| Package | Description |
|---|---|
| org.demoiselle.signer.policy.engine.asn1 |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.asn1.etsi |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.asn1.icpb |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.asn1.icpb.v2 |
Documentation of package (put it here)
|
| Modifier and Type | Class and Description |
|---|---|
class |
GeneralizedTime
Parse an org.bouncycastle.asn1.ASN1GeneralizedTime
to get it in java.util.Date format.
|
| Modifier and Type | Class and Description |
|---|---|
class |
AcceptablePolicySet
The acceptablePolicySet field identifies the initial set of certificate policies,
any of which are acceptable under the signature policy.
|
class |
AlgAndLength
AlgAndLength ::= SEQUENCE {
algID
ObjectIdentifier ,
minKeyLength INTEGER
OPTIONAL,
-- Minimum key length in bits other SignPolExtensions OPTIONAL
}
|
class |
AlgorithmConstraints
AlgorithmConstraints ::= SEQUENCE OF AlgAndLength
Collection< AlgAndLength >
AlgAndLength |
class |
AlgorithmConstraintSet
The algorithmConstrains fields, if present, identifies the signing algorithms
(hash, public key cryptography, combined hash and public key cryptography)
that may be used for specific purposes and any minimum length.
|
class |
AlgorithmIdentifier
Parse an
ASN1Primitive to get ObjectIdentifier. |
class |
AttributeConstraints
AttributeConstraints ::= SEQUENCE {
attributeTypeConstarints [0] AttributeTypeConstraints OPTIONAL,
attributeValueConstarints [1] AttributeValueConstraints OPTIONAL
}
|
class |
AttributeTrustCondition
If the attributeTrustCondition field is not present then any
certified attributes may not be considered to be valid under
this validation policy.
|
class |
CertificateTrustPoint
parse an org.bouncycastle.asn1.ASN1Primitive to get
trustpoint Certificate, -- self-signed certificate @see X509Certificate
PathLenConstraint OPTIONAL,
AcceptablePolicySet OPTIONAL, -- If not present "any policy"
NameConstraints OPTIONAL,
PolicyConstraints OPTIONAL |
class |
CertificateTrustTrees
The certificateTrustTrees identifies a set of self signed certificates
for the trust points used to start (or end) certificate path processing
and the initial conditions for certificate path validation as defined RFC 2459 [6] clause 6.
|
class |
CertPolicyId
CertPolicyId ::= OBJECT IDENTIFIER
|
class |
CertRevReq
The RevocRequirements field specifies minimum requirements for revocation information,
obtained through CRLs and/or OCSP responses,
to be used in checking the revocation status of certificates.
|
class |
CMSAttrs
CMSAttrs ::= SEQUENCE OF OBJECT IDENTIFIER ObjectIdentifier
mandatedSignedAttr CMSAttrs, -- Mandated CMS signed attributes
mandatedUnsignedAttr CMSAttrs, -- Mandated CMS unsigned attributed
|
class |
CommitmentRule
The CommitmentRule for given commitment types are defined in terms
of trust conditions for certificates, timestamps and attributes,
along with any constraints on attributes that may be included in
the electronic signature.
|
class |
CommitmentRules
The CommitmentRules consists of the validation rules which
apply to given commitment types:
CommitmentRules ::= SEQUENCE OF CommitmentRule
|
class |
CommitmentType
A specific commitment type identifier shall not appear in more than one commitment rule.
|
class |
CommitmentTypeIdentifier
A specific commitment type identifier shall not appear in more
than one commitment rule.
|
class |
CommonRules
The CommonRules define rules that are common to all commitment types.
|
class |
DeltaTime
DeltaTime ::= SEQUENCE {
deltaSeconds INTEGER,
deltaMinutes INTEGER,
deltaHours INTEGER,
deltaDays INTEGER
}
|
class |
FieldOfApplication
The fieldofApplication is a description of the expected application of this policy.
|
class |
MandatedUnsignedAttr
The mandatedUnsignedAttr field shall include the object identifier for all those unsigned attributes
required by the present document as well as additional attributes required this policy.
|
class |
NameConstraints
The nameConstraints field indicates a name space within which all subject names
in subsequent certificates in a certification path shall be located.
|
class |
ObjectIdentifier
FIXME should it be betther with a factory method parse?
|
class |
OctetString
To get UTF8 String value of DEROctetString.
|
class |
PathLenConstraint
The pathLenConstraint field gives the maximum number of CA certificates
that may be in a certification path following the trustpoint.
|
class |
PolicyConstraints
The policyConstraints extension constrains path processing in two ways.
|
class |
PolicyIssuerName
The policyIssuerName field identifies the policy issuer in one or more of the general name forms.
