com.guardtime.ksi

Class KSIBuilder

java.lang.Object

com.guardtime.ksi.KSIBuilder

public final class KSIBuilder
extends Object

Obtaining and configuring the KSI object(s).

It is mandatory to set signing, extender, publications file client and publications file trusted certificate selector.

Constructor Summary

Constructors

Constructor and Description
KSIBuilder()

Method Summary

Modifier and Type	Method and Description
KSI	build() Builds the KSI instance.
KSIBuilder	setDefaultSigningHashAlgorithm(HashAlgorithm defaultHashAlgorithm) Sets the default signing algorithm to be used to create new KSI signatures.
KSIBuilder	setDefaultVerificationPolicy(Policy defaultVerificationPolicy) Sets a default verification policy.
KSIBuilder	setKsiProtocolExtenderClient(KSIExtenderClient extenderClient) Sets the extender client to be used in verification and extending process.
KSIBuilder	setKsiProtocolExtendingService(KSIExtendingService extendingService) Sets the extending service to be used in extending process.
KSIBuilder	setKsiProtocolPublicationsFileClient(KSIPublicationsFileClient publicationsFileClient) Sets the publications file client to be used to download publications file.
KSIBuilder	setKsiProtocolSignerClient(KSISigningClient signingClient) Sets the signer client to be used in signing process.
KSIBuilder	setKsiProtocolSigningService(KSISigningService signingService) Sets the signing service to be used in signing process.
KSIBuilder	setPduIdentifierProvider(PduIdentifierProvider pduIdentifierProvider) Deprecated.
KSIBuilder	setPublicationsFileCacheExpirationTime(long expirationTime) Sets the publications file expiration time.
KSIBuilder	setPublicationsFilePkiTrustStore(File file, String password) Loads the KeyStore from the file system and sets the KeyStore to be used as a truststore to verify the certificate that was used to sign the publications file.
KSIBuilder	setPublicationsFilePkiTrustStore(KeyStore trustStore) Sets the KeyStore to be used as truststore to verify the certificate that was used to sign the publications file.
KSIBuilder	setPublicationsFileTrustedCertSelector(CertSelector certSelector) Sets the CertSelector to be used to verify the certificate that was used to sign the publications file.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KSIBuilder

public KSIBuilder()

Method Detail

setDefaultSigningHashAlgorithm

public KSIBuilder setDefaultSigningHashAlgorithm(HashAlgorithm defaultHashAlgorithm)

Sets the default signing algorithm to be used to create new KSI signatures. When using Signer.sign(DataHash) method, this algorithm is ignored. Default value is HashAlgorithm.SHA2_256

Parameters:

defaultHashAlgorithm - the hash algorithm to be used to create new KSI signatures.

Returns:

Instance of KSIBuilder.

setKsiProtocolSigningService

public KSIBuilder setKsiProtocolSigningService(KSISigningService signingService)

Sets the signing service to be used in signing process.

Parameters:

signingService - instance of KSISigningService.

Returns:

Instance of KSIBuilder.

setKsiProtocolExtendingService

public KSIBuilder setKsiProtocolExtendingService(KSIExtendingService extendingService)

Sets the extending service to be used in extending process.

Parameters:

extendingService - instance of KSIExtendingService.

Returns:

Instance of KSIBuilder.

setKsiProtocolSignerClient

public KSIBuilder setKsiProtocolSignerClient(KSISigningClient signingClient)

Sets the signer client to be used in signing process.

Parameters:

signingClient - instance of KSISigningClient.

Returns:

Instance of KSIBuilder.

setKsiProtocolExtenderClient

public KSIBuilder setKsiProtocolExtenderClient(KSIExtenderClient extenderClient)

Sets the extender client to be used in verification and extending process.

Parameters:

extenderClient - instance of KSIExtenderClient.

Returns:

Instance of KSIBuilder.

setKsiProtocolPublicationsFileClient

public KSIBuilder setKsiProtocolPublicationsFileClient(KSIPublicationsFileClient publicationsFileClient)

Sets the publications file client to be used to download publications file.

Parameters:

publicationsFileClient - instance of KSIPublicationsFileClient.

Returns:

Instance of KSIBuilder.

setPublicationsFilePkiTrustStore

public KSIBuilder setPublicationsFilePkiTrustStore(KeyStore trustStore)
                                            throws KSIException

Sets the KeyStore to be used as truststore to verify the certificate that was used to sign the publications file. If not set, the default Java keystore is used.

Parameters:

trustStore - truststore to be used to verify certificates.

Returns:

Instance of KSIBuilder.

Throws:

KSIException - when any error occurs.

setPublicationsFilePkiTrustStore

public KSIBuilder setPublicationsFilePkiTrustStore(File file,
                                                   String password)
                                            throws KSIException

Loads the KeyStore from the file system and sets the KeyStore to be used as a truststore to verify the certificate that was used to sign the publications file.

Parameters:

file - keystore file on disk, not null.

password - password of the keystore, null if keystore isn't protected by password.

Returns:

Instance of KSIBuilder.

Throws:

KSIException - when any error occurs.

setPublicationsFileTrustedCertSelector

public KSIBuilder setPublicationsFileTrustedCertSelector(CertSelector certSelector)

Sets the CertSelector to be used to verify the certificate that was used to sign the publications file. X509CertSelector can be used instead of X509CertificateSubjectRdnSelector

Parameters:

certSelector - instance of CertSelector.

Returns:

Instance of KSIBuilder.

See Also:

X509CertSelector

setPublicationsFileCacheExpirationTime

public KSIBuilder setPublicationsFileCacheExpirationTime(long expirationTime)

Sets the publications file expiration time. Default value is 0.

setPduIdentifierProvider

@Deprecated
public KSIBuilder setPduIdentifierProvider(PduIdentifierProvider pduIdentifierProvider)

Deprecated.

setDefaultVerificationPolicy

public KSIBuilder setDefaultVerificationPolicy(Policy defaultVerificationPolicy)

Sets a default verification policy. Default verification policy is used to perform signature verification in the following cases:

• new signature is created
• existing signature is extended
• existing signature is read from stream, byte array or file

Verification will be ran before signature is returned to the user. If signature verification fails, InvalidSignatureContentException exception is thrown. If needed, user can access the invalid signature and verification result using the methods InvalidSignatureContentException.getSignature() and InvalidSignatureContentException.getVerificationResult().

The following values are used to build a verification context that will be used by default verification policy:

• VerificationContextBuilder.setExtendingAllowed(boolean) is set to true.
• VerificationContextBuilder.setExtenderClient(KSIExtenderClient) - an extender client configured by KSIBuilder class is used.
• VerificationContextBuilder.setPublicationsFile(PublicationsFile) - a publication file configured by KSIBuilder class is used.
• VerificationContextBuilder.setDocumentHash(DataHash) - input hash is used only in case of signature creation, otherwise null value is used.
• VerificationContextBuilder.setUserPublication(PublicationData) - null value is always used.
• VerificationContextBuilder.setSignature(KSISignature) - the signature to be returned to the user.

Policies that are using PublicationData can not be used as default verification policy by API users because user publication is always null.

By default InternalVerificationPolicy is used.

build

public KSI build()
          throws KSIException

Builds the KSI instance. Checks that the signing, extender and publications file clients are set.

Returns:

Instance of KSI class.

Throws:

KSIException - will be thrown when some client is null.