This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new d9760b974 Moving WSSecSignature back to DOM module
d9760b974 is described below
commit d9760b97419bf0d765293804e74173a14bf6d359
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Wed Jul 9 08:07:06 2025 +0100
Moving WSSecSignature back to DOM module
---
.../integration/test/kerberos/KerberosTest.java | 2 +-
.../java/org/apache/wss4j/api/dom/WSConstants.java | 10 +-
.../wss4j/api/dom/message/WSSecSignatureBase.java | 252 ++++++++++++++++++
.../apache/wss4j/dom/action/SignatureAction.java | 2 +-
.../dom/action/UsernameTokenSignedAction.java | 2 +-
.../apache/wss4j}/dom/message/WSSecSignature.java | 284 ++-------------------
.../components/crypto/CertificateStoreTest.java | 2 +-
.../dom/components/crypto/CryptoProviderTest.java | 2 +-
.../wss4j/dom/components/crypto/CryptoTest.java | 2 +-
.../dom/handler/CustomActionProcessorTest.java | 2 +-
.../apache/wss4j/dom/message/AttachmentTest.java | 2 +-
.../apache/wss4j/dom/message/CertErrorTest.java | 2 +-
.../wss4j/dom/message/ModifiedRequestTest.java | 2 +-
.../dom/message/NoSoapPrefixSignatureTest.java | 2 +-
.../wss4j/dom/message/PasswordEncryptorTest.java | 2 +-
.../org/apache/wss4j/dom/message/ReplayTest.java | 2 +-
.../RequireSignedEncryptedDataElementsTest.java | 2 +-
.../apache/wss4j/dom/message/SKISignatureTest.java | 2 +-
.../apache/wss4j/dom/message/STRSignatureTest.java | 2 +-
.../dom/message/SecurityContextTokenTest.java | 2 +-
.../apache/wss4j/dom/message/SignatureAKITest.java | 2 +-
.../dom/message/SignatureAlgorithmSuiteTest.java | 2 +-
.../apache/wss4j/dom/message/SignatureCRLTest.java | 2 +-
.../dom/message/SignatureCertConstraintsTest.java | 2 +-
.../wss4j/dom/message/SignatureCertTest.java | 2 +-
.../wss4j/dom/message/SignatureEncryptionTest.java | 2 +-
.../SignatureIssuerCertConstraintsTest.java | 2 +-
.../wss4j/dom/message/SignatureKeyValueTest.java | 2 +-
.../wss4j/dom/message/SignaturePartsTest.java | 2 +-
.../wss4j/dom/message/SignaturePrefixListTest.java | 2 +-
.../wss4j/dom/message/SignatureProviderTest.java | 2 +-
.../apache/wss4j/dom/message/SignatureTest.java | 2 +-
.../wss4j/dom/message/SignatureWSS651Test.java | 2 +-
.../apache/wss4j/dom/message/SignedBSTTest.java | 2 +-
.../wss4j/dom/message/SymmetricSignatureTest.java | 2 +-
.../apache/wss4j/dom/message/UTSignatureTest.java | 2 +-
.../wss4j/dom/message/XOPAttachmentTest.java | 2 +-
.../wss4j/dom/message/token/BSTKerberosTest.java | 2 +-
.../apache/wss4j/dom/validate/ValidatorTest.java | 2 +-
.../common/saml/message/WSSecSignatureSAML.java | 4 +-
.../saml/dom/SamlTokenCustomSignatureTest.java | 2 +-
.../wss4j/common/saml/dom/ValidatorTest.java | 2 +-
.../wss4j/stax/test/SecurityContextTokenTest.java | 2 +-
.../wss4j/stax/test/SignatureEncryptionTest.java | 2 +-
.../org/apache/wss4j/stax/test/SignatureTest.java | 2 +-
45 files changed, 320 insertions(+), 312 deletions(-)
diff --git
a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
index 0c4b94335..640f5c0e1 100644
---
a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
+++
b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
@@ -58,7 +58,7 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.validate.KerberosTokenValidator;
import org.apache.wss4j.stax.ext.WSSConstants;
diff --git
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/WSConstants.java
b/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/WSConstants.java
index 85e2151d0..362fa182f 100644
---
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/WSConstants.java
+++
b/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/WSConstants.java
@@ -171,7 +171,7 @@ public final class WSConstants extends WSS4JConstants {
/**
* Sets the {@link
- * org.apache.wss4j.api.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
* } method to send the signing certificate as a
<code>BinarySecurityToken</code>.
