public interface XAdESSignature extends XMLSignature
The XAdESSignature
extends the
XMLSignature
by providing methods for appending
(unsigned) QualifyingProperties
to the already
signed XMLSignature
.
A XML Advanced Electronic Signature (XAdES) is a XML Digital Signature (XMLDSig) as defined by the W3C Recommendation XML-Signature Syntax and Processing with a set of properties qualifying the signature and the signed data objects respectively. There are different forms of XML Advanced Electronic Signatures requiring different types of properties to be present in the signature.
XAdES-BES
Basic Electronic SignatureXAdES-EPES
Explicit Policy Based Electronic SignatureXAdES-T
Electronic Signature with TimeXAdES-C
Electronic Signature with Complete validation data
referencesXAdES-X
eXtended Signatures with timeXAdES-X-L
eXtended Long electronic signatures with timeXAdES-A
Archival electronic signatures
Properties qualifying the signature or the signed data are incorporated into
the ds:Signature
by appending a
QualifyingProperties
element as child element of an
ds:Object
.
XMLSignatureFactory sigfac = XMLSignatureFactory.getInstance(); QualifyingPropertiesFactory qpfac = QualifyingPropertiesFactory.getInstance(); SignedSignatureProperties sp = qpfac.newSignedProperties(...); QualifyingProperties qp = qpfac.newQualifyingProperties(sp, "#Signature", "QualifyingProperties"); XMLObject obj = sigfac.newXMLObject(Collections.singletonList(qp), null, null, null);
SignedProperties
) and properties that are not signed
with the signature (UnsignedProperties
). The signed properties
have to be covered by a ds:Reference
to the
SignedProperties
element.
Reference qpRef = sigfac.newReference("#QualifyingProperties", sigfac.newDigestMethod(DigestMethod.SHA1, null), null, SignedProperties.REFERENCE_TYPE, "SignedPropertiesReference");
XMLSignature.SignatureValue
Modifier and Type | Field and Description |
---|---|
static String |
XMLNS_1_2_2
The XML Namespace URI of the ETSI TS 101 933 v1.2.2 Technical Specification
- XML Advanced Electronic Signatures (XAdES).
|
static String |
XMLNS_1_3_2
The XML Namespace URI of the ETSI TS 101 933 v1.3.2 Technical Specification
- XML Advanced Electronic Signatures (XAdES).
|
static String |
XMLNS_1_4_1
The XML Namespace URI of the ETSI TS 101 933 v1.4.1 Technical Specification
- XML Advanced Electronic Signatures (XAdES).
|
static String |
XMLNS_no_version
The XML Namespace URI of the ETSI TS 101 933 - XML Advanced Electronic
Signatures (XAdES).
|
XMLNS
Modifier and Type | Method and Description |
---|---|
void |
appendArchiveTimeStamp(ArchiveTimeStamp timeStamp,
XMLExtendContext context)
Appends an
ArchiveTimeStamp to the
UnsignedSignatureProperties . |
void |
appendCounterSignature(CounterSignature counterSignature,
XMLExtendContext context)
Appends a counter signature to the
UnsignedSignatureProperties
. |
void |
appendRenewedDigests(RenewedDigests renewedDigests,
XMLExtendContext context)
Depending on whether the given
RenewedDigests contains the recomputed digest values the method appends the given RenewedDigests or recomputes the digest values and appends
the RenewedDigests to the given signature:
The recomputed digest values are contained in the
given RenewedDigests :The method appends the given RenewedDigests to the UnsignedSignatureProperties . |
void |
appendSignaturePolicyStore(SignaturePolicyStore signaturePolicyStore,
XMLExtendContext context)
Appends a
SignaturePolicyStore to the
UnsignedSignatureProperties . |
void |
appendSignatureTimeStamp(SignatureTimeStamp signatureTimeStamp,
XMLExtendContext context)
Appends a signature time-stamp to the
UnsignedSignatureProperties . |
void |
appendTimeStampValidationData(TimeStampValidationData timeStampValidationData,
XMLExtendContext context)
Appends a
TimeStampValidationData to the
UnsignedSignatureProperties . |
void |
appendUnsignedDataObjectProperty(UnsignedDataObjectProperty property,
XMLExtendContext context)
Appends an unsigned data object property to the
UnsignedDataObjectProperties . |
void |
appendValidationRefs(CompleteCertificateRefs completeCertificateRefs,
CompleteRevocationRefs completeRevocationRefs,
AttributeCertificateRefs attributeCertificateRefs,
AttributeRevocationRefs attributeRevocationRefs,
XMLExtendContext context)
Deprecated.
|
void |
appendValidationRefsTimeStamp(RefsOnlyTimeStamp timeStamp,
XMLExtendContext context)
Deprecated.
