====== API USAGE ======
===== Signature Creation =====
==== (ES-BES) Signature Creation ====
// create signature contained
SignatureContainer container = SignatureFactory.createContainer(SignatureFormat.CAdES, context);
// create signature object in the container
Signature signature = container.createSignature(certificate);
// add content to be signed
signature.addContent(new SignableFile(file), false);
// sign
signature.sign(cardSigner);
// write the signature to a File
container.write(new FileOuputStream(fileName));
==== ES-T Signature Creation ====
// create signature object in the container
Signature signature = container.createSignature(certificate);
// add content to be signed
signature.addContent(new SignableFile(file), false);
// sign
signature.sign(cardSigner);
// upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);
// write the signature to a File
container.write(new FileOuputStream(fileName));
===== Signatue Upgrades =====
==== Converting ES-BES to ES-T ====
// Read the signature container from a file
SignatureContainer container = SignatureFactory.readContainer(fileInputStream);
// Take the first signature
Signature signature = container.getSignatures().get(0);
// Upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);
// write the signature to a File
container.write(new FileOuputStream(fileName));
// Read the signature container from a file
SignatureContainer container = SignatureFactory.readContainer(fileInputStream);
// Take the first signature
Signature signature = container.getSignatures()[0];
// Upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);
// write the signature to a File
container.write(new FileOuputStream(fileName));
==== ES-XL Signature ====
In order to create a signature of type ES-XL, it is enough to change the line in the ES-T signature creation
sample
// create
...
// upgrade
signature.upgrade(SignatureType.ES_T);
with the line below
// upgrade
signature.upgrade(SignatureType.ES_XL);
===== Signature Verification =====
''verifyAll()'' method in ''SignatureContainer'' is used for signature verification.
// read the signature
SignatureContainer container = SignatureFactory.readContainer(inputstream);
inputstream.close();
// verify
ContainerValidationResult cvr = container.verifyAll();
// are all the signatures in the container valid?
assertEquals(ContainerValidationResultType.ALL_VALID, cvr.getResultType());
// read the signature
SignatureContainer container = SignatureFactory.readContainer(inputstream);
inputstream.Close();
// verify
ContainerValidationResult cvr = container.verifyAll();
// are all the signatures in the container valid?
Assert.AreEqual(ContainerValidationResultType.ALL_VALID, cvr.getResultType());
==== Signature Verification Result Object ====
The method ''toString()'' in signature verification result object returns the signature object hierarchy as a tree.
The verification result of ''SignatureContainer'' is ''ContainerValidationResult'' where as that of each signature is ''SignatureValidationResult''. ''ContainerValidationResult'' object includes those ''SignatureValidationResult'' objects.
To interpret the signature verification result the field ''ContainerValidationResultType'' in the class ''ContainerValidationResult'' is used.
To identify which signatures are invalid, the corresponding signature results must be inspected.
// NOTE this method already exists in ContainerValidationResult !!!
public List getInvalidValidationResults()
{
List invalids =
new ArrayList();
// scan root signatures
for (Signature signature : results.keySet()) {
// scan counter signatures
traceResults(results.get(signature), invalids);
}
return invalids;
}
private void traceResults(SignatureValidationResult svr,
List invalids)
{
// is valid?
if (svr.getResultType() != ValidationResultType.VALID) {
invalids.add(svr);
}
// counter signatures
if (svr.getCounterSignatureValidationResults() != null) {
for (SignatureValidationResult counter :
svr.getCounterSignatureValidationResults())
{
traceResults(counter, invalids);
}
}
}
ContainerValidationResult cvr = container.verifyAll();
// scan all verification results in the container
for (Signature signature : cvr.getAllResults().Keys){
// signature verification result
SignatureValidationResult svr = cvr.getAllResults().get(signature);
// is valied?
if (svr.getResultType != ValidationResultType.VALID)
Console.WriteLine("Geçersiz imza "+svr);
}
===== Multiple Signatures =====
==== Adding Signature ====
=== Counter Signature ===
The signature of another signature is named as counter signature. For example, the employee signs a request and
the manager signs that signature as a confirmation of the request. To create counter signature, you can use the method ''createCounterSignature(Certificate)'' in ''Signature''.
