iaik.pdf.parameters

Class CadesLTAParameters

java.lang.Object

iaik.pdf.parameters.CadesLTAParameters

public class CadesLTAParameters
extends java.lang.Object

Parameter class used to add an ArchiveTimeStampv3 as defined in ETSI EN 319 122 using AbstractCadesSignature.addArchiveTimeStamp(iaik.x509.X509Certificate, iaik.pdf.parameters.CadesLTAParameters). This creates a CMS signature according to profile CAdES-LTA. Before adding the archive timestamp all certificates and revocation information included in these parameters will be added to the signature object. Only components, that existed before the timestamp, are considered to be trusted. For requesting the timestamp, the timestamp server details and digest algorithm as set in these parameters are used.

Constructor Summary

Constructors

Constructor and Description
CadesLTAParameters(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Parameter constructor setting basic details about the timestamp server to be used for requesting the archive timestamp.
CadesLTAParameters(java.lang.String tsaUrl, java.lang.String username, java.lang.String password, java.lang.String timestampDigestAlgorithm) Parameter constructor setting basic details about the timestamp server to be used for requesting the archive timestamp.

Method Summary

Modifier and Type	Method and Description
void	addArchiveDetails(iaik.x509.X509Certificate[] certificates, iaik.x509.X509CRL[] crls, iaik.x509.ocsp.OCSPResponse[] ocspResponses) Sets certificates and revocation information to be added to the signature before adding the archive timestamp.
void	addArchiveTimeStamp(iaik.cms.SignedDataStream signedData, iaik.cms.SignerInfo signerInfo) Adds an archive timestamp to the given signature and signer.
void	addEncodedCrl(byte[] encodedCRL) Add encoded CRL that shall be archived and therefore shall be added to the signature before adding the archive timestamp.
static byte[]	calculateArchiveTimestampImprint(iaik.cms.SignedDataStream signedData, iaik.cms.SignerInfo signerInfo, iaik.asn1.structures.AlgorithmID hashAlgorithm, byte[] atsHashIndexEncoding) Calculate the digest value for all data that shall be timestamped with the archive timestamp.
iaik.x509.X509Certificate[]	getCertificates() Returns all certificates included in this parameter instance, that shall be added to the signature object.
iaik.x509.X509CRL[]	getCrls() Returns all CRLs included in this parameter instance, that shall be added to the signature object.
byte[][]	getEncodedCrls() Returns all encoded CRLs included in this parameter instance, that shall be added to the signature object.
iaik.x509.ocsp.OCSPResponse[]	getOcspResponses() Returns all OCSP responses included in this parameter instance, that shall be added to the signature object.
java.lang.String	getTimestampDigestAlgorithm() Returns the digest algorithm for hashing the data, that shall be timestamped.
java.lang.String	getTsaPw() Get password for authentication at the timestamp authority, used to create the archive timestamp.
java.lang.String	getTsaUrl() Get URL of timestamp authority, used to create the archive timestamp.
java.lang.String	getTsaUsername() Get username for authentication at the timestamp authority, used to create the archive timestamp.
boolean	getUseAtsHashIndexv3() Returns, which ats-hash-index attribute will be used for this archive time stamp.
void	setTimestampDigestAlgorithm(java.lang.String digestAlgorithm) Set the digest algorithm for hashing the data, that shall be timestamped.
void	setUseAtsHashIndexv3(boolean useAtsHashIndexv3) Sets which ats-hash-index attribute to use for the archive time stamp.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CadesLTAParameters

public CadesLTAParameters(java.lang.String tsaUrl,
                          java.lang.String username,
                          java.lang.String password)
                   throws CmsCadesException

Parameter constructor setting basic details about the timestamp server to be used for requesting the archive timestamp. The default digest algorithm ArchiveTimeStampv3.DEFAULTHASHALGORITHM (SHA-256) is used to hash the data, that shall be timestamped.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

CmsCadesException - if timestamp authority URL is null or empty

CadesLTAParameters

public CadesLTAParameters(java.lang.String tsaUrl,
                          java.lang.String username,
                          java.lang.String password,
                          java.lang.String timestampDigestAlgorithm)
                   throws CmsCadesException

Parameter constructor setting basic details about the timestamp server to be used for requesting the archive timestamp. The specified digest algorithm will be used to hash the data, that shall be timestamped. If no digest algorithm is set, the default digest algorithm ArchiveTimeStampv3.DEFAULTHASHALGORITHM (SHA-256) is used.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

timestampDigestAlgorithm - digest algorithm used to hash the data for the timestamp

Throws:

CmsCadesException - if timestamp authority URL is null or empty

Method Detail

setUseAtsHashIndexv3

public void setUseAtsHashIndexv3(boolean useAtsHashIndexv3)

Sets which ats-hash-index attribute to use for the archive time stamp. If useAtsHashIndexv3 is true, then the ats-hash-index-v3 attribute as specified in ETSI EN 319 122-1 is used. If set to false, then the ats-hash-index attribute as given in ETSI TS 101 733 V2.2.1 is used. Per default, useAtsHashIndexv3 is set to true and the ats-hash-index-v3 attribute is used.

