Package javax.xml.crypto.dsig
XMLSignature,
SignedInfo,
CanonicalizationMethod,
SignatureMethod,
Reference,
DigestMethod,
XMLObject,
Manifest,
SignatureProperties, and
SignatureProperty.
KeyInfo types are defined in the
javax.xml.crypto.dsig.keyinfo subpackage.
XMLSignatureFactory
is an abstract factory that creates
XMLSignature objects from scratch
or from a pre-existing XML representation, such as a DOM node.
TransformService is a service provider
interface for creating and plugging in implementations of
transform and canonicalization algorithms.
Of primary significance in this package is the
XMLSignature class,
which allows you to sign and validate an XML digital signature.
Service Providers
A service provider is a concrete implementation of the abstractXMLSignatureFactory and
KeyInfoFactory classes
and is responsible for creating objects and algorithms that parse, generate
and validate XML Signatures and KeyInfo structures. A concrete implementation
of XMLSignatureFactory MUST provide support for each of the REQUIRED
algorithms as specified by the W3C recommendation for XML Signatures. It MAY
support other algorithms as defined by the W3C recommendation or other
specifications.
The API leverages the JCA provider model (see
the Provider class) for registering and
loading XMLSignatureFactory and KeyInfoFactory
implementations.
Each concrete XMLSignatureFactory or KeyInfoFactory
implementation supports a specific XML mechanism type that identifies the XML
processing mechanism that an implementation uses internally to parse and
generate XML signature and KeyInfo structures.
A service provider implementation SHOULD use underlying JCA engine
classes, such as Signature and
MessageDigest to perform cryptographic operations.
In addition to the XMLSignatureFactory and KeyInfoFactory
classes, the API supports a service provider interface for transform and
canonicalization algorithms. The TransformService class allows you to
develop and plug in an implementation of a specific transform or
canonicalization algorithm for a particular XML mechanism type. The
TransformService class uses the standard JCA provider model for registering
and loading implementations. Each service provider implementation SHOULD use
the TransformService class to find a provider that supports transform
and canonicalization algorithms in XML Signatures that it is generating or
validating.
DOM Mechanism Requirements
The following requirements MUST be abided by when implementing a DOM-basedXMLSignatureFactory, KeyInfoFactory or
TransformService in order to minimize interoperability problems:
- The
unmarshalXMLSignaturemethod ofXMLSignatureFactoryMUST supportDOMValidateContexttypes. If the type isDOMValidateContext, it SHOULD contain anElementof type Signature. Additionally, theunmarshalXMLSignaturemethod MAY populate the Id/Element mappings of the passed-inDOMValidateContext. - The
signmethod ofXMLSignatures produced byXMLSignatureFactoryMUST supportDOMSignContexttypes and thevalidatemethod MUST supportDOMValidateContexttypes. This requirement also applies to thevalidatemethod ofSignatureValueand thevalidatemethod ofReference. - The implementation MUST support
DOMStructures as the mechanism for the application to specify extensible content (any elements or mixed content). - If the
dereferencemethod of user-specifiedURIDereferencers returnsNodeSetDataobjects, theiteratormethod MUST return an iteration over objects of typeorg.w3c.dom.Node. URIReferenceobjects passed to thedereferencemethod of user-specifiedURIDereferencers MUST be of typeDOMURIReferenceandXMLCryptoContextobjects MUST implementDOMCryptoContext.- The previous 2 requirements also apply to
URIDereferencers returned by thegetURIDereferencermethod ofXMLSignatureFactoryandKeyInfoFactory. - The
unmarshalKeyInfomethod ofKeyInfoFactoryMUST supportDOMStructuretypes. If the type isDOMStructure, it SHOULD contain anElementof typeKeyInfo. - The
transformmethod ofTransformMUST supportDOMCryptoContextcontext parameter types. - The
newtransformandnewCanonicalizationMethodmethods ofXMLSignatureFactoryMUST supportDOMStructureparameter types. - The
init, andmarshalParamsmethods ofTransformServiceMUST supportDOMStructureandDOMCryptoContexttypes. - The
unmarshalXMLSignaturemethod ofXMLSignatureFactoryMUST supportDOMStructuretypes. If the type isDOMStructure, it SHOULD contain anElementof typeSignature. - The
marshalmethod ofKeyInfoMUST supportDOMStructureandDOMCryptoContextparameter types.
Note that a DOM implementation MAY internally use other XML parsing APIs
other than DOM as long as it doesn't affect interoperability. For example, a
DOM implementation of XMLSignatureFactory might use a SAX parser
internally to canonicalize data.
Package Specification
- Since:
- 1.6
-
ClassDescriptionA representation of the XML
CanonicalizationMethodelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLDigestMethodelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLManifestelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of theReferenceelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLSignatureMethodelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLSignaturePropertieselement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLSignaturePropertyelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.An representation of the XMLSignedInfoelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLTransformelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.Indicates an exceptional condition that occurred while executing a transform algorithm.A Service Provider Interface for transform and canonicalization algorithms.A representation of the XMLObjectelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLSignatureelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.A representation of the XMLSignatureValueelement as defined in the W3C Recommendation for XML-Signature Syntax and Processing.Indicates an exceptional condition that occurred during the XML signature generation or validation process.A factory for creatingXMLSignatureobjects from scratch or for unmarshalling anXMLSignatureobject from a corresponding XML representation.Contains context information for generating XML Signatures.Contains context information for validating XML Signatures.