Package eu.europa.esig.dss.validation
Class DefaultAdvancedSignature
java.lang.Object
eu.europa.esig.dss.validation.DefaultAdvancedSignature
- All Implemented Interfaces:
AdvancedSignature,Serializable
- Direct Known Subclasses:
CAdESSignature,XAdESSignature
public abstract class DefaultAdvancedSignature extends Object implements AdvancedSignature
- See Also:
- Serialized Form
-
Field Summary
Fields Modifier and Type Field Description protected List<DSSDocument>detachedContentsIn case of a detached signature this is the signed document.protected List<ManifestFile>manifestFilesIn case of a ASiC-E signature this is the list of found manifest files.protected SignatureCertificateSourceofflineCertificateSourceprotected CertificateTokenprovidedSigningCertificateTokenIn the case of a non AdES signature the signing certificate is not mandatory within the signature and can be provided by the driving application.protected List<ReferenceValidation>referenceValidationsThis variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES)protected OfflineCRLSourcesignatureCRLSourceprotected SignatureCryptographicVerificationsignatureCryptographicVerificationThis variable contains the result of the signature mathematical validation.protected SignatureIdentifiersignatureIdentifierprotected OfflineOCSPSourcesignatureOCSPSourceprotected SignaturePolicysignaturePolicyprotected TimestampSourcesignatureTimestampSourceprotected StringstructureValidation -
Constructor Summary
Constructors Constructor Description DefaultAdvancedSignature() -
Method Summary
Modifier and Type Method Description voidaddExternalTimestamp(TimestampToken timestamp)This method allows to add an external timestamp.booleanareAllSelfSignedCertificates()Checks if all certificate chains present in the signature are self-signedprotected abstract SignatureIdentifierbuildSignatureIdentifier()Build and definessignatureIdentifiervaluebooleanequals(Object obj)voidfindSignatureScope(SignatureScopeFinder signatureScopeFinder)List<TimestampToken>getAllTimestamps()Returns a list of all timestamps found in the signatureList<TimestampToken>getArchiveTimestamps()Returns the archive TimestampsCandidatesForSigningCertificategetCandidatesForSigningCertificate()ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.List<CertificateToken>getCertificates()Returns an unmodifiable list of all certificate tokens encapsulated in the signatureListCertificateSourcegetCertificateSourcesExceptLastArchiveTimestamp()ListCertificateSourcegetCompleteCertificateSource()Gets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objectsListRevocationSourcegetCompleteCRLSource()Gets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objectsListRevocationSourcegetCompleteOCSPSource()Gets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objectsList<DSSDocument>getContainerContents()List<TimestampToken>getContentTimestamps()Returns the content timestampsList<DSSDocument>getDetachedContents()List<TimestampToken>getDocumentTimestamps()Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdESSignatureIdentifiergetDSSId()This method returns theSignatureIdentifier.StringgetId()This method returns the DSS unique signature id.List<DSSDocument>getManifestedDocuments()AdvancedSignaturegetMasterSignature()byte[]getMessageDigestValue()Returns a digest value incorporated in an attribute "message-digest" in CMS Signed DataPdfRevisiongetPdfRevision()Retrieves a PdfRevision (PAdES) related to the current signatureSignaturePolicygetPolicyId()Returns the Signature Policy OID from the signature.CertificateTokengetProvidedSigningCertificateToken()SignatureCryptographicVerificationgetSignatureCryptographicVerification()StringgetSignatureFilename()This method returns the signature filename (useful for ASiC and multiple signature files)List<SignatureScope>getSignatureScopes()List<TimestampToken>getSignatureTimestamps()Returns the signature timestampsValidationContextgetSignatureValidationContext(CertificateVerifier certificateVerifier)This method validates the signing certificate and all timestamps.Set<CertificateIdentifier>getSignerInformationStoreInfos()Returns a Set of CertificateIdentifier extracted from a SignerInformationStore of CMS Signed DataList<SignerRole>getSignerRoles()Returns the list of roles of the signer.CertificateTokengetSigningCertificateToken()This method returns the signing certificate token or null if there is no valid signing certificate.StringgetStructureValidationResult()List<TimestampToken>getTimestampsX1()Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.List<TimestampToken>getTimestampsX2()Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).inthashCode()booleanhasLTAProfile()booleanhasLTProfile()booleanhasTProfile()booleanisCounterSignature()Checks