iaik.ixsil.core

Class Verifier

java.lang.Object

iaik.ixsil.core.Verifier

public class Verifier
extends java.lang.Object

Provides the basic entry point into IXSIL for the signature verification use case. Two constructors are available for the application:

Verifier(Document, URI, String, String)

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a document object model.

Verifier(InputStream, URI, String, String)

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a input stream.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.util.List	addedNSDecls_ Contains all namespace nodes which have been added to signatureDocOM_.
protected iaik.ixsil.core.Signature	signature_ Represents the XML signature itself.
protected org.w3c.dom.Document	signatureDocOM_ Holds the object model (OM) representing the logical structure of the XML signature document.
protected java.lang.String	signatureSelectorXPath_ XPath specifying the location of the XML Signature in the XML document, which is to be verified.
protected static boolean	SIGNING_ Indicates the signature creation use case.
protected URIResolverParameters	uriResolverParameters_ Structure encapsulating some parameters for resolving URIs within the IXSIL core.
protected boolean	useCase_ Indicates if this object is used for signing or verifying.
protected boolean	validated_ Shows if the signature document could have been parsed with validation on, or has been parsed with validation off.
protected static boolean	VERIFYING_ Indicates the signature verification use case.

Constructor Summary

Constructors

Constructor and Description
Verifier(org.w3c.dom.Document signatureDocOM, URI signatureDocBaseURI, java.lang.String signatureSelectorXPath, java.lang.String additionalNSPrefixes) Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a document object model.
Verifier(org.w3c.dom.Document signatureDocOM, URI signatureDocBaseURI, java.lang.String signatureSelectorXPath, java.lang.String additionalNSPrefixes, boolean reparseSignature) Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a DOM document.
Verifier(org.w3c.dom.Element signatureElement, URI signatureDocBaseURI) Used to verify an XML signature, whereas the XML signature is specified as a DOM element.
Verifier(org.w3c.dom.Element signatureElement, URI signatureDocBaseURI, boolean reparseSignature) Used to verify an XML signature, whereas the XML signature is specified as a DOM element.
Verifier(java.io.InputStream signatureDocStream, URI signatureDocBaseURI, java.lang.String signatureSelectorXPath, java.lang.String additionalNSPrefixes) Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a input stream.
Verifier(java.io.InputStream signatureDocStream, URI signatureDocBaseURI, java.lang.String signatureSelectorXPath, java.lang.String additionalNSPrefixes, java.lang.String noNamespaceSchemaLocation, java.lang.String schemaLocations) Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a input stream.

Method Summary

Modifier and Type	Method and Description
org.w3c.dom.Document	getDocument() Gets the XML document embedding the XML signature as a DOM Document object.
java.util.Vector	getRequiredUsers() Allows the application to determine whether it needs to provide additional User instances in order to verify this signature.
VerifierSignature	getSignature() Gets an interface to the signature object for the verification use case.
protected void	initialize(org.w3c.dom.Element signatureElem, java.lang.String additionalNoNamespaceSchemaLocation, java.lang.String additionalSchemaLocations, boolean reparseSignature) Initializes this verifier object.
protected void	initialize(java.lang.String signatureSelectorXPath, java.lang.String additionalNSPrefixes, java.lang.String additionalNoNamespaceSchemaLocation, java.lang.String additionalSchemaLocations, boolean reparseSignature) Initializes this verifier object.
protected void	initResolvers() Initializes the default implementations for the internal (XPointerReferenceResolver) and the external (ExternalReferenceResolverImpl) reference resolver.
void	setExternalRefResolver(ExternalReferenceResolverInterface externalRefResolver) Sets the object which is responsible for resolving external URIs, i.
void	setInternalRefResolver(InternalReferenceResolverInterface internalRefResolver) Sets the object which is responsible for resolving internal URIs, i.
void	setUser(User user) A convenience method that allows the application to provide User instances to all Decryption Transforms in this signature.
void	setXMLEinitializer(XMLEInit initializer) Initializes this Verifier instance so it can decrypt.
void	withdrawDistributedNSDeclarations() Removes namespace declarations which have eventually been inserted into the XML document bearing the XML signature by IXSIL during signature creation or signature validation respectively.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

signatureSelectorXPath_

protected java.lang.String signatureSelectorXPath_

XPath specifying the location of the XML Signature in the XML document, which is to be verified.

signature_

protected iaik.ixsil.core.Signature signature_

Represents the XML signature itself.

