public class SignatureConfig
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
SignatureConfig.CRLEntry |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
SIGNATURE_TIME_FORMAT |
Constructor and Description |
---|
SignatureConfig() |
Modifier and Type | Method and Description |
---|---|
void |
addCachedCertificate(java.lang.String alias,
byte[] x509Bytes) |
void |
addCachedCertificate(java.lang.String alias,
java.security.cert.X509Certificate x509)
Add certificate into keystore (cache) for further certificate chain lookups
|
SignatureConfig.CRLEntry |
addCRL(java.lang.String crlURL,
java.lang.String certCN,
byte[] crlBytes) |
void |
addSignatureFacet(SignatureFacet signatureFacet) |
java.lang.String |
formatExecutionTime() |
java.security.cert.X509Certificate |
getCachedCertificateByPrinicipal(java.lang.String principalName) |
java.lang.String |
getCanonicalizationMethod() |
java.lang.String |
getCommitmentType() |
java.util.List<SignatureConfig.CRLEntry> |
getCrlEntries() |
HashAlgorithm |
getDigestAlgo() |
java.lang.String |
getDigestMethodUri() |
static java.lang.String |
getDigestMethodUri(HashAlgorithm digestAlgo)
Converts the digest algorithm - currently only sha* and ripemd160 is supported.
|
java.util.Date |
getExecutionTime() |
java.security.PrivateKey |
getKey() |
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory |
getKeyInfoFactory()
Deprecated.
in POI 5.0.0 - will be handled by SignatureInfo internally
|
java.security.KeyStore |
getKeyStore() |
java.util.Map<java.lang.String,java.lang.String> |
getNamespacePrefixes() |
OPCPackage |
getOpcPackage()
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setOpcPackage(OPCPackage) instead |
java.lang.String |
getPackageSignatureId() |
java.security.Provider |
getProvider()
Deprecated.
in POI 5.0.0 - will be handled by SignatureInfo internally
|
static java.lang.String[] |
getProviderNames()
Determine the possible classes for XMLSEC.
|
java.lang.String |
getProxyUrl() |
RevocationDataService |
getRevocationDataService() |
java.lang.String |
getSignatureDescription() |
java.util.List<SignatureFacet> |
getSignatureFacets() |
javax.xml.crypto.dsig.XMLSignatureFactory |
getSignatureFactory()
Deprecated.
in POI 5.0.0 - will be handled by SignatureInfo internally
|
byte[] |
getSignatureImage() |
byte[] |
getSignatureImageInvalid() |
ClassID |
getSignatureImageSetupId() |
byte[] |
getSignatureImageValid() |
SignatureMarshalListener |
getSignatureMarshalListener() |
java.lang.String |
getSignatureMethodUri() |
SignaturePolicyService |
getSignaturePolicyService() |
java.util.List<java.security.cert.X509Certificate> |
getSigningCertificateChain() |
HashAlgorithm |
getTspDigestAlgo() |
TimeStampHttpClient |
getTspHttpClient() |
java.lang.String |
getTspPass() |
java.lang.String |
getTspRequestPolicy() |
TimeStampService |
getTspService() |
java.lang.String |
getTspUrl() |
java.lang.String |
getTspUser() |
TimeStampServiceValidator |
getTspValidator() |
javax.xml.crypto.URIDereferencer |
getUriDereferencer()
Deprecated.
in POI 5.0.0 - use
SignatureInfo.getUriDereferencer() instead |
java.lang.String |
getUserAgent() |
java.lang.String |
getXadesCanonicalizationMethod() |
HashAlgorithm |
getXadesDigestAlgo() |
java.lang.String |
getXadesRole() |
java.lang.String |
getXadesSignatureId() |
boolean |
isAllowCRLDownload() |
boolean |
isAllowMultipleSignatures() |
boolean |
isIncludeEntireCertificateChain() |
boolean |
isIncludeIssuerSerial() |
boolean |
isIncludeKeyValue() |
boolean |
isSecureValidation() |
boolean |
isTspOldProtocol() |
boolean |
isUpdateConfigOnValidate() |
boolean |
isXadesIssuerNameNoReverseOrder()
Make sure the DN is encoded using the same order as present
within the certificate.
