public class SignatureConfig
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static interface |
SignatureConfig.SignatureConfigurable |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
SIGNATURE_TIME_FORMAT |
Constructor and Description |
---|
SignatureConfig() |
Modifier and Type | Method and Description |
---|---|
void |
addSignatureFacet(SignatureFacet signatureFacet) |
java.lang.String |
formatExecutionTime() |
java.lang.String |
getCanonicalizationMethod() |
HashAlgorithm |
getDigestAlgo() |
java.lang.String |
getDigestMethodUri() |
static java.lang.String |
getDigestMethodUri(HashAlgorithm digestAlgo)
Converts the digest algorithm - currently only sha* and ripemd160 is supported.
|
java.util.Date |
getExecutionTime() |
java.security.PrivateKey |
getKey() |
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory |
getKeyInfoFactory() |
java.util.Map<java.lang.String,java.lang.String> |
getNamespacePrefixes() |
OPCPackage |
getOpcPackage() |
java.lang.String |
getPackageSignatureId() |
java.security.Provider |
getProvider()
This method tests the existence of xml signature provider in the following order:
the class pointed to by the system property "jsr105Provider"
the Santuario xmlsec provider
the JDK xmlsec provider
For signing the classes are linked against the Santuario xmlsec, so this might
only work for validation (not tested).
|
java.lang.String |
getProxyUrl() |
RevocationDataService |
getRevocationDataService() |
java.lang.String |
getSignatureDescription() |
java.util.List<SignatureFacet> |
getSignatureFacets() |
javax.xml.crypto.dsig.XMLSignatureFactory |
getSignatureFactory() |
org.w3c.dom.events.EventListener |
getSignatureMarshalListener() |
java.lang.String |
getSignatureMethodUri() |
SignaturePolicyService |
getSignaturePolicyService() |
java.util.List<java.security.cert.X509Certificate> |
getSigningCertificateChain() |
HashAlgorithm |
getTspDigestAlgo() |
java.lang.String |
getTspPass() |
java.lang.String |
getTspRequestPolicy() |
TimeStampService |
getTspService() |
java.lang.String |
getTspUrl() |
java.lang.String |
getTspUser() |
TimeStampServiceValidator |
getTspValidator() |
javax.xml.crypto.URIDereferencer |
getUriDereferencer() |
java.lang.String |
getUserAgent() |
java.lang.String |
getXadesCanonicalizationMethod() |
HashAlgorithm |
getXadesDigestAlgo() |
java.lang.String |
getXadesRole() |
java.lang.String |
getXadesSignatureId() |
protected void |
init(boolean onlyValidation)
Inits and checks the config object.
|
boolean |
isIncludeEntireCertificateChain() |
boolean |
isIncludeIssuerSerial() |
boolean |
isIncludeKeyValue() |
boolean |
isTspOldProtocol() |
boolean |
isUpdateConfigOnValidate() |
boolean |
isXadesIssuerNameNoReverseOrder()
Make sure the DN is encoded using the same order as present
within the certificate.
|
boolean |
isXadesSignaturePolicyImplied() |
void |
setCanonicalizationMethod(java.lang.String canonicalizationMethod) |
void |
setDigestAlgo(HashAlgorithm digestAlgo) |
void |
setExecutionTime(java.util.Date executionTime) |
void |
setExecutionTime(java.lang.String executionTime)
Sets the executionTime which is in standard format (
SIGNATURE_TIME_FORMAT ) |
void |
setIncludeEntireCertificateChain(boolean includeEntireCertificateChain) |
void |
setIncludeIssuerSerial(boolean includeIssuerSerial) |
void |
setIncludeKeyValue(boolean includeKeyValue) |
void |
setKey(java.security.PrivateKey key) |
void |
setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory) |
void |
setNamespacePrefixes(java.util.Map<java.lang.String,java.lang.String> namespacePrefixes) |
void |
setOpcPackage(OPCPackage opcPackage) |
void |
setPackageSignatureId(java.lang.String packageSignatureId) |
void |
setProxyUrl(java.lang.String proxyUrl) |
void |
setRevocationDataService(RevocationDataService revocationDataService) |
void |
setSignatureDescription(java.lang.String signatureDescription) |
void |
setSignatureFacets(java.util.List<SignatureFacet> signatureFacets) |
void |
setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory) |
void |
setSignatureMarshalListener(org.w3c.dom.events.EventListener signatureMarshalListener) |
void |
setSignatureMethodFromUri(java.lang.String signatureMethodUri)
Set the digest algorithm based on the method uri.
