ESYAE-imza Kütüphaneleri

Bu sayfa salt okunur. Kaynağı görebilirsiniz ama değiştiremezsiniz. Bunun yanlış olduğunu düşünüyorsanız yöneticiye danışın.

<h1>API USAGE</h1> <div class="level1"> </div> <h2>Signature Creation</h2> <div class="level2"> </div> <h3>(ES-BES) Signature Creation</h3> <div class="level3"> <p> <em><</em>sxh java;highlight:[8,11] ;title:Java & .NET> <em> create signature contained SignatureContainer container = SignatureFactory.createContainer(SignatureFormat.CAdES, context); </em> create signature object in the container Signature signature = container.createSignature(certificate); </p> <p> <em> add content to be signed signature.addContent(new SignableFile(file), false); </em> sign signature.sign(cardSigner); </p> <p> <em> write the signature to a File container.write(new FileOuputStream(fileName)); </em><<em>/sxh> ==== ES-T Signature Creation ==== </em><<em>sxh java;highlight:[11];title:Java & .NET Code> </em> create signature object in the container Signature signature = container.createSignature(certificate); </p> <p> <em> add content to be signed signature.addContent(new SignableFile(file), false); </em> sign signature.sign(cardSigner); </p> <p> <em> upgrade the signature to ES-T signature.upgrade(SignatureType.ES_T); </em> write the signature to a File container.write(new FileOuputStream(fileName)); <em><</em>/sxh> </p> </div> <h2>Signatue Upgrades</h2> <div class="level2"> </div> <h3>Converting ES-BES to ES-T</h3> <div class="level3"> <p> <em><</em>sxh java; highlight:[8]; title:Java Code> <em> Read the signature container from a file SignatureContainer container = SignatureFactory.readContainer(fileInputStream); </em> Take the first signature Signature signature = container.getSignatures().get(0); </p> <p> <em> Upgrade the signature to ES-T signature.upgrade(SignatureType.ES_T); </em> write the signature to a File container.write(new FileOuputStream(fileName)); <em><</em>/sxh> </p> <p> <em><</em>sxh csharp; highlight:[8]; title:.NET Code> <em> Read the signature container from a file SignatureContainer container = SignatureFactory.readContainer(fileInputStream); </em> Take the first signature Signature signature = container.getSignatures()[0]; </p> <p> <em> Upgrade the signature to ES-T signature.upgrade(SignatureType.ES_T); </em> write the signature to a File container.write(new FileOuputStream(fileName)); <em><</em>/sxh> </p> </div> <h3>ES-XL Signature</h3> <div class="level3"> <p> In order to create a signature of type ES-XL, it is enough to change the line in the ES-T signature creation sample </p> <p> <em><</em>sxh java> <em> create … </em> upgrade signature.upgrade(SignatureType.ES_T); <em><</em>/sxh> </p> <p> with the line below </p> <p> <em><</em>sxh java> <em> upgrade signature.upgrade(SignatureType.ES_XL); </em><<em>/sxh> ===== Signature Verification ===== <code>verifyAll()</code> method in <code>SignatureContainer</code> is used for signature verification. </em><<em>sxh java; highlight:[6]; title:Java Code> </em> read the signature SignatureContainer container = SignatureFactory.readContainer(inputstream); inputstream.close(); </p> <p> <em> verify ContainerValidationResult cvr = container.verifyAll(); </em> are all the signatures in the container valid? assertEquals(ContainerValidationResultType.ALL_VALID, cvr.getResultType()); <em><</em>/sxh> </p> <p> <em><</em>sxh csharp; highlight:[6]; title:.NET Code > <em> read the signature SignatureContainer container = SignatureFactory.readContainer(inputstream); inputstream.Close(); </em> verify ContainerValidationResult cvr = container.verifyAll(); </p> <p> <em> are all the signatures in the container valid? Assert.AreEqual(ContainerValidationResultType.ALL_VALID, cvr.getResultType()); </em><<em>/sxh> ==== Signature Verification Result Object ==== The method <code>toString()</code> in signature verification result object returns the signature object hierarchy as a tree. The verification result of <code>SignatureContainer</code> is <code>ContainerValidationResult</code> where as that of each signature is <code>SignatureValidationResult</code>. <code>ContainerValidationResult</code> object includes those <code>SignatureValidationResult</code> objects. To interpret the signature verification result the field <code>ContainerValidationResultType</code> in the class <code>ContainerValidationResult' is used. To identify which signatures are invalid, the corresponding signature results must be inspected. <em><</em>sxh java; title: Java Code> <em> NOTE this method already exists in ContainerValidationResult !!! public List</em><<em>SignatureValidationResult> getInvalidValidationResults() { List&lt;SignatureValidationResult&gt; invalids = new ArrayList&lt;SignatureValidationResult&gt;(); </em> scan root signatures for (Signature signature : results.keySet()) { <em> scan counter signatures traceResults(results.get(signature), invalids); } return invalids; } private void traceResults(SignatureValidationResult svr, List&lt;SignatureValidationResult&gt; invalids) { </em> is valid? if (svr.getResultType() != ValidationResultType.VALID) { invalids.add(svr); } <em> counter signatures if (svr.getCounterSignatureValidationResults() != null) { for (SignatureValidationResult counter : svr.getCounterSignatureValidationResults()) { traceResults(counter, invalids); } } } </em><<em>/sxh> </em><<em>sxh csharp; title:.NET Code> ContainerValidationResult cvr = container.verifyAll(); </em> scan all verification results in the container for (Signature signature : cvr.getAllResults().Keys){ <em> signature verification result SignatureValidationResult svr = cvr.getAllResults().get(signature); </em> is valied? if (svr.getResultType != ValidationResultType.VALID) Console.WriteLine("Geçersiz imza "+svr); } <em><</em>/sxh> ===== Multiple Signatures ===== ==== Adding Signature ==== === Counter Signature === The signature of another signature is named as counter signature. For example, the employee signs a request and the manager signs that signature as a confirmation of the request. To create counter signature, you can use the method </code>createCounterSignature(Certificate)<code> in </code>Signature<code>. <em><</em>sxh java;title:Java Code;> <em> read the signature container SignatureContainer sc = SignatureFactory.readContainer(fileInputStream); </em> take the first signature Signature s = sc.getSignatures().get(0); <em> create counter signature object Signature counter= s.createCounterSignature(counterSignersCertificate); </em> sign counter.sign(cardSigner); <em> write the signature container to a file sc.write(new FileOuputStream(fileName)); </em><<em>/sxh> </em><<em>sxh csharp; title:.NET Code;> </em> read the signature container SignatureContainer sc = SignatureFactory.readContainer(fileInputStream); <em> take the first signature Signature s = sc.getSignatures()[0]; </em> create counter signature object Signature counter= s.createCounterSignature(counterSignersCertificate); <em> sign counter.sign(cardSigner); </em> write the signature container to a file sc.write(new FileOuputStream(fileName)); <em><</em>/sxh> === Parallel Signature === Whenever the method </code>createSignature()<code> in </code>SignatureContainer<code> is caleed, a signature is created and added into the container. These independent signatures in the container are called as <b>paralel signature</b>. <em><</em>sxh java; title:Java & .NET Code;> <em> read the signature container SignatureContainer container = SignatureFactory.readContainer(fileInputStream); Signature s1 = container.createSignature(certificate1); s.addContent(new SignableFile(file), true); s.sign(signer1); Signature s2 = container.createSignature(certificate2); s2.addContent(new SignableFile(file), true); s2.sign(signer2); </em> write the signature to a file container.write(new FileOuputStream(fileName)); <em><</em>/sxh> ==== Extracting Signature ==== To extract the signature from a signed document the method </code>detachFromParent()<code> is used. If the signature to be extracted is a counter signature it is extracted from the parent signature. The extracted signatures contains all of its children counter