iaik.xml.crypto

Class XSecProvider

java.lang.Object

java.util.Dictionary<K,V>

java.util.Hashtable<Object,Object>

java.util.Properties

java.security.Provider

iaik.xml.crypto.XSecProvider

All Implemented Interfaces:

Serializable, Cloneable, Map<Object,Object>

public class XSecProvider
extends Provider

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	XSecProvider.ClassForNameHook Deprecated. This is an experimental feature and may be consolidated in a future Version. It is planned to move this functionality to a util package.
static class	XSecProvider.Purpose
static interface	XSecProvider.SysPropertyHook Deprecated. This is an experimental feature and may be consolidated in a future Version.

Nested classes/interfaces inherited from class java.security.Provider

Provider.Service

Field Summary

Fields

Modifier and Type	Field and Description
static String	DOM The mechanism type of this provider
static String	FirstProviderFound If this string is passed to setDelegationProvider(String, String) as the second parameter the provider framework is used to find the first implementation for the given algorithm, otherwise XSECT will preferably use itself where possible.
static String	NAME
static Provider	PFirstProviderFound If this dummy Provider Object is passed to setDelegationProvider(String, Provider, Purpose) as the second parameter the provider framework is used to find the first implementation for the given algorithm, otherwise XSECT will preferably use itself where possible.
static Map	XERCES_XALAN_JDK_PACKAGE_MAP

Fields inherited from class java.util.Properties

defaults

Constructor Summary

Constructors

Constructor and Description
XSecProvider() Creates a new instance of this Provider.

Method Summary

Modifier and Type	Method and Description
static void	addAsProvider(boolean printStatusInfo) Static method which installs the SecurityProviders XSECT and IAIK and prints some system properties if desired.
static void	addAsProvider(boolean printStatusInfo, boolean forJDK14) Static method which installs the SecurityProviders XSECT and IAIK and prints some system properties if desired.
static Class	classForName(String className) This method provides a single point through which all the Class loading of Classes not provided by XSECT and loaded by Class.forName(java.lang.String) is performed.
static void	disableOptionalClassLoading(boolean disable) Disable tentative class loading of optional classes? Some features can only be supported if optional classes are available.
static String	getDelegationProvider(String algorithm) Deprecated. please use getDelegationProvider(String, Purpose) instead - especially for java 1.5 or higher.
static Provider	getDelegationProvider(String algorithm, XSecProvider.Purpose purpose)
static XSecProvider	getInstance()
static String	getPackageName(String pkg) Allows to retrieve the package name for Xerces/Xalan delivered with the JDK.
String	getProperty(String key)
String	getProperty(String key, String defaultValue)
static String	getSysProperty(String key)
static String	getSysProperty(String key, String def)
URIDereferencer	getURIDereferencer() Returns the default URIDereferencer used by the Provider.
protected void	init()
static boolean	lateAlgorithmInstantiation()
static boolean	lateAlgorithmProxyInstantiation()
static boolean	optionalClassLoading() Returns true if tentative class loading is enabled (default).
static boolean	preferIAIKoverJCA() With the system property "iaik.xml.crypto.XSecProvider.preferIAIKoverJCA" one can control if XSECT uses the IAIK provider before consulting the JCA provider framework
static void	setClassForNameHook(XSecProvider.ClassForNameHook classForNameHook) Deprecated. This is an experimental feature and may be consolidated in a future Version. It is planned to move this functionality to a util package.
static void	setDelegationProvider(String algorithm, Provider provider, XSecProvider.Purpose purpose) Deprecated. Experimental and will only work with lateAlgorithmInstantiation(); lateAlgorithmProxyInstantiation() returning true.
static void	setDelegationProvider(String algorithm, String provider) Sets the name of a (registered) Provider that should be used to get an implementation of the specified algorithm.
static void	setJDKsXercesXalan() This method can be called in a static block of your application, and causes the JDK's Xerces/Xalan to be used, if available.
static void	setPostSignHook(XMLSignatureProcessingHook hook) Provides means to enforce constraints or arbitrary processing on the signature immeadiately after signing.
static void	setPostVerifyHook(XMLSignatureProcessingHook hook) Provides means to enforce constraints or arbitrary processing on the signature immeadiately after verifying.
static void	setPreSignHook(XMLSignatureProcessingHook hook) Provides means to enforce constraints or arbitrary processing on the signature immeadiately before signing.
static void	setPreVerifyHook(XMLSignatureProcessingHook hook) Provides means to enforce constraints or arbitrary processing on the signature immeadiately before verifying.
static void	setSysProperty(String key, String value) Provides a means to intercept all tries by XSECT to set system properties by setting a SYS_PROPERTY_HOOK.
static void	setSysPropertyHook(XSecProvider.SysPropertyHook sysPropertyHook) Deprecated. This is an experimental feature and may be consolidated in a future Version.
void	undoARCFourBugFix(boolean undo) There has been in a bug in the mapping from XmldsigMore.ENCRYPTION_ARCFOUR to the actual Cipher.
static Boolean	useJDKsXercesXalan() This method let's you find out if setJDKsXercesXalan() has been called.