* <p/>
* The signing method takes the signing certificate, converts it to a
@@ -191,7 +191,7 @@ public final class WSConstants extends WSS4JConstants {
/**
* Sets the {@link
- *org.apache.wss4j.api.dom.message.WSSecSignature#build(Crypto)
+ *org.apache.wss4j.dom.message.WSSecSignature#build(Crypto)
*} or the {@link
*org.apache.wss4j.dom.message.WSSecEncrypt#build(Crypto, SecretKey)
* } method to send the issuer name and the serial number of a certificate
to
@@ -211,7 +211,7 @@ public final class WSConstants extends WSS4JConstants {
/**
* Sets the {@link
- * org.apache.wss4j.api.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
* } or the {@link
* org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto,
WSSecHeader)
* }method to send the certificate used to encrypt the symmetric key.
@@ -231,7 +231,7 @@ public final class WSConstants extends WSS4JConstants {
/**
* Sets the {@link
- * org.apache.wss4j.api.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
* } method to send a <code>SubjectKeyIdentifier</code> to identify
* the signing certificate.
* <p/>
@@ -323,7 +323,7 @@ public final class WSConstants extends WSS4JConstants {
/**
- *Sets the {@link
org.apache.wss4j.api.dom.message.WSSecSignature#build(Crypto)}
+ *Sets the {@link
org.apache.wss4j.dom.message.WSSecSignature#build(Crypto)}
* or the {@link org.apache.wss4j.dom.message.WSSecEncrypt#build(Crypto,
SecretKey)}
* method to send the issuer name and the serial number of a certificate
to the receiver.
*<p/>
diff --git
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignatureBase.java
b/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignatureBase.java
index 4cf1147d4..2294ab0c0 100644
---
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignatureBase.java
+++
b/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignatureBase.java
@@ -21,6 +21,8 @@ package org.apache.wss4j.api.dom.message;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -29,14 +31,19 @@ import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.wss4j.api.dom.WSEncryptionPart;
import org.apache.wss4j.api.dom.callback.DOMCallbackLookup;
+import org.apache.wss4j.api.dom.token.SecurityTokenReference;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -59,14 +66,78 @@ public class WSSecSignatureBase extends WSSecBase {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(WSSecSignatureBase.class);
+ protected KeyInfo keyInfo;
+ protected XMLSignatureFactory signatureFactory;
+ protected byte[] secretKey;
+ protected String strUri;
+ protected Element bstToken;
+ protected boolean bstAddedToSecurityHeader;
+ protected String certUri;
+ protected String keyInfoUri;
+ protected SecurityTokenReference secRef;
+ protected CanonicalizationMethod c14nMethod;
+ protected XMLSignature sig;
+ protected byte[] signatureValue;
+ protected boolean useCustomSecRef;
+
private List<Element> clonedElements = new ArrayList<>();
+ private String sigAlgo;
+ private Element customKeyInfoElement;
+ private Provider signatureProvider;
+ private String canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
+ private boolean addInclusivePrefixes = true;
+ private String digestAlgo = WSConstants.SHA1;
public WSSecSignatureBase(WSSecHeader securityHeader) {
+ this(securityHeader, null);
+ }
+
+ public WSSecSignatureBase(WSSecHeader securityHeader, Provider provider) {
super(securityHeader);
+ init(provider);
}
public WSSecSignatureBase(Document doc) {
+ this(doc, null);
+ }
+
+ public WSSecSignatureBase(Document doc, Provider provider) {
super(doc);
+ init(provider);
+ }
+
+ private void init(Provider provider) {
+ if (provider == null) {
+ // Try to install the Santuario Provider - fall back to the JDK
provider if this does
+ // not work
+ try {
+ signatureFactory = XMLSignatureFactory.getInstance("DOM",
"ApacheXMLDSig");
+ } catch (NoSuchProviderException ex) {
+ signatureFactory = XMLSignatureFactory.getInstance("DOM");
+ }
+ } else {
+ signatureFactory = XMLSignatureFactory.getInstance("DOM",
provider);
+ }
+ }
+
+ /**
+ * This method adds references to the Signature.
+ *
+ * @param references The list of references to sign
+ * @throws WSSecurityException
+ */
+ public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(
+ List<WSEncryptionPart> references
+ ) throws WSSecurityException {
+ return
+ addReferencesToSign(
+ getDocument(),
+ references,
+ getWsDocInfo(),
+ signatureFactory,
+ addInclusivePrefixes,
+ digestAlgo
+ );
}
/**
@@ -369,4 +440,185 @@ public class WSSecSignatureBase extends WSSecBase {
}
}
}
+
+ /**
+ * Set the name (uri) of the signature encryption algorithm to use.