|
boolean |
isXadesSignaturePolicyImplied() |
void |
setAllowCRLDownload(boolean allowCRLDownload) |
void |
setAllowMultipleSignatures(boolean allowMultipleSignatures)
Activate multiple signatures
|
void |
setCanonicalizationMethod(java.lang.String canonicalizationMethod) |
void |
setCommitmentType(java.lang.String commitmentType)
Set the commitmentType, which is usually one of ...
|
void |
setDigestAlgo(HashAlgorithm digestAlgo) |
void |
setExecutionTime(java.util.Date executionTime) |
void |
setExecutionTime(java.lang.String executionTime)
Sets the executionTime which is in standard format (
SIGNATURE_TIME_FORMAT ) |
void |
setIncludeEntireCertificateChain(boolean includeEntireCertificateChain) |
void |
setIncludeIssuerSerial(boolean includeIssuerSerial) |
void |
setIncludeKeyValue(boolean includeKeyValue) |
void |
setKey(java.security.PrivateKey key) |
void |
setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setKeyInfoFactory(KeyInfoFactory) |
void |
setNamespacePrefixes(java.util.Map<java.lang.String,java.lang.String> namespacePrefixes) |
void |
setOpcPackage(OPCPackage opcPackage)
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setOpcPackage(OPCPackage) instead |
void |
setPackageSignatureId(java.lang.String packageSignatureId) |
void |
setProvider(java.security.Provider provider)
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setProvider(Provider) |
void |
setProxyUrl(java.lang.String proxyUrl) |
void |
setRevocationDataService(RevocationDataService revocationDataService) |
void |
setSecureValidation(boolean secureValidation)
Enable or disable secure validation - default is enabled.
|
void |
setSignatureDescription(java.lang.String signatureDescription) |
void |
setSignatureFacets(java.util.List<SignatureFacet> signatureFacets) |
void |
setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setSignatureFactory(XMLSignatureFactory) |
void |
setSignatureImage(byte[] signatureImage) |
void |
setSignatureImageInvalid(byte[] signatureImageInvalid) |
void |
setSignatureImageSetupId(ClassID signatureImageSetupId) |
void |
setSignatureImageValid(byte[] signatureImageValid) |
void |
setSignatureMarshalListener(SignatureMarshalListener signatureMarshalListener) |
void |
setSignatureMethodFromUri(java.lang.String signatureMethodUri)
Set the digest algorithm based on the method uri.
|
void |
setSignaturePolicyService(SignaturePolicyService signaturePolicyService) |
void |
setSigningCertificateChain(java.util.List<java.security.cert.X509Certificate> signingCertificateChain) |
void |
setTspDigestAlgo(HashAlgorithm tspDigestAlgo) |
void |
setTspHttpClient(TimeStampHttpClient tspHttpClient) |
void |
setTspOldProtocol(boolean tspOldProtocol) |
void |
setTspPass(java.lang.String tspPass) |
void |
setTspRequestPolicy(java.lang.String tspRequestPolicy) |
void |
setTspService(TimeStampService tspService) |
void |
setTspUrl(java.lang.String tspUrl) |
void |
setTspUser(java.lang.String tspUser) |
void |
setTspValidator(TimeStampServiceValidator tspValidator) |
void |
setUpdateConfigOnValidate(boolean updateConfigOnValidate)
The signature config can be updated if a document is succesful validated.
|
void |
setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
Deprecated.