By
ETSI EN 319 132-1 .
Use appendValidationRefsTimeStampV2(RefsOnlyTimeStampV2, XMLExtendContext) instead. |
void |
appendValidationRefsTimeStamp(SigAndRefsTimeStamp timeStamp,
XMLExtendContext context)
Deprecated.
By
ETSI EN 319 132-1 .
Use appendValidationRefsTimeStampV2(SigAndRefsTimeStampV2, XMLExtendContext) instead. |
void |
appendValidationRefsTimeStampV2(RefsOnlyTimeStampV2 timeStamp,
XMLExtendContext context)
Appends a time stamp on the validation data references to the
UnsignedSignatureProperties . |
void |
appendValidationRefsTimeStampV2(SigAndRefsTimeStampV2 timeStamp,
XMLExtendContext context)
Appends a time stamp on the validation data references to the
UnsignedSignatureProperties . |
void |
appendValidationRefsV2(CompleteCertificateRefsV2 completeCertificateRefs,
CompleteRevocationRefs completeRevocationRefs,
AttributeCertificateRefsV2 attributeCertificateRefs,
AttributeRevocationRefs attributeRevocationRefs,
XMLExtendContext context)
Appends references to validation data to the
UnsignedSignatureProperties . |
void |
appendValidationValues(CertificateValues certificateValues,
RevocationValues revocationValues,
AttrAuthoritiesCertValues attrAuthoritiesCertValues,
AttributeRevocationValues attributeRevocationValues,
XMLExtendContext context)
Appends validation data values to the
UnsignedSignatureProperties . |
QualifyingProperties |
getQualifyingProperties()
Returns the
QualifyingProperties if present in the signature. |
List |
getQualifyingPropertiesReferences()
Deprecated.
|
void |
sign(XMLSignContext signContext)
Signs this
XAdESSignature and processes any
AllDataObjectsTimeStamp (s) and
IndividualDataObjectsTimeStamp (s) present in the
SignedDataObjectProperties . |
boolean |
validate(XMLValidateContext validateContext)
Validates the signature according to the core
validation processing rules .
|
getId, getKeyInfo, getKeySelectorResult, getObjects, getSignatureValue, getSignedInfo
isFeatureSupported
static final String XMLNS_no_version
static final String XMLNS_1_2_2
static final String XMLNS_1_3_2
static final String XMLNS_1_4_1
void appendCounterSignature(CounterSignature counterSignature, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
counterSignature
- the CounterSignature
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- the extension context. Must not be null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newCounterSignature(XMLSignature,
KeySelector)
void appendSignatureTimeStamp(SignatureTimeStamp signatureTimeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
signatureTimeStamp
- the SignatureTimeStamp
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- the extension and time-stamping context. Must not be
null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newSignatureTimeStamp(CanonicalizationMethod,
String, String)
void appendValidationRefs(CompleteCertificateRefs completeCertificateRefs, CompleteRevocationRefs completeRevocationRefs, AttributeCertificateRefs attributeCertificateRefs, AttributeRevocationRefs attributeRevocationRefs, XMLExtendContext context) throws MarshalException, XMLSignatureException
ETSI EN 319 132-1
.
Use appendValidationRefsV2(CompleteCertificateRefsV2, CompleteRevocationRefs,
AttributeCertificateRefsV2, AttributeRevocationRefs, XMLExtendContext)
instead.UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
Note, that at least one of the arguments
completeCertificateRefs
, completeRevocationRefs
,
attributeCertificateRefs
and
attributeRevocationRefs
must not be null
.
completeCertificateRefs
- the CompleteCertificateRefs
to be appended to the
UnsignedSignatureProperties
completeRevocationRefs
- the CompleteRevocationRefs
to be appended to the
UnsignedSignatureProperties
attributeCertificateRefs
- the AttributeCertificateRefs
to be appended to the
UnsignedSignatureProperties
attributeRevocationRefs
- the AttributeRevocationRefs
to be appended to the
UnsignedSignatureProperties
context
- the extension context. Must not be null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newCompleteCertificateRefs(List, String)
,
QualifyingPropertiesFactory.newCompleteRevocationRefs(List, List,
List, String)
void appendValidationRefsV2(CompleteCertificateRefsV2 completeCertificateRefs, CompleteRevocationRefs completeRevocationRefs, AttributeCertificateRefsV2 attributeCertificateRefs, AttributeRevocationRefs attributeRevocationRefs, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
Note, that at least one of the arguments
completeCertificateRefs
, completeRevocationRefs
,
attributeCertificateRefs
and
attributeRevocationRefs
must not be null
.
