iaik.xml.crypto.dom

Class DOMCryptoContext

java.lang.Object

javax.xml.crypto.dom.DOMCryptoContext

iaik.xml.crypto.dom.DOMCryptoContext

All Implemented Interfaces:

XMLCryptoContext

public class DOMCryptoContext
extends DOMCryptoContext

An implementation of DOMCryptoContext.

Field Summary

Fields

Modifier and Type	Field and Description
static String	BASE64_LINEBREAK This property name allows to set a byte[] as value for specifying which line break should be used in Base64 encoded values when marshaling a signature.
static String	CACHE_CANON_INPUT_DATA This property name allows to set a Set of reference type uris as value to enable the ReferenceType.getCanonInputData() for matching references.
static String	CACHE_REFERENCE This property name allows to set a Boolean.TRUE as value to enable the Reference.getDereferencedData() and the Reference.getDigestInputStream().
static String	DEBUG_OS This property name allows to set an OutputStream as value for debug output.
static String	EXPAND_ENTITY_REFERENCES Deprecated. Experimental, deprecation will be removed in a future version.
static String	FIX_SUBTREE_NODESET
static String	HMAC_MINIMUM_HALF_LENGTH Signatures MUST be deemed invalid if the truncation length is below half the underlying hash algorithm's output length, or 80 bits, whichever of these two values is greater.
static String	HMAC_MINIMUM_OUTPUT_LENGTH Signatures MUST be deemed invalid if the truncation length is below half the underlying hash algorithm's output length, or 80 bits, whichever of these two values is greater.
static String	HMAC_MINIMUM_OUTPUT_THROW_EX_ON_VERIFY This parameter causes an Exception to be thrown if set to Boolean.TRUE and the the checks for HMAC_MINIMUM_HALF_LENGTH, HMAC_MINIMUM_OUTPUT_LENGTH or HMAC_OUTPUT_LENGTH_MOD8 are not satisfied.
static String	HMAC_OUTPUT_LENGTH_ALLOW_FLOORED_MOD8 It is possible that the HMACOutputLength is 1 to 7 bits longer than the value of the signature to be verified due to a bug in legacy applications where floor(HMACOutputLength/8) had been used.
static String	HMAC_OUTPUT_LENGTH_MOD8 XMLDSIG 1.1 REQUIRES HMACOutputLength to be divisible by 8.
static String	IGNORING_ELEMENT_CONTENT_WHITESPACE Deprecated. Experimental, deprecation will be removed in a future version.
static String	KEYINFO_TRIM_NAMES
static String	MAX_NUM_OF_TRANSFORMS Allows to limit the maximum Number of Transforms allowed as children of Transforms by setting this property by an Integer.
static String	NODESETDATA_2_OCTETSTREAMDATA
static String	SIGN_OVER Deprecated. Experimental, deprecation will be removed in a future version.
static String	SYSTEM_PROPERTY_DEBUG_OS This system property allows to set "System.err" or "System.out" as value for debug output.
static String	SYSTEM_PROPERTY_FIX_SUBTREE_NODESET
static String	XERCES_SECURITY_MANAGER This property can be used for setting a XERCES security-manager for the parser.
static String	XPATH_EVALUATOR The Property "iaik.xml.filter.impl.dsig.XPathEvaluator" can be set to "iaik.xml.filter.impl.dsig.XPathEvaluatorOld" or "iaik.xml.filter.impl.dsig.XPathApiXPathEvaluator".

Constructor Summary

Constructors

Modifier	Constructor and Description
	DOMCryptoContext() Creates a new instance of this DOMCryptoContext.
protected	DOMCryptoContext(boolean initialize) Creates a new instance of this DOMCryptoContext.

Method Summary

Modifier and Type	Method and Description
Object	get(Object key) This implementation uses an internal HashMap to get the object that the specified key maps to.
Element	getElementById(String idValue) Returns the Element with the specified ID attribute value.
Object	put(Object key, Object value) This implementation uses an internal HashMap to map the key to the specified object.
protected void	setDefaultProperties() This allows to set all defaults.
static void	setDefaultsIfNotSet(XMLCryptoContext cryptoContext)
Object	setProperty(String name, Object value) This implementation uses an internal HashMap to map the name to the specified object.

Methods inherited from class javax.xml.crypto.dom.DOMCryptoContext

getBaseURI, getDefaultNamespacePrefix, getKeySelector, getNamespacePrefix, getProperty, getURIDereferencer, iterator, putNamespacePrefix, setBaseURI, setDefaultNamespacePrefix, setIdAttributeNS, setKeySelector, setURIDereferencer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEBUG_OS

public static final String DEBUG_OS

This property name allows to set an OutputStream as value for debug output.

See Also:

DOMCryptoContext.setProperty(String, Object)

SYSTEM_PROPERTY_DEBUG_OS

public static final String SYSTEM_PROPERTY_DEBUG_OS

This system property allows to set "System.err" or "System.out" as value for debug output.

