com.entrust.toolkit.xml.dsig.keyinfo.tokenref

Class KeyProviderImplSecurityTokenRef

java.lang.Object

com.entrust.toolkit.xml.dsig.keyinfo.tokenref.KeyProviderImplSecurityTokenRef

All Implemented Interfaces:

KeyProviderInterface

public class KeyProviderImplSecurityTokenRef
extends java.lang.Object
implements KeyProviderInterface

This class implements the KeyProviderInterface for the SecurityTokenReference key information hints. A SecurityTokenReference key contains a reference to a BinarySecurityToken. Both SecurityTokenReference and BinarySecurityToken are defined in the WS-Security specification, available at http://www.oasis-open.org/committees/wss/documents/WSS-SOAPMessageSecurity-10-0223-merged.pdf.

See Also:

KeyProviderInterface

Field Summary

Fields

Modifier and Type	Field and Description
protected org.w3c.dom.Document	signatureDOMDoc_ The DOM document containing the XML signature.
protected X509TrustManagerInterface	trustManager_ The implementation of the trust management system interface X509TrustManagerInterface.
protected X509Certificate	verificationCert_ The verification certificate.
protected java.security.Key	verifierKey_ The verification key.

Constructor Summary

Constructors

Constructor and Description
KeyProviderImplSecurityTokenRef() Constructor.
KeyProviderImplSecurityTokenRef(org.w3c.dom.Document signatureDOMDoc, X509Certificate verificationCert) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
org.w3c.dom.Element[]	getKeyInfoSubelements() Used in signature generation.
X509Certificate	getVerificationCertificate() Provides the verification certificate.
java.security.Key	getVerifierKey() Provides the public key in the verification certificate.
void	setKeyInfoSubelements(org.w3c.dom.Element[] securityTokenRefSubelements) Examines the KeyInfo <SecurityTokenReference> subelement and tries to set the verification certificate from this.
void	setTrustManager(X509TrustManagerInterface trustManager) Used by the application in the verification use case to set the trust management system.
void	setURIResolverParameters(URIResolverParameters params) Sets the parameters to be used by the key provider when resolving URIs.
void	setVerifierKey(java.security.Key verifierKey) Used by the application in the signature creation use case.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

verifierKey_

protected java.security.Key verifierKey_

The verification key.

verificationCert_

protected X509Certificate verificationCert_

The verification certificate.

signatureDOMDoc_

protected org.w3c.dom.Document signatureDOMDoc_

The DOM document containing the XML signature. Used in method getKeyInfoSubelements() to create DOM nodes.

trustManager_

protected X509TrustManagerInterface trustManager_

The implementation of the trust management system interface X509TrustManagerInterface.

Constructor Detail

KeyProviderImplSecurityTokenRef

public KeyProviderImplSecurityTokenRef()

Constructor. Used by the KeyManagerImpl class in the verification use case.

KeyProviderImplSecurityTokenRef

public KeyProviderImplSecurityTokenRef(org.w3c.dom.Document signatureDOMDoc,
                               X509Certificate verificationCert)

Constructor. Used by the application in the signature creation use case to create a new instance of this key provider. After instantiation, the application must configure this key provider with the appropriate methods provided by this class.

Parameters:

signatureDOMDoc - The DOM document containing the XML signature. Used in method getKeyInfoSubelements() to create DOM nodes. Must not be null.

verificationCert - The signer's verification certificate.

Method Detail

setTrustManager

public void setTrustManager(X509TrustManagerInterface trustManager)

Used by the application in the verification use case to set the trust management system. The trust management system is used to evaluate the X509-related key information in the signature.

Parameters:

trustManager - The trust management system which should back this key provider. Must not be null.

getVerifierKey

public java.security.Key getVerifierKey()
                                 throws KeyProviderException

Provides the public key in the verification certificate.

Specified by:

getVerifierKey in interface KeyProviderInterface

Returns:

The verification public key.

Throws:

KeyProviderException - If the verification key cannot be obtained or cannot be trusted.

getKeyInfoSubelements

public org.w3c.dom.Element[] getKeyInfoSubelements()
                                            throws KeyProviderException

Used in signature generation. Produces a single key information hint (SecurityTokenReference element) as a representation of the verification key, which was set previously by the application. Inserts corresponding <BinarySecurityToken> element as a child of the <Security> element (also defined in the WS-Security specification). If no verification key has been set, this method returns an array with 0 elements.

Specified by:

getKeyInfoSubelements in interface KeyProviderInterface

Returns:

An array with a single SecurityTokenReference element as representation of the verification key, or an array of length 0 if no verification key has been set.

Throws:

KeyProviderException - If the wrong constructor has been used by the application, and therefore no DOM Document has been specified.

setKeyInfoSubelements

public void setKeyInfoSubelements(org.w3c.dom.Element[] securityTokenRefSubelements)
                           throws KeyProviderException

Examines the KeyInfo <SecurityTokenReference> subelement and tries to set the verification certificate from this.

Specified by:

setKeyInfoSubelements in interface KeyProviderInterface

Parameters:

securityTokenRefSubelements - An array, of length 1, of SecurityTokenReference elements.

Throws:

KeyProviderException - If verification certificate cannot be set from the information in the <SecurityTokenReference> element of <KeyInfo>.

getVerificationCertificate

public X509Certificate getVerificationCertificate()
                                           throws KeyProviderException

Provides the verification certificate. Typically used in the verify use case.

Returns:

The verification certificate.

Throws:

KeyProviderException - If the verification certificate is null.

setVerifierKey

public void setVerifierKey(java.security.Key verifierKey)

Used by the application in the signature creation use case. Provides the verification key for which a key information hint (<SecurityTokenReference> subelement of the <KeyInfo> element) should be incorporated into the XML signature.

Parameters:

verifierKey - The verification key. It must be an instance of either RSAPublicKey or DSAPublicKey.

setURIResolverParameters

public void setURIResolverParameters(URIResolverParameters params)

Description copied from interface: KeyProviderInterface

Sets the parameters to be used by the key provider when resolving URIs.

Specified by:

setURIResolverParameters in interface KeyProviderInterface

Parameters:

params - The parameters to be set. May be null to indicate a restore of the default values.