Package eu.europa.esig.dss.jades

Class JAdESSignatureParameters

java.lang.Object

eu.europa.esig.dss.model.AbstractSerializableSignatureParameters<JAdESTimestampParameters>

eu.europa.esig.dss.signature.AbstractSignatureParameters<JAdESTimestampParameters>

eu.europa.esig.dss.jades.JAdESSignatureParameters

All Implemented Interfaces:

SerializableSignatureParameters, Serializable

Direct Known Subclasses:

JAdESCounterSignatureParameters

public class JAdESSignatureParameters
extends AbstractSignatureParameters<JAdESTimestampParameters>

The parameters to create/extend a JAdES signature

See Also:

• Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.signature.AbstractSignatureParameters

context

Fields inherited from class eu.europa.esig.dss.model.AbstractSerializableSignatureParameters

archiveTimestampParameters, contentTimestampParameters, signatureTimestampParameters

Constructor Summary

Constructors

Constructor	Description
JAdESSignatureParameters()	Default constructor instantiating object with default parameters

Method Summary

Modifier and Type	Method	Description
JAdESTimestampParameters	getArchiveTimestampParameters()	Get the parameters for archive timestamp (Baseline-LTA)
JAdESTimestampParameters	getContentTimestampParameters()	Get the parameters for content timestamp (Baseline-B)
JAdESSigningTimeType	getJadesSigningTimeType()	Returns the JAdES claimed signing-time header parameters to be used
JWSSerializationType	getJwsSerializationType()	Gets JWSSerializationType
SigDMechanism	getSigDMechanism()	Returns a SigDMechanism to use
JAdESTimestampParameters	getSignatureTimestampParameters()	Get the parameters for signature timestamp (Baseline-T)
DigestAlgorithm	getSigningCertificateDigestMethod()	See setSigningCertificateDigestMethod(DigestAlgorithm).
String	getX509Url()	Returns the value of the 'x5u' header parameter if present
boolean	isBase64UrlEncodedEtsiUComponents()	Gets if the instances of the 'etsiU' unprotected header shall appear in their corresponding base64url encoding Default : TRUE (base64Url encoded etsiU components will be used)
boolean	isBase64UrlEncodedPayload()	Gets if base64Url encoded payload shall be used
boolean	isIncludeCertificateChain()	Defines if complete certificate chain binaries must be included into the signed header ('x5c' attribute)
boolean	isIncludeKeyIdentifier()	Returns whether a 'kid' (key identifier) header parameter should be created
boolean	isIncludeSignatureType()	Defines if the signature MimeType string must be included into the signed header ('typ' attribute)
void	setBase64UrlEncodedEtsiUComponents(boolean base64UrlEncodedEtsiUComponents)	Sets if the instances of the 'etsiU' header shall appear in their corresponding base64url encoding.
void	setBase64UrlEncodedPayload(boolean base64EncodedPayload)	Sets if base64Url encoded payload shall be used If FALSE, the unencoded (original) payload will be used according to RFC 7797 NOTE: some restrictions for payload content can apply when dealing with unencoded payload.
void	setIncludeCertificateChain(boolean includeCertificateChain)	Sets if complete certificate chain binaries must be included into the signed header Default: TRUE (the complete binaries will be included into the signed header)
void	setIncludeKeyIdentifier(boolean includeKeyIdentifier)	Sets whether a 'kid' (key identifier) header parameter should be created within a protected header, provided that a signing-certificate is defined within the signature parameters.
void	setIncludeSignatureType(boolean includeSignatureType)	Sets if the signature MimeType string must be included into the signed header ('typ' attribute) Default: TRUE (the signature MimeType will be included into the signed header)
void	setJadesSigningTimeType(JAdESSigningTimeType jadesSigningTimeType)	Sets the claimed signing-time header parameters to be used.
void	setJwsSerializationType(JWSSerializationType jwsSerializationType)	Sets the JWSSerializationType Default: JWSSerializationType.COMPACT_SERIALIZATION
void	setSigDMechanism(SigDMechanism sigDMechanism)	Sets SigDMechanism to use for a Detached signature
void	setSignatureLevel(SignatureLevel signatureLevel)	Set signature level.
void	setSigningCertificateDigestMethod(DigestAlgorithm signingCertificateDigestMethod)	The digest method indicates the digest algorithm to be used to calculate the certificate digest to define a signing certificate ('x5t#256' for SHA256 or 'x5t#o' for other algorithms) Default: DigestAlgorithm.SHA256 ('x5t#256' attribute will be created)
void	setX509Url(String x509Url)	Sets the value for the 'x5u' signed header parameter.