See Also:

System.setProperty(java.lang.String, java.lang.String)

BASE64_LINEBREAK

public static final String BASE64_LINEBREAK

This property name allows to set a byte[] as value for specifying which line break should be used in Base64 encoded values when marshaling a signature.

See Also:

DOMCryptoContext.setProperty(String, Object)

SIGN_OVER

public static final String SIGN_OVER

Deprecated. Experimental, deprecation will be removed in a future version.

This property name allows to use an existing signature and sign it again using for example another key. Note however that this is still experimental.

See Also:

DOMCryptoContext.setProperty(String, Object)

CACHE_REFERENCE

public static final String CACHE_REFERENCE

This property name allows to set a Boolean.TRUE as value to enable the Reference.getDereferencedData() and the Reference.getDigestInputStream().

See Also:

DOMCryptoContext.setProperty(String, Object), XMLSignContext, XMLValidateContext

CACHE_CANON_INPUT_DATA

public static final String CACHE_CANON_INPUT_DATA

This property name allows to set a Set of reference type uris as value to enable the ReferenceType.getCanonInputData() for matching references. An empty set matches all references.
Examples:

• Cache the canonicalization input data of all references pointing to a Manifest:

      Set cachedReferenceTypeURIs = new HashSet(1);
      cachedReferenceTypeURIs.add("http://www.w3.org/2000/09/xmldsig#Manifest");
      validateContext.setProperty(DOMCryptoContext.CACHE_CANON_INPUT_DATA, cachedReferenceTypeURIs);
    

• Cache the canonicalization input data of all references:

      validateContext.setProperty(DOMCryptoContext.CACHE_CANON_INPUT_DATA, Collections.EMPTY_SET);
    

• Cache the canoniclization data of all references having no type uri:

      Set cachedReferenceTypeURIs = new HashSet(1);
      cachedReferenceTypeURIs.add(null);
      validateContext.setProperty(DOMCryptoContext.CACHE_CANON_INPUT_DATA, cachedReferenceTypeURIs);
    

FIX_SUBTREE_NODESET

public static final String FIX_SUBTREE_NODESET

SYSTEM_PROPERTY_FIX_SUBTREE_NODESET

public static final String SYSTEM_PROPERTY_FIX_SUBTREE_NODESET

MAX_NUM_OF_TRANSFORMS

public static final String MAX_NUM_OF_TRANSFORMS

Allows to limit the maximum Number of Transforms allowed as children of Transforms by setting this property by an Integer.

See Also:

DOMCryptoContext.setProperty(String, Object), XMLSignContext, XMLValidateContext

EXPAND_ENTITY_REFERENCES

public static final String EXPAND_ENTITY_REFERENCES

Deprecated. Experimental, deprecation will be removed in a future version.

expandEntityReferences is the inversion of entities.

XERCES_SECURITY_MANAGER

public static final String XERCES_SECURITY_MANAGER

This property can be used for setting a XERCES security-manager for the parser.

IGNORING_ELEMENT_CONTENT_WHITESPACE

public static final String IGNORING_ELEMENT_CONTENT_WHITESPACE

Deprecated. Experimental, deprecation will be removed in a future version.

ignoringElementContentWhitespace the negation of element-content-whitespace.

NODESETDATA_2_OCTETSTREAMDATA

public static final String NODESETDATA_2_OCTETSTREAMDATA

See Also:

NodeSetData2OctetStreamDataExpatiator

XPATH_EVALUATOR

public static final String XPATH_EVALUATOR

The Property "iaik.xml.filter.impl.dsig.XPathEvaluator" can be set to "iaik.xml.filter.impl.dsig.XPathEvaluatorOld" or "iaik.xml.filter.impl.dsig.XPathApiXPathEvaluator". The latter causes the JAXP 1.3 XPath API to be used instead of the Xalan's API that employed by "iaik.xml.filter.impl.dsig.XPathEvaluatorOld". It should be noted that Xalan's implementation of the JAXP 1.3 XPath API is not as well performing as the old API. Hence the default is "iaik.xml.filter.impl.dsig.XPathEvaluatorOld" which may however be changed in a future version as soon as Xalan's implementation of the JAXP 1.3 XPath API is performing better.

See Also:

DOMCryptoContext.setProperty(String, Object), XMLSignContext, XMLValidateContext

HMAC_MINIMUM_OUTPUT_LENGTH

public static final String HMAC_MINIMUM_OUTPUT_LENGTH

Signatures MUST be deemed invalid if the truncation length is below half the underlying hash algorithm's output length, or 80 bits, whichever of these two values is greater. MUST be set to an Integer.
Defaults to Integer(80)
Never set this value below 80 unless you know what you are doing.
Also note that this boundary is useful only for an HMAC of at least 160 Bits (e.g. SignatureMethod.HMAC_SHA1, XmldsigMore.SIGNATURE_HMAC_RIPEMD160) because shorter HMACS suffer a lower birthday bound.