Methods inherited from class java.security.Provider

clear, compute, computeIfAbsent, computeIfPresent, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getService, getServices, getVersion, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, values

Methods inherited from class java.util.Properties

list, list, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNames

Methods inherited from class java.util.Hashtable

clone, contains, containsKey, containsValue, equals, hashCode, isEmpty, rehash, size

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

NAME

public static final String NAME

See Also:

Constant Field Values

DOM

public static final String DOM

The mechanism type of this provider

See Also:

Constant Field Values

FirstProviderFound

public static final String FirstProviderFound

If this string is passed to setDelegationProvider(String, String) as the second parameter the provider framework is used to find the first implementation for the given algorithm, otherwise XSECT will preferably use itself where possible. It has to be this very same object ( FirstProviderFound) as a "==" comparison is used and it's value has no significance. Use this with care as the reflexive delegation of XSECT will be sufficient for most use cases.

See Also:

setDelegationProvider(String, String), Constant Field Values

PFirstProviderFound

public static final Provider PFirstProviderFound

If this dummy Provider Object is passed to setDelegationProvider(String, Provider, Purpose) as the second parameter the provider framework is used to find the first implementation for the given algorithm, otherwise XSECT will preferably use itself where possible. It has to be this very same object (PFirstProviderFound) as a "==" comparison is used and it's value has no significance. Use this with care as the reflexive delegation of XSECT will be sufficient for most use cases.

See Also:

setDelegationProvider(String, Provider, Purpose)

XERCES_XALAN_JDK_PACKAGE_MAP

public static final Map XERCES_XALAN_JDK_PACKAGE_MAP

Constructor Detail

XSecProvider

public XSecProvider()

Creates a new instance of this Provider.

Method Detail

addAsProvider

public static void addAsProvider(boolean printStatusInfo)

Static method which installs the SecurityProviders XSECT and IAIK and prints some system properties if desired.

Parameters:

printStatusInfo - prints some status information and system properties

Since:

XSECT 1.10

addAsProvider

public static void addAsProvider(boolean printStatusInfo,
                                 boolean forJDK14)

Static method which installs the SecurityProviders XSECT and IAIK and prints some system properties if desired.

Parameters:

printStatusInfo - prints some status information and system properties

forJDK14 - whether to use a workaround allowing to use IAIK as first provider with JDK1.4

Since:

XSECT 1.10

preferIAIKoverJCA

public static boolean preferIAIKoverJCA()

With the system property "iaik.xml.crypto.XSecProvider.preferIAIKoverJCA" one can control if XSECT uses the IAIK provider before consulting the JCA provider framework

Returns:

lateAlgorithmInstantiation

public static boolean lateAlgorithmInstantiation()

lateAlgorithmProxyInstantiation

public static boolean lateAlgorithmProxyInstantiation()

getDelegationProvider

public static Provider getDelegationProvider(String algorithm,
                                             XSecProvider.Purpose purpose)
                                      throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

getDelegationProvider

public static String getDelegationProvider(String algorithm)
                                    throws NoSuchAlgorithmException

Deprecated. please use getDelegationProvider(String, Purpose) instead - especially for java 1.5 or higher.

