public class BES extends XMLDSig implements SignatureFormat
ds:Object acting as the bag
for the whole set of qualifying properties.
Some properties defined for building up this form will be covered by the
signer's signature (signed qualifying information grouped within one new
element, SignedProperties, Other properties will be not covered
by the signer's signature (unsigned qualifying information grouped within
one new element, UnsignedProperties.
In a XAdES-BES the signature value SHALL be computed in the usual way of
XMLDSIG over the data object(s) to be signed and on the whole set of signed
properties when present (SignedProperties element).
For this form it is mandatory to protect the signing certificate with the signature, in one of the two following ways:
ds:KeyInfo element and signing at least
the signing certificate.
A XAdES-BES signature MUST, in consequence, contain at least one of the following elements with the specified contents:
SigningCertificate property.
ds:KeyInfo element. If SigningCertificate
is present in the signature, no restrictions apply to this element. If
SigningCertificate element is not present in the signature,
then the following restrictions apply:
ds:KeyInfo element MUST include a
ds:X509Data containing the signing certificate;
ds:KeyInfo element also MAY contain other certificates
forming a chain that MAY reach the point of trust;
ds:SignedInfo element MUST contain a
ds:Reference element referencing ds:KeyInfo. That
ds:Reference element SHALL be built in such a way that at least
the signing certificate is actually signed.
NOTE 1: Signing the whole ds:KeyInfo, readers are warned that
this locks the element: any addition of a certificate or validation data
would make signature validation fail. Applications may, alternatively, use
XPath transforms for signing at least the signing certificate, leaving the
ds:KeyInfo element open for addition of new data after signing.
By incorporating one of these elements, XAdES-BES prevents the simple substitution of the signer's certificate.
A XAdES-BES signature MAY also contain the following properties:
IndividualDataObjectsTimeStamp or
AllDataObjectTimeStamp signed properties;
NOTE 2: The XAdES-BES is the minimum format for an electronic signature to be generated by the signer. On its own, it does not provide enough information for it to be verified in the longer term. For example, revocation information issued by the relevant certificate status information issuer needs to be available for long term validation.
The XAdES-BES satisfies the legal requirements for electronic signatures as defined in the European Directive on electronic signatures. It provides basic authentication and integrity protection.
The semantics of the signed data of a XAdES-BES or its context may implicitly indicate a signature policy to the verifier.
mContext, mSignature| Constructor and Description |
|---|
BES(Context aContext,
XMLSignature aSignature) |
| Modifier and Type | Method and Description |
|---|---|
protected tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo |
_validateCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate,
java.util.Calendar aValidationTime,
boolean useExternalResources) |
SignatureFormat |
addArchiveTimeStamp() |
void |
addKeyInfo(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate) |
void |
addKeyInfo(java.security.PublicKey pk) |
protected void |
addReferences(tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo csi) |
void |
addTimestampValidationData(XAdESTimeStamp aXAdESTimeStamp,
java.util.Calendar aValidationTime) |
protected void |
addValidationData() |
protected void |
addValidationData(tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo csi) |
XMLSignature |
createCounterSignature() |
SignatureFormat |
evolveToA() |
SignatureFormat |
evolveToC() |
SignatureFormat |
evolveToT() |
SignatureFormat |
evolveToX1() |
SignatureFormat |
evolveToX2() |
SignatureFormat |
evolveToXL() |
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate |
extractCertificate() |
XMLSignature |
sign(tr.gov.tubitak.uekae.esya.api.common.crypto.BaseSigner aSigner) |
SignatureValidationResult |
validateCore() |
SignatureValidationResult |
validateCore(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate) |
SignatureValidationResult |
validateCore(java.security.Key aKey) |
debugSign, digestReferences, fillSignatureValue, getC14nMethod, getDigestAlgorithmUrl, getSignatureMethod, validateReferencesclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitsignpublic BES(Context aContext, XMLSignature aSignature)
public void addKeyInfo(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate)
addKeyInfo in interface SignatureFormataddKeyInfo in class BaseSignatureFormatpublic void addKeyInfo(java.security.PublicKey pk)
throws XMLSignatureException
addKeyInfo in interface SignatureFormataddKeyInfo in class BaseSignatureFormatXMLSignatureExceptionpublic SignatureValidationResult validateCore() throws XMLSignatureException
validateCore in interface SignatureFormatvalidateCore in class BaseSignatureFormatXMLSignatureExceptionpublic tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate extractCertificate()
throws XMLSignatureException
XMLSignatureExceptionpublic XMLSignature sign(tr.gov.tubitak.uekae.esya.api.common.crypto.BaseSigner aSigner) throws XMLSignatureException
sign in interface SignatureFormatsign in class BaseSignatureFormatXMLSignatureExceptionpublic SignatureValidationResult validateCore(java.security.Key aKey) throws XMLSignatureException
validateCore in interface SignatureFormatvalidateCore in class BaseSignatureFormatXMLSignatureExceptionpublic SignatureValidationResult validateCore(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate) throws XMLSignatureException
validateCore in interface SignatureFormatvalidateCore in class BaseSignatureFormatXMLSignatureExceptionprotected tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo _validateCertificate(tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate,
java.util.Calendar aValidationTime,
boolean useExternalResources)
throws XMLSignatureException
XMLSignatureExceptionpublic XMLSignature createCounterSignature() throws XMLSignatureException
createCounterSignature in interface SignatureFormatcreateCounterSignature in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToT() throws XMLSignatureException
evolveToT in interface SignatureFormatevolveToT in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToC() throws XMLSignatureException
evolveToC in interface SignatureFormatevolveToC in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToX1() throws XMLSignatureException
evolveToX1 in interface SignatureFormatevolveToX1 in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToX2() throws XMLSignatureException
evolveToX2 in interface SignatureFormatevolveToX2 in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToXL() throws XMLSignatureException
evolveToXL in interface SignatureFormatevolveToXL in class XMLDSigXMLSignatureExceptionpublic SignatureFormat evolveToA() throws XMLSignatureException
evolveToA in interface SignatureFormatevolveToA in class XMLDSigXMLSignatureExceptionpublic SignatureFormat addArchiveTimeStamp() throws XMLSignatureException
addArchiveTimeStamp in interface SignatureFormataddArchiveTimeStamp in class XMLDSigXMLSignatureExceptionprotected void addReferences(tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo csi)
throws XMLSignatureException
XMLSignatureExceptionprotected void addValidationData()
throws XMLSignatureException
XMLSignatureExceptionprotected void addValidationData(tr.gov.tubitak.uekae.esya.api.certificate.validation.check.certificate.CertificateStatusInfo csi)
throws XMLSignatureException
XMLSignatureExceptionpublic void addTimestampValidationData(XAdESTimeStamp aXAdESTimeStamp, java.util.Calendar aValidationTime) throws XMLSignatureException
XMLSignatureExceptionCopyright © 2025. All rights reserved.