public class SsfDataXML extends Object implements ISsfData
ALG_AES128_CBC, ALG_AES192_CBC, ALG_AES256_CBC, ALG_DES_EDE3_CBC, ALG_MD5, ALG_RC2_40_CBC, ALG_RC2_CBC, ALG_SHA, ALG_SHA256, ALG_SHA512, INC_CERT_CHAIN, INC_CERT_CHAIN_ROOT, INC_CERT_NONE, INC_CERT_OWN, PS_OAEP, PS_OAEPWithSHA256AndMGF1Padding
Constructor and Description |
---|
SsfDataXML(Element el)
Define XML element to be signed, verified, encrypted or decrypted
|
SsfDataXML(InputStream in)
Read XML data to be signed, verified, encrypted or decrypted
|
Modifier and Type | Method and Description |
---|---|
boolean |
decrypt(Element encData,
ISsfProfile profile,
Key key)
Decrypts an encrypted data element.
|
boolean |
decrypt(ISsfProfile profile)
Decrypts the given data.
|
static boolean |
decryptData(Element encData,
Key symKey,
String symAlgURI)
Decrypts and restores an encrypted data element.
|
static Key |
decryptKey(Element encKey,
ISsfProfile prof,
String symAlgURI,
ArrayList dataRefList)
Decrypts an encrypted symmetric key
|
boolean |
encrypt(Element keyParent,
SsfRefXMLList refList,
SsfSigRcpList rcpList,
ISsfPab pab,
String symAlgURI)
Encrypts the given data.
|
boolean |
encrypt(SsfSigRcpList rcpList,
ISsfPab pab)
Encrypts the given data.
|
boolean |
encrypt(SsfSigRcpList rcpList,
ISsfPab pab,
String symAlg)
Encrypts the given data.
|
static Element |
encryptData(Element encHome,
boolean contentOnly,
Key symKey,
String symAlgURI,
String id)
Encrypts an element and replaces the element or its content
by an encrypted data element
|
static boolean |
encryptKey(Element keyParent,
Key key,
X509Certificate cert,
String id,
SsfRefXMLList refList)
Create and insert an encrypted key element
|
String |
getCanonicalizationAlgorithm()
Get algorithm which is used for canonicalization of SignedInfo element
|
Element |
getDataXML()
Get XML element which results from previous operations
|
boolean |
setCanonicalizationAlgorithm(String canonAlgURI)
Set algorithm which is used for canonicalization of SignedInfo element
(default.
|
boolean |
sign(Element sigHome,
SsfRefXMLList refList,
ISsfProfile profile,
int incCerts,
boolean detached)
Deprecated.
Use
sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile,
int incCerts, boolean detached, boolean incKeyName) instead |
boolean |
sign(Element sigHome,
SsfRefXMLList refList,
ISsfProfile profile,
int incCerts,
boolean detached,
boolean incKeyName)
Creates a digital signature of the given data
|
boolean |
sign(ISsfProfile profile)
Creates a digital siganture of the given data.
|
boolean |
sign(ISsfProfile profile,
String mdAlg,
int incCerts,
boolean detached)
Creates a digital siganture of the given data.
|
boolean |
sign(SsfRefXMLList refList,
ISsfProfile profile,
int incCerts,
boolean detached)
Deprecated.
Use
sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile,
int incCerts, boolean detached, boolean incKeyName) instead |
static boolean |
signData(Element sigHome,
SsfRefXMLList refList,
ISsfProfile profile,
int incCerts,
boolean incKeyName,
String canonAlgURI)
Creates a signed data element at a given home element
|
String |
toString()
Get parsed XML data (might be large!)
|
boolean |
verify(Element sigHome,
ISsfPab pab,
SsfSigRcpList sigList,
SsfRefXMLList refList,
X509Certificate cert)
Verifies a digital signature of the given data and restores the original data
|
boolean |
verify(ISsfPab pab,
SsfSigRcpList sigList)
Verifies a digital signature of the given data.
|
boolean |
verify(ISsfPab pab,
SsfSigRcpList sigList,
ISsfData input,
X509Certificate cert)
Verifies a digital signature of the given data.
