XAdES Specification based on the Apache XMLSec Project

XAdES Specification based on the ApacheXMLSec Project

Zdravko Danailov Krassen DeltchevEmail: [email protected] Email: [email protected]

Project thesis

at

Chair for Network and Data SecurityProf. Dr. Jörg Schwenk

advised through Dipl.Ing. Lijun Liao

22.05.2007

Horst-Görtz Institute Ruhr-University of Bochum

Abstract

XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, andsatisfies the legal requirements for advanced electronic signatures.There are several implementations ofXAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concernedwith Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer andcommon user there is an implementation for the XMLDSIG specification, but still no one for XAdES.The free source code implemetations of XAdES threat this project as a separate one and there is no interface,which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to createa library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionalityand level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced ElectronicSignatures, which is a standard of security nowadays.The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as aplug-in to the Security Project of Apache.

More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text-based test suite of JUnit.

i

Acknowledgements

We want to express our gratitude to our families and friends, who gave their moral support all the timeand contributed for the better working atmosphere.To Dipl.Ing. Lijun Liao, we want to thank for the technical input and support.

ii

Contents

1 Introduction 11.1 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 Background 42.1 Definitions and Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2 XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 XML Advanced Electronic Signature Data Structures . . . . . . . . . . . . . . . . . . . . . 6

2.3.1 XML Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3.2 XAdES- XML Advanced Electronic Signature . . . . . . . . . . . . . . . . . . . . 8

3 XAdES Elements 103.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103.2 QualifyingProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.3 SignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.4 UnsignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.5 SignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.6 SignedDataObjectProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193.7 UnsignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.8 The SigningTime element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233.9 The SigningCertificate element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243.10 The SignaturePolicyIdentifier element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253.11 The SignatureProductionPlace element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303.12 The SignerRole element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313.13 The DataObjectFormat element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.14 The CommitmentTypeIndication element . . . . . . . . . . . . . . . . . . . . . . . . . . . 373.15 The AllDataObjectsTimeStamp element . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.16 The IndividualDataObjectsTimeStamp element . . . . . . . . . . . . . . . . . . . . . . . . 403.17 The CounterSignature element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Datatypes 424.1 The ObjectIdentifierType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424.2 The EncapsulatedPKIDataType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444.3 The TimeStampType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5 Conclusion 47

6 Author’s addresses 48

7 Bibliography 49

A Appendix - XAdES i

iii

B Appendix - XAdES-BES iv

C Appendix - XAdES-More then one Element vi

D Appendix - Screenshots xi

iv

List of Figures

2.1 XMLDSIG Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.2 XMLDSIG example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.3 Advanced Electronic Signature(XAdES) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.4 XAdES Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1 QualifyingProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.2 Method setSignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.3 Method setUnsignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.4 Method setTarget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.5 SignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.6 Methods setSignedSignatureProperties, setSignedDataObjectProperties . . . . . . . . . . . 153.7 UnsignedProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.8 Method setUnsignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.9 Method setUnsignedDataObjectProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.10 SignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.11 Contructor SignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193.12 SignedDataObjectProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.13 Methods setCommitmentTypeIndication, setDataObjectFormat . . . . . . . . . . . . . . . . 203.14 Methods setAllDataObjectsTimeStamp, setIndividualDataObjectsTimeStamp . . . . . . . . 213.15 UnsignedSignatureProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223.16 Method setCounterSignature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223.17 SigningTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233.18 Constructor SigningTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233.19 SigningCertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243.20 Method setSigningCertificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253.21 SignaturePolicyIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263.22 Method setSignaturePolicyId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273.23 Methods setSigPolicyId, setSigPolicyHash . . . . . . . . . . . . . . . . . . . . . . . . . . . 273.24 Methods setTransforms1, setSigPolicyQualifiers . . . . . . . . . . . . . . . . . . . . . . . . 283.25 Method setSigPolicyQualifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293.26 SignatureProductionPlace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303.27 Methods: setStateOrProvince, setCity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303.28 Methods: setPostalCode, setCountryName . . . . . . . . . . . . . . . . . . . . . . . . . . . 313.29 SignerRole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323.30 Methods: setClaimedRoles, setCertifiedRoles . . . . . . . . . . . . . . . . . . . . . . . . . 323.31 Constructor CertifiedRolesList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.32 Constructor ClaimedRolesList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.33 DataObjectFormat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.34 Method setDescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.35 Method setObjectIdentifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.36 Method setMimeType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

v

3.37 Method setEncoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.38 Method setObjectReference attribite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363.39 CommitmentTypeIndication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373.40 Constructor CommitmentTypeIndication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383.41 Method setCommitmentTypeQualifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383.42 AllDataObjectsTimeStamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.43 Method setAllDataObjectsTimeStamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.44 IndividualDataObjectsTimeStamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403.45 Method setIndividualDataObjectsTimeStamp . . . . . . . . . . . . . . . . . . . . . . . . . 403.46 CounterSignature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4.1 ObjectIdentifierType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424.2 IdentifierType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424.3 DocumentationReferencesType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434.4 Methods setIdentifier, setDescription, setDocumentationReferences . . . . . . . . . . . . . 434.5 EncapsulatedPKIDataType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444.6 Method setID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454.7 TimeStampType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464.8 Method setHashDataInfo, setEncapsulatedTimeStamp, setXMLTimeStamp . . . . . . . . . 46

D.1 Screenshot - Eclipse IDE JUnit plug-in console output . . . . . . . . . . . . . . . . . . . . xiiD.2 Screenshot - Eclipse IDE console output . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

vi

List of Tables

2.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

A.1 XAdES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii

B.1 XAdES-BES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

C.1 XAdES-More then one Element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

vii

1 Introduction

The XML Signature is a method of associating a key with referenced data (octets); it does not normativelyspecify how keys are associated with persons or institutions, nor the meaning of the data, being referencedand signed.

The main goal of our project is to build a library, which extends the Apache XML Security Project, tomeet the XAdES specification, so that the user shall be able to create advanced electronic signatures and beable to validate them.

The XAdES (XML Advanced Electronic Signature) specification is sophisticated and there are stronghierarchies among the different XML elements. Every one of them is discussed in separated sections of thisthesis(in chapter 3 and chapter 4), where the reader gets an overview on the XML notation, regarding everyspecific XAdES element, associated with Java code samples: important constructors, variables, constants;and at last, but not at least a pointer to the JUnit test, which verifies the right execution of the code in thelibrary, regarding this particular XAdES element.

The XAdES specification is extended by the: XAdES-T, XAdES-C, XAdES-X, XAdES-X-L, XAdES-A;we describe in this thesis only the implemented specifications in our project library of XAdES and XAdES-BES (Basic Electronic Signature).

We concentrate only on the creation and verification of electronic signatures, which are valid, requiringonly one signer party; therefore, neither independent (parallel signers, without ordering requirement), norembedded (multiple party signers with signer ordering requirement) digital signatures (such as: contracts,signed between two parties) are described in this work, or find implementation in this version of our project.

1.1 Tools

In this section we will specify the necessary tools and mention some requirements, which are obligatory forthe use, execution and further development of this project.

1. Tools for development:- Java Development Kit (at least version 1.5)1

- IBM Eclipse IDE2

- JUnit 3.8.1(Plug-In for Eclipse)3

2. Tools for the common user:- Java Runtime Environment (at least version 1.5)4

NOTE: We cannot test the functionality of this project and especially of our library with a lowerversion of JUnit, because there are no such ones available.

1http://java.sun.com/2http://www.eclipse.org/

NOTE: you can use also the Apache Ant toolkit, instead of Eclipse-http://ant.apache.org/

3http://www.junit.org/index.htm4http://java.sun.com/

1

1.2 Related works

At this moment, there are two projects (JDigiDoc and DContract), which are concerned with XAdES. Onone side, JDigiDoc is a framework and implementation of digital signatures. It validates the private keys ofEstonian ID Cards and Mobile ID Cards for mobile PC devices. JDigiDoc is contrived as an OpenSource.The java project can be obtained from the website and tested with the Apache XML toolkit, but it is notdesigned explicit as a library for the Apache XML Project.

• JDigiDocVeiko [email protected]@openxades.orghttp://www.openxades.org/

On another side, DContract provides a toolbox for the management of digital contracts within Java.Itsupports all XML Advanced Electronic Signature types (XAdES v1.3.2 2006-03): XAdES-BES, XAdES-EPES, XAdES-T, XAdES-C, XAdES-X, XAdES-X-L. It uses PKCS12 key repository management and cangenerate RSA key pairs up to 2048 bit. The DContract project is not an OpenSource.

• DContractFrank Cornelishttp://[email protected]

Other contributions to XAdES shall be listed as follows:

• Baltimore TechnologiesVivekanand Sakaram([email protected])Project information:Language: Javaprobably only commercial license(code source can be negotiated only on individual basis)

• Institute for Applied Information Processing and Communications (IAIK),Graz University of TechnologyMartin Centner([email protected])Peter Lipp([email protected])Project information:Language: Javafree for educational use and research (code for commercial license only)

2

• Kopint-Datorg Rt. (Kopdat)Balazs Andras Dohanyos([email protected])Project information:Language: C++ (compiled in VC6.0)contact sales( no source availability)

• MicrosoftEddy Rubens([email protected])Stefan Santesson([email protected])Project information:Language: C#free library( code availability - yes)

• Universitat Politecnica de Catalunya (UPC)Joan Arnedo ([email protected])Juan Carlos Cruellas ([email protected])Project information:Language: Javaprobably commercial licence( no source availability)

• Agencia Catalana de Certificacio [CATCert]Marta Cruellas([email protected])Project information:no furthur information

3

2 Background

For the better understanding of this thesis and the goal of our library, we shall specify some basic terms andexpound the essence of the main ‘Building Blocks’.

2.1 Definitions and Abbreviations

For the purposes of the current work, the following terms and definitions apply:

Term DefinitionArbitrator entity that arbitrates in disputes between a signer and a

verifierAttributes Authorities provide users with attributes linked to public key certifi-

catesCertification Authorities provide users with public key certificatesRegistration Authorities allow the identification and registration of entities before

a CA generates certificates

Repository Authorities publish CRLs issued by CAs, signature policies issued bysignature policy issuers and optionally public key certifi-cates

Signature Policy Issuers define the technical and procedural requirements for elec-tronic signature creation and validation, in order to meet aparticular business need

Signer entity that creates the electronic signatureTime-Stamping Authorities attest that some data object was formed before a given

trusted timeTime-Marking Authorities record that some data was formed before a given trusted

timeTrusted Service Providers one or more entities that help to build trust relationships

between the signer and verifierVerifier entity that verifies the electronic signature

Table 2.1: Definitions

4

Term AbbreviationAttribute Certificate ACCertification Authority CACryptographic Message Syntax CMSCertificate Revocation List CRLDocument Type Definition DTDElectronic Signature ESHyper Text Transfer Protocol HTTPOnline Certificate Status Protocol OCSPObject IDentifier OIDPublic Key Certificate PKCTime-Stamping Authorities TSATrusted Service Providers TSPTime Stamping Unit TSUUniform Resource Identifier URIUniform Resource Name URNXML Advanced Electronic Signature XAdESXAdES Archiving validation data XAdES-AXAdES Basic Electronic Signature XAdES-BESXAdES Complete validation data XAdES-CXAdES Explicit Policy based Elec-tronic Signature

XAdES-EPES

XAdES with Time-stamp XAdES-TXAdES eXtended validation data XAdES-XeXtensible Markup Language XMLeXtensible Markup Language DigitalSIGnature

XMLDSIG

eXtensible Stylesheet Language XSLeXtensible Stylesheet LanguageTransformations

XSLT

Table 2.2: Abbreviations

2.2 XML

As mentioned above XML [XML][XML-schema-part-1][XML-schema-part-2] is the abbreviation for eX-tensible Markup Language. Its main purpose is to facilitate the sharing of data across different informa-tion systems, particularly via the Internet. By adding semantic constraints, application languages such asXHTML, RSS, MathML, GraphML, Scalable Vector Graphics, can be implemented in XML. Moreover,XML is sometimes used as the specification language for such application languages.

XML is recommended by the World Wide Web Consortium (W3C). It is a fee-free open standard. TheW3C recommendation specifies both the lexical grammar, and the requirements for parsing.

5

eXtensible Markup LanguageFile extension .xmlUniform Type public.xmlMIME type application/xml, text/xml (deprecated)Developed by World Wide Web Consortium

Type of format Markup language

Extended from SGML

Extended to XHTML, RSS, Atom, ...

Standard(s) 1.0 (Fourth Edition) 1.1 (Second Edition)

Table 2.3: XML

2.3 XML Advanced Electronic Signature Data Structures

2.3.1 XML Signature

This section provides an overview and examples of XML digital signature syntax. An informal representa-tion and examples are used to describe the structure of the XML signature syntax. This representation andexamples may omit attributes, details and potential features that are explained later.

XML Signatures are applied to arbitrary digital content (data objects) via an indirection. Data objects aredigested, the resulting value is placed in an element with other information and that element is then digestedand cryptographically signed. XML digital signatures are represented by the Signature element which hasthe following structure:

XMLDSIG< d s : S i g n a t u r e ID?>− − − − − − − − −+− − − − −+

< d s : S i g n e d I n f o > | |< d s : C a n o n i c a l i z a t i o n M e t h o d / > | |< d s : S i g n a t u r e M e t h o d / > | |( < d s : R e f e r e n c e URI? > | |

( < d s : T r a n s f o r m s > ) ? | |< d s : D i g e s t M e t h o d > | |< d s : D i g e s t V a l u e > | |

< / d s : R e f e r e n c e >)+ | |< / d s : S i g n e d I n f o > | |< d s : S i g n a t u r e V a l u e > | |( < d s : K e y I n f o >)?− − − − − − − − − + |< d s : O b j e c t > |

< d s : S i g n a t u r e >− − − − − − − − − − − − − − − −+

Figure 2.1: XMLDSIG Specification

6

Signatures are related to data objects via URIs. Within an XML document, signatures are related to localdata objects via fragment identifiers. Such local data can be included within an enveloping signature orcan enclose an enveloped signature. Detached signatures are over external network resources or local dataobjects that reside within the same XML document as sibling elements; in this case, the signature is neitherenveloping (signature is parent) nor enveloped attribute (signature is child). Since a Signature element (andits Id value/name) may co-exist or be combined with other elements (and their IDs) within a single XMLdocument, care should be taken in choosing names such that there are no subsequent collisions that violatethe ID uniqueness validity constraint.

