Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sap.security.core.server.ssf
Class SsfDataXML

java.lang.Object
  |
  +--com.sap.security.core.server.ssf.SsfDataXML
All Implemented Interfaces:
ISsfData
public class SsfDataXML
extends java.lang.Object
implements ISsfData

Class for representing data to be digitally signed, verified, encrypted or decrypted, using XML Signature/Encryption syntax.

Fields inherited from interface com.sap.security.api.ssf.ISsfData
ALG_AES128_CBC, ALG_DES_EDE3_CBC, ALG_MD5, ALG_RC2_40_CBC, ALG_RC2_CBC, ALG_SHA, INC_CERT_CHAIN, INC_CERT_CHAIN_ROOT, INC_CERT_NONE, INC_CERT_OWN
 
Constructor Summary
SsfDataXML(org.w3c.dom.Element el)
          Define XML element to be signed, verified, encrypted or decrypted
SsfDataXML(java.io.InputStream in)
          Read XML data to be signed, verified, encrypted or decrypted
 
Method Summary
 boolean decrypt(org.w3c.dom.Element encData, ISsfProfile profile, java.security.Key key)
          Decrypts an encrypted data element.
 boolean decrypt(ISsfProfile profile)
          Decrypts the given data.
static boolean decryptData(org.w3c.dom.Element encData, java.security.Key symKey, java.lang.String symAlgURI)
          Decrypts and restores an encrypted data element.
static java.security.Key decryptKey(org.w3c.dom.Element encKey, ISsfProfile prof, java.lang.String symAlgURI, java.util.ArrayList dataRefList)
          Decrypts an encrypted symmetric key
 boolean encrypt(org.w3c.dom.Element keyParent, SsfRefXMLList refList, SsfSigRcpList rcpList, ISsfPab pab, java.lang.String symAlgURI)
          Encrypts the given data.
 boolean encrypt(SsfSigRcpList rcpList, ISsfPab pab)
          Encrypts the given data.
 boolean encrypt(SsfSigRcpList rcpList, ISsfPab pab, java.lang.String symAlg)
          Encrypts the given data.
static org.w3c.dom.Element encryptData(org.w3c.dom.Element encHome, boolean contentOnly, java.security.Key symKey, java.lang.String symAlgURI, java.lang.String id)
          Encrypts an element and replaces the element or its content by an encrypted data element
static boolean encryptKey(org.w3c.dom.Element keyParent, java.security.Key key, java.security.cert.X509Certificate cert, java.lang.String id, SsfRefXMLList refList)
          Create and insert an encrypted key element
 java.lang.String getCanonicalizationAlgorithm()
          Get algorithm which is used for canonicalization of SignedInfo element
 org.w3c.dom.Element getDataXML()
          Get XML element which results from previous operations
 boolean setCanonicalizationAlgorithm(java.lang.String canonAlgURI)
          Set algorithm which is used for canonicalization of SignedInfo element (default.
 boolean sign(org.w3c.dom.Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached)
          Deprecated. Use sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName) instead
 boolean sign(org.w3c.dom.Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName)
          Creates a digital signature of the given data
 boolean sign(ISsfProfile profile)
          Creates a digital siganture of the given data.
 boolean sign(ISsfProfile profile, java.lang.String mdAlg, int incCerts, boolean detached)
          Creates a digital siganture of the given data.
 boolean sign(SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached)
          Deprecated. Use sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName) instead
static boolean signData(org.w3c.dom.Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean incKeyName, java.lang.String canonAlgURI)
          Creates a signed data element at a given home element
 java.lang.String toString()
          Get parsed XML data (might be large!)
 boolean verify(org.w3c.dom.Element sigHome, ISsfPab pab, SsfSigRcpList sigList, SsfRefXMLList refList, java.security.cert.X509Certificate cert)
          Verifies a digital signature of the given data and restores the original data
 boolean verify(ISsfPab pab, SsfSigRcpList sigList)
          Verifies a digital signature of the given data.
 boolean verify(ISsfPab pab, SsfSigRcpList sigList, ISsfData input, java.security.cert.X509Certificate cert)
          Verifies a digital signature of the given data.
static boolean verifyData(org.w3c.dom.Element sigHome, ISsfPab pab, SsfSigRcpList sigList, SsfRefXMLList refList, java.security.cert.X509Certificate cert)
          Verifies a signed data element
 boolean writeTo(java.io.OutputStream out)
          Writes the changed data to an output stream
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SsfDataXML

public SsfDataXML(java.io.InputStream in)
           throws java.io.IOException,
                  SsfInvalidDataException
Read XML data to be signed, verified, encrypted or decrypted
Parameters:
in - input stream to read the data