|
static boolean |
verifyData(Element sigHome,
ISsfPab pab,
SsfSigRcpList sigList,
SsfRefXMLList refList,
X509Certificate cert)
Verifies a signed data element
|
boolean |
writeTo(OutputStream out)
Writes the changed data to an output stream
|
public SsfDataXML(InputStream in) throws IOException, SsfInvalidDataException
in
- input stream to read the dataIOException
- failed or interrupted I/O operationsSsfInvalidDataException
- if no XML data is suppliedpublic SsfDataXML(Element el) throws SsfInvalidDataException
el
- XML element to work onSsfInvalidDataException
- if no XML data is suppliedpublic boolean sign(ISsfProfile profile) throws SsfInvalidKeyException
ISsfData
sign
in interface ISsfData
profile
- containing the secret key of the signersign(profile, ALG_SHA, INC_CERT_CHAIN, false)
SsfInvalidKeyException
- if invalid key is usedISsfData.sign(com.sap.security.api.ssf.ISsfProfile)
public boolean sign(ISsfProfile profile, String mdAlg, int incCerts, boolean detached) throws SsfInvalidKeyException, SsfInvalidAlgException
ISsfData
sign
in interface ISsfData
profile
- containing the secret key of the signermdAlg
- message digest algorithm used to hash the dataincCerts
- determine if certificates should be includeddetached
- if true
do not include data into signaturetrue
if signature could be createdSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedISsfData.sign(com.sap.security.api.ssf.ISsfProfile)
public boolean sign(SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached) throws SsfInvalidKeyException, SsfInvalidAlgException
sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile,
int incCerts, boolean detached, boolean incKeyName)
insteadrefList
- list of references to be signedprofile
- containing the secret key of the signerincCerts
- determine if certificates should be includeddetached
- if true
do not include data into signaturetrue
if data could be digitally signedSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedpublic boolean sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached) throws SsfInvalidKeyException, SsfInvalidAlgException
sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile,
int incCerts, boolean detached, boolean incKeyName)
insteadsigHome
- element which will hold the signature (if null
,
append signed data as last child)refList
- list of references to be signedprofile
- containing the secret key of the signerincCerts
- determine if certificates should be includeddetached
- if true
do not include data into signaturetrue
if data could be digitally signedSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedpublic boolean sign(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean detached, boolean incKeyName) throws SsfInvalidKeyException, SsfInvalidAlgException
sigHome
- element which will hold the signature (if null
,
append signed data as last child)refList
- list of references to be signedprofile
- containing the secret key of the signerincCerts
- determine if certificates should be includeddetached
- if true
do not include data into signatureincKeyName
- if true
include KeyName to KeyInfotrue
if data could be digitally signedSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedpublic static boolean signData(Element sigHome, SsfRefXMLList refList, ISsfProfile profile, int incCerts, boolean incKeyName, String canonAlgURI) throws SsfInvalidKeyException, SsfInvalidAlgException
sigHome
- element which will hold the signaturerefList
- list of references to be signedprofile
- containing the secret key of the signerincCerts
- determine if certificates should be includedincKeyName
- if true
include KeyName to KeyInfocanonAlgURI
- URI of canonicalization algorithmtrue
if data could be digitally signedSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedpublic boolean verify(ISsfPab pab, SsfSigRcpList sigList) throws SsfInvalidDataException
ISsfData
verify
in interface ISsfData
pab
- personal address book containing trusted certificates (if
null
, all certificates are considered as trusted, i.e.
the signer certificates must be validated by the caller)sigList
- list of signer informationverify(pab, null, signer)
SsfInvalidDataException
- if given data is not digitally signedISsfData.verify(com.sap.security.api.ssf.ISsfPab, com.sap.security.core.server.ssf.SsfSigRcpList)
public boolean verify(ISsfPab pab, SsfSigRcpList sigList, ISsfData input, X509Certificate cert) throws SsfInvalidDataException
ISsfData
verify
in interface ISsfData
pab
- personal address book containing trusted certificates (if
null
, all certificates are considered as trusted, i.e.
the signer certificates must be validated by the caller)sigList
- list of signer informationinput
- unsigned data (provide only in case of detached signature,
in case of attached signature pass null
)cert
- certificate to be used for verification (if null
,
use certificate included in signed data)true
if (at least one) signature could be verifiedSsfInvalidDataException
- if given data is not digitally signedISsfData.verify(com.sap.security.api.ssf.ISsfPab, com.sap.security.core.server.ssf.SsfSigRcpList)
public boolean verify(Element sigHome, ISsfPab pab, SsfSigRcpList sigList, SsfRefXMLList refList, X509Certificate cert) throws SsfInvalidDataException
sigHome
- element which holds the signature to be verifiedpab
- personal address book containing trusted certificates
(if null
, all certificates are considered as trusted,
i.e. the signer certificates must be validated by the caller)sigList
- list of signer information (may be null
)refList
- list of reference information (may be null
)cert
- certificate to be used for verification (if null
,
use certificate included in signed data)true