The following example is a detached signature of the content of the HTML4.01 in XML specification.

< n d s : R o o t E l e m e n t x m l n s : n d s =" h t t p : / /www. nds . rub . de / xades "><nds :AI−NDS−HGI Id =" AI−NDS−HGI−18378667 ">Some s i m p l e t e x t < / nds :AI−NDS−HGI>< S i g n a t u r e xmlns=" h t t p : / /www. w3 . org / 2 0 0 0 / 0 9 / xmlds ig # " Id =" S i g n a t u r e I d ">

< S i g n e d I n f o >< C a n o n i c a l i z a t i o n M e t h o dAlgo r i t hm =" h t t p : / /www. w3 . org / TR/ 2 0 0 1 /REC−xml−c14n−20010315 " / >< S i g n a t u r e M e t h o d Algo r i t hm =" h t t p : / /www. w3 . org / 2 0 0 0 / 0 9 / xmlds ig # dsa−sha1 " / >

< R e f e r e n c e URI=" #AI−NDS−HGI−18378667 ">< T r a n s f o r m s >

< Trans fo rm Algo r i t hm =" h t t p : / /www. w3 . org / 2 0 0 1 / 1 0 / xml−exc−c14n # " / >< / T r a n s f o r m s >< Diges tMethod Algo r i t hm =" h t t p : / /www. w3 . org / 2 0 0 0 / 0 9 / xmlds ig # sha1 " / >< D i g e s t V a l u e >+e0UhqPaZkX7+5 xVrbg50ITch2I =< / D i g e s t V a l u e >

< / R e f e r e n c e >+< R e f e r e n c e URI=" # S i g n e d P r o p e r t i e s −11626165 ">< / R e f e r e n c e >+< R e f e r e n c e URI=" # U n s i g n e d P r o p e r t i e s −25392791 ">< / R e f e r e n c e >

< / S i g n e d I n f o >< S i g n a t u r e V a l u e >SVlS9m97Q0t12pi . . . . . < / S i g n a t u r e V a l u e ><KeyInfo >

<X509Data>< X 5 0 9 C e r t i f i c a t e >MIIC3DCCApoCBEY1 . . . . . < / X 5 0 9 C e r t i f i c a t e >

< / X509Data><KeyValue>

<DSAKeyValue> / X9TgR11EilS30qcLuz . . . . . <Q>l2BQjxUjC8yykrmCouuEC /BYHPU=< /Q><G>9+GghdabPd7LvKtc . . . . . < /G><Y>OglcRuqvCSTioZQ . . . . . < /Y>

< / DSAKeyValue>< / KeyValue>

< / KeyInfo >+< O b j e c t >< / O b j e c t >< / S i g n a t u r e >

< / n d s : R o o t E l e m e n t >

Figure 2.2: XMLDSIG example

The required SignedInfo element is the information that is actually signed. Core validation of SignedInfoconsists of two mandatory processes: validation of the signature over SignedInfo and validation of each

7

Reference digest within SignedInfo. Note that the algorithms used in calculating the SignatureValue arealso included in the signed information while the SignatureValue element is outside SignedInfo.

The CanonicalizationMethod is the algorithm that is used to canonicalize the SignedInfo element beforeit is digested as part of the signature operation. Note that the example in Figure 2.2 , as well as all examplesin this specification, are not in canonical form.

2.3.2 XAdES- XML Advanced Electronic Signature

An XML Advanced Electronic Signature [XAdES][ESI-XAdES] is illustrated in Figure 2.3 .

Figure 2.3: Advanced Electronic Signature(XAdES)

The XML Advanced Electronic Signature (XAdES)- its format is the one defined in [XMLDSIG] withthe addition of signed properties (SigningTime, SigningCertificate, SignaturePolicyIdentifier, SignaturePro-ductionPlace, SignerRole, AllDataObjectsTimeStamp, IndividualDataObjectsTimeStamp, DataObjectFor-mat and CommitmentTypeIndication) and unsigned properties (CounterSignature) (where "?" denotes zeroor one occurrence; "+" denotes one or more occurrences; and "*" denotes zero or more occurrences):

8

XMLDSIG|

< d s : S i g n a t u r e ID?>− − − − − − − − −+− − − − −+< d s : S i g n e d I n f o > | |

< d s : C a n o n i c a l i z a t i o n M e t h o d / > | |< d s : S i g n a t u r e M e t h o d / > | |( < d s : R e f e r e n c e URI? > | |

( < d s : T r a n s f o r m s > ) ? | |< d s : D i g e s t M e t h o d > | |< d s : D i g e s t V a l u e > | |

< / d s : R e f e r e n c e >)+ | |< / d s : S i g n e d I n f o > | |< d s : S i g n a t u r e V a l u e > | |( < d s : K e y I n f o >)?− − − − − − − − − + |

|< d s : O b j e c t > |

|< Q u a l i f y i n g P r o p e r t i e s > |

|< S i g n e d P r o p e r t i e s > |

|< S i g n e d S i g n a t u r e P r o p e r t i e s > |

( S ign ingTime ) |( S i g n i n g C e r t i f i c a t e ) |( S i g n a t u r e P o l i c y I d e n t i f i e r ) |( S i g n a t u r e P r o d u c t i o n P l a c e ) ? |( S i g n e r R o l e ) ? |

< / S i g n e d S i g n a t u r e P r o p e r t i e s > ||

< S i g n e d D a t a O b j e c t P r o p e r t i e s > |( D a t a O b j e c t F o r m a t )∗ |( Commi tmen tTypeInd ica t ion )∗ |( A l lDa taObjec t sT imeStamp )∗ |( I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p )∗ |

< / S i g n e d D a t a O b j e c t P r o p e r t i e s > ||

< / S i g n e d P r o p e r t i e s > ||

 ||

 |( C o u n t e r S i g n a t u r e )∗ |

 ||

 ||

< / Q u a l i f y i n g P r o p e r t i e s > ||

< / d s : O b j e c t > ||

< / d s : S i g n a t u r e >− − − − − − − − − − − − − − − +|

XAdES

Figure 2.4: XAdES Specification

9

3 XAdES Elements

3.1 Overview

The reader shall understand that, there are several requirements for the sake of the proper run of the projectlibrary. The original OpenSource Apache XML Security Project can be found at:http://santuario.apache.org/Java/index.html , where the developer can find the source and binary packages (http://xml.apache.org/security/dist/ ) and important installation notes(http://santuario.apache.org/Java/installation.html) Our project library is tested on the former version of theApache XMLSec Project- v1.3.0. Furthermore, the Apache Project is created as an ’Eclipse Java Project’and we use Sun JDK 1.5.0_11. For the reader concerned, regarding the implementation of the Project, usingJDK 1.4.x (only Windows NT 4.0 and old Unix-based distributions with kernel 2.4.x) please refer to theinstallation site of the project. The developer must be aware of the following facts:

• Copy all files from ’xml-security-bin-1_3_0/xml-security-1_3_0/libs’ to the ’xml-security-src-1_3_0/xml-security-1_3_0/libs’, so the Apache XMLSec Project( xml-security-src-1_3_0) can be loaded asa standard Eclipse Java Project and properly run,

• In the new Eclipse Java Project load the JUnit 3.8.1 library, so the XAdES JUnit tests can be executed.

We didn’t test our project library with the current version of JUnit namely version 4.1.We decided to separate the XAdES library package (.../xml-security-src-1_3_0/xml-security-src-1_3_0/

xml-security-1_3_0/src-xades/ ) in the following sub-packages:

• ’.../input/ ’- where the Java Keystore data is specified;

• ’.../doc/’- where the JavaDoc shall be found,

• ’.../org/apache/xml/security/xades/ ’- where the user can find the source code of our XAdES library;the following Java classes are important for the discussion in this introduction to the thesis:

– QualifyingProperties- the fundamental XAdES element, which embeds all qualifyingproperties of an Advanced XML Signature; The QualifyingProperties is a child elementof Object (one of the four base XAdES elements-’SignedInfo’, ’SignatureValue’,’KeyInfo’ and ’Object’); if we regret the use of the Object element, then an AdvancedElectronic Signature cannot be built, because the other sub-elements: ’SignedInfo’,’SignatureValue’, ’KeyInfo’ in their selves do not fulfill completely the XAdES specifi-cation ,

– Constants- all used constants for the different types of elements/attributes, namespaces, al-gorithms’ descriptions are defined,

• ’.../org/apache/xml/security/xades/sp’- the SignedProperties XAdES element and its sub-elements ( conform to the XMLDSIG notation) are specified,

• ’.../org/apache/xml/security/xades/up’- the user shall find all the classes, which describe the basicchild-element UnsignedProperties( of the QualifyingProperties) and its sub-elements,which are optional( see further)

10

• ’.../org/apache/xml/security/xades/tests’- where we have specified all Signature-creation tests and theJUnit tests:

– The class CreateSignatureSDOPalland- every single element of the XAdES notation iscreated, so the XML notation of XAdES is fully described. The output is can be found in : /xml-security-src-1_3_0/xml-security-1_3_0/signature.xml (see Appendix A - XAdES specification)

– The class CreateSignatureSignedSignatureProperties- where theXAdES-BES specification is implemented:the basic child-element of QualifyingProperties- SignedProperties, with its sub-element:SignedSignatureProperties, further its child-elements: SigningTime,SigningCertificate, SignaturePolicyIdentifier, which are allrequired elements in the XAdES notation. The output is illustrated in : /xml-security-src-1_3_0/xml-security-1_3_0/signature1.xml (see Appendix B- XAdES-BES)

– The class CreateSignatureMoreThanOneElements- according to the XAdES specifi-cation, XML elements, which can occur min. ’0’ and max. ’unbounded’, e.g. more than one el-ements from the same type are allowed to exist, are demonstrated for their multiple use. The out-put for this case is represented due : /xml-security-src-1_3_0/xml-security-1_3_0/signature2.xml(see Appendix C- XAdES More than one element)

– The class JUtests- where we specify the different JUnit tests on our library, separated in twogeneral sections:

• positive tests- which illustrate the verification of the first three classes(CreateSignatureSDOPalland,CreateSignatureSignedSignatureProper-ties, CreateSignatureMoreThanOneElements)

• negative tests- which verify the right implementation of all required elements of the XAdES notationin the project library (refer to the separate explanation on every test in the further sections of thethesis); if the library is able to create the signature without using a required element, nor giving anIllegalArgumentException the particular negative test shall fail.

Now let’s concentrate more detailed on every one XML element of the XAdES notation with its specificuse, structure and its implementation in the project library.

11

3.2 QualifyingProperties

The basic element of Object is the QualifyingProperties element, which contains the whole qual-ifying information for the Advanced Electronic Signature. This element has the following structure:

< x s d : e l e m e n t name=" Q u a l i f y i n g P r o p e r t i e s "t y p e =" Q u a l i f y i n g P r o p e r t i e s T y p e " / >< xsd :complexType name=" Q u a l i f y i n g P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" S i g n e d P r o p e r t i e s " t y p e =" S i g n e d P r o p e r t i e s T y p e "

minOccurs=" 0 " / >< x s d : e l e m e n t name=" U n s i g n e d P r o p e r t i e s " t y p e =" U n s i g n e d P r o p e r t i e s T y p e "

minOccurs=" 0 " / >< / x s d : s e q u e n c e >< x s d : a t t r i b u t e name=" T a r g e t " t y p e =" xsd:anyURI " use =" r e q u i r e d " / >< x s d : a t t r i b u t e name=" Id " t y p e =" xs d : I D " use =" o p t i o n a l " / >

< / xsd :complexType >

Figure 3.1: QualifyingProperties

The QualifyingProperties element is extended by its two general sub-elements - theSignedProperties and the UnsignedProperties. The main function of theSignedProperties is to contribute to the cryptographic justification of the XML signature, while theUnsignedProperties is required, generally for an embracement of all variations of the XAdES nota-tion (XAdES, XAdES-T, XAdES-C, XAdES-X, XAdES-A1 and to illustrate all kind of different cases bycreating Advanced Electronic signature: single signer - one signature; parallel signer without requirementof ordering for signing the sensitive data, multiple signer with ordering by signing the electronic document .

The SignedProperties must be protected by a Reference element in SignedInfo and must ap-pear only once within the QualifyingProperties.The Target attribute is required and it’s usedas a reference to the XML signature, and the optional Id attribute references to the container of theQualifyingProperties element.

1 /∗ ∗2 ∗ Method s e t S i g n e d P r o p e r t i e s3 ∗4 ∗ @param sp5 ∗ /6 p u b l i c vo id s e t S i g n e d P r o p e r t i e s ( S i g n e d P r o p e r t i e s sp ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( sp != n u l l ) )8 {9 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( sp . g e t E l e m e n t ( ) ) ;

10 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;11 }12 }

Figure 3.2: Method setSignedProperties

1http://www.w3.org/TR/XAdES/

12

1 /∗ ∗2 ∗3 ∗ Method s e t U n s i g n e d P r o p e r t i e s4 ∗5 ∗ @param usp6 ∗ /7 p u b l i c vo id s e t U n s i g n e d P r o p e r t i e s ( U n s i g n e d P r o p e r t i e s usp )8 { i f9 ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( usp != n u l l ) )

10 {11 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( usp . g e t E l e m e n t ( ) ) ;12 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;13 }14 }

Figure 3.3: Method setUnsignedProperties

The two child-elements - SignedProperties and UnsignedProperties, are created using aset-Method. Because of their occurrence, it is necessary to define the conditions:

1. It should be proved, whether the present state of the signature’ creation is -"Signing Mode"((this._state == MODE_SIGN));

2. And also, whether the XML-element (SignedProperties,UnsignedProperties) is not anempty one((sp != null)or (usp != null));

If any one of these both statements is not fulfilled, no child-element of QualifyingPropertieswould be created.

1

2 /∗ ∗3 ∗ S e t s t h e <code >Targe t </ code > a t t r i b u t e4 ∗5 ∗ @param T a r g e t ( anyURI )6 ∗ @throws I l l e g a l A r g u m e n t E x c e p t i o n ∗∗∗∗ because o f " use=r e q u i r e d " ∗∗∗∗7 ∗ /8 p u b l i c vo id s e t T a r g e t ( S t r i n g T a r g e t ) {9 i f ( T a r g e t == n u l l ) { throw new

10 I l l e g a l A r g u m e n t E x c e p t i o n ( " T a r g e t A t t i b u t e i s r e q u i r e d ! " ) ;11 }12 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( T a r g e t != n u l l ) ) {13 t h i s . _ c o n s t r u c t i o n E l e m e n t . s e t A t t r i b u t e N S14 ( nul l , C o n s t a n t s . _ATT_TARGET , T a r g e t ) ;15 }16 }

Figure 3.4: Method setTarget

13

The Target Attribute, as we already mentioned above, is a required one. Within a set-Method twogeneral cases are tested:

1. First of all, whether this attribute is an empty one (which is forbidden), so an IllegalArgumentExcep-tion should be executed with the relevant message.

