Syntax:
com.ibi.agents.XDXAdESCreateAgent
iIT Service Object:
format: XAdES Digital Signature Create
Description: Creates an XML Advanced Electronic Signature.
Parameters:
|
Parameter |
Description |
|---|---|
|
XAdES Form * |
The signature form determines which signed and unsigned properties are added to the signature. |
|
Signature Method * |
The signature algorithm used to convert the canonicalized SignedInfo into the SignatureValue. |
|
Signature Canonicalization Method * |
The algorithm used to canonicalize the SignedInfo element before it is digested as part of the signature operation. |
|
Reference Digest Method * |
The digest algorithm applied to the data object references to yield the DigestValue. |
|
Reference Property Digest Method |
The digest algorithm applied to the qualifying properties that contain references to certificates, CRLs and so on. |
|
Time Stamp Canonicalization Method |
The algorithm used to canonicalize the qualifying properties, when needed by a time stamp. |
|
Time Stamp Digest Method |
The digest algorithm applied to the qualifying properties that contain time stamps. |
|
Message Digest JCE Provider |
The JCE Provider for the MessageDigest service. |
|
Signature Key |
|
|
KeyStore Provider * |
The provider for the keystore containing the signature private key. |
|
Signing Key Alias * |
The private key alias used to sign the SignedInfo. |
|
Signing Key Password |
The password for the signing private key. If left blank, the password for accessing the keystore will be used. |
|
Signature Location |
|
|
XML Namespace Provider |
The provider for the mapping between the XML namespace prefix and the namespace URI in XPath expressions. If left blank, the XPath expression in the Signature Parent Element cannot contain namespaces. |
|
XPath Syntax |
Determines which syntax level of the XPath should be used. The default option selects the syntax level as set in the console global settings. |
|
Create Parent Element |
Determines whether the signature parent element is created if it is missing. |
|
Signature Parent Element |
The path to the element where the signature will be inserted. If left blank, the signature parent is the root element. If Create Parent Element is true, the expression must adhere to Restricted XPath syntax, otherwise the expression may adhere to the full syntax of the XPath engine selected by the XPath Syntax parameter. Restricted XPath has the form /step1/step2/... where a step has the form ns:elem[predicate] or a pair of consecutive steps that has the form *[1]/self::ns:elem[predicate] to indicate the element must be the first child of its parent. The namespace prefixes are optional, but if present they must be declared in the XML Namespace provider. The predicate is optional, when present it has the form [@ns1:attr1='val1' and @ns2:attr2='val2' and ...]. If no element matches the Restricted XPath expression and Create Parent Element is true, then the necessary elements and attributes will be created so that the expression would match successfully. |
|
KeyInfo |
|
|
Include Signing Certificate |
Indicates whether the signing certificate should be included in a ds:X509Certificate element within ds:KeyInfo. |
|
Include Public Key |
Indicates whether a ds:KeyValue element containing the public key's value should be included in ds:KeyInfo. |
|
Qualifying Properties |
|
|
All Signed Data Objects Commitment |
The commitment type that applies to all the signed data objects. |
|
All Signed Data Objects Commitment Description |
The text description for the commitment type that applies to all the signed data objects. A default English description will be used if a standard commitment type is chosen and this property is left blank. |
|
All Signed Data Objects Time Stamp |
Adds a time stamp computed before the signature production, over the sequence formed by ALL the Reference elements within the SignedInfo referencing whatever the signer wants to sign except the SignedProperties element. |
|
Sign Signing Certificate |
Indicates whether the signature should cover the ds:X509Certificate element containing the signing certificate. This is only considered if Include Signing Certificate is selected. |
|
Signing Time |
Specifies the time at which the signer purportedly performed the signing process. Leave blank to use the current time. |
|
Signer Roles |
A newline separated list of the roles claimed by the signer. |
|
TSA URL |
The location of the Time Stamp Authority used to create time stamps. |
|
Signature Production Place |
|
|
City |
The purported city where the signer was at the time of signature creation. |
|
State Or Province |
The purported state or province where the signer was at the time of signature creation. |
|
Postal Code |
The purported postal code where the signer was at the time of signature creation. |
|
Country |
The purported country where the signer was at the time of signature creation. |
|
Signature Policy |
|
|
Signature Policy Identifier |
An Object Identifier that uniquely identifies a specific version of the signature policy. Leave this property blank to specify an Implied policy in XAdES-EPES form and above. |
|
Signature Policy Document |
The path to the file containing a copy of the Signature Policy Document. Leave this property blank to specify an Implied policy in XAdES-EPES form and above. |
|
Complete Form |
|
|
TrustStore Provider |
The provider for the keystore containing the Certificate Authorities. This property is required for XAdES-C forms and above. |
|
Certificate Store Providers |
A comma-separated list of Keystore, Directory CertStore, or LDAP providers for the certificate stores used to retrieve revocation material. This property is required for XAdES-C forms and above. |
|
Reference 1 |
|
|
Reference 1 URI |
The URI to the first piece of data that will be digested and signed. If left blank, the whole XML document will be digested and signed. |
|
Reference 1 Transform 1 |
The first transform algorithm to apply to the first reference data. |
|
Reference 1 Transform 1 Parameters |