+ *
+ * If the algorithm is not set then an automatic detection of the signature
+ * algorithm to use is performed during the <code>prepare()</code>
+ * method. Refer to WSConstants which algorithms are supported.
+ *
+ * @param algo the name of the signature algorithm
+ * @see WSConstants#RSA
+ * @see WSConstants#DSA
+ */
+ public void setSignatureAlgorithm(String algo) {
+ sigAlgo = algo;
+ }
+
+ /**
+ * Get the name (uri) of the signature algorithm that is being used.
+ *
+ * Call this method after <code>prepare</code> to get the information
+ * which signature algorithm was automatically detected if no signature
+ * algorithm was preset.
+ *
+ * @return the identifier URI of the signature algorithm
+ */
+ public String getSignatureAlgorithm() {
+ return sigAlgo;
+ }
+
+ /**
+ * Prepend the BinarySecurityToken to the elements already in the Security
+ * header.
+ *
+ * The method can be called any time after <code>prepare()</code>.
+ * This allows to insert the BST element at any position in the Security
+ * header.
+ */
+ public void prependBSTElementToHeader() {
+ if (bstToken != null && !bstAddedToSecurityHeader) {
+ Element securityHeaderElement =
getSecurityHeader().getSecurityHeaderElement();
+ XMLUtils.prependChildElement(securityHeaderElement, bstToken);
+ bstAddedToSecurityHeader = true;
+ }
+ }
+
+ /**
+ * Append the BinarySecurityToken to the security header.
+ */
+ public void appendBSTElementToHeader() {
+ if (bstToken != null && !bstAddedToSecurityHeader) {
+ Element securityHeaderElement =
getSecurityHeader().getSecurityHeaderElement();
+ securityHeaderElement.appendChild(bstToken);
+ bstAddedToSecurityHeader = true;
+ }
+ }
+
+ public void setCustomKeyInfoElement(Element keyInfoElement) {
+ this.customKeyInfoElement = keyInfoElement;
+ }
+
+ public Element getCustomKeyInfoElement() {
+ return customKeyInfoElement;
+ }
+
+ public Provider getSignatureProvider() {
+ return signatureProvider;
+ }
+
+ public void setSignatureProvider(Provider signatureProvider) {
+ this.signatureProvider = signatureProvider;
+ }
+
+
+ /**
+ * Set the canonicalization method to use.
+ *
+ * If the canonicalization method is not set then the recommended Exclusive
+ * XML Canonicalization is used by default. Refer to WSConstants which
+ * algorithms are supported.
+ *
+ * @param algo Is the name of the signature algorithm
+ * @see WSConstants#C14N_OMIT_COMMENTS
+ * @see WSConstants#C14N_WITH_COMMENTS
+ * @see WSConstants#C14N_EXCL_OMIT_COMMENTS
+ * @see WSConstants#C14N_EXCL_WITH_COMMENTS
+ */
+ public void setSigCanonicalization(String algo) {
+ canonAlgo = algo;
+ }
+
+ /**
+ * Get the canonicalization method.
+ *
+ * If the canonicalization method was not set then Exclusive XML
+ * Canonicalization is used by default.
+ *
+ * @return The string describing the canonicalization algorithm.
+ */
+ public String getSigCanonicalization() {
+ return canonAlgo;
+ }
+
+ public boolean isAddInclusivePrefixes() {
+ return addInclusivePrefixes;
+ }
+
+ public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
+ this.addInclusivePrefixes = addInclusivePrefixes;
+ }
+
+ protected void marshalKeyInfo(WSDocInfo wsDocInfo) throws
WSSecurityException {
+ List<XMLStructure> kiChildren = null;
+ if (getCustomKeyInfoElement() == null) {
+ XMLStructure structure = new DOMStructure(secRef.getElement());
+ wsDocInfo.addTokenElement(secRef.getElement(), false);
+ kiChildren = Collections.singletonList(structure);
+ } else {
+ Node kiChild = getCustomKeyInfoElement().getFirstChild();
+ kiChildren = new ArrayList<>();
+ while (kiChild != null) {
+ kiChildren.add(new DOMStructure(kiChild));
+ kiChild = kiChild.getNextSibling();
+ }
+ }
+
+ KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
+ keyInfo = keyInfoFactory.newKeyInfo(kiChildren, keyInfoUri);
+ }
+
+ /**
+ * Get the SecurityTokenReference to be used in the KeyInfo element.