// read the signature container
SignatureContainer sc = SignatureFactory.readContainer(fileInputStream);
// take the first signature
Signature s = sc.getSignatures().get(0);
// create counter signature object
Signature counter= s.createCounterSignature(counterSignersCertificate);
// sign
counter.sign(cardSigner);
// write the signature container to a file
sc.write(new FileOuputStream(fileName));
// read the signature container
SignatureContainer sc = SignatureFactory.readContainer(fileInputStream);
// take the first signature
Signature s = sc.getSignatures()[0];
// create counter signature object
Signature counter= s.createCounterSignature(counterSignersCertificate);
// sign
counter.sign(cardSigner);
// write the signature container to a file
sc.write(new FileOuputStream(fileName));
=== Parallel Signature ===
Whenever the method ''createSignature()'' in ''SignatureContainer'' is caleed, a signature is created and added into the container. These independent signatures in the container are called as **paralel signature**.
// read the signature container
SignatureContainer container =
SignatureFactory.readContainer(fileInputStream);
Signature s1 = container.createSignature(certificate1);
s.addContent(new SignableFile(file), true);
s.sign(signer1);
Signature s2 = container.createSignature(certificate2);
s2.addContent(new SignableFile(file), true);
s2.sign(signer2);
// write the signature to a file
container.write(new FileOuputStream(fileName));
==== Extracting Signature ====
To extract the signature from a signed document the method ''detachFromParent()'' is used. If the signature to be extracted is a counter signature it is extracted from the parent signature. The extracted signatures contains all of its children counter signatures.
// take the first signature
Signature s = sc.getSignatures().get(0);
// take the first counter signature
Signature counterSignature = s.getCounterSignatures().get(0);
// extract the counter signature and its children
counterSignature.detachFromParent();
// write the signature
container.write(stream);
.NET Code
// take the first signature
Signature s = sc.getSignatures()[0];
// take the first counter signature
Signature counterSignature = s.getCounterSignatures()[0];
// extract the counter signature and its children
counterSignature.detachFromParent();
// write the signature
container.write(stream);
===== Creation of Signatures with Profiles =====
For the detailed information about signature profiles, see [[en:esya:eimza:profiller|Signature Profiles]]
The class ''TurkishESigProfiles'' contains the policies for the signature profiles defined in Turkey.
==== P1 Signature Creation ====
P1 is ES-BES which generally contains the signing time.
SignatureContainer container = SignatureFactory.createContainer(format);
Signature signature = container.createSignature(signersCertificate);
signature.addContent(contentToSign, true);
signature.setSigningTime(Calendar.getInstance());
signature.sign(cardSigner);
// write
container.write(stream);
==== P2 Signature Creation ====
P2 signature contains timestamp.
SignatureContainer container = SignatureFactory.createContainer(format);
Signature signature = container.createSignature(signersCertificate);
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());
// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P2v1);
// sign
signature.sign(cardSigner);
// upgrade to ES-T (add timestamp)
signature.upgrade(SignatureType.ES_T);
// write
container.write(stream);
==== P3 Signature Creation ====
The signature profile P3 is used for long-term signatures where CRL is available.
// create context
Context context = new Context(new File(workingDir).toURI());
// proper certificate validation policy (use always OCSP when available)
context.getConfig().setCertificateValidationPolicy(crlOnlyPolicy);
// create signature container
SignatureContainer c = SignatureFactory.createContainer(format, context);
Signature signature = c.createSignature(signersCertificate);
// content to be signed
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());
// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P3v1);
// sign
signature.sign(cardSigner);
// upgrade to ES-XLong)
signature.upgrade(SignatureType.ES_XL);
// sign
c.write(stream);
==== P4 Signature Creation ====
The signature profile P4 is used for long-term signatures where OCSP is available.
// create context
Context context = new Context(new File(workingDir).toURI());
// proper certificate validation policy (use always OCSP when available)
context.getConfig().setCertificateValidationPolicy(ocspFirstPolicy);
// create signature
SignatureContainer c = SignatureFactory.createContainer(format, context);
Signature signature = c.createSignature(signersCertificate);
// content to be signed
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());
// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P4v1);
// sign
signature.sign(cardSigner);
// upgrade to ES-XLong)
signature.upgrade(SignatureType.ES_XL);
// write
c.write(stream);