ESYAE-imza Kütüphaneleri

User Tools

Site Tools


en:esya:ortakimza:imza-api-kullanim

API USAGE

Signature Creation

(ES-BES) Signature Creation

// create signature contained
SignatureContainer container = 	SignatureFactory.createContainer(SignatureFormat.CAdES, context);

// create signature object in the container
Signature signature = container.createSignature(certificate);

// add content to be signed
signature.addContent(new SignableFile(file), false);

// sign
signature.sign(cardSigner);

// write the signature to a File
container.write(new FileOuputStream(fileName));

ES-T Signature Creation

// create signature object in the container
Signature signature = container.createSignature(certificate);

// add content to be signed
signature.addContent(new SignableFile(file), false);

// sign
signature.sign(cardSigner);

// upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);

// write the signature to a File
container.write(new FileOuputStream(fileName));

Signatue Upgrades

Converting ES-BES to ES-T

// Read the signature container from a file
SignatureContainer container = SignatureFactory.readContainer(fileInputStream);

// Take the first signature
Signature signature = container.getSignatures().get(0);

// Upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);

// write the signature to a File
container.write(new FileOuputStream(fileName));

// Read the signature container from a file
SignatureContainer container = SignatureFactory.readContainer(fileInputStream);

// Take the first signature
Signature signature = container.getSignatures()[0];

// Upgrade the signature to ES-T
signature.upgrade(SignatureType.ES_T);

// write the signature to a File
container.write(new FileOuputStream(fileName));

ES-XL Signature

In order to create a signature of type ES-XL, it is enough to change the line in the ES-T signature creation sample

// create
...
// upgrade
signature.upgrade(SignatureType.ES_T);

with the line below

// upgrade
signature.upgrade(SignatureType.ES_XL);

Signature Verification

verifyAll() method in SignatureContainer is used for signature verification.

// read the signature
SignatureContainer container = SignatureFactory.readContainer(inputstream);
inputstream.close();

// verify
ContainerValidationResult cvr = container.verifyAll();

// are all the signatures in the container valid?
assertEquals(ContainerValidationResultType.ALL_VALID, cvr.getResultType());

// read the signature
SignatureContainer container = SignatureFactory.readContainer(inputstream);
inputstream.Close();

// verify
ContainerValidationResult cvr = container.verifyAll();

// are all the signatures in the container valid?
Assert.AreEqual(ContainerValidationResultType.ALL_VALID, cvr.getResultType());

Signature Verification Result Object

The method toString() in signature verification result object returns the signature object hierarchy as a tree. The verification result of SignatureContainer is ContainerValidationResult where as that of each signature is SignatureValidationResult. ContainerValidationResult object includes those SignatureValidationResult objects.

To interpret the signature verification result the field ContainerValidationResultType in the class ContainerValidationResult is used.

To identify which signatures are invalid, the corresponding signature results must be inspected.

// NOTE this method already exists in ContainerValidationResult !!! 
public List<SignatureValidationResult> getInvalidValidationResults()
{
    List<SignatureValidationResult> invalids = 
                                 new ArrayList<SignatureValidationResult>();
    // scan root signatures
    for (Signature signature : results.keySet()) {
        // scan counter signatures
        traceResults(results.get(signature), invalids);
    }
    return invalids;
}

private void traceResults(SignatureValidationResult svr, 
                          List<SignatureValidationResult> invalids)
{
    // is valid?
    if (svr.getResultType() != ValidationResultType.VALID) {
        invalids.add(svr);
    }
    // counter signatures
    if (svr.getCounterSignatureValidationResults() != null) {
        for (SignatureValidationResult counter :   
                                 svr.getCounterSignatureValidationResults())
        {
            traceResults(counter, invalids);
        }
    }
}

ContainerValidationResult cvr = container.verifyAll();

// scan all verification results in the container
for (Signature signature : cvr.getAllResults().Keys){
    // signature verification result
    SignatureValidationResult svr = cvr.getAllResults().get(signature);

    // is valied?
    if (svr.getResultType != ValidationResultType.VALID)
        Console.WriteLine("Geçersiz imza "+svr);
}

Multiple Signatures

Adding Signature

Counter Signature

The signature of another signature is named as counter signature. For example, the employee signs a request and the manager signs that signature as a confirmation of the request. To create counter signature, you can use the method createCounterSignature(Certificate) in Signature.

