org.apache.poi.poifs.crypt.dsig
Class SignatureConfig

java.lang.Object
  org.apache.poi.poifs.crypt.dsig.SignatureConfig

public class SignatureConfig
extends java.lang.Object

This class bundles the configuration options used for the existing signature facets. Apart of the thread local members (e.g. opc-package) most values will probably be constant, so it might be configured centrally (e.g. by spring)

SignatureConfig

public SignatureConfig()

init

protected void init(boolean onlyValidation)

Inits and checks the config object. If not set previously, complex configuration properties also get created/initialized via this initialization call.

Parameters:

onlyValidation - if true, only a subset of the properties is initialized, which are necessary for validation. If false, also the other properties needed for signing are been taken care of

addSignatureFacet

public void addSignatureFacet(SignatureFacet signatureFacet)

Parameters:

signatureFacet - the signature facet is appended to facet list

getSignatureFacets

public java.util.List<SignatureFacet> getSignatureFacets()

Returns:

the list of facets, may be empty when the config object is not initialized

setSignatureFacets

public void setSignatureFacets(java.util.List<SignatureFacet> signatureFacets)

Parameters:

signatureFacets - the new list of facets

getDigestAlgo

public HashAlgorithm getDigestAlgo()

Returns:

the main digest algorithm, defaults to sha-1

setDigestAlgo

public void setDigestAlgo(HashAlgorithm digestAlgo)

Parameters:

digestAlgo - the main digest algorithm

getOpcPackage

public OPCPackage getOpcPackage()

Returns:

the opc package to be used by this thread, stored as thread-local

setOpcPackage

public void setOpcPackage(OPCPackage opcPackage)

Parameters:

opcPackage - the opc package to be handled by this thread, stored as thread-local

getKey

public java.security.PrivateKey getKey()

Returns:

the private key

setKey

public void setKey(java.security.PrivateKey key)

Parameters:

key - the private key

getSigningCertificateChain

public java.util.List<java.security.cert.X509Certificate> getSigningCertificateChain()

Returns:

the certificate chain, index 0 is usually the certificate matching the private key

setSigningCertificateChain

public void setSigningCertificateChain(java.util.List<java.security.cert.X509Certificate> signingCertificateChain)

Parameters:

signingCertificateChain - the certificate chain, index 0 should be the certificate matching the private key

getExecutionTime

public java.util.Date getExecutionTime()

Returns:

the time at which the document is signed, also used for the timestamp service. defaults to now

setExecutionTime

public void setExecutionTime(java.util.Date executionTime)

Parameters:

executionTime - sets the time at which the document ought to be signed

getSignaturePolicyService

public SignaturePolicyService getSignaturePolicyService()

Returns:

the service to be used for XAdES-EPES properties. There's no default implementation

setSignaturePolicyService

public void setSignaturePolicyService(SignaturePolicyService signaturePolicyService)

Parameters:

signaturePolicyService - the service to be used for XAdES-EPES properties

getUriDereferencer

public javax.xml.crypto.URIDereferencer getUriDereferencer()

Returns:

the dereferencer used for Reference/@URI attributes, defaults to OOXMLURIDereferencer

setUriDereferencer

public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)

Parameters:

uriDereferencer - the dereferencer used for Reference/@URI attributes

getSignatureDescription

public java.lang.String getSignatureDescription()

Returns:

Gives back the human-readable description of what the citizen will be signing. The default value is "Office OpenXML Document".

setSignatureDescription

public void setSignatureDescription(java.lang.String signatureDescription)

Parameters:

signatureDescription - the human-readable description of what the citizen will be signing.

getCanonicalizationMethod

public java.lang.String getCanonicalizationMethod()

Returns:

the default canonicalization method, defaults to INCLUSIVE

setCanonicalizationMethod

public void setCanonicalizationMethod(java.lang.String canonicalizationMethod)

Parameters:

canonicalizationMethod - the default canonicalization method

getPackageSignatureId

public java.lang.String getPackageSignatureId()

Returns:

The signature Id attribute value used to create the XML signature. Defaults to "idPackageSignature"

setPackageSignatureId

public void setPackageSignatureId(java.lang.String packageSignatureId)

Parameters:

packageSignatureId - The signature Id attribute value used to create the XML signature. A null value will trigger an automatically generated signature Id.

getTspUrl

public java.lang.String getTspUrl()

Returns:

the url of the timestamp provider (TSP)

setTspUrl

public void setTspUrl(java.lang.String tspUrl)

Parameters:

tspUrl - the url of the timestamp provider (TSP)

isTspOldProtocol

public boolean isTspOldProtocol()

