SecureBlackbox 16: What versions of XAdES are supported?
XAdES versions 1.1.1, 1.2.2, 1.3.2, and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available via the TElXAdESSigner and TElXMLVerifier classes. The TElXAdESSigner and TElXMLVerifier classes have a QualifyingProperties property that fully implements the QualifyingProperties element from the XAdES specification. All other XAdES forms are controlled through this QualifyingProperties property.
Creating a countersignature and all timestamping could be done using the ElXAdESProcessor methods. For example:
ElXAdESSigner.AddSigAndRefsTimestamp (XAdES-X), ElXAdESVerifier.AddArchiveTimestamp (XAdES-A)
But, some properties such as Id don't have a corresponding method/property in TElXAdESSigner and can be set only via the QualifyingProperties property.
Next, if you need to set AttributeCertificateRefs (for a XAdES-C form), you will need to set it directly using the ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.AttributeCertificateRefs property.
Below is an example of how to fill RevocationValues and CompleteRevocationRefs with an OCSP response (C# notation):
ElXAdESSigner.XAdESForm = SBXMLAdES.Unit. XAdES_X_L;
ElXAdESSigner.Generate(); // generate QualifyingProperties structure
...
TElOCSPResponse OCSPResponse; // for example we have the OCSP response already
int Size = 0;
byte[] OCSPResponseBuf;
OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size);
OCSPResponseBuf = new Byte
if (OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size))
{
SBUtils.Unit.SetLength(OCSPResponseBuf, Size);
TElXMLEncapsulatedPKIData PKIData = new TElXMLEncapsulatedPKIData(XAdESSigner.XAdESVersion);
PKIData.Encoding = SBXMLAdES.Unit.xemDER;
PKIData.Data = BufPKI;
ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.Add(PKIData);
TElXMLOCSPRef OCSPRef = new TElXMLOCSPRef(XAdESSigner.XAdESVersion);
if (FResponderID.Name.Count > 0)
{
OCSPRef.OCSPIdentifier.ResponderID = SBXMLSec.Unit.FormatRDN(OCSPResponse.ResponderID.Name);
OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByName;
}
else
if (FResponderID.FSHA1KeyHash.Length() > 0)
{
OCSPRef.DigestAlgAndValue.DigestMethod = xmlDigestMethodSHA1;
OCSPRef.DigestAlgAndValue.DigestValue = OCSPResponse.ResponderID.SHA1KeyHash;
OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByKey
}
OCSPRef.OCSPIdentifier.ProducedAtUTC = OCSPResponse.ProducedAt;
ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.Add(OCSPRef);
}
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.