|
class |
RevReq
|
class |
SelectedCommitmentTypes
If the SelectedCommitmentTypes indicates "empty" then this rule applied when a commitment type
is not present(i.e. the type of commitment is indicated in the semantics of the message).
|
class |
SignatureValidationPolicy
The signature validation policy defines for the signer
which data elements shall be present in the electronic
signature he provides and for the verifier which data
elements shall be present under that signature policy
for an electronic signature to be potentially valid.
|
class |
SignerAndVerifierRules
The SignerAndVerifierRules consists of signer rule and
verification rules as defined below:
SignerAndVerifierRules ::= SEQUENCE {
signerRules
SignerRules,
verifierRules VerifierRules
}
|
class |
SignerRules
The signer rules identify:
if the eContent is empty and the signature is calculated using
a hash of signed data external to CMS structure;
the CMS signed attributes that shall be provided by the signer
under this policy;
the CMS unsigned attribute that shall be provided by the signer
under this policy;
whether the certificate identifiers from the full certification
path up to the trust point shall be provided by the signer in the
SigningCertificate attribute;
whether a signer's certificate, or all certificates in the
certification path to the trust point shall be provided by the signer
in the certificates field of SignedData.
|
class |
SigningCertTrustCondition
The SigningCertTrustCondition field identifies trust conditions
for certificate path processing used to validate the signing
certificate.
|
class |
SigningPeriod
The signingPeriod identifies the date and time before
which the signature policy should not be used for creating signatures,
and an optional date after which it should not be used for creating
signatures.
|
class |
SignPolExtensions
ETSI TR 102 272 V1.1.1 (2003-12)
Additional signature policy rules may be added to:
the overall signature policy structure, as defined in clause 6.1;
the signature validation policy structure, as defined in clause 6.2;
the common rules, as defined in clause 6.3;
the commitment rules, as defined in clause 6.4;
the signer rules, as defined in clause 6.5.1;
the verifier rules, as defined in clause 6.5.2;
the revocation requirements in clause 6.6.2;
the algorithm constraints in clause 6.10.
|
class |
SignPolExtn
SignPolExtn ::= SEQUENCE {
extnID OBJECT IDENTIFIER
ObjectIdentifier,
extnValue OCTET STRING OctetString
}
The extnID field shall contain the object identifier for the extension. |
class |
SignPolicyHash
OID for SignPolicyHash defined on policy.
|
class |
SignPolicyId
OID for SignPolicyId defined on policy.
|
class |
SignPolicyInfo
ETSI TR 102 272 V1.1.1 (2003-12)
SignPolicyInfo ::= SEQUENCE {
signPolicyIdentifier
SignPolicyId,
dateOfIssue GeneralizedTime,
policyIssuerName PolicyIssuerName,
fieldOfApplication FieldOfApplication,
signatureValidationPolicy SignatureValidationPolicy,
signPolExtensions SignPolExtensions OPTIONAL
}
|
class |
SkipCerts
SkipCerts ::= INTEGER (0..MAX)
|
class |
TimestampTrustCondition
The TimeStampTrustCondition field identifies trust conditions for
certificate path processing used to authenticate the timstamping
authority and constraints on the name of the timestamping authority.
|
class |
VerifierRules
The verifier rules identify: the CMS unsigned attributes that
shall be present under this policy and shall be added by the
verifier if not added by the signer.
|
| Modifier and Type | Class and Description |
|---|---|
class |
LPA
V1 definition on:
http://www.iti.gov.br/icp-brasil/repositorio/144-icp-brasil/repositorio/3974-artefatos-de-assinatura-digital
Collection< @link PolicyInfo > policyInfos;
Time nextUpdate; |
class |
PoliciesDigest
Hash and Algorithm values defined by policy.
|
class |
PoliciesURI
URI defined by policy
String textualPolicyURI; String asn1PolicyURI; String xmlPolicyURI;
|
class |
PolicyInfo
V1 definition on:
http://www.iti.gov.br/icp-brasil/repositorio/144-icp-brasil/repositorio/3974-artefatos-de-assinatura-digital
org.bouncycastle.asn1.x500.DirectoryString policyName;
org.bouncycastle.asn1.x500.DirectoryString fieldOfApplication;
SigningPeriod signingPeriod;
Time revocationDate;
PoliciesURI policiesURI;
PoliciesDigest policiesDigest; |
class |
Time
|
| Modifier and Type | Class and Description |
|---|---|
class |
Version
Version of ICP-BRASIL'S policy
|
Copyright © 2021 SERPRO - Serviço Federal de Processamento de Dados. All rights reserved.