AMSignatureProvider.java revision 9e34f70f789dbd049eed2b273ca9b7d2cd26fd51
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMSignatureProvider.java,v 1.11 2009/08/29 03:06:47 mallas Exp $
*
* Portions Copyrighted 2013-2016 ForgeRock AS.
*/
/**
* <code>SignatureProvider</code> is an interface
* to be implemented to sign and verify xml signature
* <p>
*/
public class AMSignatureProvider implements SignatureProvider {
// define default id attribute name
// flag to check if the partner's signing cert is in the keystore.
private boolean checkCert = true;
private boolean isJKSKeyStore= false;
/**
* Default Constructor
*/
public AMSignatureProvider() {
try {
if (keystore instanceof JKSKeyProvider) {
isJKSKeyStore=true;
}
} catch (Exception e) {
"constructor error");
}
try {
"com.sun.identity.saml.checkcert");
checkCert = false;
checkCert = true;
}else {
+ " com.sun.identity.saml.checkcert has"
+ " invalid value. Choose default, turn"
+ " ON checkcert.");
}
checkCert = true;
}
}
} catch (Exception e) {
checkCert = true;
}
}
/**
* Constructor
*/
if (keyProvider == null) {
} else {
if (keystore instanceof JKSKeyProvider) {
isJKSKeyStore=true;
}
}
}
/**
* Sign the xml document using enveloped signatures.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @return signature Element object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign the xml document using enveloped signatures.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
throw new XMLSignatureException(
}
if (privateKey == null) {
throw new XMLSignatureException(
}
}
if (!isValidAlgorithm(algorithm)) {
throw new XMLSignatureException(
}
} else {
if (!isValidCanonicalizationMethod(c14nMethod)) {
throw new XMLSignatureException(
getString("invalidCanonicalizationMethod"));
}
}
// do transform
// If exclusive canonicalization is presented in the saml locale
// file, we will add a transform for it. Otherwise, will not do
// such transform due to performance reason.
if (!isValidTransformAlgorithm(transformAlg)) {
throw new XMLSignatureException(
"invalidTransformAlgorithm"));
}
}
// add certificate
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
return (sig.getElement());
}
/**
* Sign the xml string using enveloped signatures.
* @param xmlString xml string to be signed
* @param certAlias Signer's certificate alias name
* @return XML signature string
* @throws XMLSignatureException if the xml string could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign the xml string using enveloped signatures.
* @param xmlString xml string to be signed
* @param certAlias Signer's certificate alias name
* @param algorithm XML Signature algorithm
* @return XML signature string
* @throws XMLSignatureException if the xml string could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
}
/**
* Sign part of the xml document referered by the supplied id attribute
* using enveloped signatures and use exclusive xml canonicalization.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param id id attribute value of the node to be signed
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign part of the xml document referered by the supplied id attribute
* using enveloped signatures and use exclusive xml canonicalization.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param id id attribute value of the node to be signed
* @param xpath expression should uniquly identify a node before which
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign part of the xml document referered by the supplied id attribute
* using enveloped signatures and use exclusive xml canonicalization.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param idAttrName attribute name for the id attribute of the node to
* be signed
* @param id id attribute value of the node to be signed
* @param includeCert if true, include the signing certificate in KeyInfo.
* if false, does not include the signing certificate.
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
boolean includeCert)
throws XMLSignatureException {
}
/**
* Sign part of the xml document referered by the supplied id attribute
* using enveloped signatures and use exclusive xml canonicalization.
* @param xmlString a string representing XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param idAttrName attribute name for the id attribute of the node to be
* signed.
* @param id id attribute value of the node to be signed
* @param includeCert if true, include the signing certificate in KeyInfo.
* if false, does not include the signing certificate.
* @return a string representing signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
boolean includeCert)
throws XMLSignatureException {
throw new XMLSignatureException(
}
try {
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
}
/**
* Sign part of the xml document referred by the supplied id attribute
* using enveloped signatures and use exclusive xml canonicalization.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param idAttrName attribute name for the id attribute of the node to
* be signed
* @param id id attribute value of the node to be signed
* @param includeCert if true, include the signing certificate in KeyInfo.
* if false, does not include the signing certificate.
* @param xpath expression should uniquly identify a node before which
* @return a signed dom object
* @throws XMLSignatureException if the document could not be signed
*/
boolean includeCert,
return signXMLUsingKeyPass(doc,
null,
id,
xpath);
}
/**
* Sign part of the XML document referred by the supplied id attribute
* using enveloped signatures and use exclusive XML canonicalization.