|
void |
setSignaturePolicyService(SignaturePolicyService signaturePolicyService) |
void |
setSigningCertificateChain(java.util.List<java.security.cert.X509Certificate> signingCertificateChain) |
void |
setTspDigestAlgo(HashAlgorithm tspDigestAlgo) |
void |
setTspOldProtocol(boolean tspOldProtocol) |
void |
setTspPass(java.lang.String tspPass) |
void |
setTspRequestPolicy(java.lang.String tspRequestPolicy) |
void |
setTspService(TimeStampService tspService) |
void |
setTspUrl(java.lang.String tspUrl) |
void |
setTspUser(java.lang.String tspUser) |
void |
setTspValidator(TimeStampServiceValidator tspValidator) |
void |
setUpdateConfigOnValidate(boolean updateConfigOnValidate)
The signature config can be updated if a document is succesful validated.
|
void |
setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer) |
void |
setUserAgent(java.lang.String userAgent) |
void |
setXadesCanonicalizationMethod(java.lang.String xadesCanonicalizationMethod) |
void |
setXadesDigestAlgo(HashAlgorithm xadesDigestAlgo) |
void |
setXadesDigestAlgo(java.lang.String xadesDigestAlgo) |
void |
setXadesIssuerNameNoReverseOrder(boolean xadesIssuerNameNoReverseOrder) |
void |
setXadesRole(java.lang.String xadesRole) |
void |
setXadesSignatureId(java.lang.String xadesSignatureId) |
void |
setXadesSignaturePolicyImplied(boolean xadesSignaturePolicyImplied) |
public static final java.lang.String SIGNATURE_TIME_FORMAT
protected void init(boolean onlyValidation)
onlyValidation
- if true, only a subset of the properties
is initialized, which are necessary for validation. If false,
also the other properties needed for signing are been taken care ofpublic void addSignatureFacet(SignatureFacet signatureFacet)
signatureFacet
- the signature facet is appended to facet listpublic java.util.List<SignatureFacet> getSignatureFacets()
public void setSignatureFacets(java.util.List<SignatureFacet> signatureFacets)
signatureFacets
- the new list of facetspublic HashAlgorithm getDigestAlgo()
public void setDigestAlgo(HashAlgorithm digestAlgo)
digestAlgo
- the main digest algorithmpublic OPCPackage getOpcPackage()
public void setOpcPackage(OPCPackage opcPackage)
opcPackage
- the opc package to be handled by this thread, stored as thread-localpublic java.security.PrivateKey getKey()
public void setKey(java.security.PrivateKey key)
key
- the private keypublic java.util.List<java.security.cert.X509Certificate> getSigningCertificateChain()
public void setSigningCertificateChain(java.util.List<java.security.cert.X509Certificate> signingCertificateChain)
signingCertificateChain
- the certificate chain, index 0 should be
the certificate matching the private keypublic java.util.Date getExecutionTime()
public void setExecutionTime(java.util.Date executionTime)
executionTime
- sets the time at which the document ought to be signedpublic java.lang.String formatExecutionTime()
SIGNATURE_TIME_FORMAT
)public void setExecutionTime(java.lang.String executionTime)
SIGNATURE_TIME_FORMAT
)executionTime
- the execution timepublic SignaturePolicyService getSignaturePolicyService()
public void setSignaturePolicyService(SignaturePolicyService signaturePolicyService)
signaturePolicyService
- the service to be used for XAdES-EPES propertiespublic javax.xml.crypto.URIDereferencer getUriDereferencer()
OOXMLURIDereferencer
public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
uriDereferencer
- the dereferencer used for Reference/@URI attributespublic java.lang.String getSignatureDescription()
public void setSignatureDescription(java.lang.String signatureDescription)
signatureDescription
- the human-readable description of
what the citizen will be signing.public java.lang.String getCanonicalizationMethod()
public void setCanonicalizationMethod(java.lang.String canonicalizationMethod)
canonicalizationMethod
- the default canonicalization methodpublic java.lang.String getPackageSignatureId()
public void setPackageSignatureId(java.lang.String packageSignatureId)
packageSignatureId
- The signature Id attribute value used to create the XML signature.
A null
value will trigger an automatically generated signature Id.public java.lang.String getTspUrl()
public void setTspUrl(java.lang.String tspUrl)
tspUrl
- the url of the timestamp provider (TSP)public boolean isTspOldProtocol()
public void setTspOldProtocol(boolean tspOldProtocol)
tspOldProtocol
- defines the timestamp-protocol mimetypeisTspOldProtocol()
public HashAlgorithm getTspDigestAlgo()
public void setTspDigestAlgo(HashAlgorithm tspDigestAlgo)
tspDigestAlgo
- the algorithm to be used for the timestamp entry.
if null
, the hash algorithm of the main entrypublic java.lang.String getProxyUrl()
public void setProxyUrl(java.lang.String proxyUrl)
proxyUrl
- the proxy url to be used for all communications.