SsfDataXML

public SsfDataXML(org.w3c.dom.Element el)
           throws SsfInvalidDataException
Define XML element to be signed, verified, encrypted or decrypted
Parameters:
el - XML element to work on
Throws:
SsfInvalidDataException - if no XML data is supplied
Method Detail

sign

public boolean sign(ISsfProfile profile)
             throws SsfInvalidKeyException
Description copied from interface: ISsfData
Creates a digital siganture of the given data.
Specified by:
sign in interface ISsfData
See Also:
ISsfData.sign(com.sap.security.api.ssf.ISsfProfile)

sign

public boolean sign(ISsfProfile profile,
                    java.lang.String mdAlg,
                    int incCerts,
                    boolean detached)
             throws SsfInvalidKeyException,
                    SsfInvalidAlgException
Description copied from interface: ISsfData
Creates a digital siganture of the given data.
Specified by:
sign in interface ISsfData
See Also:
ISsfData.sign(com.sap.security.api.ssf.ISsfProfile)

sign

public boolean sign(SsfRefXMLList refList,
                    ISsfProfile profile,
                    int incCerts,
                    boolean detached)
             throws SsfInvalidKeyException,
                    SsfInvalidAlgException
Deprecated. Use sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName) instead

Creates a digital signature of the given data
Parameters:
refList - list of references to be signed
profile - containing the secret key of the signer
incCerts - determine if certificates should be included
detached - if true do not include data into signature
Returns:
true if data could be digitally signed
Throws:
SsfInvalidKeyException - if invalid key is used

sign

public boolean sign(org.w3c.dom.Element sigHome,
                    SsfRefXMLList refList,
                    ISsfProfile profile,
                    int incCerts,
                    boolean detached)
             throws SsfInvalidKeyException,
                    SsfInvalidAlgException
Deprecated. Use sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName) instead

Creates a digital signature of the given data
Parameters:
sigHome - element which will hold the signature (if null, append signed data as last child)
refList - list of references to be signed
profile - containing the secret key of the signer
incCerts - determine if certificates should be included
detached - if true do not include data into signature
Returns:
true if data could be digitally signed
Throws:
SsfInvalidKeyException - if invalid key is used

sign

public boolean sign(org.w3c.dom.Element sigHome,
                    SsfRefXMLList refList,
                    ISsfProfile profile,
                    int incCerts,
                    boolean detached,
                    boolean incKeyName)
             throws SsfInvalidKeyException,
                    SsfInvalidAlgException
Creates a digital signature of the given data
Parameters:
sigHome - element which will hold the signature (if null, append signed data as last child)
refList - list of references to be signed
profile - containing the secret key of the signer
incCerts - determine if certificates should be included
detached - if true do not include data into signature
incKeyName - if true include KeyName to KeyInfo
Returns:
true if data could be digitally signed
Throws:
SsfInvalidKeyException - if invalid key is used

signData

public static boolean signData(org.w3c.dom.Element sigHome,
                               SsfRefXMLList refList,
                               ISsfProfile profile,
                               int incCerts,
                               boolean incKeyName,
                               java.lang.String canonAlgURI)
                        throws SsfInvalidKeyException,
                               SsfInvalidAlgException
Creates a signed data element at a given home element
Parameters:
sigHome - element which will hold the signature
refList - list of references to be signed
profile - containing the secret key of the signer
incCerts - determine if certificates should be included
incKeyName - if true include KeyName to KeyInfo
canonAlgURI - URI of canonicalization algorithm
Returns:
true if data could be digitally signed
Throws:
SsfInvalidKeyException - if invalid key is used