Returns:

if true, uses timestamp-request/response mimetype, if false, timestamp-query/reply mimetype

setTspOldProtocol

public void setTspOldProtocol(boolean tspOldProtocol)

Parameters:

tspOldProtocol - defines the timestamp-protocol mimetype

See Also:

isTspOldProtocol()

getTspDigestAlgo

public HashAlgorithm getTspDigestAlgo()

Returns:

the hash algorithm to be used for the timestamp entry. Defaults to the hash algorithm of the main entry

setTspDigestAlgo

public void setTspDigestAlgo(HashAlgorithm tspDigestAlgo)

Parameters:

tspDigestAlgo - the algorithm to be used for the timestamp entry. if null, the hash algorithm of the main entry

getProxyUrl

public java.lang.String getProxyUrl()

Returns:

the proxy url to be used for all communications. Currently this affects the timestamp service

setProxyUrl

public void setProxyUrl(java.lang.String proxyUrl)

Parameters:

proxyUrl - the proxy url to be used for all communications. Currently this affects the timestamp service

getTspService

public TimeStampService getTspService()

Returns:

the timestamp service. Defaults to TSPTimeStampService

setTspService

public void setTspService(TimeStampService tspService)

Parameters:

tspService - the timestamp service

getTspUser

public java.lang.String getTspUser()

Returns:

the user id for the timestamp service - currently only basic authorization is supported

setTspUser

public void setTspUser(java.lang.String tspUser)

Parameters:

tspUser - the user id for the timestamp service - currently only basic authorization is supported

getTspPass

public java.lang.String getTspPass()

Returns:

the password for the timestamp service

setTspPass

public void setTspPass(java.lang.String tspPass)

Parameters:

tspPass - the password for the timestamp service

getTspValidator

public TimeStampServiceValidator getTspValidator()

Returns:

the validator for the timestamp service (certificate)

setTspValidator

public void setTspValidator(TimeStampServiceValidator tspValidator)

Parameters:

tspValidator - the validator for the timestamp service (certificate)

getRevocationDataService

public RevocationDataService getRevocationDataService()

Returns:

the optional revocation data service used for XAdES-C and XAdES-X-L. When null the signature will be limited to XAdES-T only.

setRevocationDataService

public void setRevocationDataService(RevocationDataService revocationDataService)

Parameters:

revocationDataService - the optional revocation data service used for XAdES-C and XAdES-X-L. When null the signature will be limited to XAdES-T only.

getXadesDigestAlgo

public HashAlgorithm getXadesDigestAlgo()

Returns:

hash algorithm used for XAdES. Defaults to the getDigestAlgo()

setXadesDigestAlgo

public void setXadesDigestAlgo(HashAlgorithm xadesDigestAlgo)

Parameters:

xadesDigestAlgo - hash algorithm used for XAdES. When null, defaults to getDigestAlgo()

getUserAgent

public java.lang.String getUserAgent()

Returns:

the user agent used for http communication (e.g. to the TSP)

setUserAgent

public void setUserAgent(java.lang.String userAgent)

Parameters:

userAgent - the user agent used for http communication (e.g. to the TSP)

getTspRequestPolicy

public java.lang.String getTspRequestPolicy()

Returns:

the asn.1 object id for the tsp request policy. Defaults to 1.3.6.1.4.1.13762.3

setTspRequestPolicy

public void setTspRequestPolicy(java.lang.String tspRequestPolicy)

Parameters:

tspRequestPolicy - the asn.1 object id for the tsp request policy.

isIncludeEntireCertificateChain

public boolean isIncludeEntireCertificateChain()

Returns:

true, if the whole certificate chain is included in the signature. When false, only the signer cert will be included

setIncludeEntireCertificateChain

public void setIncludeEntireCertificateChain(boolean includeEntireCertificateChain)

Parameters:

includeEntireCertificateChain - if true, include the whole certificate chain. If false, only include the signer cert

isIncludeIssuerSerial

public boolean isIncludeIssuerSerial()

Returns:

if true, issuer serial number is included

setIncludeIssuerSerial

public void setIncludeIssuerSerial(boolean includeIssuerSerial)

Parameters:

includeIssuerSerial - if true, issuer serial number is included

isIncludeKeyValue

public boolean isIncludeKeyValue()

Returns:

if true, the key value of the public key (certificate) is included

setIncludeKeyValue

public void setIncludeKeyValue(boolean includeKeyValue)

Parameters:

includeKeyValue - if true, the key value of the public key (certificate) is included

getXadesRole

public java.lang.String getXadesRole()

