| Package | Description |
|---|---|
| org.demoiselle.signer.policy.engine.asn1.etsi |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.asn1.icpb |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.asn1.icpb.v2 |
Documentation of package (put it here)
|
| org.demoiselle.signer.policy.engine.factory |
Documentation of package (put it here)
|
| Class and Description |
|---|
| AcceptablePolicySet
The acceptablePolicySet field identifies the initial set of certificate policies,
any of which are acceptable under the signature policy.
|
| AlgAndLength
AlgAndLength ::= SEQUENCE {
algID
ObjectIdentifier ,
minKeyLength INTEGER
OPTIONAL,
-- Minimum key length in bits other SignPolExtensions OPTIONAL
}
|
| AlgorithmConstraints
AlgorithmConstraints ::= SEQUENCE OF AlgAndLength
Collection< AlgAndLength >
AlgAndLength |
| AlgorithmConstraintSet
The algorithmConstrains fields, if present, identifies the signing algorithms
(hash, public key cryptography, combined hash and public key cryptography)
that may be used for specific purposes and any minimum length.
|
| AlgorithmConstraintSet.TAG |
| AlgorithmIdentifier
Parse an
ASN1Primitive to get ObjectIdentifier. |
| AttributeConstraints
AttributeConstraints ::= SEQUENCE {
attributeTypeConstarints [0] AttributeTypeConstraints OPTIONAL,
attributeValueConstarints [1] AttributeValueConstraints OPTIONAL
}
|
| AttributeTrustCondition
If the attributeTrustCondition field is not present then any
certified attributes may not be considered to be valid under
this validation policy.
|
| CertificateTrustPoint
parse an org.bouncycastle.asn1.ASN1Primitive to get
trustpoint Certificate, -- self-signed certificate @see X509Certificate
PathLenConstraint OPTIONAL,
AcceptablePolicySet OPTIONAL, -- If not present "any policy"
NameConstraints OPTIONAL,
PolicyConstraints OPTIONAL |
| CertificateTrustTrees
The certificateTrustTrees identifies a set of self signed certificates
for the trust points used to start (or end) certificate path processing
and the initial conditions for certificate path validation as defined RFC 2459 [6] clause 6.
|
| CertInfoReq
The mandatedCertificateInfo field identifies whether a signer's certificate,
or all certificates in the certification path to the trust point shall be provided by
the signer in the certificates field of SignedData.
|
| CertPolicyId
CertPolicyId ::= OBJECT IDENTIFIER
|
| CertRefReq
The mandatedCertificateRef identifies whether just the signer's certificate,
or all the full certificate path shall be provided by the signer
CertRefReq ::= ENUMERATED {
signerOnly (1), -- Only reference to signer cert mandated
fullPath (2) -- References for full cert path up to a trust point required
}
|
| CertRevReq
The RevocRequirements field specifies minimum requirements for revocation information,
obtained through CRLs and/or OCSP responses,
to be used in checking the revocation status of certificates.
|
| CMSAttrs
CMSAttrs ::= SEQUENCE OF OBJECT IDENTIFIER ObjectIdentifier
mandatedSignedAttr CMSAttrs, -- Mandated CMS signed attributes
mandatedUnsignedAttr CMSAttrs, -- Mandated CMS unsigned attributed
|
| CommitmentRule
The CommitmentRule for given commitment types are defined in terms
of trust conditions for certificates, timestamps and attributes,
along with any constraints on attributes that may be included in
the electronic signature.
|
| CommitmentRules
The CommitmentRules consists of the validation rules which
apply to given commitment types:
CommitmentRules ::= SEQUENCE OF CommitmentRule
|
| CommitmentType
A specific commitment type identifier shall not appear in more than one commitment rule.
|
| CommitmentTypeIdentifier
A specific commitment type identifier shall not appear in more
than one commitment rule.
|
| CommonRules
The CommonRules define rules that are common to all commitment types.
|
| DeltaTime
DeltaTime ::= SEQUENCE {
deltaSeconds INTEGER,
deltaMinutes INTEGER,
deltaHours INTEGER,
deltaDays INTEGER
}
|
| EnuRevReq
EnuRevReq ::= ENUMERATED {
clrCheck (0), --Checks shall be made against current CRLs (or authority revocation lists)
ocspCheck (1), -- The revocation status shall be checked
using the Online Certificate Status Protocol (RFC 2450)
bothCheck (2), -- Both CRL and OCSP checks shall be carried out
eitherCheck (3), -- At least one of CRL or OCSP checks shall be carried out
noCheck (4), -- no check is mandated
other (5) -- Other mechanism as defined by signature policy extension }
|
| FieldOfApplication
The fieldofApplication is a description of the expected application of this policy.
|
| HowCertAttribute
The howCertAttribute field specifies whether attributes uncertified attributes "claimed" by the signer,
or certified in an attribute certificate or either using the signer attributes attribute defined in TS 101 733.