Returns the name the Provider for the given algorithm that has been set using the setDelegationProvider(String, String) method.

Parameters:

algorithm - a string identifying the algorithm (see setDelegationProvider(String, String))

Returns:

the name of the provider, or null if no provider has been set and the standard provider selection mechanism should be used

Throws:

NoSuchAlgorithmException

setDelegationProvider

public static void setDelegationProvider(String algorithm,
                                         String provider)

Sets the name of a (registered) Provider that should be used to get an implementation of the specified algorithm. If no provider has been set for a specific algorithm, the default provider selection mechanism is used to get an implementation of that algorithm.
The algorithm string is build like follows

 algorithmType.algorithmName
 

where algorithmType is one of MessageDigest for MessageDigests, Signature for Signatures, Mac for Macs, Cipher for Ciphers or KeyFactory for KeyFactorys. and algorithmName is the default algorithm name of the corresponding algorithm according to the JCA/JCE specification.

For example: MessageDigest.SHA1

All algorithms implemented directly by XSECT are per default reflexively delegated to XSECT itself. This is necessary as foreign implementations do not necessarily implement all algorithms or NodeSetData is unfortunately not returned in document order by all other implementations.

Parameters:

algorithm - a string identifying the algorithm as specified above

provider - the name of a registered Provider, a value of null removes the setting for the given algorithm. Passing FirstProviderFound for an algorithm implemented by XSECT removes the default reflexive delegation.

setDelegationProvider

public static void setDelegationProvider(String algorithm,
                                         Provider provider,
                                         XSecProvider.Purpose purpose)

Deprecated. Experimental and will only work with lateAlgorithmInstantiation(); lateAlgorithmProxyInstantiation() returning true.

Parameters:

algorithm -

provider - either an instance of the Provider or the name of the Provider. (may be null to delete a delegation)

purpose - if null this will be the default if no purpose matches

disableOptionalClassLoading

public static void disableOptionalClassLoading(boolean disable)

Disable tentative class loading of optional classes?
Some features can only be supported if optional classes are available. Currently this is:

• support for ECDSA which requires classes of the IAIK ECC library.
• support for ESDH which requires classes which are not available in the US version of IAIK JCE due to patent issues.

XSECT tries to load the corresponding classes and enables the corresponding features if avaliable. However, in some environments tentative class loading may be problematic (for example, class loading may be delayed in applets).

This method may be used to disable tentative class loading. PLEASE NOTE: It must be called before the first instance of the XSecProvider class is constructed through XSecProvider()!

Parameters:

disable - true if tentative class loading should be disabled, false otherwise

optionalClassLoading

public static boolean optionalClassLoading()

Returns true if tentative class loading is enabled (default).

Returns:

true if tentative class loading is enabled, or false otherwise

See Also:

disableOptionalClassLoading(boolean)

init

protected void init()

getInstance

public static XSecProvider getInstance()

undoARCFourBugFix

public void undoARCFourBugFix(boolean undo)

There has been in a bug in the mapping from XmldsigMore.ENCRYPTION_ARCFOUR to the actual Cipher. To decrypt legacy documents that have been using XmldsigMore.ENCRYPTION_ARCFOUR with XSECT versions prior to 1.13 call this method before decrypting.

getURIDereferencer

public URIDereferencer getURIDereferencer()

Returns the default URIDereferencer used by the Provider.

