XAdES Signer
Fully qualified class name: org.signserver.module.xades.signer.XAdESSigner
Overview
The XAdES Signer creates XML signatures according to the specified profile of XAdES.
Available Properties
Property |
Description |
XADESFORM |
Profile of XAdES to use. Currently BES and T is supported. Default: BES |
COMMITMENT_TYPES |
List of commitment types to be indicated in the signature. Multiple values can be given separated by ",". See Commitment Types for valid values. Optionally, the constant NONE can be used to explicitly state that no commitment types should be included (this constant can only be used alone). Optional. Default: no commitment types are included. |
SIGNATUREALGORITHM |
The algorithm used to sign the data. The same set of algorithms as for the same property in XMLSigner is supported. Optional. Default: depending on the signer's private key: SHA1withDSA for DSA keys, SHA256withRSA for RSA keys, and SHA1withECDSA for EC keys. |
CLAIMED_ROLE |
Claimed role to include in the signature. If the CLAIMED_ROLE_FROM_USERNAME property is also set, this value is used as a fallback when there is no user name provided in the request. Optional. Default: no default claimed role defined. |
CLAIMED_ROLE_FROM_USERNAME |
If set to true, use the user name from the request (provided by an authorizer) as the value for claimed role. If there is no user name provided, fall back to the value set by CLAIMED_USER. If this is set to true, and CLAIMED_ROLE is not set, and the request does not contain a user name, the request will result in an error. Optional. Default: false. |
INCLUDE_CERTIFICATE_LEVELS |
Number of certificate levels to include in the document's KeyInfo (also see Common Properties). Minimum and default value is 1, which includes only the signer certificate. The value 2 includes the signer certificate and its issuer. To include all certificates, specify at least the same value as number of certificates in the certificate chain. |
TSA_URL |
URL of Time-Stamping Authority. Required if XADESFORM=T and TSA_WORKER not specified. Cannot be set at the same time as TSA_WORKER. |
TSA_WORKER |
Specify a worker ID or worker name for a time stamp signer. Required if XADESFORM=T and TSA_URL are not specified. This will use internal calls and can only be used for a time stamp authority running in the same SignServer instance. Use this option instead of TSA_URL when using a time stamp signer running in the same SignServer instance to avoid thread deadlocks under high load. Cannot be set at the same time as TSA_URL. |
TSA_USERNAME |
Login username used if the TSA uses HTTP Basic Auth. |
TSA_PASSWORD |
Login password used if the TSA uses HTTP Basic Auth. |
TSA_DIGESTALGORITHM |
Algorithm for timestamp digests. Optional. Default: SHA-256. |
Commitment Types
Value |
Description |
NONE |
Do not include any commitment type. This cannot be used in conjunction with the other constants below. |
PROOF_OF_APPROVAL |
Indicates that the signer has approved the content of the signed data object. |
PROOF_OF_CREATION |
Indicates that the signer has created the signed data object (but not necessarily approved, nor sent it). |
PROOF_OF_DELIVERY |
Indicates that the TSP providing that indication has delivered a signed data object in a local store accessible to the recipient of the signed data object. |
PROOF_OF_ORIGIN |
Indicates that the signer recognizes to have created, approved and sent the signed data object. |
PROOF_OF_RECEIPT |
Indicates that the signer recognizes to have received the content of the signed data object. |
PROOF_OF_SENDER |
Indicates that the entity providing that indication has sent the signed data object (but not necessarily created it). |