+ */
+ public SecurityTokenReference getSecurityTokenReference() {
+ return secRef;
+ }
+
+ /**
+ * Set the SecurityTokenReference to be used in the KeyInfo element. If
this
+ * method is not called, a SecurityTokenRefence will be generated.
+ */
+ public void setSecurityTokenReference(SecurityTokenReference secRef) {
+ useCustomSecRef = true;
+ this.secRef = secRef;
+ }
+
+ /**
+ * @return the digest algorithm to use
+ */
+ public String getDigestAlgo() {
+ return digestAlgo;
+ }
+
+ /**
+ * Set the string that defines which digest algorithm to use.
+ * The default is WSConstants.SHA1.
+ *
+ * @param digestAlgo the digestAlgo to set
+ */
+ public void setDigestAlgo(String digestAlgo) {
+ this.digestAlgo = digestAlgo;
+ }
+
+ /**
+ * Returns the computed Signature value.
+ *
+ * Call this method after <code>computeSignature()</code> or
<code>build()</code>
+ * methods were called.
+ *
+ * @return Returns the signatureValue.
+ */
+ public byte[] getSignatureValue() {
+ return signatureValue;
+ }
+
+ /**
+ * Set the secret key to use
+ * @param secretKey the secret key to use
+ */
+ public void setSecretKey(byte[] secretKey) {
+ this.secretKey = secretKey;
+ }
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
index 43c8eab9b..e23f83a3d 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
@@ -33,7 +33,7 @@ import org.apache.wss4j.api.dom.WSConstants;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.api.dom.action.Action;
import org.apache.wss4j.api.dom.action.ActionUtils;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
index c1e68d520..484ae421f 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
@@ -36,7 +36,7 @@ import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.api.dom.action.Action;
import org.apache.wss4j.api.dom.action.ActionUtils;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
diff --git
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignature.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
similarity index 76%
rename from
ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignature.java
rename to
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
index 2bfcbf931..4f3468ec3 100644
---
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/message/WSSecSignature.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
@@ -17,27 +17,19 @@
* under the License.
*/
-package org.apache.wss4j.api.dom.message;
+package org.apache.wss4j.dom.message;
-import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignContext;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
@@ -61,6 +53,8 @@ import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.WSConstants;
import org.apache.wss4j.api.dom.WSDocInfo;
+import org.apache.wss4j.api.dom.message.WSSecHeader;
+import org.apache.wss4j.api.dom.message.WSSecSignatureBase;
import org.apache.wss4j.api.dom.message.token.KerberosSecurity;
import org.apache.wss4j.api.dom.transform.STRTransform;
import org.w3c.dom.Document;
@@ -83,41 +77,20 @@ public class WSSecSignature extends WSSecSignatureBase {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(WSSecSignature.class);
- protected XMLSignatureFactory signatureFactory;
- protected KeyInfo keyInfo;
- protected CanonicalizationMethod c14nMethod;
- protected XMLSignature sig;
- protected byte[] secretKey;
- protected String strUri;
- protected Element bstToken;
- protected String keyInfoUri;
- protected String certUri;
- protected byte[] signatureValue;
-
private boolean useSingleCert = true;
- private String sigAlgo;
- private String canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
- private SecurityTokenReference secRef;
private String customTokenValueType;
private String customTokenId;
private String encrKeySha1value;
private Crypto crypto;
- private String digestAlgo = WSConstants.SHA1;
private X509Certificate useThisCert;
- private boolean useCustomSecRef;
- private boolean bstAddedToSecurityHeader;
private boolean includeSignatureToken;
- private boolean addInclusivePrefixes = true;
- private Element customKeyInfoElement;
- private Provider signatureProvider;
public WSSecSignature(WSSecHeader securityHeader) {
this(securityHeader, null);
}
public WSSecSignature(WSSecHeader securityHeader, Provider provider) {
- super(securityHeader);
- init(provider);
+ super(securityHeader, provider);
}
public WSSecSignature(Document doc) {