completeCertificateRefs
- the CompleteCertificateRefsV2
to be appended to the
UnsignedSignatureProperties
completeRevocationRefs
- the CompleteRevocationRefs
to be appended to the
UnsignedSignatureProperties
attributeCertificateRefs
- the AttributeCertificateRefsV2
to be appended to the
UnsignedSignatureProperties
attributeRevocationRefs
- the AttributeRevocationRefs
to be appended to the
UnsignedSignatureProperties
context
- the extension context. Must not be null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newCompleteCertificateRefs(List, String)
,
QualifyingPropertiesFactory.newCompleteRevocationRefs(List, List,
List, String)
void appendValidationRefsTimeStamp(SigAndRefsTimeStamp timeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
ETSI EN 319 132-1
.
Use appendValidationRefsTimeStampV2(SigAndRefsTimeStampV2, XMLExtendContext)
instead.UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStamp
- the SigAndRefsTimeStamp
to be appended to the
UnsignedSignatureProperties
context
- the extension and time-stamping contextMarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newSigAndRefsTimeStamp(CanonicalizationMethod,
String, String)
void appendValidationRefsTimeStampV2(SigAndRefsTimeStampV2 timeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStamp
- the SigAndRefsTimeStampV2
to be appended to the
UnsignedSignatureProperties
context
- the extension and time-stamping contextMarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newSigAndRefsTimeStampV2(CanonicalizationMethod,
String, String)
void appendValidationRefsTimeStamp(RefsOnlyTimeStamp timeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
ETSI EN 319 132-1
.
Use appendValidationRefsTimeStampV2(RefsOnlyTimeStampV2, XMLExtendContext)
instead.UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStamp
- the RefsOnlyTimeStamp
to be appended to the
UnsignedSignatureProperties
context
- the extension and time-stamping contextMarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newRefsOnlyTimeStamp(CanonicalizationMethod,
String, String)
void appendValidationRefsTimeStampV2(RefsOnlyTimeStampV2 timeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStamp
- the RefsOnlyTimeStampV2
to be appended to the
UnsignedSignatureProperties
context
- the extension and time-stamping contextMarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newRefsOnlyTimeStampV2(CanonicalizationMethod,
String, String)
void appendValidationValues(CertificateValues certificateValues, RevocationValues revocationValues, AttrAuthoritiesCertValues attrAuthoritiesCertValues, AttributeRevocationValues attributeRevocationValues, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
Note, that at least one of the arguments certificateValues
,
revocationValues
, attrAuthoritiesCertValues
and
attributeRevocartionValues
must not be null
.
certificateValues
- the CertificateValues
to be appended to the
UnsignedSignatureProperties
revocationValues
- the RevocationValues
to be appended to the
UnsignedSignatureProperties
attrAuthoritiesCertValues
- the AttrAuthoritiesCertValues
to be appended to the
UnsignedSignatureProperties
attributeRevocationValues
- the AttributeRevocationValues
to be appended to the
UnsignedSignatureProperties
context
- the extension context. Must not be null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newCertificateValues(List, String)
,
QualifyingPropertiesFactory.newRevocationValues(List, List, List,
String)
,
QualifyingPropertiesFactory.newAttrAuthoritiesCertValues(List, String)
,
QualifyingPropertiesFactory.newAttributeRevocationValues(List, List,
List, String)
void appendArchiveTimeStamp(ArchiveTimeStamp timeStamp, XMLExtendContext context) throws MarshalException, XMLSignatureException
ArchiveTimeStamp
to the
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStamp
- the ArchiveTimeStamp
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- MarshalException
XMLSignatureException
QualifyingPropertiesFactory.newArchiveTimeStamp(CanonicalizationMethod,
String, String)
void appendTimeStampValidationData(TimeStampValidationData timeStampValidationData, XMLExtendContext context) throws MarshalException, XMLSignatureException
TimeStampValidationData
to the
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
timeStampValidationData
- the TimeValidationData
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- MarshalException
XMLSignatureException
QualifyingPropertiesFactory.newTimeStampValidationData(List, List,
List, List, String, String)
void appendSignaturePolicyStore(SignaturePolicyStore signaturePolicyStore, XMLExtendContext context) throws MarshalException, XMLSignatureException
SignaturePolicyStore
to the
UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
signaturePolicyStore
- the SignaturePolicyStore
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- the extension context. Must not be
null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newSignaturePolicyStore(SPDocSpecification, byte[], String)
,
QualifyingPropertiesFactory.newSignaturePolicyStore(SPDocSpecification, java.io.InputStream, String)
,
QualifyingPropertiesFactory.newSignaturePolicyStore(SPDocSpecification, String, String)
void appendRenewedDigests(RenewedDigests renewedDigests, XMLExtendContext context) throws MarshalException, XMLSignatureException
RenewedDigests
contains the recomputed digest values
the method appends the given RenewedDigests
or recomputes the digest values and appends
the RenewedDigests
to the given signature:
recomputed digest values
are contained in the
given RenewedDigests
:RenewedDigests
to the UnsignedSignatureProperties
.