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param encryptedKeyPass Use the supplied encrypted key password to get the private key
* @param algorithm XML signature algorithm
* @param idAttrName attribute name for the id attribute of the node to be
* signed.
* @param id id attribute value of the node to be signed
* @param includeCert if true, include the signing certificate in
* <code>KeyInfo</code>.
* if false, does not include the signing certificate.
* @param xpath expression should uniquely identify a node before which
* @return a signed dom object
* @throws XMLSignatureException if the document could not be signed
*/
boolean includeCert,
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
} else {
}
if (privateKey == null) {
throw new XMLSignatureException(
}
+ " resolv id attribute");
throw new XMLSignatureException(
}
// Set the ID attribute if idAttrName is not the default.
}
}
if (!isValidAlgorithm(algorithm)) {
throw new XMLSignatureException(
}
} else {
}
// do transform
if (includeCert) {
}
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
return (sig.getElement());
}
/**
* Sign the xml string using enveloped signatures.
* @param xmlString xml string to be signed
* @param certAlias Signer's certificate alias name
* @param algorithm XML Signature algorithm
* @param id id attribute value of the node to be signed
* @return XML signature string
* @throws XMLSignatureException if the xml string could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param transformAlag XML siganture transform algorithm
* Those transfer constants are defined as
* SAMLConstants.TRANSFORM_XXX.
* @param ids list of id attribute values of nodes to be signed
* @return signature dom object
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
if (privateKey == null) {
throw new XMLSignatureException(
}
}
if (!isValidAlgorithm(algorithm)) {
throw new XMLSignatureException(
}
for (int i = 0; i < size; ++i) {
if (transformAlag != null) {
}
}
}
} catch (Exception e) {
throw new XMLSignatureException(e.getMessage());
}
return (signature.getElement());
}
/**
*
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param xmlString XML.
* @param certAlias Signer's certificate alias name
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return XML signature string
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
throw new XMLSignatureException(
}
try {
} catch (Exception e) {
e.printStackTrace();
throw new XMLSignatureException(e.getMessage());
}
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param assertionID assertion ID
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return SAML Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param assertionID assertion ID
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @param wsfVersion the web services version.
* @return SAML Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
"Certificate is null");
throw new XMLSignatureException(
}
if (assertionID == null) {
"AssertionID is null");
throw new XMLSignatureException(
}
this.wsfVersion = wsfVersion;
if ((wsfVersion != null) &&
}
try {
"//*[@wsu:Id]", wsucontext);
}
}
}
if (privateKey == null) {
throw new XMLSignatureException(
}
}
if (!isValidAlgorithm(algorithm)) {
throw new XMLSignatureException(
}
for (int i = 0; i < size; ++i) {
}
}
"#"+assertionID);
} catch (Exception e) {
"Exception: ", e);
throw new XMLSignatureException(e.getMessage());
}
}
return signature.getElement();
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return X509 Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @param wsfVersion the web services version.
* @return X509 Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throw new XMLSignatureException(
}
}
this.wsfVersion = wsfVersion;
if ((wsfVersion != null) &&
}
try {
"//*[@wsu:Id]", wsucontext);
}
}
}
if (privateKey == null) {
throw new XMLSignatureException(
}
// TODO: code clean up
// should find cert alias, add security token and call signXML
// to avoid code duplication
}
if (!isValidAlgorithm(algorithm)) {
throw new XMLSignatureException(
}
for (int i = 0; i < size; ++i) {
}
}
} catch (Exception e) {
" Exception: ", e);
throw new XMLSignatureException(e.getMessage());
}
return (signature.getElement());
}
/**
* Verify all the signatures of the xml document
* @param doc XML dom document whose signature to be verified
* @param certAlias certAlias alias for Signer's certificate, this is used
* to search signer's public certificate if it is not presented in
* ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
}
/**
* Verify all the signatures of the xml document
* @param wsfVersion the web services version.
* @param doc XML dom document whose signature to be verified
* @param certAlias certAlias alias for Signer's certificate, this is used
* to search signer's public certificate if it is not presented in
* ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @exception XMLSignatureException if problem occurs during verification
*/
" document is null.");
throw new XMLSignatureException(
}
try {
this.wsfVersion = wsfVersion;
if((wsfVersion != null) &&
}
}
}
}
"//ds:Signature", nscontext);
}
//loop
}
try {
} catch (XPathException te) {
throw new XMLSignatureException(te);
}
if (parentElement != null) {
idAttrName = "AssertionID";
idAttrName = "ResponseID";
idAttrName = "RequestID";
} else {
throw new UnsupportedOperationException("Enveloping and detached XML signatures are no longer"
+ " supported");
}
if (idAttrName != null) {
}
}
//NB: this validation only works with enveloped XML signatures, enveloping and detached signatures are
//no longer supported.
