Skip to main content
Package: com.helger.phase4.crypto
Maven artifact: com.helger.phase4:phase4-lib AS4SigningParams holds all parameters controlling how an outgoing AS4 message is signed and how incoming signatures are verified.

Default values

ConstantValueDescription
DEFAULT_KEY_IDENTIFIER_TYPEBST_DIRECT_REFERENCEKey identifier type
DEFAULT_USE_SINGLE_CERTIFICATEtrueUse #X509v3 BST value type

Setter methods

body.setKeyIdentifierType
ECryptoKeyIdentifierType
Defines how the signing certificate is transmitted in the message. Default: BST_DIRECT_REFERENCE. Since 0.11.0.
body.setAlgorithmSign
ECryptoAlgorithmSign
The XML signature algorithm. Mandatory to enable signing. Also requires setAlgorithmSignDigest.
body.setAlgorithmSignDigest
ECryptoAlgorithmSignDigest
The digest algorithm for the signature. Mandatory to enable signing. Also requires setAlgorithmSign.
body.setAlgorithmC14N
ECryptoAlgorithmC14N
The XML canonicalization algorithm. Default: Exclusive C14N without comments (C14N_EXCL_OMIT_COMMENTS). Since 0.10.6.
body.setSecurityProvider
Provider
Sets the same java.security.Provider for both signing and verification. Since 2.1.3.
body.setSecurityProviderSign
Provider
JCA/JCE provider for signing only. Since 2.4.0.
body.setSecurityProviderVerify
Provider
JCA/JCE provider for signature verification only. Since 2.4.0.
body.setUseSingleCertificate
boolean
default:"true"
Controls the BST value type. true uses #X509v3 (single cert, e.g. Peppol); false uses #X509PKIPathv1 (certificate chain). Since 2.1.5.
body.setWSSecSignatureCustomizer
IWSSecSignatureCustomizer
Low-level customizer for WSS4J WSSecSignature objects.
body.setSubjectCertConstraints
Collection<Pattern>
Collection of regular expression patterns that the signing certificate’s subject DN must match. null or empty means no constraint is enforced. Since 3.0.7.

Convenience methods

// isSigningEnabled returns true when both algorithm and digest are set
boolean active = params.isSigningEnabled();

// Set algorithm and digest from a PMode security configuration
params.setFromPMode(pmodeLeg.getSecurity());

Static factory

// Creates a default instance with RSA-SHA256 + SHA256 + Exclusive C14N
AS4SigningParams defaults = AS4SigningParams.createDefault();

ECryptoAlgorithmSign

XML signature algorithms supported by phase4.
Enum valueIDNotes
RSA_SHA_256rsa-sha-256Default
RSA_SHA_384rsa-sha-384
RSA_SHA_512rsa-sha-512
ECDSA_SHA_256ecdsa-sha-256
ECDSA_SHA_384ecdsa-sha-384
ECDSA_SHA_512ecdsa-sha-512
EDDSA_ED25519eddsa-ed25519
EDDSA_ED448eddsa-ed448
RSA_SHA_256_MGF1rsa-sha-256-mgf1RSASSA-PSS with SHA-256
RSA_SHA_384_MGF1rsa-sha-384-mgf1RSASSA-PSS with SHA-384
RSA_SHA_512_MGF1rsa-sha-512-mgf1RSASSA-PSS with SHA-512
RSA_SHA3_256_MGF1rsa-sha3-256-mgf1RSASSA-PSS with SHA3-256
RSA_SHA3_384_MGF1rsa-sha3-384-mgf1RSASSA-PSS with SHA3-384
RSA_SHA3_512_MGF1rsa-sha3-512-mgf1RSASSA-PSS with SHA3-512
ECryptoAlgorithmSign.SIGN_ALGORITHM_DEFAULT // RSA_SHA_256

ECryptoAlgorithmSignDigest

Digest algorithms for XML signatures.
Enum valueIDNotes
DIGEST_SHA_256sha-256Default
DIGEST_SHA_384sha-384
DIGEST_SHA_512sha-512
ECryptoAlgorithmSignDigest.SIGN_DIGEST_ALGORITHM_DEFAULT // DIGEST_SHA_256

Example

import com.helger.phase4.crypto.AS4SigningParams;
import com.helger.phase4.crypto.ECryptoAlgorithmSign;
import com.helger.phase4.crypto.ECryptoAlgorithmSignDigest;

// Custom signing parameters
AS4SigningParams params = new AS4SigningParams()
    .setAlgorithmSign(ECryptoAlgorithmSign.RSA_SHA_256)
    .setAlgorithmSignDigest(ECryptoAlgorithmSignDigest.DIGEST_SHA_256)
    .setUseSingleCertificate(true);

// Or use in a sender builder directly
builder.signingParams()
    .setAlgorithmSign(ECryptoAlgorithmSign.ECDSA_SHA_256)
    .setAlgorithmSignDigest(ECryptoAlgorithmSignDigest.DIGEST_SHA_256);

Build docs developers (and LLMs) love

Get started for freeTalk to us