Currently this affects the timestamp servicepublic TimeStampService getTspService()
TSPTimeStampService
public void setTspService(TimeStampService tspService)
tspService
- the timestamp servicepublic java.lang.String getTspUser()
public void setTspUser(java.lang.String tspUser)
tspUser
- the user id for the timestamp service - currently only basic authorization is supportedpublic java.lang.String getTspPass()
public void setTspPass(java.lang.String tspPass)
tspPass
- the password for the timestamp servicepublic TimeStampServiceValidator getTspValidator()
public void setTspValidator(TimeStampServiceValidator tspValidator)
tspValidator
- the validator for the timestamp service (certificate)public RevocationDataService getRevocationDataService()
null
the signature will be limited to XAdES-T only.public void setRevocationDataService(RevocationDataService revocationDataService)
revocationDataService
- the optional revocation data service used for XAdES-C and XAdES-X-L.
When null
the signature will be limited to XAdES-T only.public HashAlgorithm getXadesDigestAlgo()
getDigestAlgo()
public void setXadesDigestAlgo(HashAlgorithm xadesDigestAlgo)
xadesDigestAlgo
- hash algorithm used for XAdES.
When null
, defaults to getDigestAlgo()
public void setXadesDigestAlgo(java.lang.String xadesDigestAlgo)
xadesDigestAlgo
- hash algorithm used for XAdES.
When null
, defaults to getDigestAlgo()
public java.lang.String getUserAgent()
public void setUserAgent(java.lang.String userAgent)
userAgent
- the user agent used for http communication (e.g. to the TSP)public java.lang.String getTspRequestPolicy()
1.3.6.1.4.1.13762.3
public void setTspRequestPolicy(java.lang.String tspRequestPolicy)
tspRequestPolicy
- the asn.1 object id for the tsp request policy.public boolean isIncludeEntireCertificateChain()
public void setIncludeEntireCertificateChain(boolean includeEntireCertificateChain)
includeEntireCertificateChain
- if true, include the whole certificate chain.
If false, only include the signer certpublic boolean isIncludeIssuerSerial()
public void setIncludeIssuerSerial(boolean includeIssuerSerial)
includeIssuerSerial
- if true, issuer serial number is includedpublic boolean isIncludeKeyValue()
public void setIncludeKeyValue(boolean includeKeyValue)
includeKeyValue
- if true, the key value of the public key (certificate) is includedpublic java.lang.String getXadesRole()
null
the claimed role element is omitted.
Defaults to null
public void setXadesRole(java.lang.String xadesRole)
xadesRole
- the xades role element. If null
the claimed role element is omitted.public java.lang.String getXadesSignatureId()
idSignedProperties
public void setXadesSignatureId(java.lang.String xadesSignatureId)
xadesSignatureId
- the Id for the XAdES SignedProperties element.
When null
defaults to idSignedProperties
public boolean isXadesSignaturePolicyImplied()
true
public void setXadesSignaturePolicyImplied(boolean xadesSignaturePolicyImplied)
xadesSignaturePolicyImplied
- when true, include the policy-implied blockpublic boolean isXadesIssuerNameNoReverseOrder()
public void setXadesIssuerNameNoReverseOrder(boolean xadesIssuerNameNoReverseOrder)
xadesIssuerNameNoReverseOrder
- when true, the issuer DN instead of the issuer X500 prinicpal is usedpublic org.w3c.dom.events.EventListener getSignatureMarshalListener()
SignatureMarshalListener
public void setSignatureMarshalListener(org.w3c.dom.events.EventListener signatureMarshalListener)
signatureMarshalListener
- the event listener watching the xml structure
generation for the signaturepublic java.util.Map<java.lang.String,java.lang.String> getNamespacePrefixes()
public void setNamespacePrefixes(java.util.Map<java.lang.String,java.lang.String> namespacePrefixes)
namespacePrefixes
- the map of namespace uri (key) to prefix (value)public java.lang.String getSignatureMethodUri()
public java.lang.String getDigestMethodUri()
public static java.lang.String getDigestMethodUri(HashAlgorithm digestAlgo)
digestAlgo
- the digest algorithmpublic void setSignatureMethodFromUri(java.lang.String signatureMethodUri)
signatureMethodUri
- the method uripublic void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
signatureFactory
- the xml signature factory, saved as thread-localpublic javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()
public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
keyInfoFactory
- the key factory, saved as thread-localpublic javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
public java.security.Provider getProvider()
public java.lang.String getXadesCanonicalizationMethod()
EXCLUSIVE
public void setXadesCanonicalizationMethod(java.lang.String xadesCanonicalizationMethod)
xadesCanonicalizationMethod
- the cannonicalization method for XAdES-XL signingpublic boolean isUpdateConfigOnValidate()
public void setUpdateConfigOnValidate(boolean updateConfigOnValidate)
false
updateConfigOnValidate
- if true, update config on validateCopyright 2018 The Apache Software Foundation or its licensors, as applicable.