Methods inherited from class eu.europa.esig.dss.signature.AbstractSignatureParameters

getCertificateChain, getContentTimestamps, getContext, getDetachedContents, getDeterministicId, getSignedData, getSigningCertificate, reinit, setCertificateChain, setCertificateChain, setContentTimestamps, setDetachedContents, setSignedData, setSigningCertificate

Methods inherited from class eu.europa.esig.dss.model.AbstractSerializableSignatureParameters

bLevel, equals, getDigestAlgorithm, getEncryptionAlgorithm, getMaskGenerationFunction, getReferenceDigestAlgorithm, getSignatureAlgorithm, getSignatureLevel, getSignaturePackaging, hashCode, isCheckCertificateRevocation, isGenerateTBSWithoutCertificate, isSignWithExpiredCertificate, isSignWithNotYetValidCertificate, setArchiveTimestampParameters, setBLevelParams, setCheckCertificateRevocation, setContentTimestampParameters, setDigestAlgorithm, setEncryptionAlgorithm, setGenerateTBSWithoutCertificate, setMaskGenerationFunction, setReferenceDigestAlgorithm, setSignaturePackaging, setSignatureTimestampParameters, setSignWithExpiredCertificate, setSignWithNotYetValidCertificate, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

JAdESSignatureParameters

public JAdESSignatureParameters()

Default constructor instantiating object with default parameters

Method Details

setSignatureLevel

public void setSignatureLevel(SignatureLevel signatureLevel)

Description copied from class: AbstractSerializableSignatureParameters

Set signature level. This field cannot be null.

Overrides:

setSignatureLevel in class AbstractSerializableSignatureParameters<JAdESTimestampParameters>

Parameters:

signatureLevel - the expected signature level

getContentTimestampParameters

public JAdESTimestampParameters getContentTimestampParameters()

Description copied from class: AbstractSerializableSignatureParameters

Get the parameters for content timestamp (Baseline-B)

Overrides:

getContentTimestampParameters in class AbstractSerializableSignatureParameters<JAdESTimestampParameters>

Returns:

the parameters to produce a content timestamp

getSignatureTimestampParameters

public JAdESTimestampParameters getSignatureTimestampParameters()

Description copied from class: AbstractSerializableSignatureParameters

Get the parameters for signature timestamp (Baseline-T)

Overrides:

getSignatureTimestampParameters in class AbstractSerializableSignatureParameters<JAdESTimestampParameters>

Returns:

the parameters to produce a signature timestamp

getArchiveTimestampParameters

public JAdESTimestampParameters getArchiveTimestampParameters()

Description copied from class: AbstractSerializableSignatureParameters

Get the parameters for archive timestamp (Baseline-LTA)

Overrides:

getArchiveTimestampParameters in class AbstractSerializableSignatureParameters<JAdESTimestampParameters>

Returns:

the parameters to produce an archive timestamp

isIncludeCertificateChain

public boolean isIncludeCertificateChain()

Defines if complete certificate chain binaries must be included into the signed header ('x5c' attribute)

Returns:

TRUE if the certificate chain must be included, FALSE otherwise

setIncludeCertificateChain

public void setIncludeCertificateChain(boolean includeCertificateChain)

Sets if complete certificate chain binaries must be included into the signed header Default: TRUE (the complete binaries will be included into the signed header)

Parameters:

includeCertificateChain - if the certificate chain binaries must be included into the signed header

isIncludeSignatureType

public boolean isIncludeSignatureType()

Defines if the signature MimeType string must be included into the signed header ('typ' attribute)

Returns:

TRUE if the MimeType string of the produced signature must be included, FALSE otherwise

setIncludeSignatureType

public void setIncludeSignatureType(boolean includeSignatureType)

Sets if the signature MimeType string must be included into the signed header ('typ' attribute) Default: TRUE (the signature MimeType will be included into the signed header)

Parameters:

includeSignatureType - if the signature MimeType be included into the signed header

isIncludeKeyIdentifier

public boolean isIncludeKeyIdentifier()

Returns whether a 'kid' (key identifier) header parameter should be created

Returns:

TRUE if the 'kid' should be created, FALSE otherwise

setIncludeKeyIdentifier

public void setIncludeKeyIdentifier(boolean includeKeyIdentifier)

Sets whether a 'kid' (key identifier) header parameter should be created within a protected header, provided that a signing-certificate is defined within the signature parameters. DEFAULT : TRUE (the 'kid' header parameter is created)

Parameters:

includeKeyIdentifier - identifies whether 'kid' should be created (when a signing-certificate is provided)

getX509Url

public String getX509Url()

Returns the value of the 'x5u' header parameter if present

Returns:

String

setX509Url

public void setX509Url(String x509Url)

Sets the value for the 'x5u' signed header parameter. The value shall refer to a URI where the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS can be retrieved from.

