xmlsignaturefactory.java

Mobile 应用程序使用 Java Micro Edition (Java ME) 平台

/*
 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
 */
/*
 * $Id: XMLSignatureFactory.java,v 1.14 2005/09/15 14:29:01 mullan Exp $
 */
package javax.xml.crypto.dsig;

import javax.xml.crypto.Data;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.NoSuchMechanismException;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.*;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.dom.DOMSignContext;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.List;

import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;

/**
 * A factory for creating {@link XMLSignature} objects from scratch or 
 * for unmarshalling an <code>XMLSignature</code> object from a corresponding
 * XML representation.
 *
 * <h2>XMLSignatureFactory Type</h2>
 *
 * <p>Each instance of <code>XMLSignatureFactory</code> supports a specific
 * XML mechanism type. To create an <code>XMLSignatureFactory</code>, call one
 * of the static {@link #getInstance getInstance} methods, passing in the XML 
 * mechanism type desired, for example:
 *
 * <blockquote><code>
 * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
 * </code></blockquote>
 *
 * <p>The objects that this factory produces will be based
 * on DOM and abide by the DOM interoperability requirements as defined in the
 * <a href="../../../../../technotes/guides/security/xmldsig/overview.html#DOM Mechanism Requirements">
 * DOM Mechanism Requirements</a> section of the API overview. See the
 * <a href="../../../../../technotes/guides/security/xmldsig/overview.html#Service Provider">
 * Service Providers</a> section of the API overview for a list of standard 
 * mechanism types.
 *
 * <p><code>XMLSignatureFactory</code> implementations are registered and loaded
 * using the {@link java.security.Provider} mechanism.  
 * For example, a service provider that supports the
 * DOM mechanism would be specified in the <code>Provider</code> subclass as:
 * <pre>
 *     put("XMLSignatureFactory.DOM", "org.example.DOMXMLSignatureFactory");
 * </pre>
 *
 * <p>An implementation MUST minimally support the default mechanism type: DOM. 
 *
 * <p>Note that a caller must use the same <code>XMLSignatureFactory</code>
 * instance to create the <code>XMLStructure</code>s of a particular 
 * <code>XMLSignature</code> that is to be generated. The behavior is
 * undefined if <code>XMLStructure</code>s from different providers or 
 * different mechanism types are used together.
 *
 * <p>Also, the <code>XMLStructure</code>s that are created by this factory
 * may contain state specific to the <code>XMLSignature</code> and are not
 * intended to be reusable.
 *
 * <h2>Creating XMLSignatures from scratch</h2>
 *
 * <p>Once the <code>XMLSignatureFactory</code> has been created, objects
 * can be instantiated by calling the appropriate method. For example, a
 * {@link Reference} instance may be created by invoking one of the
 * {@link #newReference newReference} methods.
 *
 * <h2>Unmarshalling XMLSignatures from XML</h2>
 *
 * <p>Alternatively, an <code>XMLSignature</code> may be created from an
 * existing XML representation by invoking the {@link #unmarshalXMLSignature
 * unmarshalXMLSignature} method and passing it a mechanism-specific 
 * {@link XMLValidateContext} instance containing the XML content:
 *
 * <pre>
 * DOMValidateContext context = new DOMValidateContext(key, signatureElement);
 * XMLSignature signature = factory.unmarshalXMLSignature(context);
 * </pre>
 *
 * Each <code>XMLSignatureFactory</code> must support the required 
 * <code>XMLValidateContext</code> types for that factory type, but may support 
 * others. A DOM <code>XMLSignatureFactory</code> must support {@link 
 * DOMValidateContext} objects.
 * 
 * <h2>Signing and marshalling XMLSignatures to XML</h2>
 *
 * Each <code>XMLSignature</code> created by the factory can also be 
 * marshalled to an XML representation and signed, by invoking the 
 * {@link XMLSignature#sign sign} method of the 
 * {@link XMLSignature} object and passing it a mechanism-specific 
 * {@link XMLSignContext} object containing the signing key and 
 * marshalling parameters (see {@link DOMSignContext}).
 * For example: 
 *
 * <pre>
 *    DOMSignContext context = new DOMSignContext(privateKey, document);
 *    signature.sign(context);
 * </pre>
 *
 * <b>Concurrent Access</b>
 * <p>The static methods of this class are guaranteed to be thread-safe. 
 * Multiple threads may concurrently invoke the static methods defined in this 
 * class with no ill effects. 
 *
 * <p>However, this is not true for the non-static methods defined by this 
 * class. Unless otherwise documented by a specific provider, threads that 
 * need to access a single <code>XMLSignatureFactory</code> instance 
 * concurrently should synchronize amongst themselves and provide the 
 * necessary locking. Multiple threads each manipulating a different 
 * <code>XMLSignatureFactory</code> instance need not synchronize. 
 *
 * @author Sean Mullan
 * @author JSR 105 Expert Group
 * @since 1.6
 */
public abstract class XMLSignatureFactory {

    private String mechanismType;
    private Provider provider;

