Package org.apache.poi.poifs.crypt.dsig

Class SignatureConfig

  • public class SignatureConfig
extends Object
    This class bundles the configuration options used for the existing signature facets. Apart of the thread local members (e.g. opc-package) most values will probably be constant, so it might be configured centrally (e.g. by spring)

    • Constructor Detail

      • SignatureConfig

        public SignatureConfig()

    • Method Detail

      • addSignatureFacet

        public void addSignatureFacet​(SignatureFacet signatureFacet)
        Parameters:
        signatureFacet - the signature facet is appended to facet list

      • getSignatureFacets

        public List<SignatureFacet> getSignatureFacets()
        Returns:
        the list of facets, may be empty when the config object is not initialized

      • setSignatureFacets

        public void setSignatureFacets​(List<SignatureFacet> signatureFacets)
        Parameters:
        signatureFacets - the new list of facets

      • getDigestAlgo

        public HashAlgorithm getDigestAlgo()
        Returns:
        the main digest algorithm, defaults to sha256

      • setDigestAlgo

        public void setDigestAlgo​(HashAlgorithm digestAlgo)
        Parameters:
        digestAlgo - the main digest algorithm

      • getOpcPackage

        public OPCPackage getOpcPackage()
        Returns:
        the opc package to be used by this thread, stored as thread-local

      • setOpcPackage

        public void setOpcPackage​(OPCPackage opcPackage)
        Parameters:
        opcPackage - the opc package to be handled by this thread, stored as thread-local

      • getKey

        public PrivateKey getKey()
        Returns:
        the private key

      • setKey

        public void setKey​(PrivateKey key)
        Parameters:
        key - the private key

      • getSigningCertificateChain

        public List<X509Certificate> getSigningCertificateChain()
        Returns:
        the certificate chain, index 0 is usually the certificate matching the private key

      • setSigningCertificateChain

        public void setSigningCertificateChain​(List<X509Certificate> signingCertificateChain)
        Parameters:
        signingCertificateChain - the certificate chain, index 0 should be the certificate matching the private key

      • getExecutionTime

        public Date getExecutionTime()
        Returns:
        the time at which the document is signed, also used for the timestamp service. defaults to now

      • setExecutionTime

        public void setExecutionTime​(Date executionTime)
        Parameters:
        executionTime - sets the time at which the document ought to be signed

      • formatExecutionTime

        public String formatExecutionTime()
        Returns:
        the formatted execution time (SIGNATURE_TIME_FORMAT)
        Since:
        POI 4.0.0

      • setExecutionTime

        public void setExecutionTime​(String executionTime)
        Sets the executionTime which is in standard format (SIGNATURE_TIME_FORMAT)
        Parameters:
        executionTime - the execution time
        Since:
        POI 4.0.0

      • getSignaturePolicyService

        public SignaturePolicyService getSignaturePolicyService()
        Returns:
        the service to be used for XAdES-EPES properties. There's no default implementation

      • setSignaturePolicyService

        public void setSignaturePolicyService​(SignaturePolicyService signaturePolicyService)
        Parameters:
        signaturePolicyService - the service to be used for XAdES-EPES properties

      • setUriDereferencer

        public void setUriDereferencer​(URIDereferencer uriDereferencer)
        Parameters:
        uriDereferencer - the dereferencer used for Reference/@URI attributes

      • getSignatureDescription

        public String getSignatureDescription()
        Returns:
        Gives back the human-readable description of what the citizen will be signing. The default value is "Office OpenXML Document".

      • setSignatureDescription

        public void setSignatureDescription​(String signatureDescription)
        Parameters:
        signatureDescription - the human-readable description of what the citizen will be signing.

      • getCanonicalizationMethod

        public String getCanonicalizationMethod()
        Returns:
        the default canonicalization method, defaults to INCLUSIVE

      • setCanonicalizationMethod

        public void setCanonicalizationMethod​(String canonicalizationMethod)
        Parameters:
        canonicalizationMethod - the default canonicalization method

      • getPackageSignatureId

        public String getPackageSignatureId()
        Returns:
        The signature Id attribute value used to create the XML signature. Defaults to "idPackageSignature"

      • setPackageSignatureId

        public void setPackageSignatureId​(String packageSignatureId)
        Parameters:
        packageSignatureId - The signature Id attribute value used to create the XML signature. A null value will trigger an automatically generated signature Id.