1 i f ( T a r g e t == n u l l } ) {2 throw bf new I l l e g a l A r g u m e n t E x c e p t i o n ( " T a r g e t A t t i b u t e i s3 r e q u i r e d ! " ) ;4 }

2. Second of all, whether the present state of the signature-creation is -"Signing Mode"((this._state ==MODE_SIGN)), and whether the attribute is not an empty one((Target != null));

At the end, we shall mention this requirement of the Target attribute, as a test-case (JUnit test), which isimplemented in our project library as a JUnit negative test ("testNeg_QP_Target_required"), refers to classJUtests in the package org.apache.xml.security.xades.tests.

3.3 SignedProperties

The SignedProperties has two elements - SignedSignatureProperties andSignedDataObjectProperties. The SignedSignatureProperties element is required andmust occur only once within the SignedProperties.

The other sub-element of the SignedProperties, SignedDataObjectProperties, is optionaland contains elements that can appear one or more than once in the XML signature, which is good illustratedin our JUnit tests.

The schema definition of SignedProperties element as it follows:

< x s d : e l e m e n t name=" S i g n e d P r o p e r t i e s " t y p e =" S i g n e d P r o p e r t i e s T y p e " / >< xsd :complexType name=" S i g n e d P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" S i g n e d S i g n a t u r e P r o p e r t i e s "

t y p e =" S i g n e d S i g n a t u r e P r o p e r t i e s T y p e " / >< x s d : e l e m e n t name=" S i g n e d D a t a O b j e c t P r o p e r t i e s "

t y p e =" S i g n e d D a t a O b j e c t P r o p e r t i e s T y p e " minOccurs=" 0 " / >< / x s d : s e q u e n c e >< x s d : a t t r i b u t e name=" Id " t y p e =" xs d : I D " use =" o p t i o n a l " / >


Figure 3.5: SignedProperties

14

1 /∗ ∗2 ∗ Method s e t S i g n e d S i g n a t u r e P r o p e r t i e s3 ∗4 ∗ @param s s p5 ∗ /6 p u b l i c vo id s e t S i g n e d S i g n a t u r e P r o p e r t i e s ( S i g n e d S i g n a t u r e P r o p e r t i e s s s p ) {7 i f ( s s p == n u l l ) {8 throw new I l l e g a l A r g u m e n t E x c e p t i o n (9 " S i g n e d S i g n a t u r e P r o p e r t i e s Element i s r e q u i r e d ! " ) ;

10 }11 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( s s p != n u l l ) ) {12 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s s p . g e t E l e m e n t ( ) ) ;13 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;14 }15 }16

17 /∗ ∗18 ∗ Method s e t S i g n e d D a t a O b j e c t P r o p e r t i e s19 ∗20 ∗ @param sdop21 ∗ /22 p u b l i c vo id s e t S i g n e d D a t a O b j e c t P r o p e r t i e s ( S i g n e d D a t a O b j e c t P r o p e r t i e s sdop ) {23 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( sdop != n u l l ) ) {24 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( sdop . g e t E l e m e n t ( ) ) ;25 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;26 }27 }

Figure 3.6: Methods setSignedSignatureProperties, setSignedDataObjectProperties

The two child-elements - SignedSignatureProperties andSignedDataObjectProperties, are created using a set-Method. Because of their different way ofoccurrence, it is necessary to define the following conditions:


2. And also, whether the XML-element (SignedSignatureProperties,SignedDataObjectProperties) is not an empty one((ssp != null)or (sdop != null));

If any one of these both statements is not fulfilled, no child-element of SignedProperties would becreated. By the SignedSignatureProperties element we use the JUnit test to demonstrate theobligatorily occurrence, with other words: if this element is an empty one, an IllegalArgumentExceptionshould be executed with the relevant message.

1 i f ( s s p == n u l l } {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g n e d S i g n a t u r e P r o p e r t i e s Element i s3 r e q u i r e d ! " ) ;4 }

Refers to the negative JUnit test testNeg_SignedSignatureProperties inorg.apache.xml.security.xades.tests.JUtests.

15

3.4 UnsignedProperties

The UnsignedProperties element and its sub-elements are not signed by the [XMLDSIG] signature.They are divided on *SignatureProperties and *DataObjectProperties just like theSignedProperties.

< x s d : e l e m e n t name=" U n s i g n e d P r o p e r t i e s " t y p e =" U n s i g n e d P r o p e r t i e s T y p e " / >< xsd :complexType name=" U n s i g n e d P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" U n s i g n e d S i g n a t u r e P r o p e r t i e s "

t y p e =" U n s i g n e d S i g n a t u r e P r o p e r t i e s T y p e " minOccurs=" 0 " / >< x s d : e l e m e n t name=" U n s i g n e d D a t a O b j e c t P r o p e r t i e s "

t y p e =" U n s i g n e d D a t a O b j e c t P r o p e r t i e s T y p e " minOccurs=" 0 " / >< / x s d : s e q u e n c e >< x s d : a t t r i b u t e name=" Id " t y p e =" xs d : I D " use =" o p t i o n a l " / >


Figure 3.7: UnsignedProperties

In this case we can make a reference to the UnsignedProperties element using the optional Idattribute.The two child-elements - UnsignedSignatureProperties andUnsignedDataObjectProperties, are created using a set-Method. Because of their occurrence, itis necessary to define the following conditions:

1. It should not be proved, whether the present state of the signature’ creation is -"Signing Mode"((this._state == MODE_SIGN)), because the UnsignedProperties element consists of "chil-dren", that are not signed by the XMLDSIG signature;

2. So it appears only one condition to be proved, whether the XML-element(UnsignedSignatureProperties, UnsignedDataObjectProperties) is not an emptyone((ussp != null)or (usdop != null));

1 /∗ ∗2 ∗ Method s e t U n s i g n e d S i g n a t u r e P r o p e r t i e s3 ∗4 ∗ @param ussp5 ∗ /6 p u b l i c vo id s e t U n s i g n e d S i g n a t u r e P r o p e r t i e s ( U n s i g n e d S i g n a t u r e P r o p e r t i e s us sp ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( ussp != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( us sp . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.8: Method setUnsignedSignatureProperties

16

1 /∗ ∗2 ∗ Method s e t U n s i g n e d D a t a O b j e c t P r o p e r t i e s3 ∗4 ∗ @param usdop5 ∗ /6 p u b l i c vo id s e t U n s i g n e d D a t a O b j e c t P r o p e r t i e s ( U n s i g n e d D a t a O b j e c t P r o p e r t i e s usdop ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( ussp != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( usdop . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.9: Method setUnsignedDataObjectProperties

If the statement mentioned above, is not fulfilled, no child-element of UnsignedProperties wouldbe created.

3.5 SignedSignatureProperties

The SignedSignatureProperties has three required Elements (SigningTime,SigningCertificate, SignaturePolicyIdentifier) and two optional ones(SignatureProductionPlace, SignerRole).The XAdES-BES specification is applied through theSigningTime, SigningCertificate, SignaturePolicyIdentifier elements.

< x s d : e l e m e n t name=" S i g n e d S i g n a t u r e P r o p e r t i e s "t y p e =" S i g n e d S i g n a t u r e P r o p e r t i e s T y p e " / >< xsd :complexType name=" S i g n e d S i g n a t u r e P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" Sign ingTime " t y p e =" x s d : d a t e T i m e " / >< x s d : e l e m e n t name=" S i g n i n g C e r t i f i c a t e " t y p e =" C e r t I D L i s t T y p e " / >< x s d : e l e m e n t name=" S i g n a t u r e P o l i c y I d e n t i f e r "

t y p e =" S i g n a t u r e P o l i c y I d e n t i f i e r T y p e " / >< x s d : e l e m e n t name=" S i g n a t u r e P r o d u c t i o n P l a c e "t y p e =" S i g n a t u r e P r o d u c t i o n P l a c e T y p e " minOccurs=" 0 " / >< x s d : e l e m e n t name=" S i g n e r R o l e " t y p e =" S igne rRo leType " minOccurs=" 0 " / >

< / x s d : s e q u e n c e >< / xsd :complexType >

Figure 3.10: SignedSignatureProperties

The child-elements of the SignedSignatureProperties are added, using a constructor. As men-tioned above, the SigningTime, SigningCertificate andSignaturePolicyIdentifier elements are required. Thorough, their occurrence is tested: if oneof these obligatory elements is missing, an IllegalArgumentException should be executed with the relevantmessage:

17

1 i f ( s i g n i n g t i m e == n u l l } | | ( s i g n i n g c e r t i f i c a t e == n u l l } | | (2 s i g n a t u r e p o l i c y i d e n t i f i e r == n u l l )3 {4 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " Wrong Element Value ! " ) ;5 }

Refers to the negative JUnit tests testNeg_SigningTime, testNeg_SigningCertificate andtestNeg_SignaturePolicyIdentifier and to the positive JUnit testtestPositive_SignedSignatureProperties_Elements_required inorg.apache.xml.security.xades.tests.JUtests.

The same statements are used to prove that the present phase of signature’ creation is -"Signing Mode"((this._state == MODE_SIGN)), and the XML-element (SigningTime, SigningCertificate andSignaturePolicyIdentifier) is not an empty one((signingtime!= null)or (signingcertificate!= null))or ((signaturepolicyidentifier!= null)).Likewise, for the other two elements the tested conditions are, whetherthe present state of the signature’ creation is -"Signing Mode"((this._state == MODE_SIGN)), and also whether the XML-element (SignatureProductionPlace, SignerRole) is not an empty one((signatureproductionplace! = null) or (signerrole! = null));

18

1 /∗ ∗2 ∗ C o n s t r u c t o r S i g n e d S i g n a t u r e P r o p e r t i e s3 ∗4 ∗ @param doc5 ∗ @param s i g n i n g t i m e S i g n i n g T i m e6 ∗ @param s i g n i n g c e r t i f i c a t e S i g n i n g C e r t i f i c a t e7 ∗ @param s i g n a t u r e p o l i c y i d e n t i f i e r S i g n a t u r e P o l i c y I d e n t i f i e r8 ∗ @param s i g n a t u r e p r o d u c t i o n p l a c e S i g n a t u r e P r o d u c t i o n P l a c e9 ∗ @param s i g n e r r o l e S i g n e r R o l e

10 ∗ /11 p u b l i c S i g n e d S i g n a t u r e P r o p e r t i e s ( Document doc , S ign ingTime s i g n i n g t i m e ,12 S i g n i n g C e r t i f i c a t e s i g n i n g c e r t i f i c a t e , S i g n a t u r e P o l i c y I d e n t i f i e r13 s i g n a t u r e p o l i c y i d e n t i f i e r , S i g n a t u r e P r o d u c t i o n P l a c e14 s i g n a t u r e p r o d u c t i o n p l a c e , S i g n e r R o l e s i g n e r r o l e ) {15 super ( doc ) ;16 i f ( s i g n i n g t i m e == n u l l | | s i g n i n g c e r t i f i c a t e == n u l l | |17 s i g n a t u r e p o l i c y i d e n t i f i e r == n u l l )18 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " Wrong Element Value ! " ) ;19

20 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n i n g t i m e . g e t E l e m e n t ( ) ) ;21 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;22

23 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n i n g c e r t i f i c a t e . g e t E l e m e n t ( ) ) ;24 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;25

26 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n a t u r e p o l i c y i d e n t i f i e r . g e t E l e m e n t ( ) ) ;27 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;28

29 i f ( ( s i g n a t u r e p r o d u c t i o n p l a c e != n u l l ) {30 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n a t u r e p r o d u c t i o n p l a c e . g e t E l e m e n t ( ) ) ;31 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;32 }33 i f ( s i g n e r r o l e != n u l l ) {34 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n e r r o l e . g e t E l e m e n t ( ) ) ;35 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;36 }37 }

Figure 3.11: Contructor SignedSignatureProperties

3.6 SignedDataObjectProperties

SignedDataObjectProperties contains sub- elements that qualify some of the signed data objects.DataObjectFormat, CommitmentTypeIndication,AllDataObjectsTimeStamp, IndividualDataObjectsTimeStamp can occur more than oncewithin the SignedDataObjectProperties elements.

All these properties qualify the signed data object after all the required transforms have been made.