@@ -125,22 +98,7 @@ public class WSSecSignature extends WSSecSignatureBase {
}
public WSSecSignature(Document doc, Provider provider) {
- super(doc);
- init(provider);
- }
-
- private void init(Provider provider) {
- if (provider == null) {
- // Try to install the Santuario Provider - fall back to the JDK
provider if this does
- // not work
- try {
- signatureFactory = XMLSignatureFactory.getInstance("DOM",
"ApacheXMLDSig");
- } catch (NoSuchProviderException ex) {
- signatureFactory = XMLSignatureFactory.getInstance("DOM");
- }
- } else {
- signatureFactory = XMLSignatureFactory.getInstance("DOM",
provider);
- }
+ super(doc, provider);
}
/**
@@ -177,14 +135,14 @@ public class WSSecSignature extends WSSecSignatureBase {
try {
C14NMethodParameterSpec c14nSpec = null;
- if (addInclusivePrefixes &&
canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+ if (isAddInclusivePrefixes() &&
getSigCanonicalization().equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
Element securityHeaderElement =
getSecurityHeader().getSecurityHeaderElement();
List<String> prefixes =
getInclusivePrefixes(securityHeaderElement, false);
c14nSpec = new ExcC14NParameterSpec(prefixes);
}
- c14nMethod = signatureFactory.newCanonicalizationMethod(canonAlgo,
c14nSpec);
+ c14nMethod =
signatureFactory.newCanonicalizationMethod(getSigCanonicalization(), c14nSpec);
} catch (Exception ex) {
LOG.error("", ex);
throw new WSSecurityException(
@@ -193,7 +151,7 @@ public class WSSecSignature extends WSSecSignatureBase {
}
keyInfoUri = getIdAllocator().createSecureId("KI-", keyInfo);
- if (!useCustomSecRef && customKeyInfoElement == null) {
+ if (!useCustomSecRef && getCustomKeyInfoElement() == null) {
secRef = new SecurityTokenReference(getDocument());
strUri = getIdAllocator().createSecureId("STR-", secRef);
secRef.addWSSENamespace();
@@ -358,25 +316,6 @@ public class WSSecSignature extends WSSecSignatureBase {
}
}
- protected void marshalKeyInfo(WSDocInfo wsDocInfo) throws
WSSecurityException {
- List<XMLStructure> kiChildren = null;
- if (customKeyInfoElement == null) {
- XMLStructure structure = new DOMStructure(secRef.getElement());
- wsDocInfo.addTokenElement(secRef.getElement(), false);
- kiChildren = Collections.singletonList(structure);
- } else {
- Node kiChild = customKeyInfoElement.getFirstChild();
- kiChildren = new ArrayList<>();
- while (kiChild != null) {
- kiChildren.add(new DOMStructure(kiChild));
- kiChild = kiChild.getNextSibling();
- }
- }
-
- KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
- keyInfo = keyInfoFactory.newKeyInfo(kiChildren, keyInfoUri);
- }
-
/**
* Builds a signed soap envelope.
*
@@ -426,27 +365,6 @@ public class WSSecSignature extends WSSecSignatureBase {
return getDocument();
}
-
- /**
- * This method adds references to the Signature.
- *
- * @param references The list of references to sign
- * @throws WSSecurityException
- */
- public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(
- List<WSEncryptionPart> references
- ) throws WSSecurityException {
- return
- addReferencesToSign(
- getDocument(),
- references,
- getWsDocInfo(),
- signatureFactory,
- addInclusivePrefixes,
- digestAlgo
- );
- }
-
/**
* Returns the SignatureElement.
* The method can be called any time after <code>prepare()</code>.
@@ -512,33 +430,6 @@ public class WSSecSignature extends WSSecSignatureBase {
bstAddedToSecurityHeader = false;
}
- /**
- * Prepend the BinarySecurityToken to the elements already in the Security
- * header.
- *
- * The method can be called any time after <code>prepare()</code>.
- * This allows to insert the BST element at any position in the Security
- * header.
- */
- public void prependBSTElementToHeader() {
- if (bstToken != null && !bstAddedToSecurityHeader) {
- Element securityHeaderElement =
getSecurityHeader().getSecurityHeaderElement();
- XMLUtils.prependChildElement(securityHeaderElement, bstToken);
- bstAddedToSecurityHeader = true;
- }
- }
-
- /**
- * Append the BinarySecurityToken to the security header.
- */
- public void appendBSTElementToHeader() {
- if (bstToken != null && !bstAddedToSecurityHeader) {
- Element securityHeaderElement =
getSecurityHeader().getSecurityHeaderElement();
- securityHeaderElement.appendChild(bstToken);
- bstAddedToSecurityHeader = true;
- }
- }
-
/**
* Compute the Signature over the references. The signature element will be
* prepended to the security header.
