XmlSecTool (XmlSecTool 1.2.0 API)

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.security
Class XmlSecTool

java.lang.Object
  edu.internet2.middleware.security.XmlSecTool

public final class XmlSecTool
extends Object
extends Object

Field Summary
`private static Logger`	`log` Class logger.
`static int`	`RC_INIT` Return code indicating an initialization error, 1 .
`static int`	`RC_INVALID_CRED` Return code indicating an error reading the credentials, 6 .
`static int`	`RC_INVALID_XML` Return code indicating input XML was not valid, 4 .
`static int`	`RC_INVALID_XS` Return code indicating an error validating the XML, 5 .
`static int`	`RC_IO` Return code indicating an error reading files, 2 .
`static int`	`RC_MALFORMED_XML` Return code indicating the input XML was not well formed, 3 .
`static int`	`RC_NOHOME` Return code indicating that the JAVA_HOME variable is not set within the shell script, 8 .
`static int`	`RC_NOJAVA` Return code indicating that the "java" command is not executable within the shell script, 9 .
`static int`	`RC_OK` Return code indicating command completed successfully, 0 .
`static int`	`RC_SIG` Return code indicating indicating that signing or signature verification failed, 7 .
`static int`	`RC_UNKNOWN` Return code indicating an unknown error occurred, -1 .

Constructor Summary
`XmlSecTool()`

Method Summary
`protected static void`	`addSignatureELement(XmlSecToolCommandLineArguments cli, Element root, Element signature)` Adds the signature element at the appropriate place in the document.
`protected static Reference`	`extractReference(XMLSignature signature)` Extract the reference within the provided XML signature while ensuring that there is only one such reference.
`protected static org.opensaml.xml.security.x509.BasicX509Credential`	`getCredential(XmlSecToolCommandLineArguments cli)` Gets the credentials used for signing and signature verification.
`protected static Collection<X509CRL>`	`getCRLs(XmlSecToolCommandLineArguments cli)` Gets the CRLs referenced on the command line, if any.
`protected static DocumentBuilder`	`getParser(XmlSecToolCommandLineArguments cli)` Constructs a DOM parser used to parse the input XML.
`protected static Element`	`getSignatureElement(Document xmlDoc)` Gets the signature element from the document.
`protected static String`	`getSignatureReferenceUri(XmlSecToolCommandLineArguments cli, Element rootElement)` Gets the reference of the URI to use for the signature.
`protected static InputStream`	`getXmlInputStreamFromFile(XmlSecToolCommandLineArguments cli)` Creates an input stream that reads the input XML from a file.
`protected static InputStream`	`getXmlInputStreamFromUrl(XmlSecToolCommandLineArguments cli)` Creates an input stream that reads the input XML from an HTTP URL.
`protected static void`	`initLogging(XmlSecToolCommandLineArguments cli)` Initialize the logging subsystem.
`static void`	`main(String[] args)`
`protected static void`	`markIdAttribute(Element docElement, Reference reference)` Reconcile the given reference with the document element, by making sure that the appropriate attribute is marked as an ID attribute.
`protected static Document`	`parseXML(XmlSecToolCommandLineArguments cli)` Parses the input XML from its source and converts it to a DOM document.
`protected static void`	`populateKeyInfo(Document doc, KeyInfo keyInfo, org.opensaml.xml.security.x509.BasicX509Credential credential)` Populates an XML signature's KeyInfo with X.509 credential information.
`protected static void`	`schemaValidate(XmlSecToolCommandLineArguments cli, Document xml)` Validates the document against the schema source indicated by the CLI arguments.
`protected static void`	`sign(XmlSecToolCommandLineArguments cli, Document xml)` Signs and outputs the signed SAML document.
`protected static void`	`validateSignatureReference(Document xmlDocument, Reference ref)` Validates the reference within the XML signature by performing the following checks.
`protected static void`	`validateSignatureReferenceUri(Document xmlDocument, Reference reference)` Validates that the element resolved by the signature validation layer is the same as the element resolved by the DOM layer.
`protected static void`	`validateSignatureTransforms(Reference reference)` Validate the transforms included in the Signature Reference.
`protected static void`	`verifySignature(XmlSecToolCommandLineArguments cli, Document xmlDocument)` Verifies that the signature on a document is valid.
`protected static void`	`writeDocument(XmlSecToolCommandLineArguments cli, Node xml)` Writes a DOM element to the output file.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

RC_OK

public static final int RC_OK

Return code indicating command completed successfully, 0 .

See Also:: Constant Field Values

RC_INIT

public static final int RC_INIT

Return code indicating an initialization error, 1 .

See Also:: Constant Field Values

RC_IO

public static final int RC_IO

Return code indicating an error reading files, 2 .

See Also:: Constant Field Values

RC_MALFORMED_XML

public static final int RC_MALFORMED_XML

Return code indicating the input XML was not well formed, 3 .

See Also:: Constant Field Values

RC_INVALID_XML

public static final int RC_INVALID_XML

Return code indicating input XML was not valid, 4 .

See Also:: Constant Field Values

RC_INVALID_XS

public static final int RC_INVALID_XS

Return code indicating an error validating the XML, 5 .

See Also:: Constant Field Values

RC_INVALID_CRED

public static final int RC_INVALID_CRED

Return code indicating an error reading the credentials, 6 .

See Also:: Constant Field Values

RC_SIG

public static final int RC_SIG

Return code indicating indicating that signing or signature verification failed, 7 .

See Also:: Constant Field Values

RC_NOHOME

public static final int RC_NOHOME

Return code indicating that the JAVA_HOME variable is not set within the shell script, 8 .