if the current signature is a counter signature (i.e. has a Master signature)booleanisDocHashOnlyValidation()Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR).booleanisHashOnlyValidation()Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR).voidprepareOfflineCertificateVerifier(CertificateVerifier certificateVerifier)This method prepares an offline CertificateVerifier.voidprepareTimestamps(ValidationContext validationContext)This method adds to theValidationContextall timestamps to be validated.voidsetContainerContents(List<DSSDocument> containerContents)This method allows to set the container contents in the case of ASiC signature.voidsetDetachedContents(List<DSSDocument> detachedContents)This method allows to set the signed contents in the case of the detached signature.voidsetManifestFiles(List<ManifestFile> manifestFiles)This method allows to set the manifest files in the case of ASiC-E signature.voidsetMasterSignature(AdvancedSignature masterSignature)This setter allows to indicate the master signature.voidsetProvidedSigningCertificateToken(CertificateToken certificateToken)This method allows to provide a signing certificate to be used in the validation process.voidsetSignatureFilename(String signatureFilename)This method allows to set the signature filename (useful in case of ASiC)StringtoString()voidvalidateStructure()This method allows the structure validation of the signature.Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface eu.europa.esig.dss.validation.AdvancedSignature
checkSignatureIntegrity, checkSignaturePolicy, getCertificateSource, getCertifiedSignerRoles, getClaimedSignerRoles, getCommitmentTypeIndications, getContentHints, getContentIdentifier, getContentType, getCounterSignatures, getCRLSource, getDAIdentifier, getDataFoundUpToLevel, getDigestAlgorithm, getEncryptionAlgorithm, getMaskGenerationFunction, getMimeType, getOCSPSource, getReferenceValidations, getSignatureAlgorithm, getSignatureDigestReference, getSignatureForm, getSignatureLevels, getSignatureProductionPlace, getSignatureValue, getSignedAssertions, getSigningTime, getTimestampSource
-
Field Details
-
providedSigningCertificateToken
In the case of a non AdES signature the signing certificate is not mandatory within the signature and can be provided by the driving application. -
detachedContents
In case of a detached signature this is the signed document. -
manifestFiles
In case of a ASiC-E signature this is the list of found manifest files. -
referenceValidations
This variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES) -
signatureCryptographicVerification
This variable contains the result of the signature mathematical validation. It is initialised when the methodcheckSignatureIntegrityis called. -
structureValidation
-
offlineCertificateSource
-
signatureCRLSource
-
signatureOCSPSource
-
signatureTimestampSource
-
signaturePolicy
-
signatureIdentifier
-
-
Constructor Details
-
DefaultAdvancedSignature
public DefaultAdvancedSignature()
-
-
Method Details
-
buildSignatureIdentifier
Build and definessignatureIdentifiervalue -
getSignatureFilename
Description copied from interface:AdvancedSignatureThis method returns the signature filename (useful for ASiC and multiple signature files)- Specified by:
getSignatureFilenamein interfaceAdvancedSignature- Returns:
- the signature filename
-
setSignatureFilename
Description copied from interface:AdvancedSignatureThis method allows to set the signature filename (useful in case of ASiC)- Specified by:
setSignatureFilenamein interfaceAdvancedSignature
-
getDetachedContents
- Specified by:
getDetachedContentsin interfaceAdvancedSignature- Returns:
- in the case of the detached signature this is the
Listof signed contents.
-
setDetachedContents
Description copied from interface:AdvancedSignatureThis method allows to set the signed contents in the case of the detached signature.- Specified by:
setDetachedContentsin interfaceAdvancedSignature- Parameters:
detachedContents-ListofDSSDocumentrepresenting the signed detached contents.
-
getContainerContents
- Specified by:
getContainerContentsin interfaceAdvancedSignature- Returns:
- in case of ASiC signature returns a list of container documents
-
setContainerContents
Description copied from interface:AdvancedSignatureThis method allows to set the container contents in the case of ASiC signature.- Specified by:
setContainerContentsin interfaceAdvancedSignature- Parameters:
containerContents-ListofDSSDocumentrepresenting the container contents.
