Fully qualified class name: org.signserver.module.xades.signer.XAdESSigner

Overview

The XAdES Signer creates XML signatures according to the specified profile of XAdES.

This Signer will be deprecated in future versions and replaced with the functionality in the AdES Signer.

Available Properties

Property

Description

XADESFORM

Profile of XAdES to use. Currently BES and T is supported. Default: BES

COMMITMENT_TYPES

List of commitment types to be indicated in the signature. Multiple values can be given separated by ",". See 123207716 for valid values. Optionally, the constant NONE can be used to explicitly state that no commitment types should be included (this constant can only be used alone). Optional. Default: no commitment types are included.

SIGNATUREALGORITHM 

The algorithm used to sign the data. The same set of algorithms as for the same property in XMLSigner is supported. Optional. Default: depending on the signer's private key: SHA1withDSA for DSA keys, SHA256withRSA for RSA keys, and SHA256withECDSA for EC keys.

CLAIMED_ROLE

Claimed role to include in the signature. If the CLAIMED_ROLE_FROM_USERNAME property is also set, this value is used as a fallback when there is no user name provided in the request. Optional. Default: no default claimed role defined.

CLAIMED_ROLE_FROM_USERNAME

If set to true, use the user name from the request (provided by an authorizer) as the value for claimed role. If there is no user name provided, fall back to the value set by CLAIMED_USER. If this is set to true, and CLAIMED_ROLE is not set, and the request does not contain a user name, the request will result in an error. Optional. Default: false.

INCLUDE_CERTIFICATE_LEVELS

Number of certificate levels to include in the document's KeyInfo (also see Common Properties). Minimum and default value is 1, which includes only the signer certificate. The value 2 includes the signer certificate and its issuer. To include all certificates, specify at least the same value as number of certificates in the certificate chain.

TSA_URL

URL of Time-Stamping Authority. Required if XADESFORM=T and TSA_WORKER not specified.

(varning) Cannot be set at the same time as 123207716.

TSA_WORKER

Specify a worker ID or worker name for a time stamp signer. Required if XADESFORM=T and TSA_URL are not specified. This will use internal calls and can only be used for a time stamp authority running in the same SignServer instance.

(varning) Use this option instead of TSA_URL when using a time stamp signer running in the same SignServer instance to avoid thread deadlocks under high load. Cannot be set at the same time as TSA_URL.

TSA_USERNAME 

Login username used if the TSA uses HTTP Basic Auth.

TSA_PASSWORD 

Login password used if the TSA uses HTTP Basic Auth.

TSA_DIGESTALGORITHM

Algorithm for timestamp digests. Optional. Default: SHA-256.

Commitment Types

Value 

Description

NONE 

Do not include any commitment type. This cannot be used in conjunction with the other constants below.

PROOF_OF_APPROVAL 

Indicates that the signer has approved the content of the signed data object.

PROOF_OF_CREATION 

Indicates that the signer has created the signed data object (but not necessarily approved, nor sent it).

PROOF_OF_DELIVERY

Indicates that the TSP providing that indication has delivered a signed data object in a local store accessible to the recipient of the signed data object.

PROOF_OF_ORIGIN

Indicates that the signer recognizes to have created, approved and sent the signed data object.

PROOF_OF_RECEIPT

Indicates that the signer recognizes to have received the content of the signed data object.

PROOF_OF_SENDER

Indicates that the entity providing that indication has sent the signed data object (but not necessarily created it).