Class CAdESLevelBaselineB

java.lang.Object
eu.europa.esig.dss.cades.signature.CAdESLevelBaselineB
Direct Known Subclasses:
PAdESLevelBaselineB
public class CAdESLevelBaselineB extends Object
This class holds the CAdES-B signature profile; it supports the inclusion of the mandatory signed id_aa_ets_sigPolicyId attribute as specified in ETSI TS 101 733 V1.8.1, clause 5.8.1.

  • Constructor Details

    • CAdESLevelBaselineB

      public CAdESLevelBaselineB()
      The default constructor for CAdESLevelBaselineB.

    • CAdESLevelBaselineB

      @Deprecated public CAdESLevelBaselineB(boolean padesUsage)
      Deprecated.
      since DSS 6.4. Please use new PAdESLevelBaselineB() instead.
      The constructor for CAdESLevelBaselineB with a padesUsage indication
      Parameters:
      padesUsage - defines if the CMS signature shall be created a PAdES

    • CAdESLevelBaselineB

      public CAdESLevelBaselineB(DSSDocument documentToSign)
      The constructor for CAdESLevelBaselineB with a documentToSign
      Parameters:
      documentToSign - DSSDocument document to be signed

  • Method Details

    • getUnsignedAttributes

      public org.bouncycastle.asn1.cms.AttributeTable getUnsignedAttributes()
      Return the table of unsigned properties.
      Returns:
      AttributeTable

    • getSignedAttributes

      public org.bouncycastle.asn1.cms.AttributeTable getSignedAttributes(CAdESSignatureParameters parameters)
      Generates and returns a Signed Attributes Table
      Parameters:
      parameters - CAdESSignatureParameters
      Returns:
      AttributeTable representing the signed attributes

    • addSignedAttributes

      protected void addSignedAttributes(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      Adds the signed attributes to the signedAttributes vector
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector

    • addSignerAttribute

      protected void addSignerAttribute(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      ETSI TS 101 733 V2.2.1 (2013-04) 5.11.3 signer-attributes Attribute NOTE 1: Only a single signer-attributes can be used.

      The signer-attributes attribute specifies additional attributes of the signer (e.g. role). It may be either: • claimed attributes of the signer; or • certified attributes of the signer. The signer-attributes attribute shall be a signed attribute.

      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • addSigningTimeAttribute

      protected void addSigningTimeAttribute(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      Adds a signing time attribute
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector

    • addSignerLocation

      protected void addSignerLocation(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      ETSI TS 101 733 V2.2.1 (2013-04) 5.11.2 signer-location Attribute The signer-location attribute specifies a mnemonic for an address associated with the signer at a particular geographical (e.g. city) location. The mnemonic is registered in the country in which the signer is located and is used in the provision of the Public Telegram Service (according to Recommendation ITU-T F.1 [11]). The signer-location attribute shall be a signed attribute.
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • addCommitmentType

      protected void addCommitmentType(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      ETSI TS 101 733 V2.2.1 (2013-04)

      5.11.1 commitment-type-indication Attribute There may be situations where a signer wants to explicitly indicate to a verifier that by signing the data, it illustrates a type of commitment on behalf of the signer. The commitment-type-indication attribute conveys such information.

      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • getCommitmentQualifiers

      protected org.bouncycastle.asn1.ASN1Sequence getCommitmentQualifiers(CommitmentType commitmentType)
      This method creates a set of CommitmentQualifiers.

      CommitmentTypeQualifier ::= SEQUENCE { commitmentQualifierId COMMITMENT-QUALIFIER.&id, qualifier COMMITMENT-QUALIFIER.&Qualifier OPTIONAL } COMMITMENT-QUALIFIER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Qualifier OPTIONAL } WITH SYNTAX { COMMITMENT-QUALIFIER-ID &id [COMMITMENT-TYPE &Qualifier] }

      Parameters:
      commitmentType - CommitmentType
      Returns:
      ASN1Sequence

    • addContentTimestamps

      protected void addContentTimestamps(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      A content time-stamp allows a time-stamp token of the data to be signed to be incorporated into the signed information. It provides proof of the existence of the data before the signature was created.

      A content time-stamp attribute is the time-stamp token of the signed data content before it is signed. This attribute is a signed attribute. Its object identifier is : id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 20}

      Content time-stamp attribute values have ASN.1 type ContentTimestamp: ContentTimestamp ::= TimeStampToken

      The value of messageImprint of TimeStampToken (as described in RFC 3161) is the hash of the message digest as defined in ETSI standard 101733 v.2.2.1, clause 5.6.1.

      NOTE: content-time-stamp indicates that the signed information was formed before the date included in the content-time-stamp. NOTE (bis): There is a small difference in treatment between the content-time-stamp and the archive-timestamp (ATSv2) when the signature is attached. In that case, the content-time-stamp is computed on the raw data (without ASN.1 tag and length) whereas the archive-timestamp is computed on data as read.

      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • addContentHints

      protected void addContentHints(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      ETSI TS 101 733 V2.2.1 (2013-04)

      5.10.3 content-hints Attribute The content-hints attribute provides information on the innermost signed content of a multi-layer message where one content is encapsulated in another. The syntax of the content-hints attribute type of the ES is as defined in ESS (RFC 2634 [5]). When used to indicate the precise format of the data to be presented to the user, the following rules apply: • the contentType indicates the type of the associated content. It is an object identifier (i.e. a unique string of integers) assigned by an authority that defines the content type; and • when the contentType is id-data the contentDescription shall define the presentation format; the format may be defined by MIME types. When the format of the content is defined by MIME types, the following rules apply: • the contentType shall be id-data as defined in CMS (RFC 3852 [4]); • the contentDescription shall be used to indicate the encoding of the data, in accordance with the rules defined RFC 2045 [6]; see annex F for an example of structured contents and MIME. NOTE 1: id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }. NOTE 2: contentDescription is optional in ESS (RFC 2634 [5]). It may be used to complement contentTypes defined elsewhere; such definitions are outside the scope of the present document.

      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • addContentIdentifier

      protected void addContentIdentifier(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      ETSI TS 101 733 V2.2.1 (2013-04)

      5.10.2 content-identifier Attribute The content-identifier attribute provides an identifier for the signed content, for use when a reference may be later required to that content; for example, in the content-reference attribute in other signed data sent later. The content-identifier shall be a signed attribute. content-identifier attribute type values for the ES have an ASN.1 type ContentIdentifier, as defined in ESS (RFC 2634 [5]).

      The minimal content-identifier attribute should contain a concatenation of user-specific identification information (such as a user name or public keying material identification information), a GeneralizedTime string, and a random number.

      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector signed attributes

    • addSignaturePolicyId

      protected void addSignaturePolicyId(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      Adds a signature policy identifier
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector

    • addSigningCertificateAttribute

      protected void addSigningCertificateAttribute(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      Adds a signing-certificate attribute
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector

    • addMimeType

      protected void addMimeType(CAdESSignatureParameters parameters, org.bouncycastle.asn1.ASN1EncodableVector signedAttributes)
      Adds a MimeType attribute
      Parameters:
      parameters - CAdESSignatureParameters
      signedAttributes - ASN1EncodableVector