Package eu.europa.esig.dss.xades.signature

Class XAdESSignatureBuilder

java.lang.Object

eu.europa.esig.dss.xades.signature.XAdESBuilder

eu.europa.esig.dss.xades.signature.XAdESSignatureBuilder

All Implemented Interfaces:

SignatureBuilder

public abstract class XAdESSignatureBuilder
extends XAdESBuilder
implements SignatureBuilder

This class implements all the necessary mechanisms to build each form of the XML signature.

Field Summary

Fields

Modifier and Type	Field	Description
protected boolean	built	Indicates if the signature was already built.
protected static String	DEFAULT_CANONICALIZATION_METHOD	The default Canonicalization method.
protected DSSDocument	detachedDocument	This is the reference to the original document to sign
protected String	deterministicId
protected static String	KEYINFO_SUFFIX	id-suffixes for DOM elements
protected String	keyInfoCanonicalizationMethod
protected Element	keyInfoDom
protected static String	OBJECT_ID_SUFFIX
protected Element	qualifyingPropertiesDom
protected static String	REFERENCE_ID_SUFFIX
protected Element	signatureDom
protected Element	signatureValueDom
protected Element	signedDataObjectPropertiesDom
protected String	signedInfoCanonicalizationMethod
protected Element	signedInfoDom
protected String	signedPropertiesCanonicalizationMethod
protected Element	signedPropertiesDom
protected Element	signedSignaturePropertiesDom
protected static String	TIMESTAMP_SUFFIX
protected Element	unsignedSignaturePropertiesDom
protected static String	VALUE_SUFFIX
protected static String	XADES_SUFFIX

Fields inherited from class eu.europa.esig.dss.xades.signature.XAdESBuilder

ALGORITHM, certificateVerifier, documentDom, DS_CANONICALIZATION_METHOD, DS_DIGEST_METHOD, DS_DIGEST_VALUE, DS_KEY_INFO, DS_MANIFEST, DS_OBJECT, DS_REFERENCE, DS_SIGNATURE, DS_SIGNATURE_METHOD, DS_SIGNATURE_VALUE, DS_SIGNED_INFO, DS_TRANSFORM, DS_TRANSFORMS, DS_X509_CERTIFICATE, DS_X509_DATA, DS_X509_ISSUER_NAME, DS_X509_SERIAL_NUMBER, DS_X509_SUBJECT_NAME, DS_XPATH, ID, MIMETYPE, OBJECT_REFERENCE, params, QUALIFIER, REFERENCED_DATA, SIGNATURE, TARGET, TYPE, URI, XADES_ALL_DATA_OBJECTS_TIME_STAMP, XADES_ALL_SIGNED_DATA_OBJECTS, XADES_BY_KEY, XADES_BY_NAME, XADES_CERT, XADES_CERT_DIGEST, XADES_CERT_REFS, XADES_CERTIFICATE_VALUES, XADES_CERTIFIED_ROLE, XADES_CERTIFIED_ROLES, XADES_CERTIFIED_ROLES_V2, XADES_CITY, XADES_CLAIMED_ROLE, XADES_CLAIMED_ROLES, XADES_COMMITMENT_TYPE_ID, XADES_COMMITMENT_TYPE_INDICATION, XADES_COMPLETE_CERTIFICATE_REFS, XADES_COMPLETE_REVOCATION_REFS, XADES_COUNTER_SIGNATURE, XADES_COUNTRY_NAME, XADES_CRL_IDENTIFIER, XADES_CRL_REF, XADES_CRL_REFS, XADES_DATA_OBJECT_FORMAT, XADES_DESCRIPTION, XADES_DIGEST_ALG_AND_VALUE, XADES_ENCAPSULATED_TIME_STAMP, XADES_ENCAPSULATED_X509_CERTIFICATE, XADES_IDENTIFIER, XADES_INCLUDE, XADES_INDIVIDUAL_DATA_OBJECTS_TIME_STAMP, XADES_ISSUER, XADES_ISSUER_SERIAL, XADES_ISSUER_SERIAL_V2, XADES_ISSUER_TIME, XADES_MIME_TYPE, XADES_OCSP_IDENTIFIER, XADES_OCSP_REF, XADES_OCSP_REFS, XADES_OCSP_RESPONDER_ID, XADES_POSTAL_CODE, XADES_PRODUCED_AT, XADES_QUALIFYING_PROPERTIES, XADES_REVOCATION_VALUES, XADES_SIG_AND_REFS_TIME_STAMP, XADES_SIG_AND_REFS_TIME_STAMP_V2, XADES_SIG_POLICY_HASH, XADES_SIG_POLICY_ID, XADES_SIGNATURE_POLICY_ID, XADES_SIGNATURE_POLICY_IDENTIFIER, XADES_SIGNATURE_POLICY_IMPLIED, XADES_SIGNATURE_POLICY_QUALIFIER, XADES_SIGNATURE_POLICY_QUALIFIERS, XADES_SIGNATURE_PRODUCTION_PLACE, XADES_SIGNATURE_PRODUCTION_PLACE_V2, XADES_SIGNATURE_TIME_STAMP, XADES_SIGNED_DATA_OBJECT_PROPERTIES, XADES_SIGNED_PROPERTIES, XADES_SIGNED_SIGNATURE_PROPERTIES, XADES_SIGNER_ROLE, XADES_SIGNER_ROLE_V2, XADES_SIGNING_TIME, XADES_SPURI, XADES_STATE_OR_PROVINCE, XADES_STREET_ADDRESS, XADES_UNSIGNED_PROPERTIES, XADES_UNSIGNED_SIGNATURE_PROPERTIES, XADES141_ARCHIVE_TIME_STAMP, XADES141_TIME_STAMP_VALIDATION_DATA, XMLNS_DS, XMLNS_XADES, xPathQueryHolder