if signature could be verifiedSsfInvalidDataException
- if given data is not digitally signedpublic static boolean verifyData(Element sigHome, ISsfPab pab, SsfSigRcpList sigList, SsfRefXMLList refList, X509Certificate cert) throws SsfInvalidDataException
sigHome
- element which holds the signature to be verifiedpab
- personal address book containing trusted certificates
(if null
, all certificates are considered as trusted,
i.e. the signer certificates must be validated by the caller)sigList
- list of signer information (may be null
)refList
- list of reference information (may be null
)cert
- certificate to be used for verification (if null
,
use certificate included in signed data)true
if signature could be verifiedSsfInvalidDataException
- if given data is not digitally signedpublic boolean encrypt(SsfSigRcpList rcpList, ISsfPab pab) throws SsfInvalidKeyException
ISsfData
encrypt
in interface ISsfData
rcpList
- list of recipients of encrypted datapab
- personal address book containing trusted certificatesencrypt(rcp, pab, ALG_AES128_CBC)
SsfInvalidKeyException
- if invalid key is usedISsfData.encrypt(com.sap.security.core.server.ssf.SsfSigRcpList, com.sap.security.api.ssf.ISsfPab)
public boolean encrypt(SsfSigRcpList rcpList, ISsfPab pab, String symAlg) throws SsfInvalidKeyException, SsfInvalidAlgException
ISsfData
encrypt
in interface ISsfData
rcpList
- list of recipients of encrypted datapab
- personal address book containing the certificate of the recipient
(if null
, all certificates are considered as trusted)symAlg
- name of symmetric encryption algorithmtrue
if data could be encrypted for all recipientsSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedISsfData.encrypt(com.sap.security.core.server.ssf.SsfSigRcpList, com.sap.security.api.ssf.ISsfPab)
public boolean encrypt(Element keyParent, SsfRefXMLList refList, SsfSigRcpList rcpList, ISsfPab pab, String symAlgURI) throws SsfInvalidKeyException, SsfInvalidAlgException
keyParent
- parent element for the encrypted key (if null
,
the encrypted key is child of encrypted data)refList
- list of references to be encryptedrcpList
- list of recipients of encrypted datapab
- personal address book containing the certificate of the recipient
(if null
, all certificates are considered as trusted)symAlgURI
- URI of symmetric encryption algorithmtrue
if data could be encrypted for all recipientsSsfInvalidKeyException
- if invalid key is usedSsfInvalidAlgException
- if invalid algorithm is usedpublic static boolean encryptKey(Element keyParent, Key key, X509Certificate cert, String id, SsfRefXMLList refList)
keyParent
- Parent element of encrypted keykey
- The key to be encryptedcert
- The X509 containing the public key used for encryptionid
- String holding the id of the encrypted key element (or null
)refList
- SsfRefXMLList holding a list of data references (or null
)true
if encrypted key was createdpublic static Element encryptData(Element encHome, boolean contentOnly, Key symKey, String symAlgURI, String id)
encHome
- Element to be encryptedcontentOnly
- if true
, encrypt content of encHome onlysymKey
- Symmetric key used for encryptionsymAlgURI
- URI of algorithm of symmetric keyid
- String holding the id of the encrypted data element (or null
)null
)public boolean decrypt(ISsfProfile profile) throws SsfInvalidKeyException, SsfInvalidDataException
ISsfData
decrypt
in interface ISsfData
profile
- containing the secret key of the recipienttrue
if encrypted data could be decryptedSsfInvalidKeyException
- if invalid key is usedSsfInvalidDataException
- if given data is not encryptedISsfData.decrypt(com.sap.security.api.ssf.ISsfProfile)
public boolean decrypt(Element encData, ISsfProfile profile, Key key) throws SsfInvalidAlgException, SsfInvalidKeyException, SsfInvalidDataException
encData
- The encrypted data elementprofile
- containing the private key of the recipientkey
- symmetric key to be used for decryption (if null
,
use key included in encrypted data)true
if encrypted data could be decryptedSsfInvalidAlgException
- if invalid algorithm is usedSsfInvalidKeyException
- if invalid key is usedSsfInvalidDataException
- if given data is not encryptedpublic static Key decryptKey(Element encKey, ISsfProfile prof, String symAlgURI, ArrayList dataRefList) throws SsfInvalidAlgException
encKey
- EncryptedKey elementprof
- SSF profile containing the private key used for decryptionsymAlgURI
- URI of algorithm of symmetric keydataRefList
- Output list of data references included (might be null
)null
, if decryption failedSsfInvalidAlgException
- if invalid algorithm URI was usedpublic static boolean decryptData(Element encData, Key symKey, String symAlgURI)
encData
- EncryptedData elementsymKey
- Symmetric key used for decryptionsymAlgURI
- URI of algorithm of symmetric keytrue
, if decryption was successfulpublic boolean writeTo(OutputStream out) throws IOException
ISsfData
writeTo
in interface ISsfData
out
- output streamtrue
if data could be writtenIOException
- if an I/O error occursISsfData.writeTo(java.io.OutputStream)
public Element getDataXML()
public String toString()
public boolean setCanonicalizationAlgorithm(String canonAlgURI)
SsfRefXMLInfo.TRANS_C14N_OMIT_COMMENTS
canonAlgURI
- URI of canonicalization algorithmtrue
if canonicalization algorithm could be setpublic String getCanonicalizationAlgorithm()
Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] CORE-TOOLS
|
[sap.com]
|
default
|
BC-JAS
|
[sap.com] ENGFACADE
|
[sap.com] tc/bl/security/lib
|
api
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
-
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
default
|
BC-JAS-SEC
|
Copyright 2018 SAP AG Complete Copyright Notice