signatures. <em><</em>sxh java;title:Java Code> <em> take the first signature Signature s = sc.getSignatures().get(0); </em> take the first counter signature Signature counterSignature = s.getCounterSignatures().get(0); <em> extract the counter signature and its children counterSignature.detachFromParent(); </em> write the signature container.write(stream); .NET Code <em> take the first signature Signature s = sc.getSignatures()[0]; </em> take the first counter signature Signature counterSignature = s.getCounterSignatures()[0]; <em> extract the counter signature and its children counterSignature.detachFromParent(); </em> write the signature container.write(stream); <em><</em>/sxh> ===== Creation of Signatures with Profiles ===== For the detailed information about signature profiles, see <a href="/esya-api/doku.php?id=en:esya:eimza:profiller" class="wikilink1" title="en:esya:eimza:profiller">Signature Profiles</a> The class </code>TurkishESigProfiles'' contains the policies for the signature profiles defined in Turkey. ==== P1 Signature Creation ==== P1 is ES-BES which generally contains the signing time. </em><<em>sxh java; title:Java & .NET Code;> SignatureContainer container = SignatureFactory.createContainer(format); Signature signature = container.createSignature(signersCertificate); signature.addContent(contentToSign, true); signature.setSigningTime(Calendar.getInstance()); signature.sign(cardSigner); </em> write container.write(stream); <em><</em>/sxh> </p> </div> <h3>P2 Signature Creation</h3> <div class="level3"> <p> P2 signature contains timestamp. </p> <p> <em><</em>sxh java; title:Java & .NET Code> SignatureContainer container = SignatureFactory.createContainer(format); Signature signature = container.createSignature(signersCertificate); signature.addContent(contentToSign, true); <em> signature time signature.setSigningTime(Calendar.getInstance()); </em> signature policy signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P2v1); <em> sign signature.sign(cardSigner); </em> upgrade to ES-T (add timestamp) signature.upgrade(SignatureType.ES_T); <em> write container.write(stream); </em><<em>/sxh> ==== P3 Signature Creation ==== The signature profile P3 is used for long-term signatures where CRL is available. </em><<em>sxh java;title:Java & .NET Code;> </em> create context Context context = new Context(new File(workingDir).toURI()); </p> <p> <em> proper certificate validation policy (use always OCSP when available) context.getConfig().setCertificateValidationPolicy(crlOnlyPolicy); </em> create signature container SignatureContainer c = SignatureFactory.createContainer(format, context); Signature signature = c.createSignature(signersCertificate); </p> <p> <em> content to be signed signature.addContent(contentToSign, true); </em> signature time signature.setSigningTime(Calendar.getInstance()); </p> <p> <em> signature policy signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P3v1); </em> sign signature.sign(cardSigner); <em> upgrade to ES-XLong) signature.upgrade(SignatureType.ES_XL); </em> sign c.write(stream); <em><</em>/sxh> </p> </div> <h3>P4 Signature Creation</h3> <div class="level3"> <p> The signature profile P4 is used for long-term signatures where OCSP is available. </p> <p> <em><</em>sxh java; title:Java & .NET Code> <em> create context Context context = new Context(new File(workingDir).toURI()); </em> proper certificate validation policy (use always OCSP when available) context.getConfig().setCertificateValidationPolicy(ocspFirstPolicy); </p> <p> <em> create signature SignatureContainer c = SignatureFactory.createContainer(format, context); Signature signature = c.createSignature(signersCertificate); </em> content to be signed signature.addContent(contentToSign, true); <em> signature time signature.setSigningTime(Calendar.getInstance()); </em> signature policy signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P4v1); </p> <p> <em> sign signature.sign(cardSigner); </em> upgrade to ES-XLong) signature.upgrade(SignatureType.ES_XL); <em> write c.write(stream); </em><<em>/sxh> </p> </div>