19

< x s d : e l e m e n t name=" S i g n e d D a t a O b j e c t P r o p e r t i e s "t y p e =" S i g n e d D a t a O b j e c t P r o p e r t i e s T y p e " / >< xsd :complexType name=" S i g n e d D a t a O b j e c t P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" D a t a O b j e c t F o r m a t " t y p e =" DataObjec tFormatType "

minOccurs=" 0 " maxOccurs=" unbounded " / >< x s d : e l e m e n t name=" Commi tmen tType Ind ica t ion "

t y p e =" CommitmentTypeInd ica t ionType " minOccurs=" 0 "maxOccurs=" unbounded " / >

< x s d : e l e m e n t name=" Al lDa taOb jec t sT imeStamp " t y p e =" TimeStampType "minOccurs=" 0 " maxOccurs=" unbounded " / >

< x s d : e l e m e n t name=" I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p " t y p e =" TimeStampType "minOccurs=" 0 " maxOccurs=" unbounded " / >


Figure 3.12: SignedDataObjectProperties

1 /∗ ∗2 ∗ Method s e t D a t a O b j e c t F o r m a t3 ∗4 ∗ @param d a t a o b j e c t f o r m a t5 ∗ /6 p u b l i c vo id s e t D a t a O b j e c t F o r m a t ( D a t a O b j e c t F o r m a t d a t a o b j e c t f o r m a t ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( d a t a o b j e c t f o r m a t != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( d a t a o b j e c t f o r m a t . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }12 /∗ ∗13 ∗ Method s e t C o m m i t m e n t T y p e I n d i c a t i o n14 ∗15 ∗ @param c o m m i t m e n t t y p e i n d i c a t i o n16 ∗ /17 p u b l i c vo id s e t C o m m i t m e n t T y p e I n d i c a t i o n ( Commi tmen tType Ind ica t ion18 c o m m i t m e n t t y p e i n d i c a t i o n ) {19 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( c o m m i t m e n t t y p e i n d i c a t i o n != n u l l ) ) {20 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( c o m m i t m e n t t y p e i n d i c a t i o n . g e t E l e m e n t ( ) ) ;21 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;22 }23 }

Figure 3.13: Methods setCommitmentTypeIndication, setDataObjectFormat

20

1 /∗ ∗2 ∗ Method s e t A l l D a t a O b j e c t s T i m e S t a m p3 ∗4 ∗ @param a l l d a t a o b j e c t s t i m e s t a m p5 ∗ /6 p u b l i c vo id s e t A l l D a t a O b j e c t s T i m e S t a m p ( Al lDa taObjec t sT imeS tamp7 a l l d a t a o b j e c t s t i m e s t a m p ) {8 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&&( a l l d a t a o b j e c t s t i m e s t a m p != n u l l ) )9 { t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( a l l d a t a o b j e c t s t i m e s t a m p . g e t E l e m e n t ( ) ) ;

10 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;11 }12 }13

14 /∗ ∗15 ∗ Method s e t I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p16 ∗17 ∗ @param i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p18 ∗ /19 p u b l i c vo id s e t I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p ( I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p20 i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p ) {21 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p !=22 n u l l ) ) {23 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld24 ( i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p . g e t E l e m e n t ( ) ) ;25 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;26 }27 }

Figure 3.14: Methods setAllDataObjectsTimeStamp, setIndividualDataObjectsTimeStamp

The child-elements - DataObjectFormat, CommitmentTypeIndicationType,AllDataObjectsTimeStamp and IndividualDataObjectsTimeStamp, are created using a set-Method. Because of their occurrence, it is necessary to define the following conditions:


2. And also, whether the XML-element (DataObjectFormat,CommitmentTypeIndicationType,AllDataObjectsTimeStamp and IndividualDataObjectsTimeStamp) is not an emptyone((dataobjectformat!= null), (commitmenttypeindication!= null), (alldataobjectstimestamp != null),(individualdataobjectstimestamp != null));

If any one of these both statements is not fulfilled, no child-element ofSignedDataObjectProperties would be created.

3.7 UnsignedSignatureProperties

The UnsignedSignatureProperties element contains CounterSignature,SignatureTimeStamp, CompleteCertificateRefs, CompleteCertificateRefs,SigAndRefsTimeStamp, RefsOnlyTimeStamp, CertificateValues,RevocationValues, ArchiveTimeStamp. In our Project we will pay attention only to theCounterSignature element, because of the structure of XAdES. This will be discussed more detailedin section 3.17.

21

< x s d : e l e m e n t name=" U n s i g n e d S i g n a t u r e P r o p e r t i e s "t y p e =" U n s i g n e d S i g n a t u r e P r o p e r t i e s T y p e " / >< xsd :complexType name=" U n s i g n e d S i g n a t u r e P r o p e r t i e s T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" C o u n t e r S i g n a t u r e " t y p e =" C o u n t e r S i g n a t u r e T y p e "

minOccurs=" 0 " maxOccurs=" unbounded " / >< x s d : e l e m e n t name=" S igna tu reT imeStamp " t y p e =" TimeStampType "

minOccurs=" 0 " maxOccurs=" unbounded " / >< x s d : e l e m e n t name=" C o m p l e t e C e r t i f i c a t e R e f s "

t y p e =" C o m p l e t e C e r t i f i c a t e R e f s T y p e " minOccurs=" 0 " / >< x s d : e l e m e n t name=" C o m p l e t e R e v o c a t i o n R e f s "

t y p e =" Comple t eRevoca t ionRefsType " minOccurs=" 0 " / >< x s d : c h o i c e >

< x s d : e l e m e n t name=" SigAndRefsTimeStamp " t y p e =" TimeStampType "minOccurs=" 0 " maxOccurs=" unbounded " / >

< x s d : e l e m e n t name=" RefsOnlyTimeStamp " t y p e =" TimeStampType "minOccurs=" 0 " maxOccurs=" unbounded " / >

< / x s d : c h o i c e >< x s d : e l e m e n t name=" C e r t i f i c a t e V a l u e s " t y p e =" C e r t i f i c a t e V a l u e s T y p e "

minOccurs=" 0 " / >< x s d : e l e m e n t name=" R e v o c a t i o n V a l u e s " t y p e =" Revoca t i onVa luesType "

minOccurs=" 0 " / >< x s d : e l e m e n t name=" ArchiveTimeStamp " t y p e =" TimeStampType "

minOccurs=" 0 " maxOccurs=" unbounded " / >< / x s d : s e q u e n c e >


Figure 3.15: UnsignedSignatureProperties

Only the CounterSignature element, using a set-Method, is specified, because the other sub-elementsof the UnsignedSignatureProperties are not included in the XAdES XML structure. Note, thatonly the value of the element is tested, because the "children" ofUnsignedProperties element, are not signed by the XMLDSIG signature.

1 /∗ ∗2 ∗ Method s e t C o u n t e r S i g n a t u r e3 ∗ @param s i g n a t u r e4 ∗ /5 p u b l i c vo id s e t C o u n t e r S i g n a t u r e ( C o u n t e r S i g n a t u r e s i g n a t u r e ) {6 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( s i g n a t u r e != n u l l ) ) {7 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( s i g n a t u r e . g e t E l e m e n t ( ) ) ;8 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;9 }

10 }

Figure 3.16: Method setCounterSignature

22

3.8 The SigningTime element

The SigningTime element is meant for showing the date and time at which the signer has created thesigned XML signature. It is a sub-element of SignedSignatureProperties and in view of thatcontributes for the cryptographic justification of the XML signature. This element must occur exactly oncewithin the signature. However the SigningTime can take only the local time of the computer on whichthe signature is created.

The definition of this element, as it follows:

< x s d : e l e m e n t name=" Sign ingTime " t y p e =" x s d : d a t e T i m e " / >

Figure 3.17: SigningTime

1 /∗ ∗2 ∗ C o n s t r u c t o r S i g n i n g T i m e3 ∗4 ∗ @param doc5 ∗ @param dateT ime6 ∗ /7 p u b l i c Sign ingTime ( Document doc , Date da teTime ) {8 super ( doc ) ;9 t h i s . addTex t ( toXMLDate ( da teTime ) . t o S t r i n g ( ) ) ;

10 }

Figure 3.18: Constructor SigningTime

The SigningTime is created using a specific constructor, with two variables doc and dateTime. Forthis function we use the javax.xml.datatype.XMLGregorianCalendar andjava.util.GregorianCalendar libraries.

23

3.9 The SigningCertificate element

Using the SigningCertificate element could be avoided a simple substitution of the certificate.As sub-elements, it has the CertDigest and IssuerSerial elements, which consist of referencesto the DigestMethod URI and DigestValue, as well as a reference to the X509IssuerSerial(X509IssuerName, X509SerialNumber).Just like the SigningTime element,SigningCertificate is sub-element of the SignedSignatureProperties, its use is requiredand must appear only once.

Below follows the schema definition:

< x s d : e l e m e n t name=" S i g n i n g C e r t i f i c a t e " t y p e =" C e r t I D L i s t T y p e " / >< xsd :complexType name=" C e r t I D L i s t T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" C e r t " t y p e =" Cer t IDType " maxOccurs=" unbounded " / >

< / x s d : s e q u e n c e >< / xsd :complexType >< xsd :complexType name=" Cer t IDType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" C e r t D i g e s t " t y p e =" DigestAlgAndValueType " / >< x s d : e l e m e n t name=" I s s u e r S e r i a l " t y p e =" d s : X 5 0 9 I s s u e r S e r i a l T y p e " / >

< / x s d : s e q u e n c e >< / xsd :complexType >< xsd :complexType name=" Diges tAlgAndValueType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" Diges tMethod " t y p e =" ds :Diges tMe thodType " / >< x s d : e l e m e n t name=" D i g e s t V a l u e " t y p e =" d s : D i g e s t V a l u e T y p e " / >


Figure 3.19: SigningCertificate

The SigningCertificate element is created using a set-Method, and because of its type is specifiedas CertIDList ("(CertIDList SigningCertificate)").Again it is necessary to define the following condi-tions:


2. And also, whether the XML-element (SigningCertificate) is not an empty one((SigningCertificate!= null);

If any one of these both statements is not fulfilled, no SigningCertificate element would be cre-ated. This shall be illustrated in the next table:

24

1 /∗ ∗2 ∗ Method s e t S i g n i n g C e r t i f i c a t e3 ∗4 ∗ @param S i g n i n g C e r t i f i c a t e5 ∗ /6 p u b l i c vo id s e t S i g n i n g C e r t i f i c a t e ( C e r t I D L i s t S i g n i n g C e r t i f i c a t e ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g n i n g C e r t i f i c a t e != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( S i g n i n g C e r t i f i c a t e . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.20: Method setSigningCertificate

3.10 The SignaturePolicyIdentifier element

The SignaturePolicyIdentifier is a combination of norms for the build up and validation of a sig-nature, so the validity of the signature can be confirmed. The uniqueness of the signer is protected, through ahash value of the signature policy. Moreover the implementation of the SignaturePolicyIdentifierelement prevents the hash value and the identifier to be faked, thus it proves the globally unique referenceof the signature policy to the XML signature and the signer as a part of the signature computation. With theSigningTime and the SigningCertificate elements it defines the XAdES-BES format. Only oneSignaturePolicyIdentifier element must occur within theSignedSignatureProperties.On the next page follows the schema definition for this type, see Fig-ure 3.22 .

There are two options for using the elements of the SignaturePolicyIdentifier:

1. SignaturePolicyId has four sub-elements- SigPolicyId, Transforms,SigPolicyHash, SigPolicyQualifiers.

• SigPolicyId is required and it specifies the Identifier, Description and theDocumentationReferences elements, which uniquely designates the specific version ofthe signature policy.

• The Transforms element references to the Transforms in the SignedInfo.

• SigPolicyHash consists of two sub-elements- DigestMethod Algorithm, identifier ofthe hash algorithm, and the DigestValue - hash value of the signature policy.

• Within the SigPolicyQualifiers extra information, qualifying the policy identifier canappear.

2. SignaturePolicyImplied

Alternatively, an empty SignaturePolicyImplied element confirms that the data object(s) be-ing signed and other external data designate the signature policy.

The SignaturePolicyId element is added as a child-element of theSignaturePolicyIdentifier, using a set-Method. Because of its specific type this element is de-fined as SignaturePolicyIdType. Like the other SignedProperties is necessary to define thefollowing conditions:

25

< x s d : e l e m e n t name=" S i g n a t u r e P o l i c y I d e n t i f i e r "t y p e =" S i g n a t u r e P o l i c y I d e n t i f i e r T y p e " / > < xsd :complexTypename=" S i g n a t u r e P o l i c y I d e n t i f i e r T y p e ">

< x s d : c h o i c e >< x s d : e l e m e n t name=" S i g n a t u r e P o l i c y I d " t y p e =" S i g n a t u r e P o l i c y I d T y p e " / >< x s d : e l e m e n t name=" S i g n a t u r e P o l i c y I m p l i e d " / >

< / x s d : c h o i c e >< / xsd :complexType > < xsd :complexType name=" S i g n a t u r e P o l i c y I d T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" S i g P o l i c y I d " t y p e =" O b j e c t I d e n t i f i e r T y p e " / >< x s d : e l e m e n t r e f =" d s : T r a n s f o r m s " minOccurs=" 0 " / >< x s d : e l e m e n t name=" S i g P o l i c y H a s h " t y p e =" DigestAlgAndValueType " / >< x s d : e l e m e n t name=" S i g P o l i c y Q u a l i f i e r s "

t y p e =" S i g P o l i c y Q u a l i f i e r s L i s t T y p e " minOccurs=" 0 " / >< / x s d : s e q u e n c e >

< / xsd :complexType > < xsd :complexTypename=" S i g P o l i c y Q u a l i f i e r s L i s t T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" S i g P o l i c y Q u a l i f i e r " t y p e =" AnyType "

maxOccurs=" unbounded " / >< / x s d : s e q u e n c e >


Figure 3.21: SignaturePolicyIdentifier


2. And also, whether the XML-element (SignaturePolicyId) is not an empty one((SignaturePolicyId!= null));

If any one of these both statements is not fulfilled, no SignaturePolicyIdelement would be created.By the SignaturePolicyId element we use the JUnit test to demonstrate the obligatorily occurrence,with other words: if this element is an empty one, an IllegalArgumentException should be executed withthe relevant message:

1 i f ( S i g n a t u r e P o l i c y I d == n u l l ) {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g n a t u r e P o l i c y I d Element3 i s r e q u i r e d ! " ) ;4 }

26

1 /∗ ∗2 ∗ Method s e t S i g n a t u r e P o l i c y I d3 ∗4 ∗ @param S i g n a t u r e P o l i c y I d5 ∗ /6 p u b l i c vo id s e t S i g n a t u r e P o l i c y I d ( S i g n a t u r e P o l i c y I d T y p e S i g n a t u r e P o l i c y I d ) {7 i f ( S i g n a t u r e P o l i c y I d == n u l l ) {8 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g n a t u r e P o l i c y I d Element9 i s r e q u i r e d ! " ) ;

10 }11 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g n a t u r e P o l i c y I d != n u l l ) ) {12 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( S i g n a t u r e P o l i c y I d . g e t E l e m e n t ( ) ) ;13 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;14 }15 }

Figure 3.22: Method setSignaturePolicyId

Refers to the negative JUnit test testNeg_SignaturePolicyId_Element_required inorg.apache.xml.security.xades.tests.JUtests. The following codesamples can illustrate all this( refer to the class:SignaturePolicyIdType).