|
| MandatedUnsignedAttr
The mandatedUnsignedAttr field shall include the object identifier for all those unsigned attributes
required by the present document as well as additional attributes required this policy.
|
| NameConstraints
The nameConstraints field indicates a name space within which all subject names
in subsequent certificates in a certification path shall be located.
|
| ObjectIdentifier
FIXME should it be betther with a factory method parse?
|
| OctetString
To get UTF8 String value of DEROctetString.
|
| PathLenConstraint
The pathLenConstraint field gives the maximum number of CA certificates
that may be in a certification path following the trustpoint.
|
| PolicyConstraints
The policyConstraints extension constrains path processing in two ways.
|
| PolicyIssuerName
The policyIssuerName field identifies the policy issuer in one or more of the general name forms.
|
| RevReq |
| SelectedCommitmentTypes
If the SelectedCommitmentTypes indicates "empty" then this rule applied when a commitment type
is not present(i.e. the type of commitment is indicated in the semantics of the message).
|
| SignatureValidationPolicy
The signature validation policy defines for the signer
which data elements shall be present in the electronic
signature he provides and for the verifier which data
elements shall be present under that signature policy
for an electronic signature to be potentially valid.
|
| SignerAndVerifierRules
The SignerAndVerifierRules consists of signer rule and
verification rules as defined below:
SignerAndVerifierRules ::= SEQUENCE {
signerRules
SignerRules,
verifierRules VerifierRules
}
|
| SignerRules
The signer rules identify:
if the eContent is empty and the signature is calculated using
a hash of signed data external to CMS structure;
the CMS signed attributes that shall be provided by the signer
under this policy;
the CMS unsigned attribute that shall be provided by the signer
under this policy;
whether the certificate identifiers from the full certification
path up to the trust point shall be provided by the signer in the
SigningCertificate attribute;
whether a signer's certificate, or all certificates in the
certification path to the trust point shall be provided by the signer
in the certificates field of SignedData.
|
| SigningCertTrustCondition
The SigningCertTrustCondition field identifies trust conditions
for certificate path processing used to validate the signing
certificate.
|
| SigningPeriod
The signingPeriod identifies the date and time before
which the signature policy should not be used for creating signatures,
and an optional date after which it should not be used for creating
signatures.
|
| SignPolExtensions
ETSI TR 102 272 V1.1.1 (2003-12)
Additional signature policy rules may be added to:
the overall signature policy structure, as defined in clause 6.1;
the signature validation policy structure, as defined in clause 6.2;
the common rules, as defined in clause 6.3;
the commitment rules, as defined in clause 6.4;
the signer rules, as defined in clause 6.5.1;
the verifier rules, as defined in clause 6.5.2;
the revocation requirements in clause 6.6.2;
the algorithm constraints in clause 6.10.
|
| SignPolExtn
SignPolExtn ::= SEQUENCE {
extnID OBJECT IDENTIFIER
ObjectIdentifier,
extnValue OCTET STRING OctetString
}
The extnID field shall contain the object identifier for the extension. |
| SignPolicyHash
OID for SignPolicyHash defined on policy.
|
| SignPolicyId
OID for SignPolicyId defined on policy.
|
| SignPolicyInfo
ETSI TR 102 272 V1.1.1 (2003-12)
SignPolicyInfo ::= SEQUENCE {
signPolicyIdentifier
SignPolicyId,
dateOfIssue GeneralizedTime,
policyIssuerName PolicyIssuerName,
fieldOfApplication FieldOfApplication,
signatureValidationPolicy SignatureValidationPolicy,
signPolExtensions SignPolExtensions OPTIONAL
}
|
| SkipCerts
SkipCerts ::= INTEGER (0..MAX)
|
| TimestampTrustCondition
The TimeStampTrustCondition field identifies trust conditions for
certificate path processing used to authenticate the timstamping
authority and constraints on the name of the timestamping authority.
|
| VerifierRules
The verifier rules identify: the CMS unsigned attributes that
shall be present under this policy and shall be added by the
verifier if not added by the signer.
|
| Class and Description |
|---|
| SigningPeriod
The signingPeriod identifies the date and time before
which the signature policy should not be used for creating signatures,
and an optional date after which it should not be used for creating
signatures.
|
| Class and Description |
|---|
| ObjectIdentifier
FIXME should it be betther with a factory method parse?
|
| SignaturePolicy
In this structure the policy information is preceded by
an identifier for the hashing algorithm used to protect
the signature policy and followed by the hash value which
shall be re-calculated and checked whenever the policy is
passed between the issuer and signer/verifier.
|
| Class and Description |
|---|
| SignaturePolicy
In this structure the policy information is preceded by
an identifier for the hashing algorithm used to protect
the signature policy and followed by the hash value which
shall be re-calculated and checked whenever the policy is
passed between the issuer and signer/verifier.
|
Copyright © 2021 SERPRO - Serviço Federal de Processamento de Dados. All rights reserved.