SIGNING_

protected static final boolean SIGNING_

Indicates the signature creation use case.

See Also:

Constant Field Values

VERIFYING_

protected static final boolean VERIFYING_

Indicates the signature verification use case.

See Also:

Constant Field Values

validated_

protected boolean validated_

Shows if the signature document could have been parsed with validation on, or has been parsed with validation off.

signatureDocOM_

protected org.w3c.dom.Document signatureDocOM_

Holds the object model (OM) representing the logical structure of the XML signature document.

uriResolverParameters_

protected URIResolverParameters uriResolverParameters_

Structure encapsulating some parameters for resolving URIs within the IXSIL core.

useCase_

protected boolean useCase_

Indicates if this object is used for signing or verifying. Will be set either by the Signer or Verifier subclass.

addedNSDecls_

protected java.util.List addedNSDecls_

Contains all namespace nodes which have been added to signatureDocOM_. This member variable is part of "TreeModelWorkaround".

Constructor Detail

Verifier

public Verifier(org.w3c.dom.Element signatureElement,
                URI signatureDocBaseURI)
         throws SignatureHandlerException

Used to verify an XML signature, whereas the XML signature is specified as a DOM element.

Parameters:

signatureElement - The XML element representing the XML signature to be verified. Must not be null.

signatureDocBaseURI - Holds the base URI for the signature document used to resolve relative URIs in several cases. Must either be null or an absolute URI.

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Verifier

public Verifier(org.w3c.dom.Document signatureDocOM,
                URI signatureDocBaseURI,
                java.lang.String signatureSelectorXPath,
                java.lang.String additionalNSPrefixes)
         throws SignatureHandlerException

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a document object model.

Parameters:

signatureDocOM - The XML document bearing the XML signature to be verified, as a document object model. Must not be null.

signatureDocBaseURI - Holds the base URI for the signature document used to resolve relative URIs in several cases. Must either be null or an absolute URI.

signatureSelectorXPath - An XPath expression which is used to select the XML signature to be verified. Evaluation of this XPath expression must result in a single XML element representing the XML signature. Must not be null .

additionalNSPrefixes - Allows the specification of additional namespace prefixes which can be used in the XPath expression. The value of the parameter consists of pairs of prefix to namespace URI attributions separated by spaces, i. e. " prefix1 uri1 prefix2 uri2 ...". May be null.

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Verifier

public Verifier(java.io.InputStream signatureDocStream,
                URI signatureDocBaseURI,
                java.lang.String signatureSelectorXPath,
                java.lang.String additionalNSPrefixes)
         throws SignatureHandlerException

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a input stream. In a first try, IXSIL parses the XML document using a validating parser; if this fails, IXSIL parses the XML document using a non-validating parser. In the latter case, IXSIL however parses the XML signature element using a validating parser. This insures that ID attributes within the XML signature are available for ID references.

Parameters:

signatureDocStream - The XML document bearing the XML signature to be verified, as an input stream. Must not be null.

signatureDocBaseURI - Holds the base URI for the signature document used to resolve relative URIs in several cases. Must either be null or an absolute URI.

signatureSelectorXPath - An XPath expression which is used to select the XML signature to be verified. Evaluation of this XPath expression must result in a single XML element representing the XML signature. Must not be null .

additionalNSPrefixes - Allows the specification of additional namespace prefixes which can be used in the XPath expression. The value of the parameter consists of pairs of prefix to namespace URI attributions separated by spaces, i. e. "prefix1 uri1 prefix2 uri2 ...". May be null.

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Verifier

public Verifier(java.io.InputStream signatureDocStream,
                URI signatureDocBaseURI,
                java.lang.String signatureSelectorXPath,
                java.lang.String additionalNSPrefixes,
                java.lang.String noNamespaceSchemaLocation,
                java.lang.String schemaLocations)
         throws SignatureHandlerException

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a input stream. In a first try, IXSIL parses the XML document using a validating parser; if this fails, IXSIL parses the XML document using a non-validating parser. In the latter case, IXSIL however parses the XML signature element using a validating parser. This insures that ID attributes within the XML signature are available for ID references.

