The objective of this example is to update a signature with a time-stamp in an XML document to a long-term signature format, using the TrustedX verification service.

To try this example, you must download the file called sampleSW8.zip and follow the instructions in Configuration of the Environment.

The signature to be updated is the one generated in the Generation of XML Signature with Time-Stamp example. The downloaded file already contains a signature to be used for the update, but, if you wish, you can replace this file with the one generated in the previous example, to check that it functions correctly.

To update a signature, we must perform a verification request with a SmartVerifyRequest object, and, unlike the other examples, we must indicate that it is the NONREP (or non-repudiation) and not the verification signature profile that must be used.

SmartVerifyRequest svr = new SmartVerifyRequest(host, SmartVerifyRequest.Service.DR);
svr.setProfile(Constants.Profile.NONREP);

The request must include the signature data – in this case, encoded in Base64. Moreover, the format of the document to be returned and the format of the updated signature (ES-A) will also be indicated. This format allows preservation of the signature for a period of time that is longer than the validity period of the cryptographic material used to generate it.

svr.setInputXmlBase64(Util.readBinaryFileB64(path_in + filename));
svr.setReturnSigningDocument(Constants.ReturnSigningDocument.XML);
svr.setReturnUpdatedSignature(Constants.SignatureFormat.ES_A);

The setAddCertificateValues(), setAddRevocationValues() and setAddTimeStampValues() method calls have also been added to this request , so that the response will return information about the certificates, the revocation lists and the time-stamps. The format in which the data is expected to be returned must be indicated for each one of these methods - in this case, each method returns a binary format.

svr.setAddCertificateValues(Constants.AddValues.BINARY);
svr.setAddRevocationValues(Constants.AddValues.BINARY);
svr.setAddTimeStampValues(Constants.AddValues.BINARY);

Once all the data have been entered in the request, the send() operation is invoked; this operation sends the request and obtains a SmartVerifyResponse object.

SmartVerifyResponse svrs = svr.send();

Once the request has been sent, we can check if it has been processed correctly by consulting the response parameters. The functions of the UtilTrustedX auxiliary class are used for this. If all goes well, the signature is retrieved using the getDocumentWithSignatureXml() method and it is stored in a file.

if (UtilTrustedX.checkSW(svrs.getResultMajor(), svrs.getResultMinor(), svrs.getResultMessage())) {
   String destFilename = path_out + filename.substring(0, filename.lastIndexOf("."))
         + "Archive.xml";
   Util.writeBinaryFileB64(destFilename, svrs.getDocumentWithSignatureXml());

   UtilTrustedX.printResponse(svrs);
   for (int other = 0; other < svrs.getNumberVerifyResponses(); other++) {
      UtilTrustedX.printResponse(svrs.getOtherResponse(other));
   }
} 

Upon execution of the example, the updated signature is stored in the DemoSignedEnvelopingTSSWArchive.xml archive.

File saved successfully on: data/output/DemoSignedEnvelopingTSSWArchive.xml

Finally, we obtain the following response with all the requested information.

** RESPONSE **
---------------------
Signature num 0
---------------------
** Certificate **
Major: urn:oasis:names:tc:dss:1.0:resultmajor:Success
Minor: urn:oasis:names:tc:dss:1.0:resultminor:ValidSignature_OnAllDocuments
DN: CN=Dave, OU=Demo, O=TrustedX, C=ES
Issuer Trust Level: 0
Issuer Trust Label: Administration
XML Cert: <css:certificate xmlns:css="http://www.safelayer.com/TWS" ThumbId="EKueYdckNOnGDszLwQ61F29d5Vg="><css:tbsCertificate><css:subject>CN=Dave, OU=Demo, O=TrustedX, C=ES</css:subject><css:issuer>CN=Safelayer - Class 1 Root CA Demo, O=Safelayer Secure Communications, S.A. [C.I.F. A61930046]</css:issuer><css:serialNumber>Atg=</css:serialNumber><css:validity><css:notBefore>2006-09-20T12:21:27Z</css:notBefore><css:notAfter>2010-09-20T12:21:27Z</css:notAfter></css:validity><css:extensions><css:extension><css:keyUsage>digitalSignature nonRepudiation keyAgreement</css:keyUsage></css:extension><css:extension><css:extKeyUsage>id-kp-clientAuth id-kp-emailProtection</css:extKeyUsage></css:extension></css:extensions><css:subjectPublicKeyInfo type="RSA 1024\"><css:signatureAlgorithm>pkcs1-sha1WithRsaSignature</css:signatureAlgorithm></css:tbsCertificate></css:certificate>
** CRL **
Trust Level: 0
Trust Label: Administration
XML CRL: <ns1:crl xmlns:ns1="http://www.safelayer.com/TWS"><ns1:tbsCrl><ns1:version>AQ==</ns1:version><ns1:signatureAlgorithm>sha1WithRsaSignature</ns1:signatureAlgorithm><ns1:issuer>CN=Safelayer - Class 1 Root CA Demo, O=Safelayer Secure Communications, S.A. [C.I.F. A61930046]</ns1:issuer><ns1:thisUpdate>2007-07-05T12:35:53Z</ns1:thisUpdate><ns1:nextUpdate>2008-07-05T12:35:53Z</ns1:nextUpdate><ns1:revokedCertificates/><ns1:crlExtensions><ns1:cRLNumber>AMs=</ns1:cRLNumber></ns1:crlExtensions></ns1:tbsCrl></ns1:crl>
** TimeStamp **
Major: urn:oasis:names:tc:dss:1.0:resultmajor:Success
Minor: urn:oasis:names:tc:dss:1.0:resultminor:ValidSignature_OnAllDocuments
Trust Level: 0
Trust Label: Administration
Info XML: <dss:TstInfo xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd"><dss:SerialNumber>AhAFVl8lajnZeZxBJlj+g6Hv</dss:SerialNumber><dss:CreationTime>2008-01-15T09:08:42Z</dss:CreationTime><dss:TSA Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">OU=Demo TSA Server, O=Safelayer, C=ES</dss:TSA></dss:TstInfo>

Go to discussion forum (5)