verify

public boolean verify(ISsfPab pab,
                      SsfSigRcpList sigList)
               throws SsfInvalidDataException
Description copied from interface: ISsfData
Verifies a digital signature of the given data.
Specified by:
verify in interface ISsfData
See Also:
ISsfData.verify(com.sap.security.api.ssf.ISsfPab, com.sap.security.core.server.ssf.SsfSigRcpList)

verify

public boolean verify(ISsfPab pab,
                      SsfSigRcpList sigList,
                      ISsfData input,
                      java.security.cert.X509Certificate cert)
               throws SsfInvalidDataException
Description copied from interface: ISsfData
Verifies a digital signature of the given data.
Specified by:
verify in interface ISsfData
See Also:
ISsfData.verify(com.sap.security.api.ssf.ISsfPab, com.sap.security.core.server.ssf.SsfSigRcpList)

verify

public boolean verify(org.w3c.dom.Element sigHome,
                      ISsfPab pab,
                      SsfSigRcpList sigList,
                      SsfRefXMLList refList,
                      java.security.cert.X509Certificate cert)
               throws SsfInvalidDataException
Verifies a digital signature of the given data and restores the original data
Parameters:
sigHome - element which holds the signature to be verified
pab - personal address book containing trusted certificates (if null, all certificates are considered as trusted, i.e. the signer certificates must be validated by the caller)
sigList - list of signer information (may be null)
refList - list of reference information (may be null)
cert - certificate to be used for verification (if null, use certificate included in signed data)
Returns:
true if signature could be verified
Throws:
SsfInvalidDataException - if given data is not digitally signed

verifyData

public static boolean verifyData(org.w3c.dom.Element sigHome,
                                 ISsfPab pab,
                                 SsfSigRcpList sigList,
                                 SsfRefXMLList refList,
                                 java.security.cert.X509Certificate cert)
                          throws SsfInvalidDataException
Verifies a signed data element
Parameters:
sigHome - element which holds the signature to be verified
pab - personal address book containing trusted certificates (if null, all certificates are considered as trusted, i.e. the signer certificates must be validated by the caller)
sigList - list of signer information (may be null)
refList - list of reference information (may be null)
cert - certificate to be used for verification (if null, use certificate included in signed data)
Returns:
true if signature could be verified
Throws:
SsfInvalidDataException - if given data is not digitally signed

encrypt

public boolean encrypt(SsfSigRcpList rcpList,
                       ISsfPab pab)
                throws SsfInvalidKeyException
Description copied from interface: ISsfData
Encrypts the given data.
Specified by:
encrypt in interface ISsfData
See Also:
ISsfData.encrypt(com.sap.security.core.server.ssf.SsfSigRcpList, com.sap.security.api.ssf.ISsfPab)

encrypt

public boolean encrypt(SsfSigRcpList rcpList,
                       ISsfPab pab,
                       java.lang.String symAlg)
                throws SsfInvalidKeyException,
                       SsfInvalidAlgException
Description copied from interface: ISsfData
Encrypts the given data.
Specified by:
encrypt in interface ISsfData
See Also:
ISsfData.encrypt(com.sap.security.core.server.ssf.SsfSigRcpList, com.sap.security.api.ssf.ISsfPab)

encrypt

public boolean encrypt(org.w3c.dom.Element keyParent,
                       SsfRefXMLList refList,
                       SsfSigRcpList rcpList,
                       ISsfPab pab,
                       java.lang.String symAlgURI)
                throws SsfInvalidKeyException,
                       SsfInvalidAlgException
Encrypts the given data.
Parameters:
keyParent - parent element for the encrypted key (if null, the encrypted key is child of encrypted data)
refList - list of references to be encrypted
rcpList - list of recipients of encrypted data
pab - personal address book containing the certificate of the recipient (if null, all certificates are considered as trusted)
symAlgURI - URI of symmetric encryption algorithm
Returns:
true if data could be encrypted for all recipients
Throws:
SsfInvalidKeyException - if invalid key is used
SsfInvalidAlgException - if invalid algorithm is used