Parameters:

signatureDocStream - The XML document bearing the XML signature to be verified, as an input stream. Must not be null.

signatureDocBaseURI - Holds the base URI for the signature document used to resolve relative URIs in several cases. Must either be null or an absolute URI.

signatureSelectorXPath - An XPath expression which is used to select the XML signature to be verified. Evaluation of this XPath expression must result in a single XML element representing the XML signature. Must not be null .

additionalNSPrefixes - Allows the specification of additional namespace prefixes which can be used in the XPath expression. The value of the parameter consists of pairs of prefix to namespace URI attributions separated by spaces, i. e. "prefix1 uri1 prefix2 uri2 ...". May be null.

noNamespaceSchemaLocation - This URI string can be used to provide a Schema for the no-namespace in cases where the DOM document should be created by a validating parser (see also parameter validate). May be null . Valid example: "http://repository.foo.org/mySchema.xsd".

schemaLocations - This parameter can be used to provide schemas for various namespaces in cases where the DOM document should be created by a validating parser (see also parameter validate). Must either be null or conform to the following rules:

                           additionalSchemas ::= additionalSchema (space additionalSchema)*
                           additionalSchema ::= schemaNamespaceURI space schemaLocationURI
                         

For example, "http://foo.org/mySchema http://repository.foo.org/mySchema.xsd".

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Verifier

public Verifier(org.w3c.dom.Element signatureElement,
                URI signatureDocBaseURI,
                boolean reparseSignature)
         throws SignatureHandlerException

Used to verify an XML signature, whereas the XML signature is specified as a DOM element.

Parameters:

signatureElement - See Verifier(Element, URI).

signatureDocBaseURI - See Verifier(Element, URI).

reparseSignature - Indicates wheter the signature element should be reparsed in order to detect attributes of type ID. Reparsing makes sense in situations where the signature makes use of ID attributes for referencing signed data, but the DOM document containing the signature has been generated using a non-validating parser.

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Verifier

public Verifier(org.w3c.dom.Document signatureDocOM,
                URI signatureDocBaseURI,
                java.lang.String signatureSelectorXPath,
                java.lang.String additionalNSPrefixes,
                boolean reparseSignature)
         throws SignatureHandlerException

Used to to verify an a XML signature, whereas the XML document which contains the signature is specified as a DOM document.

Parameters:

signatureDocOM - See Verifier(Document, URI, String, String).

signatureDocBaseURI - See Verifier(Document, URI, String, String).

signatureSelectorXPath - See Verifier(Document, URI, String, String).

additionalNSPrefixes - See Verifier(Document, URI, String, String).

reparseSignature - Indicates wheter the signature element should be reparsed in order to detect attributes of type ID. Reparsing makes sense in situations where the signature makes use of ID attributes for referencing signed data, but the DOM document containing the signature has been generated using a non-validating parser.

Throws:

SignatureHandlerException - if creating the verifier object fails for any reason.

Method Detail

getSignature

public VerifierSignature getSignature()

Gets an interface to the signature object for the verification use case.

Returns:

an interface to the signature object for the verification use case.

getDocument

public org.w3c.dom.Document getDocument()

Gets the XML document embedding the XML signature as a DOM Document object.

Returns:

the XML document embedding the XML signature.

setXMLEinitializer

public void setXMLEinitializer(XMLEInit initializer)

Initializes this Verifier instance so it can decrypt. Internally, the Toolkit might need to decrypt XML content as it verifies the signature, if the signature was performed over the plaintext.

Parameters:

initializer - an XMLE initialization instance

See Also:

TransformImplDecryption.setInitializer(XMLEInit)

setUser

public void setUser(User user)

A convenience method that allows the application to provide User instances to all Decryption Transforms in this signature. Internally, when the Toolkit needs to decrypt part of the signed content, in order to verify a signature that was performed over the plaintext, the Toolkit searches for decryption keys from amongst the User instances provided by the application.

Parameters:

user - a User that is already logged in

See Also:

TransformImplDecryption.setUser(User), getRequiredUsers()

getRequiredUsers

public java.util.Vector getRequiredUsers()

Allows the application to determine whether it needs to provide additional User instances in order to verify this signature.

If a verification failed, your application can invoke this method to determine whether it should provide additional User instances to the Verifier, so the Toolkit can decrypt some of the encrypted elements in the signed content. If possible, the application should provide those User instances and attempt to verify the signature again.

Returns:

a Vector of String elements that are the X.500 distinguished names of the additional users the Verifier needs in order to verify this signature, or an empty Vector if none is required.

See Also:

setUser(User user)

initialize

protected void initialize(java.lang.String signatureSelectorXPath,
                          java.lang.String additionalNSPrefixes,
                          java.lang.String additionalNoNamespaceSchemaLocation,
                          java.lang.String additionalSchemaLocations,
                          boolean reparseSignature)
                   throws SignatureHandlerException

Initializes this verifier object.

Parameters:

signatureSelectorXPath - An XPath expression which is used to select the XML signature to be verified. Evaluation of this XPath expression must result in a single XML element representing the XML signature.

additionalNSPrefixes - Allows the specification of additional namespace prefixes which can be used in the XPath expression. The value of the parameter consists of pairs of prefix to namespace URI attributions separated by spaces, i. e. "prefix1 uri1 prefix2 uri2 ...".

additionalNoNamespaceSchemaLocation - In cases where the signature document is not available in validated form this method validates at least the XML signature element. The schema whose location is given by this URI will be used for elements in the no-namespace appearing in the content of Object or SignatureProperty elements. May be null. For example, "http://repository.foo.org/mySchema.xsd".

additionalSchemaLocations - In cases where the signature document is not available in validated form this method validates at least the XML signature element. The schemas whose locations are given by this parameter will be used for namespace qualified elements appearing in the content of Object or SignatureProperty elements. Must either be null or conform to the following rules:

                                    additionalSchemas ::= additionalSchema (space additionalSchema)*
                                    additionalSchema ::= schemaNamespaceURI space schemaLocationURI
                                   

For example, "http://foo.org/mySchema http://repository.foo.org/mySchema.xsd".

reparseSignature - Indicates wheter the signature element should be reparsed in order to detect attributes of type ID. Reparsing makes sense in situations where the signature makes use of ID attributes for referencing signed data, but the DOM document containing the signature has been generated using a non-validating parser.

Throws:

SignatureHandlerException - if initializing this verifier object fails for any reason.

initialize

protected void initialize(org.w3c.dom.Element signatureElem,
                          java.lang.String additionalNoNamespaceSchemaLocation,
                          java.lang.String additionalSchemaLocations,
                          boolean reparseSignature)
                   throws SignatureHandlerException

Initializes this verifier object.

Parameters:

signatureElem - The XML element representing the XML signature to be verified.

additionalNoNamespaceSchemaLocation - See initialize(String, String, String, String, boolean).

additionalSchemaLocations - See initialize(String, String, String, String, boolean).

reparseSignature - Indicates wheter the signature element should be reparsed in order to detect attributes of type ID. Reparsing makes sense in situations where the signature makes use of ID attributes for referencing signed data, but the DOM document containing the signature has been generated using a non-validating parser.

Throws:

SignatureHandlerException - if initializing this verifier object fails for any reason.

setInternalRefResolver

public void setInternalRefResolver(InternalReferenceResolverInterface internalRefResolver)

Sets the object which is responsible for resolving internal URIs, i. e. URIs pointing into the XML signature document. If this method is not invoked explicitely by the application, the default resolver for internal references InternalReferenceResolverImpl will be used.

Parameters:

internalRefResolver - The object which is responsible for resolving internal URIs. Must not be null.

setExternalRefResolver

public void setExternalRefResolver(ExternalReferenceResolverInterface externalRefResolver)

Sets the object which is responsible for resolving external URIs, i. e. URIs pointing outside the XML signature document. If this method is not invoked explicitely by the application, the default resolver for external references (ExternalReferenceResolverImpl) will be used.

Parameters:

externalRefResolver - The object which is responsible for resolving external URIs. Must not be null.

initResolvers

protected void initResolvers()

Initializes the default implementations for the internal (XPointerReferenceResolver) and the external (ExternalReferenceResolverImpl) reference resolver.

withdrawDistributedNSDeclarations

public void withdrawDistributedNSDeclarations()

Removes namespace declarations which have eventually been inserted into the XML document bearing the XML signature by IXSIL during signature creation or signature validation respectively. In most cases this should not be necessary since IXSIL only explicitly inserts namespace declarations which are in scope for a particular XML element anyway. However, if you need to restore the XML document into the state before IXSIL added namespace declarations, you can use this method.