      • getTspUrl

        public String getTspUrl()
        Returns:
        the url of the timestamp provider (TSP)

      • setTspUrl

        public void setTspUrl​(String tspUrl)
        Parameters:
        tspUrl - the url of the timestamp provider (TSP)

      • isTspOldProtocol

        public boolean isTspOldProtocol()
        Returns:
        if true, uses timestamp-request/response mimetype, if false, timestamp-query/reply mimetype

      • setTspOldProtocol

        public void setTspOldProtocol​(boolean tspOldProtocol)
        Parameters:
        tspOldProtocol - defines the timestamp-protocol mimetype
        See Also:
        isTspOldProtocol()

      • getTspDigestAlgo

        public HashAlgorithm getTspDigestAlgo()
        Returns:
        the hash algorithm to be used for the timestamp entry. Defaults to the hash algorithm of the main entry

      • setTspDigestAlgo

        public void setTspDigestAlgo​(HashAlgorithm tspDigestAlgo)
        Parameters:
        tspDigestAlgo - the algorithm to be used for the timestamp entry. if null, the hash algorithm of the main entry

      • getProxyUrl

        public String getProxyUrl()
        Returns:
        the proxy url to be used for all communications. Currently this affects the timestamp service

      • setProxyUrl

        public void setProxyUrl​(String proxyUrl)
        Parameters:
        proxyUrl - the proxy url to be used for all communications. Currently this affects the timestamp service

      • setTspService

        public void setTspService​(TimeStampService tspService)
        Parameters:
        tspService - the timestamp service

      • getTspUser

        public String getTspUser()
        Returns:
        the user id for the timestamp service - currently only basic authorization is supported

      • setTspUser

        public void setTspUser​(String tspUser)
        Parameters:
        tspUser - the user id for the timestamp service - currently only basic authorization is supported

      • getTspPass

        public String getTspPass()
        Returns:
        the password for the timestamp service

      • setTspPass

        public void setTspPass​(String tspPass)
        Parameters:
        tspPass - the password for the timestamp service

      • getTspValidator

        public TimeStampServiceValidator getTspValidator()
        Returns:
        the validator for the timestamp service (certificate)

      • setTspValidator

        public void setTspValidator​(TimeStampServiceValidator tspValidator)
        Parameters:
        tspValidator - the validator for the timestamp service (certificate)

      • getRevocationDataService

        public RevocationDataService getRevocationDataService()
        Returns:
        the optional revocation data service used for XAdES-C and XAdES-X-L. When null the signature will be limited to XAdES-T only.

      • setRevocationDataService

        public void setRevocationDataService​(RevocationDataService revocationDataService)
        Parameters:
        revocationDataService - the optional revocation data service used for XAdES-C and XAdES-X-L. When null the signature will be limited to XAdES-T only.

      • setXadesDigestAlgo

        public void setXadesDigestAlgo​(HashAlgorithm xadesDigestAlgo)
        Parameters:
        xadesDigestAlgo - hash algorithm used for XAdES. When null, defaults to getDigestAlgo()

      • setXadesDigestAlgo

        public void setXadesDigestAlgo​(String xadesDigestAlgo)
        Parameters:
        xadesDigestAlgo - hash algorithm used for XAdES. When null, defaults to getDigestAlgo()
        Since:
        POI 4.0.0

      • getUserAgent

        public String getUserAgent()
        Returns:
        the user agent used for http communication (e.g. to the TSP)

      • setUserAgent

        public void setUserAgent​(String userAgent)
        Parameters:
        userAgent - the user agent used for http communication (e.g. to the TSP)

      • getTspRequestPolicy

        public String getTspRequestPolicy()
        Returns:
        the asn.1 object id for the tsp request policy. Defaults to 1.3.6.1.4.1.13762.3

      • setTspRequestPolicy

        public void setTspRequestPolicy​(String tspRequestPolicy)
        Parameters:
        tspRequestPolicy - the asn.1 object id for the tsp request policy.

      • isIncludeEntireCertificateChain

        public boolean isIncludeEntireCertificateChain()
        Returns:
        true, if the whole certificate chain is included in the signature. When false, only the signer cert will be included

      • setIncludeEntireCertificateChain

        public void setIncludeEntireCertificateChain​(boolean includeEntireCertificateChain)
        Parameters:
        includeEntireCertificateChain - if true, include the whole certificate chain. If false, only include the signer cert

      • isIncludeIssuerSerial

        public boolean isIncludeIssuerSerial()
        Returns:
        if true, issuer serial number is included

      • setIncludeIssuerSerial

        public void setIncludeIssuerSerial​(boolean includeIssuerSerial)
        Parameters:
        includeIssuerSerial - if true, issuer serial number is included

      • isIncludeKeyValue

        public boolean isIncludeKeyValue()
        Returns:
        if true, the key value of the public key (certificate) is included

      • setIncludeKeyValue

        public void setIncludeKeyValue​(boolean includeKeyValue)
        Parameters:
        includeKeyValue - if true, the key value of the public key (certificate) is included

      • getXadesRole

        public String getXadesRole()
        Returns:
        the xades role element. If null the claimed role element is omitted. Defaults to null

      • setXadesRole

        public void setXadesRole​(String xadesRole)
        Parameters:
        xadesRole - the xades role element. If null the claimed role element is omitted.