1 /∗ ∗2 ∗ Method s e t S i g P o l i c y I d3 ∗ @param S i g P o l i c y I d4 ∗ /5 p u b l i c vo id s e t S i g P o l i c y I d ( O b j e c t I d e n t i f i e r S i g P o l i c y I d ) {6 i f ( S i g P o l i c y I d == n u l l ) {7 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g P o l i c y I d Element i s r e q u i r e d ! " ) ;8 }9 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g P o l i c y I d != n u l l ) ) {

10 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( S i g P o l i c y I d . g e t E l e m e n t ( ) ) ;11 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;12 }13 }14

15 /∗ ∗16 ∗ Method s e t S i g P o l i c y H a s h17 ∗ @param S i g P o l i c y H a s h18 ∗ /19 p u b l i c vo id s e t S i g P o l i c y H a s h ( Diges tAlgAndValue S i g P o l i c y H a s h ) {20 i f ( S i g P o l i c y H a s h == n u l l ) {21 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g P o l i c y H a s h Element i s r e q u i r e d ! " ) ;22 }23 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g P o l i c y H a s h != n u l l ) ) {24 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( S i g P o l i c y H a s h . g e t E l e m e n t ( ) ) ;25 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;26 }27 }

Figure 3.23: Methods setSigPolicyId, setSigPolicyHash

The child-elements, which define the format SignaturePolicyIdType - SigPolicyId,SigPolicyHash, Transforms, and SigPolicyQualifiers, are all created using set-Methods.Because of their occurrence, it is necessary to define the following conditions:

27

1 /∗ ∗2 ∗ Method s e t T r a n s f o r m s 13 ∗ @param t r a n s f o r m s 14 ∗ /5 p u b l i c vo id s e t T r a n s f o r m s 1 ( Trans fo rms1 t r a n s f o r m s 1 ) {6 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( t r a n s f o r m s 1 != n u l l ) ) {7 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( t r a n s f o r m s 1 . g e t E l e m e n t ( ) ) ;8 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;9 }

10 }11

12 /∗ ∗13 ∗ Method s e t S i g P o l i c y Q u a l i f i e r s14 ∗15 ∗ @param S i g P o l i c y Q u a l i f i e r s16 ∗ /17 p u b l i c vo id s e t S i g P o l i c y Q u a l i f i e r s ( S i g P o l i c y Q u a l i f i e r s L i s t T y p e18 S i g P o l i c y Q u a l i f i e r s ) {19 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g P o l i c y Q u a l i f i e r s != n u l l ) ) {20 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( S i g P o l i c y Q u a l i f i e r s . g e t E l e m e n t ( ) ) ;21 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;22 }23 }

Figure 3.24: Methods setTransforms1, setSigPolicyQualifiers


2. And also, whether the XML-element (SigPolicyId, SigPolicyHash, Transforms,and SigPolicyQualifiers) is not an empty one((SigPolicyId != null), (SigPolicyHash != null),(transforms1 != null), (SigPolicyQualifiers != null));

If any one of these both statements is not fulfilled, no child-element ofSignaturePolicyIdTypewould be created. By the SigPolicyId and SigPolicyHash elementswe use the JUnit tests to demonstrate the obligatorily occurrence, with other words: if this element is anempty one, an IllegalArgumentException should be executed with the relevant message:

1 i f ( S i g P o l i c y I d == n u l l ) {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g P o l i c y I d Element3 i s r e q u i r e d ! " ) ;4 }5

6 i f ( S i g P o l i c y H a s h == n u l l ) {7 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " S i g P o l i c y H a s h Element8 i s r e q u i r e d ! " ) ;9 }

28

Refers to the negative JUnit tests testNeg_SigPolicyId_Element_required andtestNeg_SigPolicyHash_Element_required in org.apache.xml.security.xades.tests.JUtests.

The SigPolicyQualifiers element is added as a child-element of the SignaturePolicyId,using a set-Method. Because of its specific type this element is defined asSigPolicyQualifiersListType. The following conditions is necessary to be defined:


2. And also, whether the XML-element (SigPolicyQualifiers) is not an empty one((SigPolicyQualifiers != null));

If any one of these both statements is not fulfilled, no SigPolicyQualifierselement would becreated.

1 /∗ ∗2 ∗ Method s e t S i g P o l i c y Q u a l i f i e r3 ∗4 ∗ @param S i g P o l i c y Q u a l i f i e r5 ∗ /6 p u b l i c vo id s e t S i g P o l i c y Q u a l i f i e r ( S t r i n g S i g P o l i c y Q u a l i f i e r ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S i g P o l i c y Q u a l i f i e r != n u l l ) ) {8 t h i s . a d d S t r i n g E l e m e n t ( S i g P o l i c y Q u a l i f i e r ,9 C o n s t a n t s . _TAG_SIGPOLICYQUALIFIER ) ;


Figure 3.25: Method setSigPolicyQualifiers

The child-element, which defines the format SigPolicyQualifiersListType -SigPolicyQualifier is created using set-Method. Because of its occurrence, it is necessary to definethe following conditions:


2. And also, whether the XML-element (SigPolicyQualifier) is not an empty one((SigPolicyQualifier != null));

If any one of these both statements is not fulfilled, no child-element ofSigPolicyQualifiersListType would be created.

29

3.11 The SignatureProductionPlace element

The SignatureProductionPlace is a sub-element of SignedSignatureProperties just likeSigningTime, SigningCertificate and SignaturePolicyIdentifier, but its use is op-tional. This element specifies the exact place where the signature is created, through its four "children" -City, StateOrProvince, PostalCode, CountryName. Within the SignedSignature-Properties can occur only one SignatureProductionPlace element.

The schema definition of this element, as it follows:

< x s d : e l e m e n t name=" S i g n a t u r e P r o d u c t i o n P l a c e "t y p e =" S i g n a t u r e P r o d u c t i o n P l a c e T y p e " / >< xsd :complexType name=" S i g n a t u r e P r o d u c t i o n P l a c e T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" C i t y " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" S t a t e O r P r o v i n c e " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" P o s t a l C o d e " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" CountryName " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >


Figure 3.26: SignatureProductionPlace

1 /∗ ∗2 ∗ Method s e t C i t y3 ∗ @param C i t y4 ∗ /5 p u b l i c vo id s e t C i t y ( S t r i n g C i t y ) {6 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( C i t y != n u l l ) ) {7 t h i s . a d d S t r i n g E l e m e n t ( Ci ty , C o n s t a n t s . _TAG_CITY ) ;8 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;9 }

10 }11

12 /∗ ∗13 ∗ Method s e t S t a t e O r P r o v i n c e14 ∗ @param S t a t e O r P r o v i n c e15 ∗ /16 p u b l i c vo id s e t S t a t e O r P r o v i n c e ( S t r i n g S t a t e O r P r o v i n c e ) {17 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( S t a t e O r P r o v i n c e != n u l l ) ) {18 t h i s . a d d S t r i n g E l e m e n t ( S t a t e O r P r o v i n c e , C o n s t a n t s . _TAG_STATEORPROVINCE ) ;19 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;20 }21 }

Figure 3.27: Methods: setStateOrProvince, setCity

30

1 /∗ ∗2 ∗ Method s e t P o s t a l C o d e3 ∗ @param Pos ta lCode4 ∗ /5 p u b l i c vo id s e t P o s t a l C o d e ( S t r i n g P o s t a l C o d e ) {6 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( P o s t a l C o d e != n u l l ) ) {7 t h i s . a d d S t r i n g E l e m e n t ( Pos ta lCode , C o n s t a n t s . _TAG_POSTALCODE ) ;8 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;9 }

10 }11

12 /∗ ∗13 ∗ Method se tCountryName14 ∗ @param CountryName15 ∗ /16 p u b l i c vo id se tCount ryName ( S t r i n g CountryName ) {17 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( CountryName != n u l l ) ) {18 t h i s . a d d S t r i n g E l e m e n t ( CountryName , C o n s t a n t s ._TAG_COUNTRYNAME) ;19 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;20 }21 }

Figure 3.28: Methods: setPostalCode, setCountryName

The child-elements- City, StateOrProvince, PostalCode, CountryName, are created using aset-Method. Because of their way of occurrence, it is necessary to define the following conditions:


2. And also, whether the XML-element (City, StateOrProvince, PostalCode,CountryName) is not an empty one((City != null), (StateOrProvince != null), (PostalCode != null),(CountryName != null));

If any one of these both statements is not fulfilled, no child-element ofSignatureProductionPlace would be created.

3.12 The SignerRole element

The SignerRole is a sub-element of SignedSignatureProperties. There can appear only oneSignerRole element and its use is optional. The SignerRole has two "children" - ClaimedRolesand CertifiedRoles, from which leastwise one must be present. Within the ClaimedRoles canoccur roles claimed by the signer, but they are not certified. On the opposite side is the CertifiedRoleselement, which consists of wrapped attribute certificates for the signer.


31

< x s d : e l e m e n t name=" S i g n e r R o l e " t y p e =" S igne rRo leType " / >< xsd :complexType name=" S igne rRo leType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" Cla imedRoles " t y p e =" C l a i m e d R o l e s L i s t T y p e "

minOccurs=" 0 " / >< x s d : e l e m e n t name=" C e r t i f i e d R o l e s " t y p e =" C e r t i f i e d R o l e s L i s t T y p e "

minOccurs=" 0 " / >< / x s d : s e q u e n c e >< / xsd :complexType >< xsd :complexType name=" C l a i m e d R o l e s L i s t T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" Cla imedRole " t y p e =" AnyType " maxOccurs=" unbounded " / >

< / x s d : s e q u e n c e >< / xsd :complexType >< xsd :complexType name=" C e r t i f i e d R o l e s L i s t T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" C e r t i f i e d R o l e " t y p e =" Encapsu la t edPKIDa taType "

maxOccurs=" unbounded " / >< / x s d : s e q u e n c e >


Figure 3.29: SignerRole

The following java-Code fragments shall illustrate this XAdES - element in detail:

1 /∗ ∗ Method s e t C l a i m e d R o l e s2 ∗ @param Cla imedRo le s3 ∗ /4 p u b l i c vo id s e t C l a i m e d R o l e s ( C l a i m e d R o l e s L i s t C la imedRoles ) {5 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( Cla imedRoles != n u l l ) ) {6 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( Cla imedRoles . g e t E l e m e n t ( ) ) ;7 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;8 }9 }

10

11 /∗ ∗ Method s e t C e r t i f i e d R o l e s12 ∗ @param C e r t i f i e d R o l e s13 ∗ /14 p u b l i c vo id s e t C e r t i f i e d R o l e s ( C e r t i f i e d R o l e s L i s t C e r t i f i e d R o l e s ) {15 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( C e r t i f i e d R o l e s != n u l l ) ) {16 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( C e r t i f i e d R o l e s . g e t E l e m e n t ( ) ) ;17 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;18 }19 }

Figure 3.30: Methods: setClaimedRoles, setCertifiedRoles

32

The child-elements- ClaimedRoles and CertifiedRoles, are created using a set-Method. Be-cause of their way of occurrence, it is necessary to define the following conditions:


2. And also, whether the XML-element (ClaimedRoles, CertifiedRoles) is not an empty one((ClaimedRoles != null), (CertifiedRoles != null);

If any one of these both statements is not fulfilled, no child-element of SignerRole would be created.

1 /∗ ∗2 ∗ C o n s t r u c t o r C e r t i f i e d R o l e s L i s t3 ∗4 ∗ @param doc5 ∗ @param C e r t i f i e d R o l e Encapsu la tedPKIDataType6 ∗7 ∗ /8 p u b l i c C e r t i f i e d R o l e s L i s t ( Document doc , Encapsu la t edPKIDa taType9 C e r t i f i e d R o l e ) {

10 super ( doc ) ;11 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( C e r t i f i e d R o l e != n u l l ) ) {12 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( C e r t i f i e d R o l e . g e t E l e m e n t ( ) ) ;13 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;14 }15 }

Figure 3.31: Constructor CertifiedRolesList

1 /∗ ∗2 ∗ C o n s t r u c t o r C l a i m e d R o l e s L i s t3 ∗4 ∗ @param doc5 ∗ @param Cla imedRole6 ∗7 ∗ /8 p u b l i c C l a i m e d R o l e s L i s t ( Document doc , S t r i n g Cla imedRole ) {9 super ( doc ) ;

10 i f ( Cla imedRole != n u l l ) {11 t h i s . a d d S t r i n g E l e m e n t ( ClaimedRole , C o n s t a n t s . _TAG_CLAIMEDROLE ) ;12 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;13 }14 }

Figure 3.32: Constructor ClaimedRolesList

The CertifiedRolesListType and the ClaimedRolesListType - are created using specificConstructors. They have two different types of elements (CertifiedRole fromEncapsulatedPKIDataType, and ClaimedRole from type String). Because of the occurrence ofCertifiedRole, it is necessary to define the following conditions:

33


2. And also, whether the XML-element (CertifiedRole) is not an empty one((CertifiedRole!= null));

If any one of these both statements is not fulfilled, no child-element ofCertifiedRolesListType would be created.

For the ClaimedRole element it should be proved only whether it is not an empty one ((ClaimedRole!=null)).

3.13 The DataObjectFormat element

The DataObjectFormat element is a sub-element of the SignedDataObjectProperties. It sup-plies information about any signed data object. This element may appear, if one specific signed data objecthas to be qualified. Its presence is not required, so null, one or more occurrences are possible.

The schema definition of this element, as it follows.