See Also:: Constant Field Values

RC_NOJAVA

public static final int RC_NOJAVA

Return code indicating that the "java" command is not executable within the shell script, 9 .

See Also:: Constant Field Values

RC_UNKNOWN

public static final int RC_UNKNOWN

Return code indicating an unknown error occurred, -1 .

See Also:: Constant Field Values

log

private static Logger log

Class logger.

Constructor Detail

XmlSecTool

public XmlSecTool()

Method Detail

main

public static void main(String[] args)

Parameters:: args -

parseXML

protected static Document parseXML(XmlSecToolCommandLineArguments cli)

Parses the input XML from its source and converts it to a DOM document.

Parameters:: cli - command line arguments
Returns:: the parsed DOM document

getXmlInputStreamFromFile

protected static InputStream getXmlInputStreamFromFile(XmlSecToolCommandLineArguments cli)

Creates an input stream that reads the input XML from a file.

Parameters:: cli - command line arguments
Returns:: XML input stream

getXmlInputStreamFromUrl

protected static InputStream getXmlInputStreamFromUrl(XmlSecToolCommandLineArguments cli)

Creates an input stream that reads the input XML from an HTTP URL.

Parameters:: cli - command line arguments
Returns:: XML input stream

getParser

protected static DocumentBuilder getParser(XmlSecToolCommandLineArguments cli)

Constructs a DOM parser used to parse the input XML.

Parameters:: cli - command line arguments
Returns:: the DOM parser

schemaValidate

protected static void schemaValidate(XmlSecToolCommandLineArguments cli,
                                     Document xml)

Validates the document against the schema source indicated by the CLI arguments.

Parameters:: cli - command line arguments; xml - document to validate

sign

protected static void sign(XmlSecToolCommandLineArguments cli,
                           Document xml)

Signs and outputs the signed SAML document.

Parameters:: cli - command line arguments; xml - document to be signed

populateKeyInfo

protected static void populateKeyInfo(Document doc,
                                      KeyInfo keyInfo,
                                      org.opensaml.xml.security.x509.BasicX509Credential credential)

Populates an XML signature's KeyInfo with X.509 credential information.

Parameters:: doc - XML document in which the elements will be rooted; keyInfo - the KeyInfo to be populated; credential - the credential

getSignatureReferenceUri

protected static String getSignatureReferenceUri(XmlSecToolCommandLineArguments cli,
                                                 Element rootElement)

Gets the reference of the URI to use for the signature. If a reference attribute name is given, is present on the document root element, and contains a value, that value is used. Otherwise an empty string is used.

Parameters:: cli - command line arguments; rootElement - document root element
Returns:: the signature reference URI, never null

addSignatureELement

protected static void addSignatureELement(XmlSecToolCommandLineArguments cli,
                                          Element root,
                                          Element signature)

Adds the signature element at the appropriate place in the document.

Parameters:: cli - command line argument; root - element to which the signature will be added as a child; signature - signature to be added to the document's root element

markIdAttribute

protected static void markIdAttribute(Element docElement,
                                      Reference reference)

Reconcile the given reference with the document element, by making sure that the appropriate attribute is marked as an ID attribute.

Parameters:: docElement - document element whose appropriate attribute should be marked; reference - reference which references the document element

verifySignature

protected static void verifySignature(XmlSecToolCommandLineArguments cli,
                                      Document xmlDocument)

Verifies that the signature on a document is valid.

Parameters:: cli - command line argument; xmlDocument - document whose signature will be validated

extractReference

protected static Reference extractReference(XMLSignature signature)

Extract the reference within the provided XML signature while ensuring that there is only one such reference.

Parameters:: signature - signature to extract the reference from
Returns:: the extracted reference

validateSignatureReference

protected static void validateSignatureReference(Document xmlDocument,
                                                 Reference ref)

Validates the reference within the XML signature by performing the following checks.

check that the XML signature layer resolves that reference to the same element as the DOM layer does
check that only enveloped and, optionally, exclusive canonicalization transforms are used

Parameters:: xmlDocument - current XML document; ref - reference to be verified

validateSignatureReferenceUri

protected static void validateSignatureReferenceUri(Document xmlDocument,
                                                    Reference reference)

Validates that the element resolved by the signature validation layer is the same as the element resolved by the DOM layer.

Parameters:: xmlDocument - the signed document; reference - the reference to be validated

validateSignatureTransforms

protected static void validateSignatureTransforms(Reference reference)

Validate the transforms included in the Signature Reference. The Reference may contain at most 2 transforms. One of them must be the Enveloped signature transform. An Exclusive Canonicalization transform (with or without comments) may also be present. No other transforms are allowed.

Parameters:: reference - the Signature reference containing the transforms to evaluate

getSignatureElement

protected static Element getSignatureElement(Document xmlDoc)

Gets the signature element from the document. The signature must be a child of the document root.

Parameters:: xmlDoc - document from which to pull the signature
Returns:: the signature element, or null

getCredential

protected static org.opensaml.xml.security.x509.BasicX509Credential getCredential(XmlSecToolCommandLineArguments cli)

Gets the credentials used for signing and signature verification.

Parameters:: cli - command line arguments
Returns:: the credentials

getCRLs

protected static Collection<X509CRL> getCRLs(XmlSecToolCommandLineArguments cli)

Gets the CRLs referenced on the command line, if any.

Parameters:: cli - command line arguments
Returns:: collection of CRLs

writeDocument

protected static void writeDocument(XmlSecToolCommandLineArguments cli,
                                    Node xml)

Writes a DOM element to the output file.

Parameters:: cli - command line arguments; xml - the XML element to output

initLogging

protected static void initLogging(XmlSecToolCommandLineArguments cli)

Initialize the logging subsystem.

Parameters:: cli - command line arguments