Parameters:

useAtsHashIndexv3 - true, if the ats-hash-index-v3 attribute shall be set in the archive time stamp

getUseAtsHashIndexv3

public boolean getUseAtsHashIndexv3()

Returns, which ats-hash-index attribute will be used for this archive time stamp. Returns true, if the ats-hash-index-v3 attribute as specified in ETSI EN 319 122-1 will be used. Returns false, if the ats-hash-index attribute as given in ETSI TS 101 733 V2.2.1 will be used.

Returns:

true, if the ats-hash-index-v3 attribute will be set in the archive time stamp

addArchiveDetails

public void addArchiveDetails(iaik.x509.X509Certificate[] certificates,
                              iaik.x509.X509CRL[] crls,
                              iaik.x509.ocsp.OCSPResponse[] ocspResponses)

Sets certificates and revocation information to be added to the signature before adding the archive timestamp.

Parameters:

certificates - certificates, that shall be added to the signature object

crls - CRLs, that shall be added to the signature object

ocspResponses - OCSP responses, that shall be added to the signature object

addEncodedCrl

public void addEncodedCrl(byte[] encodedCRL)

Add encoded CRL that shall be archived and therefore shall be added to the signature before adding the archive timestamp.

Parameters:

encodedCRL - the encoding of the CRL that shall be added

getCertificates

public iaik.x509.X509Certificate[] getCertificates()

Returns all certificates included in this parameter instance, that shall be added to the signature object.

Returns:

the certificates to be included

getCrls

public iaik.x509.X509CRL[] getCrls()

Returns all CRLs included in this parameter instance, that shall be added to the signature object.

Returns:

the CRLs to be included

getEncodedCrls

public byte[][] getEncodedCrls()

Returns all encoded CRLs included in this parameter instance, that shall be added to the signature object.

Returns:

the encoded CRLs to be included

getOcspResponses

public iaik.x509.ocsp.OCSPResponse[] getOcspResponses()

Returns all OCSP responses included in this parameter instance, that shall be added to the signature object.

Returns:

the OCSP responses to be included

setTimestampDigestAlgorithm

public void setTimestampDigestAlgorithm(java.lang.String digestAlgorithm)

Set the digest algorithm for hashing the data, that shall be timestamped.

Parameters:

digestAlgorithm - the digest algorithm to create the timestamp imprint

getTimestampDigestAlgorithm

public java.lang.String getTimestampDigestAlgorithm()

Returns the digest algorithm for hashing the data, that shall be timestamped.

Returns:

the digest algorithm to create the timestamp imprint

getTsaUrl

public java.lang.String getTsaUrl()

Get URL of timestamp authority, used to create the archive timestamp.

Returns:

URL of the timestamp authority

getTsaUsername

public java.lang.String getTsaUsername()

Get username for authentication at the timestamp authority, used to create the archive timestamp.

Returns:

username for using the timestamp server

getTsaPw

public java.lang.String getTsaPw()

Get password for authentication at the timestamp authority, used to create the archive timestamp.

Returns:

password for using the timestamp server

addArchiveTimeStamp

public void addArchiveTimeStamp(iaik.cms.SignedDataStream signedData,
                                iaik.cms.SignerInfo signerInfo)
                         throws CmsCadesException,
                                java.security.NoSuchAlgorithmException

Adds an archive timestamp to the given signature and signer. The timestamp is created using the priviously specified timestamp server details and digest algorithm.

Parameters:

signedData - signature object to add the timestamp to

signerInfo - the signer info, the timestamp shall be added for

Throws:

CmsCadesException - if the revocation information can't be added to the signature or the timestamp can't be created

java.security.NoSuchAlgorithmException - if the timestamp digest algorithm is unknown

calculateArchiveTimestampImprint

public static byte[] calculateArchiveTimestampImprint(iaik.cms.SignedDataStream signedData,
                                                      iaik.cms.SignerInfo signerInfo,
                                                      iaik.asn1.structures.AlgorithmID hashAlgorithm,
                                                      byte[] atsHashIndexEncoding)
                                               throws java.security.NoSuchAlgorithmException,
                                                      iaik.asn1.CodingException

Calculate the digest value for all data that shall be timestamped with the archive timestamp.

Parameters:

signedData - signature object to be timestamped

signerInfo - signer info to be timestamped

hashAlgorithm - digest algorithm to be used for digesting the required data

atsHashIndexEncoding - the encoding of the AtsHashIndex attribute, that will also be added as unsigned attribute to the timestamp token

Returns:

the message imprint for the timestamp generation

Throws:

java.security.NoSuchAlgorithmException - if the given digest algorithm is unknown or no content hash for this algorithm is available

iaik.asn1.CodingException - if the signed attributes could not be encoded