saml2/xmlsig/SigProvider.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SigProvider.java,v 1.2 2008/06/25 05:48:04 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml2.xmlsig;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Document;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Element;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.PrivateKey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.cert.X509Certificate;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport java.util.Set;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SigProvider</code> is an interface for signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and verifying XML documents
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic interface SigProvider {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Sign the xml document node whose identifying attribute value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * is as supplied, using enveloped signatures and use exclusive xml
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * canonicalization. The resulting signature is inserted after the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * first child node (normally Issuer element for SAML2) of the node
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * to be signed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param xmlString String representing an XML document to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param idValue id attribute value of the root node to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param privateKey Signing key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param cert Certificate which contain the public key correlated to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *             the signing key; It if is not null, then the signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *             will include the certificate; Otherwise, the signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *             will not include any certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return Element representing the signature element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @throws SAML2Exception if the document could not be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public Element sign(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String xmlString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String idValue,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    PrivateKey privateKey,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    X509Certificate cert
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    ) throws SAML2Exception;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings    /**
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * Verify the signature of the xml document.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     *
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * @param xmlString String representing an signed XML document.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * @param idValue id attribute value of the node whose signature is to be verified.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * @param verificationCerts Certificates containing the public keys which may be used for signature verification;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     *                          This certificate may also may be used to check against the certificate included in the
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     *                          signature.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * @return true if the xml signature is verified, false otherwise.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     * @throws SAML2Exception if problem occurs during verification.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public boolean verify(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String xmlString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String idValue,
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings    Set<X509Certificate> verificationCerts
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    ) throws SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}