Returns:

the xades role element. If null the claimed role element is omitted. Defaults to null

setXadesRole

public void setXadesRole(java.lang.String xadesRole)

Parameters:

xadesRole - the xades role element. If null the claimed role element is omitted.

getXadesSignatureId

public java.lang.String getXadesSignatureId()

Returns:

the Id for the XAdES SignedProperties element. Defaults to idSignedProperties

setXadesSignatureId

public void setXadesSignatureId(java.lang.String xadesSignatureId)

Parameters:

xadesSignatureId - the Id for the XAdES SignedProperties element. When null defaults to idSignedProperties

isXadesSignaturePolicyImplied

public boolean isXadesSignaturePolicyImplied()

Returns:

when true, include the policy-implied block. Defaults to true

setXadesSignaturePolicyImplied

public void setXadesSignaturePolicyImplied(boolean xadesSignaturePolicyImplied)

Parameters:

xadesSignaturePolicyImplied - when true, include the policy-implied block

isXadesIssuerNameNoReverseOrder

public boolean isXadesIssuerNameNoReverseOrder()

Make sure the DN is encoded using the same order as present within the certificate. This is an Office2010 work-around. Should be reverted back. XXX: not correct according to RFC 4514.

Returns:

when true, the issuer DN is used instead of the issuer X500 principal

setXadesIssuerNameNoReverseOrder

public void setXadesIssuerNameNoReverseOrder(boolean xadesIssuerNameNoReverseOrder)

Parameters:

xadesIssuerNameNoReverseOrder - when true, the issuer DN instead of the issuer X500 prinicpal is used

getSignatureMarshalListener

public org.w3c.dom.events.EventListener getSignatureMarshalListener()

Returns:

the event listener which is active while xml structure for the signature is created. Defaults to SignatureMarshalListener

setSignatureMarshalListener

public void setSignatureMarshalListener(org.w3c.dom.events.EventListener signatureMarshalListener)

Parameters:

signatureMarshalListener - the event listener watching the xml structure generation for the signature

getNamespacePrefixes

public java.util.Map<java.lang.String,java.lang.String> getNamespacePrefixes()

Returns:

the map of namespace uri (key) to prefix (value)

setNamespacePrefixes

public void setNamespacePrefixes(java.util.Map<java.lang.String,java.lang.String> namespacePrefixes)

Parameters:

namespacePrefixes - the map of namespace uri (key) to prefix (value)

nvl

protected static <T> T nvl(T value,
                           T defaultValue)

helper method for null/default value handling

Parameters:

value -

defaultValue -

Returns:

if value is not null, return value otherwise defaultValue

getHashMagic

public byte[] getHashMagic()

Each digest method has its own IV (initial vector)

Returns:

the IV depending on the main digest method

getSignatureMethodUri

public java.lang.String getSignatureMethodUri()

Returns:

the uri for the signature method, i.e. currently only rsa is supported, so it's the rsa variant of the main digest

getDigestMethodUri

public java.lang.String getDigestMethodUri()

Returns:

the uri for the main digest

getDigestMethodUri

public static java.lang.String getDigestMethodUri(HashAlgorithm digestAlgo)

Parameters:

digestAlgo - the digest algo, currently only sha* and ripemd160 is supported

Returns:

the uri for the given digest

setSignatureFactory

public void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)

Parameters:

signatureFactory - the xml signature factory, saved as thread-local

getSignatureFactory

public javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()

Returns:

the xml signature factory (thread-local)

setKeyInfoFactory

public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)

Parameters:

keyInfoFactory - the key factory, saved as thread-local

getKeyInfoFactory

public javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()

Returns:

the key factory (thread-local)

getProvider

public java.security.Provider getProvider()

This method tests the existence of xml signature provider in the following order:

• the class pointed to by the system property "jsr105Provider"
• the Santuario xmlsec provider
• the JDK xmlsec provider

For signing the classes are linked against the Santuario xmlsec, so this might only work for validation (not tested).

Returns:

the xml dsig provider

getXadesCanonicalizationMethod

public java.lang.String getXadesCanonicalizationMethod()

Returns:

the cannonicalization method for XAdES-XL signing. Defaults to EXCLUSIVE

See Also:

javax.xml.crypto.dsig.CanonicalizationMethod

setXadesCanonicalizationMethod

public void setXadesCanonicalizationMethod(java.lang.String xadesCanonicalizationMethod)

Parameters:

xadesCanonicalizationMethod - the cannonicalization method for XAdES-XL signing

See Also:

javax.xml.crypto.dsig.CanonicalizationMethod