< x s d : e l e m e n t name=" D a t a O b j e c t F o r m a t " t y p e =" DataObjec tFormatType " / >< xsd :complexType name=" DataObjec tForma tType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" D e s c r i p t i o n " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" O b j e c t I d e n t i f i e r " t y p e =" O b j e c t I d e n t i f i e r T y p e "

minOccurs=" 0 " / >< x s d : e l e m e n t name=" MimeType " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" Encoding " t y p e =" xsd:anyURI " minOccurs=" 0 " / >

< / x s d : s e q u e n c e >< x s d : a t t r i b u t e name=" O b j e c t R e f e r e n c e " t y p e =" xsd:anyURI "

use =" r e q u i r e d " / >< / xsd :complexType >

Figure 3.33: DataObjectFormat

1 /∗ ∗2 ∗ Method s e t D e s c r i p t i o n3 ∗4 ∗ @param D e s c r i p t i o n5 ∗ /6 p u b l i c vo id s e t D e s c r i p t i o n ( S t r i n g D e s c r i p t i o n ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( D e s c r i p t i o n != n u l l ) ) {8 t h i s . a d d S t r i n g E l e m e n t ( D e s c r i p t i o n , C o n s t a n t s . _TAG_DESCRIPTION ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.34: Method setDescription

34

1 /∗ ∗2 ∗ Method s e t O b j e c t I d e n t i f i e r3 ∗4 ∗ @param o b j e c t I d e n t i f i e r5 ∗ /6 p u b l i c vo id s e t O b j e c t I d e n t i f i e r ( O b j e c t I d e n t i f i e r o b j e c t I d e n t i f i e r ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( o b j e c t I d e n t i f i e r != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( o b j e c t I d e n t i f i e r . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.35: Method setObjectIdentifier

1 /∗ ∗2 ∗ Method setMimeType3 ∗4 ∗ @param MimeType5 ∗ /6 p u b l i c vo id setMimeType ( S t r i n g MimeType ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( MimeType != n u l l ) ) {8 t h i s . a d d S t r i n g E l e m e n t ( MimeType , C o n s t a n t s . _TAG_MIMETYPE ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.36: Method setMimeType

1 /∗ ∗2 ∗ Method s e t E n c o d i n g3 ∗4 ∗ @param Encoding5 ∗ /6 p u b l i c vo id s e t E n c o d i n g ( S t r i n g Encoding ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( Encoding != n u l l ) ) {8 t h i s . a d d S t r i n g E l e m e n t ( Encoding , C o n s t a n t s . _TAG_ENCODING ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.37: Method setEncoding

35

1 /∗ ∗2 ∗ S e t s t h e <code >O b j e c t R e f e r e n c e </ code > a t t r i b u t e3 ∗4 ∗ @param O b j e c t R e f e r e n c e ( anyURI )5 ∗ @throws I l l e g a l A r g u m e n t E x c e p t i o n ∗∗∗∗ because o f " use=r e q u i r e d " ∗∗∗∗6 ∗ /7 p u b l i c vo id s e t O b j e c t R e f e r e n c e ( S t r i n g O b j e c t R e f e r e n c e ) {8 i f ( O b j e c t R e f e r e n c e == n u l l ) {9 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " O b j e c t R e f e r e n c e A t t i b u t e i s r e q u i r e d ! " ) ;

10 }11 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( O b j e c t R e f e r e n c e != n u l l ) ) {12 t h i s . _ c o n s t r u c t i o n E l e m e n t . s e t A t t r i b u t e N S (13 nul l , C o n s t a n t s . _ATT_OBJECTREFERENCE , O b j e c t R e f e r e n c e ) ;14 }15 }

Figure 3.38: Method setObjectReference attribite

All sub-elements of DataObjectFormat - Description, ObjectIdentifier, MimeType,Encoding, as well as the required ObjectReference attribute are created using set-Methods. Becauseof their way of occurrence, it is necessary to define the following conditions:


2. And also, whether the XML-element/-attribute(Description, ObjectIdentifier, MimeType,Encoding and ObjectReference) is not an empty one( (Description != null), (objectIdentifier!=null), (MimeType!= null), (Encoding!= null), (ObjectReference!= null);

If any one of these both statements is not fulfilled, no child-element of DataObjectFormat would becreated.

By the ObjectReference attribute we use the JUnit test to demonstrate the obligatorily occurrence,with other words: if this attribute does not exist, an IllegalArgumentException should be executed with therelevant message.

1 i f ( O b j e c t R e f e r e n c e == n u l l ) {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " O b j e c t R e f e r e n c e A t t i b u t e i s r e q u i r e d ! " ) ;3 }

Refers to the negative JUnit test testNeg_DataObjectFormat_Attr_ObjectReference_required inorg.apache.xml.security.xades.tests.JUtests.

36

3.14 The CommitmentTypeIndication element

The CommitmentTypeIndication is a sub-element of the SignedDataObjectProperties. Itspresence is not required, so null, one or more occurrences are possible.


< x s d : e l e m e n t name=" Commi tmen tType Ind ica t ion "t y p e =" CommitmentTypeInd ica t ionType " / >< xsd :complexType name=" CommitmentTypeInd ica t ionType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" CommitmentTypeId " t y p e =" O b j e c t I d e n t i f i e r T y p e " / >< x s d : c h o i c e >

< x s d : e l e m e n t name=" O b j e c t R e f e r e n c e " t y p e =" xsd:anyURI "minOccurs=" 0 " maxOccurs=" unbounded " / >

< x s d : e l e m e n t name=" A l l S i g n e d D a t a O b j e c t s " / >< / x s d : c h o i c e >< x s d : e l e m e n t name=" Commi tmen tTypeQua l i f i e r s "

t y p e =" C o m m i t m e n t T y p e Q u a l i f i e r s L i s t T y p e " minOccurs=" 0 " / >< / x s d : s e q u e n c e >< / xsd :complexType > < xsd :complexTypename=" C o m m i t m e n t T y p e Q u a l i f i e r s L i s t T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" Commi tmen tTypeQua l i f i e r "

t y p e =" AnyType " minOccurs=" 0 " maxOccurs=" unbounded " / >< / x s d : s e q u e n c e >< / xsd :complexType >

Figure 3.39: CommitmentTypeIndication

On the next page follows the java Constructor for the CommitmentTypeIndication XAdES element,see Figure 3.41. The CommitmentTypeIndication element is created using a specific constructor. Aschild-elements, which define the format CommitmentTypeIndication-Type : CommitmentTypeId, AllSignedDataObjects and CommitmentType-Qualifiers, are added. Because of their occurrence, it is necessary to define the following condition:whether the XML-element (CommitmentTypeId, AllSignedDataObjects,CommitmentTypeQualifiers) is not an empty one ((CommitmentTypeId!= null), (AllSignedDataOb-jects!= null), (commitmentTypeQualifiers!= null)). If this statement is not fulfilled, no child-element ofCommitmentTypeIndicationTypewould be created. By the CommitmentTypeId element we usethe JUnit test to demonstrate the obligatorily occurrence, with other words: if this element does not exist, anIllegalArgumentException should be executed with the relevant message:

1 i f ( CommitmentTypeId == n u l l ) {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " CommitmentTypeId Element3 i s r e q u i r e d ! " ) ;4 }

Refers to the negative JUnit testtestNeg_CommitmentTypeIndication_CommitmentTypeId_Element_requiredin org.apache.xml.security.xades.tests.JUtests.

37

1 /∗ ∗2 ∗ C o n s t r u c t o r C o m m i t m e n t T y p e I n d i c a t i o n3 ∗4 ∗ @param doc5 ∗ @param CommitmentTypeId O b j e c t I d e n t i f i e r6 ∗ @param c o m m i t m e n t T y p e Q u a l i f i e r s C o m m i t m e n t T y p e Q u a l i f i e r s L i s t7 ∗ @param A l l S i g n e d D a t a O b j e c t s8 ∗ /9 p u b l i c Commi tmen tTypeInd ica t ion ( Document doc , O b j e c t I d e n t i f i e r

10 CommitmentTypeId , A l l S i g n e d D a t a O b j e c t s A l l S i g n e d D a t a O b j e c t s ,11 C o m m i t m e n t T y p e Q u a l i f i e r s L i s t c o m m i t m e n t T y p e Q u a l i f i e r s ) {12 super ( doc ) ;13 i f ( CommitmentTypeId == n u l l ) {14 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " CommitmentTypeId e l e m e n t i s r e q u i r e d ! " ) ;15 }16 e l s e i f ( CommitmentTypeId != n u l l ) {17 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( CommitmentTypeId . g e t E l e m e n t ( ) ) ;18 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;19 }20 i f ( A l l S i g n e d D a t a O b j e c t s != n u l l ) {21 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( A l l S i g n e d D a t a O b j e c t s . g e t E l e m e n t ( ) ) ;22 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;23 }24 i f ( c o m m i t m e n t T y p e Q u a l i f i e r s != n u l l ) {25 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( c o m m i t m e n t T y p e Q u a l i f i e r s . g e t E l e m e n t ( ) ) ;26 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;27 }28 }

Figure 3.40: Constructor CommitmentTypeIndication

1 /∗ ∗2 ∗ Method s e t C o m m i t m e n t T y p e Q u a l i f i e r3 ∗4 ∗ @param C o m m i t m e n t T y p e Q u a l i f i e r5 ∗ /6 p u b l i c vo id s e t C o m m i t m e n t T y p e Q u a l i f i e r ( S t r i n g Commi tmen tTypeQua l i f i e r ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( Commi tmen tTypeQua l i f i e r != n u l l ) ) {8 t h i s . a d d S t r i n g E l e m e n t ( CommitmentTypeQual i f i e r ,9 C o n s t a n t s . _TAG_COMMITMENTTYPEQUALIFIER ) ;


Figure 3.41: Method setCommitmentTypeQualifier

The child-element, which defines the format CommitmentTypeQualifiersListType- CommitmentTypeQualifier is created using set-Method. Because of its occurrence, it is necessaryto define the following conditions:


2. And also, whether the XML-element (CommitmentTypeQualifier) is not an empty one((CommitmentTypeQualifier!= null));

38

If any one of these both statements is not fulfilled, no child-element ofCommitmentTypeQualifiersListType would be created.

3.15 The AllDataObjectsTimeStamp element

The AllDataObjectsTimeStamp, and also the IndividualDataObjectsTimeStamp element(see further) consist of the time-stamp-calculated elements, which belong to Reference in the SignedInfochild-element, knowing that the signer can refer to any kind of elements, but the SignedProperties.

The HashDataInfo must give a reference to all of these time-stamp-computed elements and is builtup as a sequence of the mentioned above instances. Its presence is not required, so null, one or moreoccurrences are possible.

The schema definition of this element, as it follows.

< x s d : e l e m e n t name=" Al lDa taOb jec t sT imeStamp " t y p e =" TimeStampType " / >

Figure 3.42: AllDataObjectsTimeStamp

1 /∗ ∗2 ∗ Method s e t A l l D a t a O b j e c t s T i m e S t a m p3 ∗4 ∗ @param A l l D a t a O b j e c t s T i m e S t a m p5 ∗ /6 p u b l i c vo id s e t A l l D a t a O b j e c t s T i m e S t a m p ( TimeStampType Al lDa taObjec t sT imeS tamp ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( Al lDa taOb jec t sT imeStamp != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( Al lDa taOb jec t sT imeStamp . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.43: Method setAllDataObjectsTimeStamp

The AllDataObjectsTimeStamp element is created using a set-Method, and because of its type isspecified as TimeStampType ("(TimeStampType AllDataObjectsTimeStamp)"). It is necessary to definethe following conditions:


2. And also, whether the XML-element (AllDataObjectsTimeStamp) is not an empty one((AllDataObjectsTimeStamp!= null);

If any one of these both statements is not fulfilled, no AllDataObjectsTimeStamp element wouldbe created.

39

3.16 The IndividualDataObjectsTimeStamp element

The IndividualDataObjectsTimeStamp is a sub-element of theSignedDataObjectProperties. It consists of time-stamp, which is computed before the creation ofthe signature. Its presence is not required, so null, one or more occurrences are possible.

Below follows the schema definition for this element.

< x s d : e l e m e n t name=" I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p "t y p e =" TimeStampType " / >

Figure 3.44: IndividualDataObjectsTimeStamp

1 /∗ ∗2 ∗ Method s e t I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p3 ∗4 ∗ @param i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p5 ∗ /6 p u b l i c vo id s e t I n d i v i d u a l D a t a O b j e c t s T i m e S t a m p ( TimeStampType i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( i n d i v i d u a l d a t a o b j e c t s t i m e s t a m p . g e t E l e m e n t ( ) ) ;9 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;

10 }11 }

Figure 3.45: Method setIndividualDataObjectsTimeStamp

The IndividualDataObjectsTimeStamp element is created using a set-Method, and because ofits type is specified as TimeStampType ("(TimeStampType individualdataobjectstimestamp)"). It is neces-sary to define the following conditions:


2. And also, whether the XML-element (IndividualDataObjectsTimeStamp) is not an emptyone ((individualdataobjectstimestamp!= null);

If any one of these both statements is not fulfilled, no IndividualDataObjectsTimeStamp ele-ment would be created.

40

3.17 The CounterSignature element

The CounterSignature element is a sub-element of the UnsignedSignatureProperties, whichextends as a child-element the UnsignedProperties. Its use is optional (its presence is not required,so null, one or more occurrences are possible) and belongs not to the scope of this thesis and the currentversion of the project. Though, this implementation of the element offers the chance for future elaborationof the project. A successful integration of the CounterSignature element shall extend the functional-ity of the XAdES library to implement: Independent Signatures and Embedded Signatures, important forevaluating the signing of contracts between parallel signer, and multi-signer parties with/without option forsigner ordering. For further information, please refer to: W3C XAdES specification[XAdES].


< x s d : e l e m e n t name=" C o u n t e r S i g n a t u r e " t y p e =" C o u n t e r S i g n a t u r e T y p e " / >< xsd :complexType name=" C o u n t e r S i g n a t u r e T y p e ">

< x s d : s e q u e n c e >< x s d : e l e m e n t r e f =" d s : S i g n a t u r e " / >


Figure 3.46: CounterSignature

41

4 Datatypes

4.1 The ObjectIdentifierType

The ObjectIdentifierType data type identifies every single specific data object.