See Also:

DOMCryptoContext.setProperty(String, Object), XMLSignContext, XMLValidateContext

HMAC_MINIMUM_HALF_LENGTH

public static final String HMAC_MINIMUM_HALF_LENGTH

Signatures MUST be deemed invalid if the truncation length is below half the underlying hash algorithm's output length, or 80 bits, whichever of these two values is greater. MUST be set to a Boolean.
Defaults to Boolean.TRUE
Do not set this value to Boolean.FALSE unless you know what you are doing.
If you set this value to Boolean.FALSE only the HMAC_MINIMUM_OUTPUT_LENGTH is checked.

See Also:

HMAC_MINIMUM_OUTPUT_LENGTH, DOMCryptoContext.setProperty(String, Object), XMLSignContext, XMLValidateContext

HMAC_OUTPUT_LENGTH_MOD8

public static final String HMAC_OUTPUT_LENGTH_MOD8

XMLDSIG 1.1 REQUIRES HMACOutputLength to be divisible by 8. For legacy applications this may have to be set to Boolean.FALSE.
Defaults to Boolean.TRUE.

HMAC_OUTPUT_LENGTH_ALLOW_FLOORED_MOD8

public static final String HMAC_OUTPUT_LENGTH_ALLOW_FLOORED_MOD8

It is possible that the HMACOutputLength is 1 to 7 bits longer than the value of the signature to be verified due to a bug in legacy applications where floor(HMACOutputLength/8) had been used. Set this property only to Boolean.TRUE, iff this applies to the Signature to be verified and HMAC_OUTPUT_LENGTH_MOD8 is set to Boolean.FALSE. HMAC_MINIMUM_HALF_LENGTH and HMAC_MINIMUM_OUTPUT_LENGTH are still enforced.
Defaults to Boolean.FALSE.

See Also:

HMAC_MINIMUM_HALF_LENGTH, HMAC_MINIMUM_OUTPUT_LENGTH, Constant Field Values

HMAC_MINIMUM_OUTPUT_THROW_EX_ON_VERIFY

public static final String HMAC_MINIMUM_OUTPUT_THROW_EX_ON_VERIFY

This parameter causes an Exception to be thrown if set to Boolean.TRUE and the the checks for HMAC_MINIMUM_HALF_LENGTH, HMAC_MINIMUM_OUTPUT_LENGTH or HMAC_OUTPUT_LENGTH_MOD8 are not satisfied. Otherwise HMAC signature verification simply returns false.

KEYINFO_TRIM_NAMES

public static final String KEYINFO_TRIM_NAMES

Constructor Detail

DOMCryptoContext

public DOMCryptoContext()

Creates a new instance of this DOMCryptoContext.

DOMCryptoContext

protected DOMCryptoContext(boolean initialize)

Creates a new instance of this DOMCryptoContext.

Method Detail

setDefaultsIfNotSet

public static void setDefaultsIfNotSet(XMLCryptoContext cryptoContext)

Parameters:

cryptoContext -

setDefaultProperties

protected void setDefaultProperties()

This allows to set all defaults.

get

public Object get(Object key)

Description copied from class: javax.xml.crypto.dom.DOMCryptoContext

This implementation uses an internal HashMap to get the object that the specified key maps to.

Specified by:

get in interface XMLCryptoContext

Overrides:

get in class DOMCryptoContext

Parameters:

key - the key whose associated value is to be returned

Returns:

the value to which this context maps the specified key, or null if there is no mapping for the key

See Also:

DOMCryptoContext.get(java.lang.Object)

getElementById

public Element getElementById(String idValue)

Description copied from class: javax.xml.crypto.dom.DOMCryptoContext

Returns the Element with the specified ID attribute value.

This implementation uses an internal HashMap to get the element that the specified attribute value maps to.

Overrides:

getElementById in class DOMCryptoContext

Returns:

the Element with the specified ID attribute value, or null if none.

See Also:

DOMCryptoContext.getElementById(java.lang.String)

put

public Object put(Object key,
                  Object value)

Description copied from class: javax.xml.crypto.dom.DOMCryptoContext

This implementation uses an internal HashMap to map the key to the specified object.

Specified by:

put in interface XMLCryptoContext

Overrides:

put in class DOMCryptoContext

Parameters:

key - key with which the specified value is to be associated with

value - value to be associated with the specified key

Returns:

the previous value associated with the key, or null if there was no mapping for the key

See Also:

DOMCryptoContext.put(java.lang.Object, java.lang.Object)

setProperty

public Object setProperty(String name,
                          Object value)

Description copied from class: javax.xml.crypto.dom.DOMCryptoContext

This implementation uses an internal HashMap to map the name to the specified object.

Specified by:

setProperty in interface XMLCryptoContext

Overrides:

setProperty in class DOMCryptoContext

Parameters:

name - the name of the property

value - the value of the property to be set

Returns:

the previous value of the specified property, or null if it did not have a value