in POI 5.0.0 - use
SignatureInfo.setUriDereferencer(URIDereferencer) instead |
void |
setUserAgent(java.lang.String userAgent) |
void |
setXadesCanonicalizationMethod(java.lang.String xadesCanonicalizationMethod) |
void |
setXadesDigestAlgo(HashAlgorithm xadesDigestAlgo) |
void |
setXadesDigestAlgo(java.lang.String xadesDigestAlgo) |
void |
setXadesIssuerNameNoReverseOrder(boolean xadesIssuerNameNoReverseOrder) |
void |
setXadesRole(java.lang.String xadesRole) |
void |
setXadesSignatureId(java.lang.String xadesSignatureId) |
void |
setXadesSignaturePolicyImplied(boolean xadesSignaturePolicyImplied) |
public static final java.lang.String SIGNATURE_TIME_FORMAT
public void addSignatureFacet(SignatureFacet signatureFacet)
signatureFacet
- the signature facet is appended to facet listpublic java.util.List<SignatureFacet> getSignatureFacets()
public void setSignatureFacets(java.util.List<SignatureFacet> signatureFacets)
signatureFacets
- the new list of facetspublic HashAlgorithm getDigestAlgo()
public void setDigestAlgo(HashAlgorithm digestAlgo)
digestAlgo
- the main digest algorithm@Deprecated @Removal(version="5.0.0") public OPCPackage getOpcPackage()
SignatureInfo.setOpcPackage(OPCPackage)
instead@Deprecated @Removal(version="5.0.0") public void setOpcPackage(OPCPackage opcPackage)
SignatureInfo.setOpcPackage(OPCPackage)
insteadopcPackage
- the opc package to be handled by this thread, stored as thread-localpublic java.security.PrivateKey getKey()
public void setKey(java.security.PrivateKey key)
key
- the private keypublic java.util.List<java.security.cert.X509Certificate> getSigningCertificateChain()
public void setSigningCertificateChain(java.util.List<java.security.cert.X509Certificate> signingCertificateChain)
signingCertificateChain
- the certificate chain, index 0 should be
the certificate matching the private keypublic java.util.Date getExecutionTime()
public void setExecutionTime(java.util.Date executionTime)
executionTime
- sets the time at which the document ought to be signedpublic java.lang.String formatExecutionTime()
SIGNATURE_TIME_FORMAT
)public void setExecutionTime(java.lang.String executionTime)
SIGNATURE_TIME_FORMAT
)executionTime
- the execution timepublic SignaturePolicyService getSignaturePolicyService()
public void setSignaturePolicyService(SignaturePolicyService signaturePolicyService)
signaturePolicyService
- the service to be used for XAdES-EPES properties@Deprecated @Removal(version="5.0.0") public javax.xml.crypto.URIDereferencer getUriDereferencer()
SignatureInfo.getUriDereferencer()
insteadOOXMLURIDereferencer
@Deprecated @Removal(version="5.0.0") public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
SignatureInfo.setUriDereferencer(URIDereferencer)
insteaduriDereferencer
- the dereferencer used for Reference/@URI attributespublic java.lang.String getSignatureDescription()
public void setSignatureDescription(java.lang.String signatureDescription)
signatureDescription
- the human-readable description of
what the citizen will be signing.public byte[] getSignatureImage()
public byte[] getSignatureImageValid()
public byte[] getSignatureImageInvalid()
public ClassID getSignatureImageSetupId()
public void setSignatureImageSetupId(ClassID signatureImageSetupId)
public void setSignatureImage(byte[] signatureImage)
public void setSignatureImageValid(byte[] signatureImageValid)
public void setSignatureImageInvalid(byte[] signatureImageInvalid)
public java.lang.String getCanonicalizationMethod()
public void setCanonicalizationMethod(java.lang.String canonicalizationMethod)
canonicalizationMethod
- the default canonicalization methodpublic java.lang.String getPackageSignatureId()
public void setPackageSignatureId(java.lang.String packageSignatureId)
packageSignatureId
- The signature Id attribute value used to create the XML signature.