Constructor Summary

Constructors

Constructor	Description
XAdESSignatureBuilder(XAdESSignatureParameters params, DSSDocument detachedDocument, CertificateVerifier certificateVerifier)	The default constructor for SignatureBuilder.

Method Summary

Modifier and Type	Method	Description
protected void	addTimestamp(Element timestampElement, TimestampToken token)	Adds the content of a timestamp into a given timestamp element
protected void	alignNodes()
protected byte[]	applyTransformations(DSSDocument dssDocument, List<DSSTransform> transforms, Node nodeToTransform)
byte[]	build()	This is the main method which is called to build the XML signature
protected Document	buildRootDocumentDom()
protected abstract DSSReference	createReference(DSSDocument document, int referenceIndex)
protected Node	getNodeToCanonicalize(Node node)
protected Node	getParentNodeOfSignature()
protected DigestAlgorithm	getReferenceDigestAlgorithmOrDefault(XAdESSignatureParameters params)	Returns params.referenceDigestAlgorithm if exists, params.digestAlgorithm otherwise
static XAdESSignatureBuilder	getSignatureBuilder(XAdESSignatureParameters params, DSSDocument document, CertificateVerifier certificateVerifier)	Creates the signature according to the packaging
protected void	incorporateFiles()
protected void	incorporateKeyInfo()	Creates KeyInfo tag.
protected void	incorporateObject()	This method incorporates the ds:Object tag
protected void	incorporateReferenceKeyInfo()	Method incorporates KeyInfo ds:References.
protected void	incorporateReferenceSignedProperties()	This method incorporates ds:References
void	incorporateSignatureDom()	This method creates a new instance of Signature element.
protected void	incorporateSignatureValue()	This method incorporates the signature value.
void	incorporateSignedInfo()	This method incorporates the SignedInfo tag
protected void	incorporateSignedProperties()	Creates the SignedProperties DOM object element.
protected void	incorporateSignedSignatureProperties()	Creates the SignedSignatureProperties DOM object element.
protected void	setCanonicalizationMethods(XAdESSignatureParameters params, String canonicalizationMethod)
DSSDocument	signDocument(byte[] signatureValue)	Adds signature value to the signature and returns XML signature (InMemoryDocument)
protected abstract DSSDocument	transformReference(DSSReference reference)	This method performs the reference transformation.

Methods inherited from class eu.europa.esig.dss.xades.signature.XAdESBuilder

createXmlDocument, incorporateCert, incorporateCertificateRef, incorporateDigestMethod, incorporateDigestValue, incorporateDigestValue, incorporateIssuerV1, incorporateIssuerV2

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

built

protected boolean built

Indicates if the signature was already built. (Two steps building)

detachedDocument

protected DSSDocument detachedDocument

This is the reference to the original document to sign

DEFAULT_CANONICALIZATION_METHOD

protected static final String DEFAULT_CANONICALIZATION_METHOD

The default Canonicalization method. Will be used if another is not specified.

See Also:

Constant Field Values

keyInfoCanonicalizationMethod

protected String keyInfoCanonicalizationMethod

signedInfoCanonicalizationMethod

protected String signedInfoCanonicalizationMethod

signedPropertiesCanonicalizationMethod

protected String signedPropertiesCanonicalizationMethod

deterministicId

protected final String deterministicId

signatureDom

protected Element signatureDom

keyInfoDom

protected Element keyInfoDom

signedInfoDom

protected Element signedInfoDom

signatureValueDom

protected Element signatureValueDom

qualifyingPropertiesDom

protected Element qualifyingPropertiesDom

signedPropertiesDom

protected Element signedPropertiesDom

signedSignaturePropertiesDom

protected Element signedSignaturePropertiesDom

signedDataObjectPropertiesDom

protected Element signedDataObjectPropertiesDom

unsignedSignaturePropertiesDom

protected Element unsignedSignaturePropertiesDom

KEYINFO_SUFFIX

protected static final String KEYINFO_SUFFIX

id-suffixes for DOM elements

See Also:

Constant Field Values

TIMESTAMP_SUFFIX

protected static final String TIMESTAMP_SUFFIX

See Also:

Constant Field Values

VALUE_SUFFIX

protected static final String VALUE_SUFFIX

See Also:

Constant Field Values

XADES_SUFFIX

protected static final String XADES_SUFFIX

See Also:

Constant Field Values

OBJECT_ID_SUFFIX

protected static final String OBJECT_ID_SUFFIX

See Also:

Constant Field Values

REFERENCE_ID_SUFFIX

protected static final String REFERENCE_ID_SUFFIX

See Also:

Constant Field Values

Constructor Detail

XAdESSignatureBuilder

public XAdESSignatureBuilder(XAdESSignatureParameters params,
                             DSSDocument detachedDocument,
                             CertificateVerifier certificateVerifier)

The default constructor for SignatureBuilder.

Parameters:

params - The set of parameters relating to the structure and process of the creation or extension of the electronic signature.

detachedDocument - The original document to sign.

certificateVerifier - the certificate verifier with its OCSPSource,...

Method Detail

getSignatureBuilder

public static XAdESSignatureBuilder getSignatureBuilder(XAdESSignatureParameters params,
                                                        DSSDocument document,
                                                        CertificateVerifier certificateVerifier)

Creates the signature according to the packaging

Parameters:

params - The set of parameters relating to the structure and process of the creation or extension of the electronic signature.

document - The original document to sign.

certificateVerifier - the certificate verifier with its OCSPSource,...

Returns:

the signature builder linked to the packaging

setCanonicalizationMethods

protected void setCanonicalizationMethods(XAdESSignatureParameters params,
                                          String canonicalizationMethod)

build

public byte[] build()
             throws DSSException

This is the main method which is called to build the XML signature

Returns:

A byte array is returned with XML that represents the canonicalized SignedInfo segment of signature. This data are used to define the SignatureValue element.

Throws:

DSSException - if an error occurred

incorporateFiles

protected void incorporateFiles()

buildRootDocumentDom

protected Document buildRootDocumentDom()

incorporateSignatureDom

public void incorporateSignatureDom()

This method creates a new instance of Signature element.

getParentNodeOfSignature

protected Node getParentNodeOfSignature()

incorporateSignedInfo

public void incorporateSignedInfo()

This method incorporates the SignedInfo tag

  
   	<ds:SignedInfo>
 			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
   		<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
   		...
   	</ds:SignedInfo>
  
 

incorporateKeyInfo

protected void incorporateKeyInfo()
                           throws DSSException

Creates KeyInfo tag. NOTE: when trust anchor baseline profile policy is defined only the certificates previous to the trust anchor are included.