@@ -578,10 +469,10 @@ public class WSSecSignature extends WSSecSignatureBase {
if (secretKey == null) {
key = crypto.getPrivateKey(user, password);
} else {
- key = KeyUtils.prepareSecretKey(sigAlgo, secretKey);
+ key = KeyUtils.prepareSecretKey(getSignatureAlgorithm(),
secretKey);
}
SignatureMethod signatureMethod =
- signatureFactory.newSignatureMethod(sigAlgo, null);
+ signatureFactory.newSignatureMethod(getSignatureAlgorithm(),
null);
SignedInfo signedInfo =
signatureFactory.newSignedInfo(c14nMethod, signatureMethod,
referenceList);
@@ -613,12 +504,12 @@ public class WSSecSignature extends WSSecSignatureBase {
} else {
signContext = new DOMSignContext(key, securityHeaderElement);
}
- if (signatureProvider != null) {
-
signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
signatureProvider);
+ if (getSignatureProvider() != null) {
+
signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
getSignatureProvider());
}
signContext.putNamespacePrefix(WSConstants.SIG_NS,
WSConstants.SIG_PREFIX);
- if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
+ if
(WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(getSigCanonicalization())) {
signContext.putNamespacePrefix(
WSConstants.C14N_EXCL_OMIT_COMMENTS,
WSConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX
@@ -660,93 +551,6 @@ public class WSSecSignature extends WSSecSignatureBase {
return useSingleCert;
}
- /**
- * Set the name (uri) of the signature encryption algorithm to use.
- *
- * If the algorithm is not set then an automatic detection of the signature
- * algorithm to use is performed during the <code>prepare()</code>
- * method. Refer to WSConstants which algorithms are supported.
- *
- * @param algo the name of the signature algorithm
- * @see WSConstants#RSA
- * @see WSConstants#DSA
- */
- public void setSignatureAlgorithm(String algo) {
- sigAlgo = algo;
- }
-
- /**
- * Get the name (uri) of the signature algorithm that is being used.
- *
- * Call this method after <code>prepare</code> to get the information
- * which signature algorithm was automatically detected if no signature
- * algorithm was preset.
- *
- * @return the identifier URI of the signature algorithm
- */
- public String getSignatureAlgorithm() {
- return sigAlgo;
- }
-
- /**
- * Set the canonicalization method to use.
- *
- * If the canonicalization method is not set then the recommended Exclusive
- * XML Canonicalization is used by default. Refer to WSConstants which
- * algorithms are supported.
- *
- * @param algo Is the name of the signature algorithm
- * @see WSConstants#C14N_OMIT_COMMENTS
- * @see WSConstants#C14N_WITH_COMMENTS
- * @see WSConstants#C14N_EXCL_OMIT_COMMENTS
- * @see WSConstants#C14N_EXCL_WITH_COMMENTS
- */
- public void setSigCanonicalization(String algo) {
- canonAlgo = algo;
- }
-
- /**
- * Get the canonicalization method.
- *
- * If the canonicalization method was not set then Exclusive XML
- * Canonicalization is used by default.
- *
- * @return The string describing the canonicalization algorithm.
- */
- public String getSigCanonicalization() {
- return canonAlgo;
- }
-
- /**
- * @return the digest algorithm to use
- */
- public String getDigestAlgo() {
- return digestAlgo;
- }
-
- /**
- * Set the string that defines which digest algorithm to use.
- * The default is WSConstants.SHA1.
- *
- * @param digestAlgo the digestAlgo to set
- */
- public void setDigestAlgo(String digestAlgo) {
- this.digestAlgo = digestAlgo;
- }
-
-
- /**
- * Returns the computed Signature value.
- *
- * Call this method after <code>computeSignature()</code> or
<code>build()</code>
- * methods were called.
- *
- * @return Returns the signatureValue.
- */
- public byte[] getSignatureValue() {
- return signatureValue;
- }
-
/**
* Get the id generated during <code>prepare()</code>.
*
@@ -775,14 +579,6 @@ public class WSSecSignature extends WSSecSignatureBase {
return bstToken.getAttributeNS(WSS4JConstants.WSU_NS, "Id");
}
- /**
- * Set the secret key to use
- * @param secretKey the secret key to use
- */
- public void setSecretKey(byte[] secretKey) {
- this.secretKey = secretKey;
- }
-
/**
* Set the custom token value type to use
* @param customTokenValueType the custom token value type to use
@@ -836,22 +632,6 @@ public class WSSecSignature extends WSSecSignatureBase {
return strUri;
}
- /**
- * Get the SecurityTokenReference to be used in the KeyInfo element.