A null
value will trigger an automatically generated signature Id.public java.lang.String getTspUrl()
public void setTspUrl(java.lang.String tspUrl)
tspUrl
- the url of the timestamp provider (TSP)public boolean isTspOldProtocol()
public void setTspOldProtocol(boolean tspOldProtocol)
tspOldProtocol
- defines the timestamp-protocol mimetypeisTspOldProtocol()
public HashAlgorithm getTspDigestAlgo()
public void setTspDigestAlgo(HashAlgorithm tspDigestAlgo)
tspDigestAlgo
- the algorithm to be used for the timestamp entry.
if null
, the hash algorithm of the main entrypublic java.lang.String getProxyUrl()
public void setProxyUrl(java.lang.String proxyUrl)
proxyUrl
- the proxy url to be used for all communications.
Currently this affects the timestamp servicepublic TimeStampService getTspService()
TSPTimeStampService
public void setTspService(TimeStampService tspService)
tspService
- the timestamp servicepublic TimeStampHttpClient getTspHttpClient()
public void setTspHttpClient(TimeStampHttpClient tspHttpClient)
tspHttpClient
- the http client used for timestamp server connectionspublic java.lang.String getTspUser()
public void setTspUser(java.lang.String tspUser)
tspUser
- the user id for the timestamp service - currently only basic authorization is supportedpublic java.lang.String getTspPass()
public void setTspPass(java.lang.String tspPass)
tspPass
- the password for the timestamp servicepublic TimeStampServiceValidator getTspValidator()
public void setTspValidator(TimeStampServiceValidator tspValidator)
tspValidator
- the validator for the timestamp service (certificate)public RevocationDataService getRevocationDataService()
null
the signature will be limited to XAdES-T only.public void setRevocationDataService(RevocationDataService revocationDataService)
revocationDataService
- the optional revocation data service used for XAdES-C and XAdES-X-L.
When null
the signature will be limited to XAdES-T only.public HashAlgorithm getXadesDigestAlgo()
getDigestAlgo()
public void setXadesDigestAlgo(HashAlgorithm xadesDigestAlgo)
xadesDigestAlgo
- hash algorithm used for XAdES.
When null
, defaults to getDigestAlgo()
public void setXadesDigestAlgo(java.lang.String xadesDigestAlgo)
xadesDigestAlgo
- hash algorithm used for XAdES.
When null
, defaults to getDigestAlgo()
public java.lang.String getUserAgent()
public void setUserAgent(java.lang.String userAgent)
userAgent
- the user agent used for http communication (e.g. to the TSP)public java.lang.String getTspRequestPolicy()
1.3.6.1.4.1.13762.3
public void setTspRequestPolicy(java.lang.String tspRequestPolicy)
tspRequestPolicy
- the asn.1 object id for the tsp request policy.public boolean isIncludeEntireCertificateChain()
public void setIncludeEntireCertificateChain(boolean includeEntireCertificateChain)
includeEntireCertificateChain
- if true, include the whole certificate chain.
If false, only include the signer certpublic boolean isIncludeIssuerSerial()
public void setIncludeIssuerSerial(boolean includeIssuerSerial)
includeIssuerSerial
- if true, issuer serial number is includedpublic boolean isIncludeKeyValue()
public void setIncludeKeyValue(boolean includeKeyValue)
includeKeyValue
- if true, the key value of the public key (certificate) is includedpublic java.lang.String getXadesRole()
null
the claimed role element is omitted.
Defaults to null
public void setXadesRole(java.lang.String xadesRole)
xadesRole
- the xades role element. If null
the claimed role element is omitted.public java.lang.String getXadesSignatureId()
idSignedProperties
public void setXadesSignatureId(java.lang.String xadesSignatureId)
xadesSignatureId
- the Id for the XAdES SignedProperties element.