< xsd :complexType name=" O b j e c t I d e n t i f i e r T y p e ">< x s d : s e q u e n c e >

< x s d : e l e m e n t name=" I d e n t i f i e r " t y p e =" xsd:anyURI " / >< x s d : e l e m e n t name=" D e s c r i p t i o n " t y p e =" x s d : s t r i n g " minOccurs=" 0 " / >< x s d : e l e m e n t name=" D o c u m e n t a t i o n R e f e r e n c e s "

t y p e =" D o c u m e n t a t i o n R e f e r e n c e s T y p e " minOccurs=" 0 " / >< / x s d : s e q u e n c e >< / xsd :complexType >

Figure 4.1: ObjectIdentifierType

Reassigning of the Identifier element is not permitted (that means: once the Identifier element isassigned, it can never be reassigned again).The ObjectIdentifier element as an interface between theURN specification of the data objects and the associated URI specification (Domain names).For the devel-oper concerned, please refer to the Chapter 5.1.2 of the W3C XAdES specification. The ObjectIdenti-fierType is extended by the DocumentationReferences, which give further explanation on thedocumentation of the ObjectIdentifier. The optional element DocumentationReference isfrom type ’anyURI’.The next tables shall illustrate the IdentifierType and DocumentationReferencesTypeXAdEScomplexTypes:

< xsd :complexType name=" I d e n t i f i e r T y p e ">< x s d : c o m p l e x C o n t e n t >

< x s d : e x t e n s i o n base =" xsd:anyURI ">< x s d : a t t r i b u t e name=" Q u a l i f i e r " t y p e =" Q u a l i f i e r T y p e " use =" o p t i o n a l " / >

< / x s d : e x t e n s i o n >< / x s d : c o m p l e x C o n t e n t >< / xsd :complexType > < x s d : s i m p l e T y p e name=" Q u a l i f i e r T y p e ">

< x s d : r e s t r i c t i o n base =" x s d : s t r i n g ">< x s d : e n u m e r a t i o n v a l u e ="OIDAsURI" / >< x s d : e n u m e r a t i o n v a l u e ="OIDAsURN" / >< / x s d : r e s t r i c t i o n >

< / x s d : s i m p l e T y p e >

Figure 4.2: IdentifierType

42

< xsd :complexType name=" D o c u m e n t a t i o n R e f e r e n c e s T y p e ">< x s d : s e q u e n c e maxOccurs=" unbounded ">

< x s d : e l e m e n t name=" D o c u m e n t a t i o n R e f e r e n c e " t y p e =" xsd:anyURI " / >< / x s d : s e q u e n c e >


Figure 4.3: DocumentationReferencesType

1 /∗ ∗2 ∗ Method s e t I d e n t i f i e r3 ∗4 ∗ @param I d e n t i f i e r S t r i n g5 ∗ /6 p u b l i c vo id s e t I d e n t i f i e r ( S t r i n g I d e n t i f i e r ) {7 i f ( I d e n t i f i e r == n u l l ) {8 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " I d e n t i f i e r A t t i b u t e i s r e q u i r e d ! " ) ; }9 e l s e i f ( t h i s . _ s t a t e == MODE_SIGN) {

10 t h i s . a d d S t r i n g E l e m e n t ( I d e n t i f i e r , C o n s t a n t s . _TAG_IDENTIFIER ) ;11 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;12 }13 }14

15 /∗ ∗16 ∗Method s e t D e s c r i p t i o n17 ∗ @param D e s c r i p t i o n S t r i n g18 ∗ /19 p u b l i c vo id s e t D e s c r i p t i o n ( S t r i n g D e s c r i p t i o n ) {20 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( D e s c r i p t i o n != n u l l ) ) {21 t h i s . a d d S t r i n g E l e m e n t ( D e s c r i p t i o n , C o n s t a n t s . _TAG_DESCRIPTION ) ;22 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;23 }24 }25

26 /∗ ∗27 ∗ Method s e t D o c u m e n t a t i o n R e f e r e n c e s28 ∗29 ∗ @param D o c u m e n t a t i o n R e f e r e n c e s S t r i n g30 ∗ /31 p u b l i c vo id s e t D o c u m e n t a t i o n R e f e r e n c e s ( S t r i n g D o c u m e n t a t i o n R e f e r e n c e s ) {32 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( D o c u m e n t a t i o n R e f e r e n c e s != n u l l ) ) {33 t h i s . a d d S t r i n g E l e m e n t ( D o c u m e n t a t i o n R e f e r e n c e s ,34 C o n s t a n t s . _TAG_DOCUMENTATIONREFERENCES ) ;35 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;36 }37 }

Figure 4.4: Methods setIdentifier, setDescription, setDocumentationReferences

43

The child-elements, which define the format ObjectIdentifierType - Identifier,Description and DocumentationReferences are created using set-Method. Because of their oc-currence, it is necessary to define the following conditions:


2. And also, whether the XML-element (Identifier, Description,DocumentationReferences) is not an empty one((Identifier!= null), (Description!= null), (Doc-umentationReferences!= null));

If any one of these both statements is not fulfilled, no child-element of ObjectIdentifierTypewould be created.

By the Identifier element we use the JUnit test to demonstrate the obligatorily occurrence, with otherwords: if this element does not exist, an IllegalArgumentException should be executed with the relevantmessage.

1 i f ( I d e n t i f i e r == n u l l ) {2 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " I d e n t i f i e r A t t i b u t e i s3 r e q u i r e d ! " ) ;4 }

Refers to the negative JUnit test testNeg_ObjectIdentifier_Identifier_Attribute_required inorg.apache.xml.security.xades.tests.JUtests.

4.2 The EncapsulatedPKIDataType

The EncapsulatedPKIDataType data type is a sophisticated extension, which acts as an interface toinclude PKI data into the XML structure. The encoding of the PKI data is conform to the ANS.1 encod-ing mechanism, which permits to be included X509 certificates revocation lists OCSP responses, attributecertificates and time-stamps.

< xsd :complexType name=" Encapsu la t edPKIDa taType ">< x s d : c o m p l e x C o n t e n t >

< x s d : e x t e n s i o n base =" x s d : b a s e 6 4 B i n a r y ">< x s d : a t t r i b u t e name=" Id " t y p e =" xs d : I D " use =" o p t i o n a l " / >

< / x s d : e x t e n s i o n >< / x s d : c o m p l e x C o n t e n t >


Figure 4.5: EncapsulatedPKIDataType

More detailed, this PKI data type is base64 encoded referred to the XMLDSIG specification.

44

1 /∗ ∗2 ∗ S e t s t h e <code >Id </ code > Element3 ∗4 ∗ @param Id5 ∗ /6 p u b l i c vo id s e t I d ( S t r i n g Id ) {7 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( Id != n u l l ) ) {8 t h i s . _ c o n s t r u c t i o n E l e m e n t . s e t A t t r i b u t e N S ( nul l ,9 C o n s t a n t s . _ATT_ID , Id ) ;

10 I d R e s o l v e r . r e g i s t e r E l e m e n t B y I d ( t h i s . _ c o n s t r u c t i o n E l e m e n t , Id ) ;11 }12 }

Figure 4.6: Method setID

The attribute, which extends the format EncapsulatedPKIDataType - Id is created using set-Method. Because of its occurrence, it is necessary to define the following conditions:


2. And also, whether the XML-attribute (Id) is not an empty one( (Id != null));

If any one of these both statements is not fulfilled, no child-element ofEncapsulatedPKIDataType would be created.

4.3 The TimeStampType

The use of the TimeStampType data type is fully explained in the chapter 5.1.4 of the W3C XAdESspecification. The mechanism of the time-stamp could be explained as it follows: a given data, associatedwith its digest value, receives its time-stamp from the Time-Stamp Authority (TSA).The returned time-stamp represents the signed data, which contains the digest value, the identity of the TSA and the time ofthe calculation of the stamping process. NOTE that the given data exists before the computation process.

The HashDataInfo element decrypts the time-stamp request to the TSA. On one hand referencing anuri attribute to the data object, on the other containing the Transforms element, refer to XMLDSIG.

The following Java-code for the implementation of these elements:

The elements, which extend the format TimeStampType - HashDataInfo,EncapsulatedTimeStamp, XMLTimeStamp are created using set-Method. Because of their occur-rence, it is necessary to define the following conditions:


2. And also, whether the XML-element TimeStampType - HashDataInfo,EncapsulatedTimeStamp, XMLTimeStamp) is not an empty one( (hashdatainfo!= null), (en-capsulatedtimestamp!= null), (XMLTimeStamp!= null));

If any one of these both statements is not fulfilled, no child-element of TimeStampType would becreated.

45

< xsd :complexType name=" TimeStampType ">< x s d : s e q u e n c e >

< x s d : e l e m e n t name=" HashDa ta In fo " t y p e =" HashData InfoType "maxOccurs=" unbounded " / >

< x s d : c h o i c e >< x s d : e l e m e n t name=" Encapsu la tedTimeStamp "

t y p e =" Encapsu la t edPKIDa taType " / >< x s d : e l e m e n t name="XMLTimeStamp" t y p e =" AnyType " / >

< / x s d : c h o i c e >< / x s d : s e q u e n c e >

< / xsd :complexType >< xsd :complexType name=" HashData InfoType ">

< x s d : s e q u e n c e >< x s d : e l e m e n t name=" T r a n s f o r m s " t y p e =" d s : T r a n s f o r m s T y p e " minOccurs=" 0 " / >

< / x s d : s e q u e n c e >< x s d : a t t r i b u t e name=" u r i " t y p e =" xsd:anyURI " use =" r e q u i r e d " / >


Figure 4.7: TimeStampType

1 /∗ ∗2 ∗ Method s e t H a s h D a t a I n f o3 ∗4 ∗ @param h a s h d a t a i n f o5 ∗ /6 p u b l i c vo id s e t H a s h D a t a I n f o ( HashData InfoType h a s h d a t a i n f o ) {7 i f ( h a s h d a t a i n f o == n u l l ) {8 throw new I l l e g a l A r g u m e n t E x c e p t i o n ( " HashDa ta In fo Element i s r e q u i r e d ! " ) ;9 }

10 e l s e i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( h a s h d a t a i n f o != n u l l ) ) {11 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( h a s h d a t a i n f o . g e t E l e m e n t ( ) ) ;12 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;13 }14 }15

16 /∗ ∗17 ∗ Method s e t E n c a p s u l a t e d T i m e S t a m p18 ∗19 ∗ @param e n c a p s u l a t e d t i m e s t a m p20 ∗ /21 p u b l i c vo id s e t E n c a p s u l a t e d T i m e S t a m p ( Encapsu la t edPKIDa taType e n c a p s u l a t e d t i m e s t a m p ) {22 i f ( ( t h i s . _ s t a t e == MODE_SIGN) && ( e n c a p s u l a t e d t i m e s t a m p != n u l l ) ) {23 t h i s . _ c o n s t r u c t i o n E l e m e n t . appendCh i ld ( e n c a p s u l a t e d t i m e s t a m p . g e t E l e m e n t ( ) ) ;24 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;25 }26 }27

28 /∗ ∗29 ∗ Method setXMLTimeStamp30 ∗31 ∗ @param XMLTimeStamp32 ∗ /33 p u b l i c vo id setXMLTimeStamp ( S t r i n g XMLTimeStamp ) {34 i f ( ( t h i s . _ s t a t e == MODE_SIGN)&& ( XMLTimeStamp != n u l l ) ) {35 t h i s . a d d S t r i n g E l e m e n t ( XMLTimeStamp , C o n s t a n t s . _TAG_XMLTIMESTAMP ) ;36 XMLUtils . addReturnToElement ( t h i s . _ c o n s t r u c t i o n E l e m e n t ) ;37 }38 }

Figure 4.8: Method setHashDataInfo, setEncapsulatedTimeStamp, setXMLTimeStamp

46

5 Conclusion

At the end of this project thesis a brief discussion over the library’s functionality, associated test-cases andfurther use/ future implementations will be made.The reader/ developer/ user can refer to the Appendixes A and B , where the complete output from the Javaclasses:

• CreateSinature_XAdES,

• CreateSignature_XAdES_BES,

can be found.This illustrates the functionality of the library, which can generate the complete XAdES/ XAdES-BES spec-ifications.The case where, optional XAdES elements can meet their occurrence more than once, is demonstrated onthe example of the Java class: CreateSignature_XAdES_MoreThanOneElement, refer to Appendix C.

Furthermore, there are three associated with these classes positive JUnit test cases, which verify the properexecution of the Java classes and creation of the advanced electronic signatures, see Appendix D.The other 16 negative JUnit tests validate the created signature, as every required element / attribute of theXAdES specification is probed for its existence in the advanced electronic signature, see Appendix D.The negative tests are created in a way , that if one required element/ attribute is an empty one, this particulartest gives a proper run, which is its expected value.This means that the signature’ creation has failed, and ifthis is not the expected situation, there is no proper creation of the advanced electronic signature, becausea required XAdES element/ attribute is compromised with its 0 occurrence, which makes the signatureinvalid.The Eclipse IDE integrated JUnit plug-in delivers the complete execution time of all 19 tests of 3.438seconds.This confirms the good efficiency of the XAdES library.These tests run as an example on a Pentium Celeron IV 1.7GHz, Single Core CPU PC with 768 MB ofDDR-I SD-RAM, Microsoft Windows XP SP2, refer to Appendix D.

Beside the qualifying property and its sub-elements , which extend the security of the advanced elec-tronic signature, required future development on the project’s library shall be the implementation of times-tamps[TSP][TSPProf], which are explained in the XAdES-T, XAdES-X, XAdES-X-L and XAdES-A spec-ifications.Furthermore, an implementation of the countersignature is also seen in the future works of the project.This shall give the chance to complete integration of advanced electronic signature to the Apache XMLSecurity Project.

Finally, our XAdES project is developed as an OpenSource,so this gives the freedom for further imple-mentations to the other developers, who can use our XAdES library as a fundament and extend its function-ality.

47

6 Author’s addresses

Zdravko Danailov Krassen Deltchev

Ruhr-University of Bochum Ruhr-University of BochumDepartment of Applied Informatics, Block IC Department of Applied Informatics, Block ICUniversitaetsstrasse 150 Universitaetsstrasse 15044801, Bochum 44801, Bochum

e-mail: [email protected] e-mail: [email protected]

48

Bibliography

[CMS] RFC 3852: Cryptographic Message Syntax. R. Housley. July 2004.http://tools.ietf.org/html/rfc3852

[ESI] ETSI TS 101 733: Electronic Signature Formats.http://www.etsi.org

[ESI-XAdES] ETSI TS 101 903: XML Advanced Electronic Signatures (XAdES).http://uri.etsi.org/01903/v1.1.1#

[ES-SMIME] RFC 2634: Enhanced Security Services for S/MIME. P. Hoffman. June 1999.http://www.ietf.org/rfc/rfc2634.txtupdate:RFC2634-update-00: Enhanced Security Services for S/MIME;draft-ietf-smime-rfc2634-update-00.txt, J Schaad, August 2004http://tools.ietf.org/html/draft-ietf-smime-rfc2634-update-00

[EU-DIR-ESIG] Directive 1999/93/EC of the European Parliament and of the Council of 13 December1999 on a Community framework for electronic signatures.