Returns:

the default URIDereferencer

getProperty

public String getProperty(String key,
                          String defaultValue)

Overrides:

getProperty in class Properties

See Also:

Properties.getProperty(java.lang.String, java.lang.String)

getProperty

public String getProperty(String key)

Overrides:

getProperty in class Provider

See Also:

Properties.getProperty(java.lang.String)

setClassForNameHook

public static void setClassForNameHook(XSecProvider.ClassForNameHook classForNameHook)

Deprecated. This is an experimental feature and may be consolidated in a future Version. It is planned to move this functionality to a util package.

Becomes effective in alternative to the execution of Class.forName().

Parameters:

classForNameHook -

See Also:

XSecProvider.ClassForNameHook

classForName

public static Class classForName(String className)
                          throws ClassNotFoundException

This method provides a single point through which all the Class loading of Classes not provided by XSECT and loaded by Class.forName(java.lang.String) is performed.

Parameters:

className -

Returns:

The class found by the XSecProvider.ClassForNameHook if set or else by Class.forName(java.lang.String).

Throws:

ClassNotFoundException

See Also:

Class.forName(java.lang.String), setClassForNameHook(ClassForNameHook), XSecProvider.ClassForNameHook

setJDKsXercesXalan

public static void setJDKsXercesXalan()

This method can be called in a static block of your application, and causes the JDK's Xerces/Xalan to be used, if available. Please note that we only support Xerces/Xalan supplied with XSECT. If you need support for Xerces/Xalan that comes with the JDK you will have to mention this in a support request.

useJDKsXercesXalan

public static Boolean useJDKsXercesXalan()

This method let's you find out if setJDKsXercesXalan() has been called.

Returns:

Boolean.TRUE iff setJDKsXercesXalan() has been called, Boolean.FALSE otherwise. In the future this may return null to indicate an unkown status.

setPreSignHook

public static void setPreSignHook(XMLSignatureProcessingHook hook)

Provides means to enforce constraints or arbitrary processing on the signature immeadiately before signing.

Parameters:

hook - The implementation.

setPostSignHook

public static void setPostSignHook(XMLSignatureProcessingHook hook)

Provides means to enforce constraints or arbitrary processing on the signature immeadiately after signing.

Parameters:

hook - The implementation.

setPreVerifyHook

public static void setPreVerifyHook(XMLSignatureProcessingHook hook)

Provides means to enforce constraints or arbitrary processing on the signature immeadiately before verifying.

Parameters:

hook - The implementation.

setPostVerifyHook

public static void setPostVerifyHook(XMLSignatureProcessingHook hook)

Provides means to enforce constraints or arbitrary processing on the signature immeadiately after verifying.

Parameters:

hook - The implementation.

setSysPropertyHook

public static void setSysPropertyHook(XSecProvider.SysPropertyHook sysPropertyHook)

Deprecated. This is an experimental feature and may be consolidated in a future Version.

Becomes effective in alternative to the execution of System.setProperty(java.lang.String, java.lang.String) and System.getProperty(java.lang.String, java.lang.String).

Parameters:

sysPropertyHook -

See Also:

XSecProvider.SysPropertyHook

setSysProperty

public static void setSysProperty(String key,
                                  String value)

Provides a means to intercept all tries by XSECT to set system properties by setting a SYS_PROPERTY_HOOK. It also extends the semantics for clearing a system property by providing a null value, to clear the property as in jdk 1.5 System.clearProperty.

See Also:

System.setProperty(java.lang.String, java.lang.String), SYS_PROPERTY_HOOK

getSysProperty

public static String getSysProperty(String key)

See Also:

setSysPropertyHook(SysPropertyHook), setSysProperty(String, String), System.getProperty(java.lang.String)

getSysProperty

public static String getSysProperty(String key,
                                    String def)

See Also:

setSysPropertyHook(SysPropertyHook), setSysProperty(String, String), System.getProperty(java.lang.String, java.lang.String)

getPackageName

public static String getPackageName(String pkg)

Allows to retrieve the package name for Xerces/Xalan delivered with the JDK. Please note that these libraries are not fully supported and should be only used under certain circumstances.

Parameters:

pkg - the normal package name

Returns:

the internal package name