When null
defaults to idSignedProperties
public boolean isXadesSignaturePolicyImplied()
true
public void setXadesSignaturePolicyImplied(boolean xadesSignaturePolicyImplied)
xadesSignaturePolicyImplied
- when true, include the policy-implied blockpublic boolean isXadesIssuerNameNoReverseOrder()
public void setXadesIssuerNameNoReverseOrder(boolean xadesIssuerNameNoReverseOrder)
xadesIssuerNameNoReverseOrder
- when true, the issuer DN instead of the issuer X500 prinicpal is usedpublic SignatureMarshalListener getSignatureMarshalListener()
SignatureMarshalListener
public void setSignatureMarshalListener(SignatureMarshalListener signatureMarshalListener)
signatureMarshalListener
- the event listener watching the xml structure
generation for the signaturepublic java.util.Map<java.lang.String,java.lang.String> getNamespacePrefixes()
public void setNamespacePrefixes(java.util.Map<java.lang.String,java.lang.String> namespacePrefixes)
namespacePrefixes
- the map of namespace uri (key) to prefix (value)public java.lang.String getSignatureMethodUri()
public java.lang.String getDigestMethodUri()
public static java.lang.String getDigestMethodUri(HashAlgorithm digestAlgo)
digestAlgo
- the digest algorithmpublic void setSignatureMethodFromUri(java.lang.String signatureMethodUri)
signatureMethodUri
- the method uri@Deprecated @Removal(version="5.0.0") public void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
SignatureInfo.setSignatureFactory(XMLSignatureFactory)
signatureFactory
- the xml signature factory, saved as thread-local@Deprecated @Removal(version="5.0.0") public javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()
@Deprecated @Removal(version="5.0.0") public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
SignatureInfo.setKeyInfoFactory(KeyInfoFactory)
keyInfoFactory
- the key factory, saved as thread-local@Deprecated @Removal(version="5.0.0") public javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
@Internal @Deprecated @Removal(version="5.0.0") public void setProvider(java.security.Provider provider)
SignatureInfo.setProvider(Provider)
provider
- the provider@Deprecated @Removal(version="5.0.0") public java.security.Provider getProvider()
public static java.lang.String[] getProviderNames()
public java.lang.String getXadesCanonicalizationMethod()
EXCLUSIVE
public void setXadesCanonicalizationMethod(java.lang.String xadesCanonicalizationMethod)
xadesCanonicalizationMethod
- the cannonicalization method for XAdES-XL signingpublic boolean isUpdateConfigOnValidate()
public void setUpdateConfigOnValidate(boolean updateConfigOnValidate)
false
updateConfigOnValidate
- if true, update config on validatepublic boolean isAllowMultipleSignatures()
public void setAllowMultipleSignatures(boolean allowMultipleSignatures)
allowMultipleSignatures
- if true, the signature will be added,
otherwise all existing signatures will be replaced by the currentpublic boolean isSecureValidation()
public void setSecureValidation(boolean secureValidation)
Starting with xmlsec 2.3.0 larger documents with a lot of document parts started to fail, because a maximum of 30 references were hard-coded allowed for secure validation to succeed.
Secure validation has the following features:
public java.lang.String getCommitmentType()
public void setCommitmentType(java.lang.String commitmentType)
public SignatureConfig.CRLEntry addCRL(java.lang.String crlURL, java.lang.String certCN, byte[] crlBytes)
public java.util.List<SignatureConfig.CRLEntry> getCrlEntries()
public boolean isAllowCRLDownload()
public void setAllowCRLDownload(boolean allowCRLDownload)
public java.security.KeyStore getKeyStore()
public void addCachedCertificate(java.lang.String alias, java.security.cert.X509Certificate x509) throws java.security.KeyStoreException
alias
- the alias, or null if alias is taken from common name attribute of certificatex509
- the x509 certificatejava.security.KeyStoreException
public void addCachedCertificate(java.lang.String alias, byte[] x509Bytes) throws java.security.KeyStoreException, java.security.cert.CertificateException
java.security.KeyStoreException
java.security.cert.CertificateException
public java.security.cert.X509Certificate getCachedCertificateByPrinicipal(java.lang.String principalName)
Copyright 2022 The Apache Software Foundation or its licensors, as applicable.