- */
- public SecurityTokenReference getSecurityTokenReference() {
- return secRef;
- }
-
- /**
- * Set the SecurityTokenReference to be used in the KeyInfo element. If
this
- * method is not called, a SecurityTokenRefence will be generated.
- */
- public void setSecurityTokenReference(SecurityTokenReference secRef) {
- useCustomSecRef = true;
- this.secRef = secRef;
- }
-
/**
* Set up the X509 Certificate(s) for signing.
*/
@@ -882,21 +662,21 @@ public class WSSecSignature extends WSSecSignatureBase {
// If no signature algorithm was set try to detect it according to
the
// data stored in the certificate.
//
- if (sigAlgo == null) {
+ if (getSignatureAlgorithm() == null) {
String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
LOG.debug("Automatic signature algorithm detection: {}",
pubKeyAlgo);
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
- sigAlgo = WSConstants.DSA;
+ setSignatureAlgorithm(WSConstants.DSA);
} else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
- sigAlgo = WSConstants.RSA;
+ setSignatureAlgorithm(WSConstants.RSA);
} else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
- sigAlgo = WSConstants.ECDSA_SHA256;
+ setSignatureAlgorithm(WSConstants.ECDSA_SHA256);
} else if (pubKeyAlgo.equalsIgnoreCase("Ed25519")) {
- sigAlgo = WSConstants.ED25519;
+ setSignatureAlgorithm(WSConstants.ED25519);
} else if (pubKeyAlgo.equalsIgnoreCase("ED448")) {
- sigAlgo = WSConstants.ED448;
+ setSignatureAlgorithm(WSConstants.ED448);
} else if (pubKeyAlgo.equalsIgnoreCase("EdDSA")) {
- sigAlgo =
getSigAlgorithmForEdDSAKey(certs[0].getPublicKey());
+
setSignatureAlgorithm(getSigAlgorithmForEdDSAKey(certs[0].getPublicKey()));
} else {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
@@ -961,30 +741,6 @@ public class WSSecSignature extends WSSecSignatureBase {
this.includeSignatureToken = includeSignatureToken;
}
- public boolean isAddInclusivePrefixes() {
- return addInclusivePrefixes;
- }
-
- public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
- this.addInclusivePrefixes = addInclusivePrefixes;
- }
-
- public void setCustomKeyInfoElement(Element keyInfoElement) {
- this.customKeyInfoElement = keyInfoElement;
- }
-
- public Element getCustomKeyInfoElement() {
- return customKeyInfoElement;
- }
-
- public Provider getSignatureProvider() {
- return signatureProvider;
- }
-
- public void setSignatureProvider(Provider signatureProvider) {
- this.signatureProvider = signatureProvider;
- }
-
public String getKeyInfoUri() {
return keyInfoUri;
}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
index 40ae6eada..0282f7217 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
@@ -36,7 +36,7 @@ import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
index 08dee4419..dfb192468 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
@@ -31,7 +31,7 @@ import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Test;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
index 5330a51dd..d3ae74cca 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
@@ -35,7 +35,7 @@ import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomActionProcessorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomActionProcessorTest.java
index af5e2b3ce..6c16ae0ac 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomActionProcessorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomActionProcessorTest.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
index 43e000217..fb1d46c10 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
@@ -42,7 +42,7 @@ import org.apache.wss4j.api.dom.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.AttachmentResultCallback;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
index 441660dfc..f45d82b4f 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.junit.jupiter.api.Test;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.w3c.dom.Document;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
index f36a940e0..e79ba4644 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
@@ -42,7 +42,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.api.dom.message.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/NoSoapPrefixSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/NoSoapPrefixSignatureTest.java
index 5dbc7d812..f809b91fc 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/NoSoapPrefixSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/NoSoapPrefixSignatureTest.java
@@ -29,7 +29,7 @@ import org.junit.jupiter.api.Test;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.util.XMLUtils;
import org.w3c.dom.Document;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
index 374b2aa45..39f07b917 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
@@ -31,7 +31,7 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.SOAPUtil;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
index 0de6e6fae..9f354ba63 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
@@ -38,7 +38,7 @@ import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.RequestData;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
index 841029bf6..9a765f8bd 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
@@ -38,7 +38,7 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SKISignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SKISignatureTest.java
index e34e60c5c..9c459ae70 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SKISignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SKISignatureTest.java
@@ -26,7 +26,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/STRSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/STRSignatureTest.java
index bdd0f1764..774ac5bdb 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/STRSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/STRSignatureTest.java
@@ -31,7 +31,7 @@ import org.apache.wss4j.api.dom.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.util.XMLUtils;
import org.w3c.dom.Document;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
index 81806b19d..e94e57976 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
@@ -28,7 +28,7 @@ import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
index 42f76542d..ea36a0507 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
@@ -35,7 +35,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.junit.jupiter.api.Test;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAlgorithmSuiteTest.java