NOTE: use methods #setSigningCertificate and #includeCertificateChain to disable encapsulation of the signing certificate and certificate chain binaries (included by default).

DEFAULT: NULL (the 'x5u' header parameter is not included)

Parameters:

x509Url - String value of 'x5u' header parameter

getSigningCertificateDigestMethod

public DigestAlgorithm getSigningCertificateDigestMethod()

See setSigningCertificateDigestMethod(DigestAlgorithm).

Returns:

DigestAlgorithm to be used for signing certificate digest representation

setSigningCertificateDigestMethod

public void setSigningCertificateDigestMethod(DigestAlgorithm signingCertificateDigestMethod)

The digest method indicates the digest algorithm to be used to calculate the certificate digest to define a signing certificate ('x5t#256' for SHA256 or 'x5t#o' for other algorithms) Default: DigestAlgorithm.SHA256 ('x5t#256' attribute will be created)

Parameters:

signingCertificateDigestMethod - DigestAlgorithm to be used

getJwsSerializationType

public JWSSerializationType getJwsSerializationType()

Gets JWSSerializationType

Returns:

JWSSerializationType

setJwsSerializationType

public void setJwsSerializationType(JWSSerializationType jwsSerializationType)

Sets the JWSSerializationType Default: JWSSerializationType.COMPACT_SERIALIZATION

Parameters:

jwsSerializationType - JWSSerializationType

getSigDMechanism

public SigDMechanism getSigDMechanism()

Returns a SigDMechanism to use

Returns:

SigDMechanism

setSigDMechanism

public void setSigDMechanism(SigDMechanism sigDMechanism)

Sets SigDMechanism to use for a Detached signature

Parameters:

sigDMechanism - SigDMechanism

getJadesSigningTimeType

public JAdESSigningTimeType getJadesSigningTimeType()

Returns the JAdES claimed signing-time header parameters to be used

Returns:

JAdESSigningTimeType

setJadesSigningTimeType

public void setJadesSigningTimeType(JAdESSigningTimeType jadesSigningTimeType)

Sets the claimed signing-time header parameters to be used.

Requirements ETSI TS 119 182-1, clause 6.3, for iat and sigT: Before 2025-07-15T00:00:00Z the generator should include the iat header parameter for indicating the claimed signing time in new JAdES signatures and should not include the iat header parameter for indicating the claimed signing time in new JAdES signatures. Starting at 2025-07-15T00:00:00Z the generator shall include the iat header parameter for indicating the claimed signing time in new JAdES signatures.

Default : IAT ('iat' header parameter will be used)

Parameters:

jadesSigningTimeType - JAdESSigningTimeType

isBase64UrlEncodedPayload

public boolean isBase64UrlEncodedPayload()

Gets if base64Url encoded payload shall be used

Returns:

TRUE if to use base64url encoded payload, FALSE otherwise

setBase64UrlEncodedPayload

public void setBase64UrlEncodedPayload(boolean base64EncodedPayload)

Sets if base64Url encoded payload shall be used If FALSE, the unencoded (original) payload will be used according to RFC 7797 NOTE: some restrictions for payload content can apply when dealing with unencoded payload. For more information please see RFC 7797. The parameter is independent from base64UrlEncodedEtsiUComponents Default : TRUE (base64Url encoded payload will be used)

Parameters:

base64EncodedPayload - true if the payload shall be present in its corresponding base64url encoding, FALSE otherwise

isBase64UrlEncodedEtsiUComponents

public boolean isBase64UrlEncodedEtsiUComponents()

Gets if the instances of the 'etsiU' unprotected header shall appear in their corresponding base64url encoding Default : TRUE (base64Url encoded etsiU components will be used)

Returns:

TRUE if the components of 'etsiU' header shall appear in their corresponding base64url encoding, otherwise in their clear JSON incorporation

setBase64UrlEncodedEtsiUComponents

public void setBase64UrlEncodedEtsiUComponents(boolean base64UrlEncodedEtsiUComponents)

Sets if the instances of the 'etsiU' header shall appear in their corresponding base64url encoding. If FALSE the components of 'etsiU' will appear in their clear JSON incorporation. The parameter is used for Serialization (or Flattened) format only with unsigned properties. NOTE: the parameter is independent from base64UrlEncodedPayload Default : TRUE (base64url encoded etsiU components)

Parameters:

base64UrlEncodedEtsiUComponents - if the components of 'etsiU' unsigned header shall appear in their corresponding base64url encoding, if FALSE the components will appear in their clear JSON incorporation