// read the signature container
SignatureContainer sc = SignatureFactory.readContainer(fileInputStream);

// take the first signature
Signature s = sc.getSignatures().get(0);

// create counter signature object
Signature counter= s.createCounterSignature(counterSignersCertificate);

// sign
counter.sign(cardSigner);

// write the signature container to a file
sc.write(new FileOuputStream(fileName));

// read the signature container
SignatureContainer sc = SignatureFactory.readContainer(fileInputStream);

// take the first signature
Signature s = sc.getSignatures()[0];

// create counter signature object
Signature counter= s.createCounterSignature(counterSignersCertificate);

// sign
counter.sign(cardSigner);

// write the signature container to a file
sc.write(new FileOuputStream(fileName));

Parallel Signature

Whenever the method createSignature() in SignatureContainer is caleed, a signature is created and added into the container. These independent signatures in the container are called as paralel signature.

// read the signature container
SignatureContainer container =    
        SignatureFactory.readContainer(fileInputStream);

Signature s1 = container.createSignature(certificate1);
s.addContent(new SignableFile(file), true);
s.sign(signer1);

Signature s2 = container.createSignature(certificate2);
s2.addContent(new SignableFile(file), true);
s2.sign(signer2);

// write the signature to a file
container.write(new FileOuputStream(fileName));

Extracting Signature

To extract the signature from a signed document the method detachFromParent() is used. If the signature to be extracted is a counter signature it is extracted from the parent signature. The extracted signatures contains all of its children counter signatures.

// take the first signature
Signature s = sc.getSignatures().get(0);

// take the first counter signature
Signature counterSignature = s.getCounterSignatures().get(0);

// extract the counter signature and its children
counterSignature.detachFromParent();

// write the signature
container.write(stream);
.NET Code
// take the first signature
Signature s = sc.getSignatures()[0];

// take the first counter signature
Signature counterSignature = s.getCounterSignatures()[0];

// extract the counter signature and its children
counterSignature.detachFromParent();

// write the signature
container.write(stream);

Creation of Signatures with Profiles

For the detailed information about signature profiles, see Signature Profiles The class TurkishESigProfiles contains the policies for the signature profiles defined in Turkey.

P1 Signature Creation

P1 is ES-BES which generally contains the signing time.

SignatureContainer container = SignatureFactory.createContainer(format);
Signature signature = container.createSignature(signersCertificate);
signature.addContent(contentToSign, true);
signature.setSigningTime(Calendar.getInstance());
signature.sign(cardSigner);
// write
container.write(stream);

P2 Signature Creation

P2 signature contains timestamp.

SignatureContainer container = SignatureFactory.createContainer(format);
Signature signature = container.createSignature(signersCertificate);
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());
// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P2v1);
// sign
signature.sign(cardSigner);	
// upgrade to ES-T (add timestamp)
signature.upgrade(SignatureType.ES_T);
// write
container.write(stream);

P3 Signature Creation

The signature profile P3 is used for long-term signatures where CRL is available.

// create context 
Context context = new Context(new File(workingDir).toURI());

// proper certificate validation policy (use always OCSP when available)
context.getConfig().setCertificateValidationPolicy(crlOnlyPolicy);

// create signature container
SignatureContainer c = SignatureFactory.createContainer(format, context);
Signature signature = c.createSignature(signersCertificate);

// content to be signed
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());

// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P3v1);

// sign
signature.sign(cardSigner);	
// upgrade to ES-XLong)
signature.upgrade(SignatureType.ES_XL);
// sign
c.write(stream);

P4 Signature Creation

The signature profile P4 is used for long-term signatures where OCSP is available.

// create context
Context context = new Context(new File(workingDir).toURI());

// proper certificate validation policy (use always OCSP when available)
context.getConfig().setCertificateValidationPolicy(ocspFirstPolicy);

// create signature
SignatureContainer c = SignatureFactory.createContainer(format, context);
Signature signature = c.createSignature(signersCertificate);

// content to be signed
signature.addContent(contentToSign, true);
// signature time
signature.setSigningTime(Calendar.getInstance());

// signature policy
signature.setSignaturePolicy(TurkishESigProfiles.SIG_POLICY_ID_P4v1);

// sign
signature.sign(cardSigner);	
// upgrade to ES-XLong)
signature.upgrade(SignatureType.ES_XL);
// write
c.write(stream);

en/esya/ortakimza/imza-api-kullanim.txt · Son değiştirilme: 2013/08/28 13:37 Değiştiren: Dindar Öz