-
setManifestFiles
Description copied from interface:AdvancedSignatureThis method allows to set the manifest files in the case of ASiC-E signature.- Specified by:
setManifestFilesin interfaceAdvancedSignature- Parameters:
manifestFiles-ListofManifestFiles
-
getDSSId
Description copied from interface:AdvancedSignatureThis method returns theSignatureIdentifier.- Specified by:
getDSSIdin interfaceAdvancedSignature- Returns:
- unique
SignatureIdentifier
-
getId
Description copied from interface:AdvancedSignatureThis method returns the DSS unique signature id. It allows to unambiguously identify each signature.- Specified by:
getIdin interfaceAdvancedSignature- Returns:
- The signature unique Id
-
getManifestedDocuments
- Specified by:
getManifestedDocumentsin interfaceAdvancedSignature- Returns:
- in case of ASiC-E signature returns a list of
DSSDocuments contained in the related signature manifest
-
getCompleteCertificateSource
Description copied from interface:AdvancedSignatureGets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objects- Specified by:
getCompleteCertificateSourcein interfaceAdvancedSignature- Returns:
ListCertificateSource
-
getCertificateSourcesExceptLastArchiveTimestamp
-
getCompleteCRLSource
Description copied from interface:AdvancedSignatureGets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objects- Specified by:
getCompleteCRLSourcein interfaceAdvancedSignature- Returns:
ListRevocationSource
-
getCompleteOCSPSource
Description copied from interface:AdvancedSignatureGets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objects- Specified by:
getCompleteOCSPSourcein interfaceAdvancedSignature- Returns:
ListRevocationSource
-
getCandidatesForSigningCertificate
ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.- Specified by:
getCandidatesForSigningCertificatein interfaceAdvancedSignature- Returns:
-
prepareOfflineCertificateVerifier
This method prepares an offline CertificateVerifier. The instance is used to know if all required revocation data are present- Parameters:
certificateVerifier- the configured CertificateVerifier with all external sources
-
getSignatureValidationContext
This method validates the signing certificate and all timestamps.- Returns:
- signature validation context containing all certificates and revocation data used during the validation process.
-
getCertificates
Returns an unmodifiable list of all certificate tokens encapsulated in the signature- Specified by:
getCertificatesin interfaceAdvancedSignature- Returns:
- a list of certificate contained within the signature
- See Also:
AdvancedSignature.getCertificates()
-
setMasterSignature
Description copied from interface:AdvancedSignatureThis setter allows to indicate the master signature. It means that this is a countersignature.- Specified by:
setMasterSignaturein interfaceAdvancedSignature- Parameters:
masterSignature-AdvancedSignature
-
getMasterSignature
- Specified by:
getMasterSignaturein interfaceAdvancedSignature- Returns:
AdvancedSignature
-
isCounterSignature
public boolean isCounterSignature()Description copied from interface:AdvancedSignatureChecks if the current signature is a counter signature (i.e. has a Master signature)- Specified by:
isCounterSignaturein interfaceAdvancedSignature- Returns:
- TRUE if it is a counter signature, FALSE otherwise
-
getSignatureCryptographicVerification
- Specified by:
getSignatureCryptographicVerificationin interfaceAdvancedSignature- Returns:
- SignatureCryptographicVerification with all the information collected during the validation process.
-
getSignerRoles
Description copied from interface:AdvancedSignatureReturns the list of roles of the signer.- Specified by:
getSignerRolesin interfaceAdvancedSignature- Returns:
- list of the
SignerRoles
-
getProvidedSigningCertificateToken
- Specified by:
getProvidedSigningCertificateTokenin interfaceAdvancedSignature- Returns:
- This method returns the provided signing certificate or
null
-
setProvidedSigningCertificateToken
Description copied from interface:AdvancedSignatureThis method allows to provide a signing certificate to be used in the validation process. It can happen in the case of a non-AdES signature without the signing certificate within the signature.- Specified by:
setProvidedSigningCertificateTokenin interfaceAdvancedSignature- Parameters:
certificateToken-CertificateTokenrepresenting the signing certificate token.