}
// verify using public key
"verifyXMLSignature:" +
" Signature " + i + " verified");
}
} else {
"verifyXMLSignature:" +
" Signature Verfication failed");
}
return false;
}
} else {
"verifyXMLSignature:" +
"Certificate Alias is null");
}
return false;
}
"Could not find a KeyInfo, " +
"try to use certAlias");
}
"verifyXMLSignature:" +
" Signature " + i + " verified");
}
} else {
return false;
}
} else {
"verifyXMLSignature: Signature " + i +
" verified");
}
} else {
return false;
}
} else {
"Could not find public key"
+ " based on certAlias to verify signature");
return false;
}
}
}
}
return true;
}
}
/**
* Verify the signature of the xml document
* @param doc XML dom document whose signature to be verified
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
"verifyXMLSignature: document is null.");
throw new XMLSignatureException(
}
}
/**
* Verify the signature of the xml element.
*
* @param element XML dom element whose signature to be verified
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
}
/**
* Verify the signature of the xml document
* @param element XML Element whose signature to be verified
* @param certAlias certAlias alias for Signer's certificate, this is used
to search signer's public certificate if it is not
presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
}
/**
* Verify the signature of the xml document
* @param element XML Element whose signature to be verified
* @param idAttrName Attribute name for the id attribute
* @param certAlias certAlias alias for Signer's certificate, this is used
to search signer's public certificate if it is not
presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
try {
}
}
/**
* Verify the signature of the xml document
* @param doc XML dom document whose signature to be verified
* @param cert Signer's certificate, this is used to search signer's
public certificate if it is not presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
"document is null.");
throw new XMLSignatureException(
}
}
/**
* Verify the signature of the xml string
* @param xmlString XML string whose signature to be verified
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
}
/**
* Verify the signature of the xml string
* @param xmlString XML string whose signature to be verified
* @param certAlias certAlias alias for Signer's certificate, this is used
to search signer's public certificate if it is not
presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
}
/**
* Verify the signature of the xml string
* @param xmlString XML string whose signature to be verified
* @param idAttrName Attribute name for the id attribute
* @param certAlias certAlias alias for Signer's certificate, this is used
to search signer's public certificate if it is not
presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
throw new XMLSignatureException(
}
try {
}
}
/**
* Verify the signature of a DOM Document
* @param doc a DOM Document
* @param idAttrName Attribute name for the id attribute
* @param certAlias certAlias alias for Signer's certificate, this is used
to search signer's public certificate if it is not
presented in ds:KeyInfo
* @return true if the xml signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
try {
"//ds:Signature[1]", nscontext);
try {
} catch (XPathException te) {
throw new XMLSignatureException(te);
}
}
// verify using public key
return true;
} else {
return false;
}
} else {
return false;
}
+ "try to use certAlias");
}
return true;
} else {
return false;
}
} else {
return true;
} else {
return false;
}
} else {
"public key based on certAlias to verify" +
" signature");
return false;
}
}
}
}
}
/**
* Get the real key provider
* @return KeyProvider
*/
public KeyProvider getKeyProvider() {
return keystore;
}
/**
* Get the X509Certificate embedded in the KeyInfo
* @param keyinfo KeyInfo
* @return a X509Certificate
*/
try {
if (isJKSKeyStore) {
new KeyStoreResolver(((JKSKeyProvider)
keystore).getKeyStore()));
}
if (keyinfo.containsX509Data()) {
" element in the KeyInfo");
}
//use a systemproperty com.sun.identity.saml.checkcert
//defined in AMConfig.properties, as a nob to check the
// the validity of the cert.
if (checkCert) {
// validate the X509Certificate
+ " certificate is not trusted.");
throw new XMLSignatureException (
"untrustedCertificate"));
} else {
"verifyXMLSignature:"+
" certificate is trused.");
}
}
} else {
"Skip checking whether the"
+" cert in the cert db.");
}
}
} else {
// Do we need to check if the public key is in the
// keystore!?