[Keywords] RFC 2119: Key words for use in RFCs to Indicate Requirement Levels. S. Bradner . March1997.http://www.ietf.org/rfc/rfc2119.txt

[OCSP] RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. M.Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams. June 1999.http://www.ietf.org/rfc/rfc2560.txt

[TSP] RFC 3161: Internet X.509 Public Key Infrastructure Time Stamp Protocol (TSP). P. Cain, D. Pinkas,R. Zuccherato. August 2001.http://www.ietf.org/rfc/rfc3161.txt

[TSPProf] ETSI TS 101 861: Time stamping profile.http://www.etsi.orghttp://portal.etsi.org/docbox/EC_Files/EC_Files/ts_101861v010201p.pdf

[URI] RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax. T. Berners-Lee, R. Fielding, U.C.Irvine, L. Masinter. August 1998.http://www.ietf.org/rfc/rfc2396.txtupdate:RFC : Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee. January 2005http://www.ietf.org/rfc/rfc3986.txt

[URN] RFC 2141: URN Syntax. R. Moats. May 1997.http://www.ietf.org/rfc/rfc2141.txt

49

[URN-NM] RFC 2611: URN Namespace Definition Mechanisms. L. Daigle, D. van Gulik, R. Iannella, P.Falstrom. June 1999.http://www.ietf.org/rfc/rfc2611.txtupdate:RFC 3406: URN Namespace Definition Mechanisms. L. Daigle. October 2002http://ietfreport.isoc.org/idref/rfc3406/

[URN-OID] RFC 3061: A URN Namespace of Object Identifiers. M. Mealling. February 2001.http://www.ietf.org/rfc/rfc3061.txt

[XML] Extensible Markup Language (XML) 1.0 (Second Edition). W3C Recommendation. T. Bray, E.Maler, J. Paoli, C. M. Sperberg-McQueen. October 2000.http://www.w3.org/TR/2000/REC-xml-20001006update:Extensible Markup Language (XML) 1.0 (Fourth Edition), W3C Recommendationhttp://www.w3.org/TR/REC-xml/http://www.w3.org/TR/2006/PER-xml-20060614/

[XMLDSIG] XML-Signature Syntax and Processing. W3C Recommendation. Donald Eastlake, JosephReagle, David Solo. February 2002.http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/

[XAdES] XML Advanced Electronic Signatures (XAdES). W3C Recommendation. Juan Carlos Cruellas(UPC), Gregor Karlinger( IAIK), Denis Pinkas( Bull), John Ross( Security and Standards), KrishnaSankar( Cisco). February 2003.http://www.w3.org/TR/2003/NOTE-XAdES-20030220/update:http://www.w3.org/TR/XAdES/

[XML-schema-part-1] XML-Schema Part 1: Structures. W3C Recommendation. D. Beech, M. Maloney,N. Mendelsohn, H. Thompson. May 2001.http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/

[XML-schema-part-2] XML-Schema Part 2: Datatypes. W3C Recommendation. P. Biron, A. Malhotra.May 2001.http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/

[X509v3] ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems In-terconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997.

[X509Prof] RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. R. Housley,W. Polk, D. Solo. January 1999.http://www.ietf.org/rfc/rfc2459.txt

50

A Appendix - XAdES

<nds:RootElement xmlns:nds="http://www.nds.rub.de/xades"><nds:AI-NDS-HGI Id="AI-NDS-HGI-18378667">Some simple text</nds:AI-NDS-HGI><Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="SignatureId">

<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />

<Reference URI="#AI-NDS-HGI-18378667"><Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>+e0UhqPaZkX7+5xVrbg50ITch2I=</DigestValue>

</Reference><Reference URI="#SignedProperties-11626165">

<Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>5ZbU+3vplCMW1BCVNM+6n1N2klc=</DigestValue>

</Reference><Reference URI="#UnsignedProperties-25392791">


</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>9E3pIezH0ZCKfO781NEOBxAEiE4=</DigestValue>

</Reference></SignedInfo><SignatureValue>SVlS9m97Q0t12piyIqegQbR9mhqU8OcTtEV/IdclY4/fMOuHtBCx/Q==</SignatureValue><KeyInfo>

<X509Data><X509Certificate>MIIC3DCCApoCBEY1vX .....</X509Certificate>

</X509Data><KeyValue>

<DSAKeyValue>/X9TgR11EilS30q´ .....<Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q><G>+GghdabPd7LvKtc .....</G><Y>OglcRuqvCSTioZQ .....</Y>

</DSAKeyValue></KeyValue>

</KeyInfo><Object>

<QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.1.1#"Id="QualifyingProperties-26613447"Target="#SignatureId">

<SignedProperties Id="SignedProperties-11626165"><SignedSignaturePropeties>

<SigningTime>2007-05-01T17:34:07.140+02:00</SigningTime><SigningCertificate>

<CertIDList><CertID>

<DigestAlgAndValue><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>Nqcd88piw69JTL7UsOPhTqS+YMw=</DigestValue>

</DigestAlgAndValue>

i

<IssuerSerial xmlns="http://www.w3.org/2000/09/xmldsig#"><X509IssuerName>CN=DanDel,OU=AI-NDS-HGI,O=Ruhr-University-Bochum,C=DE</X509IssuerName><X509SerialNumber>1177927027</X509SerialNumber>

</IssuerSerial></CertID>

</CertIDList></SigningCertificate><SignaturePolicyIdentifier>

<SignaturePolicyID><ObjectIdentifier>

<Identifier>URN:OID:0.9.2342.19200300.100.4</Identifier><Description>Description of ObjectIdentifier</Description><DocumentationReferences>http://www.ietf.org/rfc/rfc3061.txt</DocumentationReferences>

</ObjectIdentifier><Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestAlgAndValue>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>uL+KWM9kVQ2vgVpD3QPz58Xyhpg=</DigestValue>

</DigestAlgAndValue><SigPolicyQualifiers>

<SigPolicyQualifier>SigPolicyQualifier</SigPolicyQualifier></SigPolicyQualifiers>

</SignaturePolicyID></SignaturePolicyIdentifier><SignatureProductionPlace>

<City>Bochum</City><StateOrProvince>NRW</StateOrProvince><PostalCode>44789</PostalCode><CountryName>Germany</CountryName>

</SignatureProductionPlace><SignerRole>

<CertifiedRolesList><CertifiedRole>RXhhbXBsZSA=</CertifiedRole>

</CertifiedRolesList><ClaimedRolesList>

<ClaimedRole>http://uri.etsi.org/01903/v1.1.1#</ClaimedRole></ClaimedRolesList>

</SignerRole></SignedSignaturePropeties><SignedDataObjectProperties>

<DataObjectFormat ObjectReference="SignedProperties-11626165"><Description>Description</Description><ObjectIdentifier>


</ObjectIdentifier><Encoding>UTF-8</Encoding><MimeType>plain/text,charset=ISO-8859-1</MimeType>

</DataObjectFormat><CommitmentTypeIndication>

<ObjectIdentifier><Description>Description of CommitmentTypeId</Description><Identifier>URN:OID:0.9.2342.19200300.100.4</Identifier><DocumentationReferences>http://www.ietf.org/rfc/rfc3061.txt</DocumentationReferences>

</ObjectIdentifier><AllSignedDataObjects /><CommitmentTypeQualifiersList>

<CommitmentTypeQualifier>CommitmentTypeQualifier</CommitmentTypeQualifier>

ii

</CommitmentTypeQualifiersList></CommitmentTypeIndication><AllDataObjectsTimeStamp>

<TimeStampType><HashDataInfo URI="AI-NDS-HGI-18378667">

<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#"><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

</Transforms></HashDataInfo><EncapsulatedTimeStamp Id="EncapsulatedTimeStamp">

<EncapsulatedPKIData>MIIC3DCCApoCBEY1vXMwCwYH ......</EncapsulatedPKIData>

</EncapsulatedTimeStamp><XMLTimeStamp>XMLTimeStamp</XMLTimeStamp>

</TimeStampType></AllDataObjectsTimeStamp><IndividualDataObjectsTimeStamp>






</TimeStampType></IndividualDataObjectsTimeStamp>

</SignedDataObjectProperties></SignedProperties><UnsignedProperties Id="UnsignedProperties-25392791">

<UnsignedSignatureProperties><CounterSignature />

</UnsignedSignatureProperties><UnsignedDataObjectProperties />

</UnsignedProperties></QualifyingProperties>

</Object></Signature>

</nds:RootElement>

Table A.1: XAdES

iii

B Appendix - XAdES-BES


<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /><Reference URI="#AI-NDS-HGI-18378667">


</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>+e0UhqPaZkX7+5xVrbg50ITch2I=</DigestValue>




</Reference></SignedInfo><SignatureValue>SVlS9m97Q0t12pi .....</SignatureValue><KeyInfo>

<X509Data><X509Certificate>MIIC3DCCApoCBEY1 .....</X509Certificate>


<DSAKeyValue>/X9TgR11EilS30qcLuz .....<Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q><G>9+GghdabPd7LvKtc .....</G><Y>OglcRuqvCSTioZQ .....</Y>


</KeyInfo><Object>

<QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.1.1#"Id="QualifyingProperties-26613447" Target="#SignatureId">

<SignedPropertiesId="SignedProperties-11626165">

<SignedSignaturePropeties><SigningTime>2007-05-01T17:34:07.140+02:00</SigningTime><SigningCertificate>



</DigestAlgAndValue><IssuerSerial xmlns="http://www.w3.org/2000/09/xmldsig#">

<X509IssuerName>CN=DanDel,OU=AI-NDS-HGI,O=Ruhr-University-Bochum,C=DE</X509IssuerName><X509SerialNumber>1177927027</X509SerialNumber>


iv









</SignaturePolicyID></SignaturePolicyIdentifier>

</SignedSignaturePropeties></SignedProperties>

</QualifyingProperties></Object>

</Signature></nds:RootElement>

Table B.1: XAdES-BES

v

C Appendix - XAdES-More then one Element


<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />

<Reference URI="#AI-NDS-HGI-18378667"><Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>+e0UhqPaZkX7+5xVrbg50ITch2I=</DigestValue>




</Reference><Reference URI="#UnsignedProperties-25392791">


</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>9E3pIezH0ZCKfO781NEOBxAEiE4=</DigestValue>

</Reference></SignedInfo><SignatureValue>SVlS9m97Q0t12piyIqegQbR9mhqU8OcTtEV/IdclY4/fMOuHtBCx/Q==</SignatureValue><KeyInfo>

<X509Data><X509Certificate>MIIC3DCCApoCBEY1vX .....</X509Certificate>


<DSAKeyValue>/X9TgR11EilS30q´ .....<Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q><G>+GghdabPd7LvKtc .....</G><Y>OglcRuqvCSTioZQ .....</Y>


</KeyInfo><Object>

<QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.1.1#"Id="QualifyingProperties-26613447"Target="#SignatureId">

<SignedProperties Id="SignedProperties-11626165"><SignedSignaturePropeties>

<SigningTime>2007-05-01T17:34:07.140+02:00</SigningTime><SigningCertificate>



</DigestAlgAndValue>

vi

<IssuerSerial xmlns="http://www.w3.org/2000/09/xmldsig#"><X509IssuerName>CN=DanDel,OU=AI-NDS-HGI,O=Ruhr-University-Bochum,C=DE</X509IssuerName><X509SerialNumber>1177927027</X509SerialNumber>










</SignaturePolicyID></SignaturePolicyIdentifier><SignatureProductionPlace>

<City>Bochum</City><StateOrProvince>NRW</StateOrProvince><PostalCode>44789</PostalCode><CountryName>Germany</CountryName>

</SignatureProductionPlace><SignerRole>

<CertifiedRolesList><CertifiedRole>RXhhbXBsZSA=</CertifiedRole>

</CertifiedRolesList><ClaimedRolesList>

<ClaimedRole>http://uri.etsi.org/01903/v1.1.1#</ClaimedRole></ClaimedRolesList>

</SignerRole></SignedSignaturePropeties><SignedDataObjectProperties>




</DataObjectFormat><DataObjectFormat ObjectReference="SignedProperties-11626165">

<Description>Description</Description><ObjectIdentifier>



</DataObjectFormat>

vii




</DataObjectFormat><CommitmentTypeIndication>




</CommitmentTypeQualifiersList></CommitmentTypeIndication><CommitmentTypeIndication>




</CommitmentTypeQualifiersList></CommitmentTypeIndication><CommitmentTypeIndication>




</CommitmentTypeQualifiersList></CommitmentTypeIndication><AllDataObjectsTimeStamp>






</TimeStampType></AllDataObjectsTimeStamp><AllDataObjectsTimeStamp>


<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">

viii

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms>

</HashDataInfo><EncapsulatedTimeStamp Id="EncapsulatedTimeStamp">



</TimeStampType></AllDataObjectsTimeStamp><AllDataObjectsTimeStamp>






</TimeStampType></AllDataObjectsTimeStamp><IndividualDataObjectsTimeStamp>






</TimeStampType></IndividualDataObjectsTimeStamp><IndividualDataObjectsTimeStamp>






</TimeStampType></IndividualDataObjectsTimeStamp><IndividualDataObjectsTimeStamp>






</TimeStampType></IndividualDataObjectsTimeStamp>

</SignedDataObjectProperties></SignedProperties>

ix

<UnsignedProperties Id="UnsignedProperties-25392791"><UnsignedSignatureProperties>

<CounterSignature /></UnsignedSignatureProperties><UnsignedDataObjectProperties />

</UnsignedProperties></QualifyingProperties>

</Object></Signature>

</nds:RootElement>

Table C.1: XAdES-More then one Element

x

D Appendix - Screenshots

Short summary on the screenshots in this appendix:

• Screenshot - Eclipse IDE Junit plug-in console output , gives an overview over the 19 differentJUnit tests( positive and negative) andthe reader can obtain information on the test execution time, proper run of the different tests,test errors and failures.The screenshot shows the complete Eclipse IDE frame and there is a pointer from the JUnit console,which is separately shown below, for the sake of a better illustration.

• Screenshot - Eclipse IDE console output , gives the console output from the Eclipse IDEafter successful execution of the Java class JUtests.The console delivers information on the correctverification of all ReferenceURIs for theXAdES root element, Signed- and Unsigned Properies;which proves on one hand the securing on all their subelements,which are referenced to the unique IDs of that ones andon another the sucessful creation of the XAdES signature.More detailed:

- regarding CreateSignature_XAdES, the ReferenceURIs are:#AI-NDS-HGI-XXXXXXXX 1, #SignedProperties-XXXXXXXX and #UnsignedProperties-XXXXXXXX;

- regarding CreateSignature_XAdES_BES, the ReferenceURIs are:#AI-NDS-HGI-XXXXXXXX and #SignedProperties-XXXXXXXXNOTE: Unsigned Property element is empty for theBasic Electronic XAdES signatures;

- regarding CreateSignature_XAdES_MoreThanOneElement, the ReferenceURIs are:#AI-NDS-HGI-XXXXXXXX, #SignedProperties-XXXXXXXX and #UnsignedProperties-XXXXXXXX.

This second screenshot shows also the complete Eclipse IDE frame and with a pointer from the en-larged Eclipse output console,which is separately shown below, for the sake of a better illustration too.

1The ’XXXXXXXX’ represent digits in the unique element ID, generated as a random hashcode, using SHA1

xi

Figure D.1: Screenshot - Eclipse IDE JUnit plug-in console output

xii

Figure D.2: Screenshot - Eclipse IDE console output

xiii