-
getSigningCertificateToken
Description copied from interface:AdvancedSignatureThis method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the methodcheckSignatureIntegritymust be called.- Specified by:
getSigningCertificateTokenin interfaceAdvancedSignature- Returns:
-
prepareTimestamps
This method adds to theValidationContextall timestamps to be validated.- Specified by:
prepareTimestampsin interfaceAdvancedSignature- Parameters:
validationContext-ValidationContextto which the timestamps must be added
-
validateStructure
public void validateStructure()Description copied from interface:AdvancedSignatureThis method allows the structure validation of the signature.- Specified by:
validateStructurein interfaceAdvancedSignature
-
getStructureValidationResult
- Specified by:
getStructureValidationResultin interfaceAdvancedSignature
-
getPolicyId
Description copied from interface:AdvancedSignatureReturns the Signature Policy OID from the signature.- Specified by:
getPolicyIdin interfaceAdvancedSignature- Returns:
SignaturePolicy
-
findSignatureScope
- Specified by:
findSignatureScopein interfaceAdvancedSignature
-
getSignatureScopes
- Specified by:
getSignatureScopesin interfaceAdvancedSignature
-
getContentTimestamps
Description copied from interface:AdvancedSignatureReturns the content timestamps- Specified by:
getContentTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getSignatureTimestamps
Description copied from interface:AdvancedSignatureReturns the signature timestamps- Specified by:
getSignatureTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getTimestampsX1
Description copied from interface:AdvancedSignatureReturns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.- Specified by:
getTimestampsX1in interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getTimestampsX2
Description copied from interface:AdvancedSignatureReturns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).- Specified by:
getTimestampsX2in interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getArchiveTimestamps
Description copied from interface:AdvancedSignatureReturns the archive Timestamps- Specified by:
getArchiveTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
getDocumentTimestamps
Description copied from interface:AdvancedSignatureReturns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES- Specified by:
getDocumentTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
getAllTimestamps
Description copied from interface:AdvancedSignatureReturns a list of all timestamps found in the signature- Specified by:
getAllTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
addExternalTimestamp
Description copied from interface:AdvancedSignatureThis method allows to add an external timestamp. The given timestamp must be processed before.- Specified by:
addExternalTimestampin interfaceAdvancedSignature- Parameters:
timestamp- the timestamp token
-
hasTProfile
public boolean hasTProfile() -
hasLTProfile
public boolean hasLTProfile() -
areAllSelfSignedCertificates
public boolean areAllSelfSignedCertificates()Description copied from interface:AdvancedSignatureChecks if all certificate chains present in the signature are self-signed- Specified by:
areAllSelfSignedCertificatesin interfaceAdvancedSignature- Returns:
- TRUE if all certificates are self-signed, false otherwise
-
hasLTAProfile
public boolean hasLTAProfile() -
isDocHashOnlyValidation
public boolean isDocHashOnlyValidation()Description copied from interface:AdvancedSignatureReturns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)- Specified by:
isDocHashOnlyValidationin interfaceAdvancedSignature- Returns:
- true of it is DocHashOnly validation, false otherwise
-
isHashOnlyValidation
public boolean isHashOnlyValidation()Description copied from interface:AdvancedSignatureReturns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.- Specified by:
isHashOnlyValidationin interfaceAdvancedSignature- Returns:
- true of it is HashOnly validation, false otherwise
-
getMessageDigestValue
public byte[] getMessageDigestValue()Description copied from interface:AdvancedSignatureReturns a digest value incorporated in an attribute "message-digest" in CMS Signed Data- Specified by:
getMessageDigestValuein interfaceAdvancedSignature- Returns:
- a byte array representing a signed content digest value
-
getSignerInformationStoreInfos
Description copied from interface:AdvancedSignatureReturns a Set of CertificateIdentifier extracted from a SignerInformationStore of CMS Signed Data- Specified by:
getSignerInformationStoreInfosin interfaceAdvancedSignature- Returns:
- a Set of
CertificateIdentifiers
-
getPdfRevision
Description copied from interface:AdvancedSignatureRetrieves a PdfRevision (PAdES) related to the current signature- Specified by:
getPdfRevisionin interfaceAdvancedSignature- Returns:
PdfRevision
-
equals
-
hashCode
public int hashCode() -
toString
-