    /**
     * Default constructor, for invocation by subclasses.
     */
    protected XMLSignatureFactory() {}

    /**
     * Returns an <code>XMLSignatureFactory</code> that supports the
     * specified XML processing mechanism and representation type (ex: "DOM").
     *
     * <p>This method uses the standard JCA provider lookup mechanism to
     * locate and instantiate an <code>XMLSignatureFactory</code> 
     * implementation of the desired mechanism type. It traverses the list of 
     * registered security <code>Provider</code>s, starting with the most 
     * preferred <code>Provider</code>.  A new <code>XMLSignatureFactory</code> 
     * object from the first <code>Provider</code> that supports the specified 
     * mechanism is returned. 
     *
     * <p>Note that the list of registered providers may be retrieved via 
     * the {@link Security#getProviders() Security.getProviders()} method. 
     *
     * @param mechanismType the type of the XML processing mechanism and
     *    representation. See the <a 
     *    href="../../../../../technotes/guides/security/xmldsig/overview.html#Service Provider">
     *    Service Providers</a> section of the API overview for a list of 
     *    standard mechanism types.
     * @return a new <code>XMLSignatureFactory</code>
     * @throws NullPointerException if <code>mechanismType</code> is 
     *    <code>null</code>
     * @throws NoSuchMechanismException if no <code>Provider</code> supports an 
     *    <code>XMLSignatureFactory</code> implementation for the specified 
     *    mechanism
     * @see Provider
     */
    public static XMLSignatureFactory getInstance(String mechanismType) {
	if (mechanismType == null) {
	    throw new NullPointerException("mechanismType cannot be null");
	}
	Instance instance;
	try {
	    instance = GetInstance.getInstance
	        ("XMLSignatureFactory", null, mechanismType);
	} catch (NoSuchAlgorithmException nsae) {
	    throw new NoSuchMechanismException(nsae);
	}
	XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
	factory.mechanismType = mechanismType;
	factory.provider = instance.provider;
	return factory;
    }

    /**
     * Returns an <code>XMLSignatureFactory</code> that supports the
     * requested XML processing mechanism and representation type (ex: "DOM"),
     * as supplied by the specified provider. Note that the specified 
     * <code>Provider</code> object does not have to be registered in the 
     * provider list. 
     *
     * @param mechanismType the type of the XML processing mechanism and
     *    representation. See the <a 
     *    href="../../../../../technotes/guides/security/xmldsig/overview.html#Service Provider">
     *    Service Providers</a> section of the API overview for a list of 
     *    standard mechanism types.
     * @param provider the <code>Provider</code> object
     * @return a new <code>XMLSignatureFactory</code>
     * @throws NullPointerException if <code>provider</code> or 
     *    <code>mechanismType</code> is <code>null</code>
     * @throws NoSuchMechanismException if an <code>XMLSignatureFactory</code> 
     *   implementation for the specified mechanism is not available 
     *   from the specified <code>Provider</code> object
     * @see Provider
     */
    public static XMLSignatureFactory getInstance(String mechanismType,
	Provider provider) { 
	if (mechanismType == null) {
	    throw new NullPointerException("mechanismType cannot be null");
	} else if (provider == null) {
	    throw new NullPointerException("provider cannot be null");
	}

	Instance instance;
	try {
	    instance = GetInstance.getInstance
	        ("XMLSignatureFactory", null, mechanismType, provider);
	} catch (NoSuchAlgorithmException nsae) {
	    throw new NoSuchMechanismException(nsae);
	}
	XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
	factory.mechanismType = mechanismType;
	factory.provider = instance.provider;
	return factory;
    }    

    /**
     * Returns an <code>XMLSignatureFactory</code> that supports the
     * requested XML processing mechanism and representation type (ex: "DOM"),
     * as supplied by the specified provider. The specified provider must be 
     * registered in the security provider list. 
     *
     * <p>Note that the list of registered providers may be retrieved via 
     * the {@link Security#getProviders() Security.getProviders()} method.
     *
     * @param mechanismType the type of the XML processing mechanism and
     *    representation. See the <a 
     *    href="../../../../../technotes/guides/security/xmldsig/overview.html#Service Provider">
     *    Service Providers</a> section of the API overview for a list of 
     *    standard mechanism types.
     * @param provider the string name of the provider
     * @return a new <code>XMLSignatureFactory</code>
     * @throws NoSuchProviderException if the specified provider is not 
     *    registered in the security provider list
     * @throws NullPointerException if <code>provider</code> or 
     *    <code>mechanismType</code> is <code>null</code>
     * @throws NoSuchMechanismException if an <code>XMLSignatureFactory</code> 
     *    implementation for the specified mechanism is not 
     *    available from the specified provider
     * @see Provider
     */
    public static XMLSignatureFactory getInstance(String mechanismType,
	String provider) throws NoSuchProviderException {
	if (mechanismType == null) {
	    throw new NullPointerException("mechanismType cannot be null");
	} else if (provider == null) {
	    throw new NullPointerException("provider cannot be null");
	} else if (provider.length() == 0) {