}
}
} catch (Exception e) {
"getX509Certificate(KeyInfo) Exception: ", e);
}
return pk;
}
/**
* Get the PublicKey embedded in the Security Token profile
* @param doc the document to be verified
* @return a PublicKey
*/
try {
" entering");
if ((wsfVersion != null) &&
}
item(0);
if (securityElement == null) {
return null;
}
securityElement, "ds:Signature[1]",
if (n != null) { // X509 Security Token profile
} else { // SAML Token profile
}
// The SAML Statements contain keyinfo, they should be
// all the same. get the first keyinfo!
"getWSSTokenProfilePublicKey:" +
" no KeyInfo found!");
throw new Exception(
}
getNodeValue();
}
}
}
} else {
" unknow Security Token Reference");
}
} catch (Exception e) {
"getWSSTokenProfilePublicKey Exception: ", e);
}
return pubKey;
}
throws XMLSignatureException {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
BigInteger v = new BigInteger(
p = v;
q = v;
g = v;
y = v;
} else {
throw new XMLSignatureException(
"errorObtainPK"));
}
}
}
try {
} catch (Exception e) {
throw new XMLSignatureException(
}
}
} else {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
BigInteger v = new BigInteger(
e = v;
}
m = v;
} else {
throw new XMLSignatureException(
"errorObtainPK"));
}
}
}
}
new RSAKeyValue(doc,m, e);
try {
throw new XMLSignatureException(
}
}
}
return pubKey;
}
/**
* Get the X509Certificate from encoded cert string
* @param certString BASE64 or PKCS7 encoded certtificate string
* @param format encoded format
* @return a X509Certificate
*/
{
try {
}
while (i.hasNext()) {
}
} else { //X509:v3 format
}
}
} catch (Exception e) {
}
return cert;
}
/**
* Returns the public key from the certificate embedded in the KeyInfo.
*
* @param cert X509 Certificate
* @return a public key from the certificate embedded in the KeyInfo.
*/
}
return pk;
}
return true;
} else {
return false;
}
}
return true;
} else {
return false;
}
}
return true;
} else {
return false;
}
}
return defaultSigAlg;
}
return SAMLConstants.ALGO_ID_SIGNATURE_DSA;
}
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param assertionID assertion ID
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return SAML Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
return null;
}
/**
* Sign part of the XML document referred by the supplied a list
* of id attributes of nodes using SAML Token.
* @param doc XML dom object
* @param key the key that will be used to sign the document.
* @param symmetricKey true if the supplied key is a symmetric key type.
* @param sigingCert signer's Certificate. If present, this certificate
* will be added as part of signature <code>KeyInfo</code>.
* @param encryptCert the certificate if present will be used to encrypt
* the symmetric key and replay it as part of <code>KeyInfo</code>
* @param assertionID assertion ID for the SAML Security Token
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return SAML Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
boolean symmetricKey,
throws XMLSignatureException {
return null;
}
throws XMLSignatureException {
return null;
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @return X509 Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
return null;
}
/**
* Sign part of the xml document referered by the supplied a list
* of id attributes of nodes
* @param doc XML dom object
* @param cert Signer's certificate
* @param algorithm XML signature algorithm
* @param ids list of id attribute values of nodes to be signed
* @param referenceType signed element reference type
* @return X509 Security Token signature
* @throws XMLSignatureException if the document could not be signed
*/
throws XMLSignatureException {
return null;
}
/**
* Verify all the signatures of the XML document for the
* web services security.
* @param document XML dom document whose signature to be verified
*
* @param certAlias alias for Signer's certificate, this is used to search
* signer's public certificate if it is not presented in
* <code>ds:KeyInfo</code>.
* @return true if the XML signature is verified, false otherwise
* @throws XMLSignatureException if problem occurs during verification
*/
throws XMLSignatureException {
return false;
}
/**
* Verify web services message signature using specified key
* @param document the document to be validated
* @param key the secret key to be used for validating signature
* @return true if verification is successful.
* @throws com.sun.identity.saml.xmlsig.XMLSignatureException
*/
throws XMLSignatureException {
return false;
}
/**
* Verify web services message signature using specified key
* @param document the document to be validated
* @param key the secret key to be used for validating signature
* @param certAlias the certificate alias used for validating the signature
* if the key is not available.
* @param encryptAlias the certificate alias that may be used to decrypt
* the symmetric key that may be part of <code>KeyInfo</code>
* @return true if verification is successful.
* @throws com.sun.identity.saml.xmlsig.XMLSignatureException
*/
throws XMLSignatureException {
return false;
}
/**
* Return algorithm URI for the given algorithm.
*/
return null;
}
return SAMLConstants.ALGO_ID_SIGNATURE_RSA;
return SAMLConstants.ALGO_ID_SIGNATURE_DSA;
} else {
return null;
}
}
}