        
 		<ds:KeyInfo>
 			<ds:X509Data>
  			<ds:X509Certificate>
 					MIIB....
 				</ds:X509Certificate>
 				<ds:X509Certificate>
 					MIIB+...
 				</ds:X509Certificate>
 			</ds:X509Data>
 		</ds:KeyInfo>
 
 

        
 		<ds:KeyInfo>
 			<ds:X509Data>
  			<ds:X509Certificate>
 					MIIB....
 				</ds:X509Certificate>
 				<ds:X509Certificate>
 					MIIB+...
 				</ds:X509Certificate>
 			</ds:X509Data>
 		</ds:KeyInfo>
 
 

Throws:

DSSException - if an error occurred

incorporateObject

protected void incorporateObject()

This method incorporates the ds:Object tag

        
 		<ds:Object>
 			<xades:QualifyingProperties>
 				<xades:SignedProperties>
 					...
 				</xades:SignedProperties>
 			</xades:QualifyingProperties>
 		</ds:Object>
 
 

incorporateReferenceSignedProperties

protected void incorporateReferenceSignedProperties()

This method incorporates ds:References

        
 		<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI=
	"#xades-id-A43023AFEB149830C242377CC941360F">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>uijX/nvuu8g10ZVEklEnYatvFe8=</ds:DigestValue>
		</ds:Reference>
 
 

incorporateReferenceKeyInfo

protected void incorporateReferenceKeyInfo()

Method incorporates KeyInfo ds:References.

        
 		<ds:Reference URI="#keyInfo-id-A43023AFEB149830C242377CC941360F">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>uijX/nvuu2g10ZVEklEnYatvFe4=</ds:DigestValue>
		</ds:Reference>
 
 

getReferenceDigestAlgorithmOrDefault

protected DigestAlgorithm getReferenceDigestAlgorithmOrDefault(XAdESSignatureParameters params)

Returns params.referenceDigestAlgorithm if exists, params.digestAlgorithm otherwise

Returns:

DigestAlgorithm

createReference

protected abstract DSSReference createReference(DSSDocument document,
                                                int referenceIndex)

transformReference

protected abstract DSSDocument transformReference(DSSReference reference)

This method performs the reference transformation. Note that for the time being (4.3.0-RC) only two types of transformation are implemented: canonicalization Transforms.TRANSFORM_XPATH and can be applied only for SignaturePackaging.ENVELOPED.

Parameters:

reference - DSSReference to be transformed

Returns:

DSSDocument containing transformed reference's data

incorporateSignatureValue

protected void incorporateSignatureValue()

This method incorporates the signature value.

incorporateSignedProperties

protected void incorporateSignedProperties()

Creates the SignedProperties DOM object element.

 
 		<SignedProperties Id="xades-ide5c549340079fe19f3f90f03354a5965">
 
 

incorporateSignedSignatureProperties

protected void incorporateSignedSignatureProperties()

Creates the SignedSignatureProperties DOM object element.

 
 		<SignedSignatureProperties>
 		...
 		</SignedSignatureProperties>
 
 

signDocument

public DSSDocument signDocument(byte[] signatureValue)
                         throws DSSException

Adds signature value to the signature and returns XML signature (InMemoryDocument)

Specified by:

signDocument in interface SignatureBuilder

Parameters:

signatureValue -

Returns:

DSSDocument representing the signature

Throws:

DSSException

addTimestamp

protected void addTimestamp(Element timestampElement,
                            TimestampToken token)

Adds the content of a timestamp into a given timestamp element

Parameters:

timestampElement -

applyTransformations

protected byte[] applyTransformations(DSSDocument dssDocument,
                                      List<DSSTransform> transforms,
                                      Node nodeToTransform)

getNodeToCanonicalize

protected Node getNodeToCanonicalize(Node node)

alignNodes

protected void alignNodes()

Specified by:

alignNodes in class XAdESBuilder