Package se.idsec.signservice.security.sign.xml.impl

Class DefaultXMLSigner

java.lang.Object
se.idsec.signservice.security.sign.xml.impl.DefaultXMLSigner
All Implemented Interfaces:
Signer<Document,XMLSignerResult,VoidSignerParameters>, XMLSigner
public class DefaultXMLSigner extends Object implements XMLSigner
Default implementation of the XMLSigner interface.

If the signature algorithm is not explicitly set the OpenSAML SignatureSigningConfiguration system configuration will be used to obtain a default.

Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Field Details

    • DEFAULT_CANONICALIZATION_TRANSFORM

      public static final String DEFAULT_CANONICALIZATION_TRANSFORM
      The default canonicalization method - required Exclusive Canonicalization (omits comments).
      See Also:

    • DEFAULT_XPATH_TRANSFORM

      public static final String DEFAULT_XPATH_TRANSFORM
      The default XPath transform (don't include Signature elements).
      See Also:

  • Constructor Details

    • DefaultXMLSigner

      public DefaultXMLSigner(se.swedenconnect.security.credential.PkiCredential signingCredential)
      Constructor.
      Parameters:
      signingCredential - the signing credential to use

  • Method Details

    • builder

      public static DefaultXMLSigner.DefaultXMLSignerBuilder builder(se.swedenconnect.security.credential.PkiCredential signingCredential)
      Creates a builder for DefaultXMLSigner objects.
      Parameters:
      signingCredential - the signing credential to use
      Returns:
      a builder instance

    • sign

      public XMLSignerResult sign(Document document) throws SignatureException
      Specified by:
      sign in interface Signer<Document,XMLSignerResult,VoidSignerParameters>
      Throws:
      SignatureException

    • getSigningCredential

      public se.swedenconnect.security.credential.PkiCredential getSigningCredential()
      Specified by:
      getSigningCredential in interface Signer<Document,XMLSignerResult,VoidSignerParameters>

    • setSignatureLocation

      public void setSignatureLocation(XMLSignatureLocation signatureLocation)
      Sets the indicator that tells where in the document the resulting Signature element should be inserted. If not set, the default "insert as the last child of the document root element" will be used.
      Parameters:
      signatureLocation - location indicator

    • setSignatureAlgorithm

      public void setSignatureAlgorithm(String signatureAlgorithm) throws NoSuchAlgorithmException, SignatureException
      Assigns the URI for the signature algorithm to be used.
      Parameters:
      signatureAlgorithm - the signature algorithm URI
      Throws:
      NoSuchAlgorithmException - if the algorithm is not supported (or blacklisted)
      SignatureException - if the signature algorithm can not be used by the current signature credential

    • getSignatureAlgorithm

      public String getSignatureAlgorithm()
      Gets the signature algorithm to use.

      If the digest algorithm is not explicitly set, the default signature algorithm given by the AlgorithmRegistry will be used.

      Returns:
      the signature algorithm URI

    • getDigestAlgorithm

      public String getDigestAlgorithm()
      Gets the digest algorithm to use.
      Returns:
      the digest algorithm URI

    • setCanonicalizationTransform

      public void setCanonicalizationTransform(String canonicalizationTransform)
      Assigns the canonicalization method to use. Default is "http://www.w3.org/2001/10/xml-exc-c14n#".
      Parameters:
      canonicalizationTransform - canonicalization method URI

    • setXPathTransform

      public void setXPathTransform(String xPathTransform)
      Sets the XPath expression to be used in an XPath transform. The default is "not(ancestor-or-self::*[local-name()=\'Signature\' and namespace-uri()=\'http://www.w3.org/2000/09/xmldsig#\'])". If null, no XPath transform is used.
      Parameters:
      xPathTransform - XPath expression

    • setIncludeCertificateChain

      public void setIncludeCertificateChain(boolean includeCertificateChain)
      Sets whether the certificate chain/path be included in the signature (if available from PkiCredential.getCertificateChain()). The default is false (only the entity certificate is included).
      Parameters:
      includeCertificateChain - whether the certificate chain should be included

    • setIncludeSignatureId

      public void setIncludeSignatureId(boolean includeSignatureId)
      Should an ID attribute be written to the resulting ds:Signature element. Default is true.
      Parameters:
      includeSignatureId - whether an ID attribute should be written to the Signature element

    • setAlgorithmRegistry

      public void setAlgorithmRegistry(se.swedenconnect.security.algorithms.AlgorithmRegistry algorithmRegistry)
      Assigns the AlgorithmRegistry to use. If not assigned, the registry configured for AlgorithmRegistrySingleton will be used.
      Parameters:
      algorithmRegistry - the registry to use

    • registerIdAttributes

      public static String registerIdAttributes(Document document)
      Looks for an ID reference in the root element, and if found, registers it using the Element.setIdAttribute(String, boolean) method.
      Parameters:
      document - the document
      Returns:
      the signature URI reference ("" if no ID is found)