent modification.
param
id the id (may be null)
return
a SignatureProperties
throws
NullPointerException if properties is null
throws
IllegalArgumentException if properties is empty
throws
ClassCastException if properties contains any entries that are not of type {@link SignatureProperty}
public abstract javax.xml.crypto.dsig.SignatureProperty newSignatureProperty(java.util.List content, java.lang.String target, java.lang.String id)
Creates a SignatureProperty containing the specified list of {@link XMLStructure}s, target URI and optional id.
param
content a list of one or more XMLStructures. The list is defensively copied to protect against subsequent modification.
param
target the target URI of the Signature that this property applies to
param
id the id (may be null)
return
a SignatureProperty
throws
NullPointerException if content or target is null
throws
IllegalArgumentException if content is empty
throws
ClassCastException if content contains any entries that are not of type {@link XMLStructure}
public abstract javax.xml.crypto.dsig.SignedInfo newSignedInfo(javax.xml.crypto.dsig.CanonicalizationMethod cm, javax.xml.crypto.dsig.SignatureMethod sm, java.util.List references)
Creates a SignedInfo with the specified canonicalization and signature methods, and list of one or more references.
param
cm the canonicalization method
param
sm the signature method
param
references a list of one or more {@link Reference}s. The list is defensively copied to protect against subsequent modification.
return
a SignedInfo
throws
ClassCastException if any of the references are not of type Reference
throws
IllegalArgumentException if references is empty
throws
NullPointerException if any of the parameters are null
public abstract javax.xml.crypto.dsig.SignedInfo newSignedInfo(javax.xml.crypto.dsig.CanonicalizationMethod cm, javax.xml.crypto.dsig.SignatureMethod sm, java.util.List references, java.lang.String id)
Creates a SignedInfo with the specified parameters.
param
cm the canonicalization method
param
sm the signature method
param
references a list of one or more {@link Reference}s. The list is defensively copied to protect against subsequent modification.
param
id the id (may be null)
return
a SignedInfo
throws
ClassCastException if any of the references are not of type Reference
throws
IllegalArgumentException if references is empty
throws
NullPointerException if cm, sm, or references are null
public abstract javax.xml.crypto.dsig.Transform newTransform(java.lang.String algorithm, javax.xml.crypto.dsig.spec.TransformParameterSpec params)
Creates a Transform for the specified algorithm URI and parameters.
param
algorithm the URI identifying the transform algorithm
param
params algorithm-specific transform parameters (may be null)
return
the Transform
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.Transform newTransform(java.lang.String algorithm, javax.xml.crypto.XMLStructure params)
Creates a Transform for the specified algorithm URI and parameters. The parameters are specified as a mechanism-specific XMLStructure (ex: {@link DOMStructure}). This method is useful when the parameters are in XML form or there is no standard class for specifying the parameters.
param
algorithm the URI identifying the transform algorithm
param
params a mechanism-specific XML structure from which to unmarshal the parameters from (may be null if not required or optional)
return
the Transform
throws
ClassCastException if the type of params is inappropriate for this XMLSignatureFactory
throws
InvalidAlgorithmParameterException if the specified parameters are inappropriate for the requested algorithm
throws
NoSuchAlgorithmException if an implementation of the specified algorithm cannot be found
throws
NullPointerException if algorithm is null
public abstract javax.xml.crypto.dsig.XMLObject newXMLObject(java.util.List content, java.lang.String id, java.lang.String mimeType, java.lang.String encoding)
Creates an XMLObject from the specified parameters.
param
content a list of {@link XMLStructure}s. The list is defensively copied to protect against subsequent modification. May be null or empty.
param
id the Id (may be null)
param
mimeType the mime type (may be null)
param
encoding the encoding (may be null)
return
an XMLObject
throws
ClassCastException if content contains any entries that are not of type {@link XMLStructure}
public abstract javax.xml.crypto.dsig.XMLSignature newXMLSignature(javax.xml.crypto.dsig.SignedInfo si, javax.xml.crypto.dsig.keyinfo.KeyInfo ki)
Creates an XMLSignature and initializes it with the contents of the specified SignedInfo and KeyInfo objects.
param
si the signed info
param
ki the key info (may be null)
return
an XMLSignature
throws
NullPointerException if si is null
public abstract javax.xml.crypto.dsig.XMLSignature newXMLSignature(javax.xml.crypto.dsig.SignedInfo si, javax.xml.crypto.dsig.keyinfo.KeyInfo ki, java.util.List objects, java.lang.String id, java.lang.String signatureValueId)
Creates an XMLSignature and initializes it with the specified parameters.
param
si the signed info
param
ki the key info (may be null)
param
objects a list of {@link XMLObject}s (may be empty or null)
param
id the Id (may be null)
param
signatureValueId the SignatureValue Id (may be null)
return
an XMLSignature
throws
NullPointerException if si is null
throws
ClassCastException if any of the objects are not of type XMLObject
public abstract javax.xml.crypto.dsig.XMLSignature unmarshalXMLSignature(javax.xml.crypto.dsig.XMLValidateContext context)
Unmarshals a new XMLSignature instance from a mechanism-specific XMLValidateContext instance.
param
context a mechanism-specific context from which to unmarshal the signature from
return
the XMLSignature
throws
NullPointerException if context is null
throws
ClassCastException if the type of context is inappropriate for this factory
throws
MarshalException if an unrecoverable exception occurs during unmarshalling
public abstract javax.xml.crypto.dsig.XMLSignature unmarshalXMLSignature(javax.xml.crypto.XMLStructure xmlStructure)
Unmarshals a new XMLSignature instance from a mechanism-specific XMLStructure instance. This method is useful if you only want to unmarshal (and not validate) an XMLSignature.
param
xmlStructure a mechanism-specific XML structure from which to unmarshal the signature from
return
the XMLSignature
throws
NullPointerException if xmlStructure is null
throws
ClassCastException if the type of xmlStructure is inappropriate for this factory
throws
MarshalException if an unrecoverable exception occurs during unmarshalling