The parameters for the first transform algorithm to apply to the first reference data. For Exclusive Canonical XML, this is a space-separated list of XML namespace prefixes. For XSLT, this is the name of a defined transform. For XPathFilter, this is an XPath expression. |
|
Reference 1 Transform 1 XML Namespace Provider |
The provider for the XML Namespace Map for XPathFilter transforms. |
|
Reference 1 Transform 2 |
The second transform algorithm to apply to the first reference data. |
|
Reference 1 Transform 2 Parameters |
The parameters for the second transform algorithm to apply to the first reference data. For Exclusive Canonical XML, this is a space-separated list of XML namespace prefixes. For XSLT, this is the name of a defined transform. For XPathFilter, this is an XPath expression. |
|
Reference 1 Transform 2 XML Namespace Provider |
The provider for the XML Namespace Map for XPathFilter transforms. |
|
Reference 1 MimeType |
The MimeType element of the DataObjectFormat. Indicates how a human should interpret the signed data in the first reference (text, sound, video, etc.) |
|
Reference 1 Encoding |
The Encoding element of the DataObjectFormat. Indicates the encoding of the signed data in the first reference. Ignored if MimeType is left blank. |
|
Reference 1 Description |
The Description element of the DataObjectFormat. Holds textual information related to the signed data in the first reference. Ignored if MimeType is left blank. |
|
Reference 1 Documentation URI |
A DocumentationReference sub-element of the ObjectIdentifier element of the DataObjectFormat. Points to a document where additional information about the nature of the data object can be found. Ignored if MimeType is left blank. |
|
Reference 1 Identifier |
The Identifier sub-element of the ObjectIdentifier element of the DataObjectFormat. Contains a permanent identifier of the nature of the object. Ignored if MimeType is left blank. |
|
Reference 1 Commitment |
The commitment type that applies to this signed data object. |
|
Reference 1 Commitment Description |
The text description for the commitment type that applies to this signed data object. A default English description will be used if a standard commitment type is chosen and this property is left blank. |
|
Reference 1 Time Stamp |
Requests a time stamp to be computed before the signature production, over a sequence formed by some of the ds:Reference elements within the ds:SignedInfo referencing whatever the signer wants to sign except the SignedProperties element. |
|
Reference 2 |
|
|
Reference 2 URI |
The URI to the second piece of data that will be digested and signed. If you need more references, create user parameters named ref[X]uri, ref[X]transform[Y], ref[X]transform[Y]parms, ref[X]transform[Y]nsmap, ref[X]formatmime, ref[X]formatenc, ref[X]formatdesc, ref[X]formatdocuri, ref[X]formatident, ref[X]commitment, ref[X]timestamp, where X >= 3, Y >= 1. For example, ref3transform2 is the second transform of the third reference. |
|
Reference 2 Transform 1 |
The first transform algorithm to apply to the second reference data. |
|
Reference 2 Transform 1 Parameters |
The parameters for the first transform algorithm to apply to the second reference data. For Exclusive Canonical XML, this is a space-separated list of XML namespace prefixes. For XSLT, this is the name of a defined transform. For XPathFilter, this is an XPath expression. |
|
Reference 2 Transform 1 XML Namespace Provider |
The provider for the XML Namespace Map for XPathFilter transforms. |
|
Reference 2 Transform 2 |
The second transform algorithm to apply to the second reference data. |
|
Reference 2 Transform 2 Parameters |
The parameters for the second transform algorithm to apply to the second reference data. For Exclusive Canonical XML, this is a space-separated list of XML namespace prefixes. For XSLT, this is the name of a defined transform. For XPathFilter, this is an XPath expression. |
|
Reference 2 Transform 2 XML Namespace Provider |
The provider for the XML Namespace Map for XPathFilter transforms. |
|
Reference 2 MimeType |
The MimeType element of the DataObjectFormat. Indicates how a human should interpret the signed data in the second reference (text, sound, video, etc.) |
|
Reference 2 Encoding |
The Encoding element of the DataObjectFormat. Indicates the encoding of the signed data in the second reference. Ignored if MimeType is left blank. |
|
Reference 2 Description |
The Description element of the DataObjectFormat. Holds textual information related to the signed data in the second reference. |
|
Reference 2 Documentation URI |
A DocumentationReference sub-element of the ObjectIdentifier element of the DataObjectFormat. Points to a document where additional information about the nature of the data object can be found. |
|
Reference 2 Identifier |
The Identifier sub-element of the ObjectIdentifier element of the DataObjectFormat. Contains a permanent identifier of the nature of the object. |
|
Reference 2 Commitment |
The commitment type that applies to this signed data object. |
|
Reference 2 Commitment Description |
The text description for the commitment type that applies to this signed data object. A default English description will be used if a standard commitment type is chosen and this property is left blank. |
|
Reference 2 Time Stamp |
Requests a time stamp to be computed before the signature production, over a sequence formed by some of the ds:Reference elements within the ds:SignedInfo referencing whatever the signer wants to sign except the SignedProperties element. |
Edges:
The following table lists the available Line Edges for the XAdES Digital Signature Create Service (com.ibi.agents.XDXAdESCreateAgent).
|
Line Edge |
Description |
|---|---|
|
OnError |
An exception occurred during execution. |
|
OnSuccess |
The operation was successful. |
|
OnFailure |
A fail condition occurred during execution. |
|
OnParseError |
Could not parse a document. |
|
OnFailedOperation |
Could not perform the operation requested. |