index f3d15cb63..9bbe9d9f3 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAlgorithmSuiteTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAlgorithmSuiteTest.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCRLTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCRLTest.java
index 42bbc3dd0..e8dcf8a22 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCRLTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCRLTest.java
@@ -28,7 +28,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertConstraintsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertConstraintsTest.java
index 183fc9e8c..77ba6e883 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertConstraintsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertConstraintsTest.java
@@ -30,7 +30,7 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.RequestData;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
index 11838ba64..f08e0d259 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.Merlin;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
index f327fb3ec..601195034 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
@@ -29,7 +29,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureIssuerCertConstraintsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureIssuerCertConstraintsTest.java
index 7726b79b8..f8aec219c 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureIssuerCertConstraintsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureIssuerCertConstraintsTest.java
@@ -25,7 +25,7 @@ import java.util.regex.Pattern;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureKeyValueTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureKeyValueTest.java
index bccecd082..7a87c384d 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureKeyValueTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureKeyValueTest.java
@@ -35,7 +35,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
index 4a8aacd60..f456068df 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
@@ -31,7 +31,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
index 89aecaff7..75193adba 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
@@ -43,7 +43,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.junit.jupiter.api.Test;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
index cf7491d4e..f3acdf505 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
@@ -33,7 +33,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
index 4106fedd0..8aadd1152 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
@@ -53,7 +53,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
index 6131da8c2..8697842a7 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
@@ -25,7 +25,7 @@ import org.apache.wss4j.api.dom.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.WSConstants;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
index 7d20e9224..42470e529 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
@@ -28,7 +28,7 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
index cbe34b668..c266f24a7 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
@@ -40,7 +40,7 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTSignatureTest.java
index 4bf81ae11..beb32ac43 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTSignatureTest.java
@@ -28,7 +28,7 @@ import org.apache.wss4j.api.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
index 7005af5f2..868c1a252 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
@@ -39,7 +39,7 @@ import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
index 19cea349e..0cebabca2 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
@@ -36,7 +36,7 @@ import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.api.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.api.dom.validate.Credential;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
index f9f0f7f55..5c11b666d 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
@@ -37,7 +37,7 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
diff --git
a/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/message/WSSecSignatureSAML.java
b/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/message/WSSecSignatureSAML.java
index ea8f36e0e..b49271066 100644
---
a/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/message/WSSecSignatureSAML.java
+++
b/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/message/WSSecSignatureSAML.java
@@ -51,12 +51,12 @@ import org.apache.wss4j.api.dom.WSConstants;
import org.apache.wss4j.api.dom.WSDocInfo;
import org.apache.wss4j.api.dom.message.WSSecHeader;
import org.apache.wss4j.api.dom.RequestData;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.api.dom.message.WSSecSignatureBase;
import org.apache.wss4j.api.dom.transform.STRTransform;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-public class WSSecSignatureSAML extends WSSecSignature {
+public class WSSecSignatureSAML extends WSSecSignatureBase {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(WSSecSignatureSAML.class);
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
index d9f84c5bb..45907c010 100644
---
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
@@ -43,7 +43,7 @@ import org.apache.wss4j.api.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
index 35bdd9bcf..3f77ad08e 100644
---
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
@@ -46,7 +46,7 @@ import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.api.dom.message.WSSecHeader;
import org.apache.wss4j.api.dom.validate.Credential;
import org.apache.wss4j.api.dom.validate.Validator;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
index dc811b00a..528473fce 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
@@ -46,7 +46,7 @@ import org.apache.wss4j.dom.message.WSSecDKEncrypt;
import org.apache.wss4j.dom.message.WSSecDKSign;
import org.apache.wss4j.api.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSecurityContextToken;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
index b042b688e..3ddc1eb1b 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
@@ -44,7 +44,7 @@ import org.apache.wss4j.api.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
index 20cf11c97..5dc90675a 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
@@ -52,7 +52,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.api.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.api.dom.message.WSSecHeader;
-import org.apache.wss4j.api.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