recomputed digest values
are
not contained in the given RenewedDigests
:digest method
and appends the RenewedDigests
to the UnsignedSignatureProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedSignatureProperties
are created by this method. If the
QualifyingProperties
element is not present in the signature a
new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
renewedDigests
- the RenewedDigests
to be appended to the
UnsignedSignatureProperties
. Must not be
null
.context
- the extension context. Must not be
null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingPropertiesFactory.newRenewedDigests(javax.xml.crypto.dsig.DigestMethod, String)
void appendUnsignedDataObjectProperty(UnsignedDataObjectProperty property, XMLExtendContext context) throws MarshalException, XMLSignatureException
UnsignedDataObjectProperties
.
If not present, the container elements QualifyingProperties
,
UnsignedProperties
and
UnsignedDataObjectProperties
are created by this method. If
the QualifyingProperties
element is not present in the
signature a new ds:Object
is created and the
QualifyingProperties
element is appended as child element.
property
- the UnsignedDataObjectProperty
to append to the
UnsignedDataObjectProperties
. Must not be
null
.context
- the extension and time-stamping context. Must not be
null
.MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while appending the propertyQualifyingProperties getQualifyingProperties()
QualifyingProperties
if present in the signature.QualifyingProperties
, or null
if not
present in the signatureList getQualifyingPropertiesReferences()
QualifyingPropertiesReference
s present in the
signature.QualifyingPropertiesReference
svoid sign(XMLSignContext signContext) throws MarshalException, XMLSignatureException
XAdESSignature
and processes any
AllDataObjectsTimeStamp
(s) and
IndividualDataObjectsTimeStamp
(s) present in the
SignedDataObjectProperties
.
NOTE: A TimeStampProcessor
has to be put into the provided context if AllDataObjectsTimeStamp
s
or IndividualDataObjectsTimeStamp
s are present in the
QualifyingProperties
, otherwise an
XMLSignatureException
is thrown.
Reference
except the Reference
to the QualifyingProperties
(identified by the
type
-attribute value
http://uri.etsi.org/01903#SignedProperties
) in accordance with
reference generation of XML Digital Signatures.AllDataObjectsTimeStamp
s and all
IndividualDataObjectsTimeStamp
s present in the
QualifyingProperties
Reference
omitted in step 1.sign
in interface XMLSignature
signContext
- the signing contextNullPointerException
- if signContext
is null
MarshalException
- if an exception occurs while marshalingXMLSignatureException
- if an unexpected exception occurs while generating the signatureXMLSignature.sign(javax.xml.crypto.dsig.XMLSignContext)
boolean validate(XMLValidateContext validateContext) throws XMLSignatureException
XMLSignature
using the location information specified in
the context.
This method only validates the signature the first time it is invoked. On subsequent invocations, it returns a cached result.
NOTE: No validation of the qualifying properties is done by this method!
validate
in interface XMLSignature
validateContext
- the validation contexttrue
if signature passed core validation, otherwise
false
ClassCastException
- if the type of validationContext
is not compatible
with this XAdESSignature
NullPointerException
- if valdiationContext
is null
XMLSignatureException
- if an unexpected error occurs during validation that prevented the
validation operation from completingXMLSignature.validate(javax.xml.crypto.dsig.XMLValidateContext)
© 2002-2005 IAIK, © 2004, 2006 - 2017 Stiftung SIC