      • getXadesSignatureId

        public String getXadesSignatureId()
        Returns:
        the Id for the XAdES SignedProperties element. Defaults to idSignedProperties

      • setXadesSignatureId

        public void setXadesSignatureId​(String xadesSignatureId)
        Parameters:
        xadesSignatureId - the Id for the XAdES SignedProperties element. When null defaults to idSignedProperties

      • isXadesSignaturePolicyImplied

        public boolean isXadesSignaturePolicyImplied()
        Returns:
        when true, include the policy-implied block. Defaults to true

      • setXadesSignaturePolicyImplied

        public void setXadesSignaturePolicyImplied​(boolean xadesSignaturePolicyImplied)
        Parameters:
        xadesSignaturePolicyImplied - when true, include the policy-implied block

      • isXadesIssuerNameNoReverseOrder

        public boolean isXadesIssuerNameNoReverseOrder()
        Make sure the DN is encoded using the same order as present within the certificate. This is an Office2010 work-around. Should be reverted back. XXX: not correct according to RFC 4514.
        Returns:
        when true, the issuer DN is used instead of the issuer X500 principal

      • setXadesIssuerNameNoReverseOrder

        public void setXadesIssuerNameNoReverseOrder​(boolean xadesIssuerNameNoReverseOrder)
        Parameters:
        xadesIssuerNameNoReverseOrder - when true, the issuer DN instead of the issuer X500 prinicpal is used

      • getSignatureMarshalListener

        public EventListener getSignatureMarshalListener()
        Returns:
        the event listener which is active while xml structure for the signature is created. Defaults to SignatureMarshalListener

      • setSignatureMarshalListener

        public void setSignatureMarshalListener​(EventListener signatureMarshalListener)
        Parameters:
        signatureMarshalListener - the event listener watching the xml structure generation for the signature

      • getNamespacePrefixes

        public Map<String,​String> getNamespacePrefixes()
        Returns:
        the map of namespace uri (key) to prefix (value)

      • setNamespacePrefixes

        public void setNamespacePrefixes​(Map<String,​String> namespacePrefixes)
        Parameters:
        namespacePrefixes - the map of namespace uri (key) to prefix (value)

      • getSignatureMethodUri

        public String getSignatureMethodUri()
        Returns:
        the uri for the signature method, i.e. currently only rsa is supported, so it's the rsa variant of the main digest

      • getDigestMethodUri

        public String getDigestMethodUri()
        Returns:
        the uri for the main digest

      • getDigestMethodUri

        public static String getDigestMethodUri​(HashAlgorithm digestAlgo)
        Converts the digest algorithm - currently only sha* and ripemd160 is supported. MS Office only supports sha1, sha256, sha384, sha512.
        Parameters:
        digestAlgo - the digest algorithm
        Returns:
        the uri for the given digest

      • setSignatureMethodFromUri

        public void setSignatureMethodFromUri​(String signatureMethodUri)
        Set the digest algorithm based on the method uri. This is used when a signature was successful validated and the signature configuration is updated
        Parameters:
        signatureMethodUri - the method uri
        Since:
        POI 4.0.0

      • setSignatureFactory

        public void setSignatureFactory​(XMLSignatureFactory signatureFactory)
        Parameters:
        signatureFactory - the xml signature factory, saved as thread-local

      • getSignatureFactory

        public XMLSignatureFactory getSignatureFactory()
        Returns:
        the xml signature factory (thread-local)

      • setKeyInfoFactory

        public void setKeyInfoFactory​(KeyInfoFactory keyInfoFactory)
        Parameters:
        keyInfoFactory - the key factory, saved as thread-local

      • getKeyInfoFactory

        public KeyInfoFactory getKeyInfoFactory()
        Returns:
        the key factory (thread-local)

      • getProvider

        public Provider getProvider()
        This method tests the existence of xml signature provider in the following order:
        • the class pointed to by the system property "jsr105Provider"
        • the Santuario xmlsec provider
        • the JDK xmlsec provider
        For signing the classes are linked against the Santuario xmlsec, so this might only work for validation (not tested).
        Returns:
        the xml dsig provider

      • setXadesCanonicalizationMethod

        public void setXadesCanonicalizationMethod​(String xadesCanonicalizationMethod)
        Parameters:
        xadesCanonicalizationMethod - the cannonicalization method for XAdES-XL signing
        See Also:
        javax.xml.crypto.dsig.CanonicalizationMethod

      • isUpdateConfigOnValidate

        public boolean isUpdateConfigOnValidate()
        Returns:
        true, if the signature config is to be updated based on the successful validated document
        Since:
        POI 4.0.0

      • setUpdateConfigOnValidate

        public void setUpdateConfigOnValidate​(boolean updateConfigOnValidate)
        The signature config can be updated if a document is succesful validated. This flag is used for activating this modifications. Defaults to false

        Parameters:
        updateConfigOnValidate - if true, update config on validate
        Since:
        POI 4.0.0