encryptKey

public static boolean encryptKey(org.w3c.dom.Element keyParent,
                                 java.security.Key key,
                                 java.security.cert.X509Certificate cert,
                                 java.lang.String id,
                                 SsfRefXMLList refList)
Create and insert an encrypted key element
Parameters:
keyParent - Parent element of encrypted key
key - The key to be encrypted
cert - The X509 containing the public key used for encryption
id - String holding the id of the encrypted key element (or null)
refList - SsfRefXMLList holding a list of data references (or null)
Returns:
true if encrypted key was created

encryptData

public static org.w3c.dom.Element encryptData(org.w3c.dom.Element encHome,
                                              boolean contentOnly,
                                              java.security.Key symKey,
                                              java.lang.String symAlgURI,
                                              java.lang.String id)
Encrypts an element and replaces the element or its content by an encrypted data element
Parameters:
encHome - Element to be encrypted
contentOnly - if true, encrypt content of encHome only
symKey - Symmetric key used for encryption
symAlgURI - URI of algorithm of symmetric key
id - String holding the id of the encrypted data element (or null)
Returns:
Encrypted data element (or null)

decrypt

public boolean decrypt(ISsfProfile profile)
                throws SsfInvalidKeyException,
                       SsfInvalidDataException
Description copied from interface: ISsfData
Decrypts the given data.
Specified by:
decrypt in interface ISsfData
See Also:
ISsfData.decrypt(com.sap.security.api.ssf.ISsfProfile)

decrypt

public boolean decrypt(org.w3c.dom.Element encData,
                       ISsfProfile profile,
                       java.security.Key key)
                throws SsfInvalidAlgException,
                       SsfInvalidKeyException,
                       SsfInvalidDataException
Decrypts an encrypted data element.
Parameters:
encData - The encrypted data element
profile - containing the private key of the recipient
key - symmetric key to be used for decryption (if null, use key included in encrypted data)
Returns:
true if encrypted data could be decrypted
Throws:
SsfInvalidAlgException - if invalid algorithm is used
SsfInvalidKeyException - if invalid key is used
SsfInvalidDataException - if given data is not encrypted

decryptKey

public static java.security.Key decryptKey(org.w3c.dom.Element encKey,
                                           ISsfProfile prof,
                                           java.lang.String symAlgURI,
                                           java.util.ArrayList dataRefList)
                                    throws SsfInvalidAlgException
Decrypts an encrypted symmetric key
Parameters:
encKey - EncryptedKey element
prof - SSF profile containing the private key used for decryption
symAlgURI - URI of algorithm of symmetric key
dataRefList - Output list of data references included (might be null)
Returns:
symmetric key or null, if decryption failed
Throws:
SsfInvalidAlgException - if invalid algorithm URI was used

decryptData

public static boolean decryptData(org.w3c.dom.Element encData,
                                  java.security.Key symKey,
                                  java.lang.String symAlgURI)
Decrypts and restores an encrypted data element.
Parameters:
encData - EncryptedData element
symKey - Symmetric key used for decryption
symAlgURI - URI of algorithm of symmetric key
Returns:
true, if decryption was successful

writeTo

public boolean writeTo(java.io.OutputStream out)
                throws java.io.IOException
Description copied from interface: ISsfData
Writes the changed data to an output stream
Specified by:
writeTo in interface ISsfData
See Also:
ISsfData.writeTo(java.io.OutputStream)

getDataXML

public org.w3c.dom.Element getDataXML()
Get XML element which results from previous operations
Returns:
XML element

toString

public java.lang.String toString()
Get parsed XML data (might be large!)
Overrides:
toString in class java.lang.Object
Returns:
string containing the XML data

setCanonicalizationAlgorithm

public boolean setCanonicalizationAlgorithm(java.lang.String canonAlgURI)
Set algorithm which is used for canonicalization of SignedInfo element (default. SsfRefXMLInfo.TRANS_C14N_OMIT_COMMENTS
Parameters:
canonAlgURI - URI of canonicalization algorithm
Returns:
true if canonicalization algorithm could be set

getCanonicalizationAlgorithm

public java.lang.String getCanonicalizationAlgorithm()
Get algorithm which is used for canonicalization of SignedInfo element
Returns:
URI of canonicalization algorithm
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD