Package eu.europa.esig.dss.xades.validation

Class XAdESSignature

java.lang.Object

eu.europa.esig.dss.validation.DefaultAdvancedSignature

eu.europa.esig.dss.xades.validation.XAdESSignature

All Implemented Interfaces:

AdvancedSignature, Serializable

public class XAdESSignature
extends DefaultAdvancedSignature

Parse an XAdES signature structure. Note that for each signature to be validated a new instance of this object must be created.

See Also:

Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.validation.DefaultAdvancedSignature

detachedContents, manifestFiles, offlineCertificateSource, providedSigningCertificateToken, referenceValidations, signatureCRLSource, signatureCryptographicVerification, signatureIdentifier, signatureOCSPSource, signaturePolicy, signatureTimestampSource, structureValidation

Constructor Summary

Constructors

Constructor	Description
XAdESSignature(Element signatureElement)	This constructor is used when creating the signature.
XAdESSignature(Element signatureElement, List<XAdESPaths> xadesPathsHolders)	The default constructor for XAdESSignature.

Method Summary

Modifier and Type	Method	Description
protected SignatureIdentifier	buildSignatureIdentifier()	Build and defines signatureIdentifier value
void	checkSignatureIntegrity()	Verifies the signature integrity; checks if the signed content has not been tampered with.
void	checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider)
SignatureCertificateSource	getCertificateSource()	Gets a certificate source which contains ALL certificates embedded in the signature.
Element	getCertificateValues()
List<SignerRole>	getCertifiedSignerRoles()	Returns the certified roles of the signer.
List<SignerRole>	getClaimedSignerRoles()	Returns the claimed roles of the signer.
List<CommitmentTypeIndication>	getCommitmentTypeIndications()	This method obtains the information concerning commitment type indication linked to the signature
Element	getCompleteCertificateRefs()
Element	getCompleteRevocationRefs()
String	getContentHints()
String	getContentIdentifier()
String	getContentType()	Returns the value of the signed attribute content-type
List<AdvancedSignature>	getCounterSignatures()	This method retrieves the potential countersignatures embedded in the XAdES signature document.
OfflineCRLSource	getCRLSource()	Gets a CRL source which contains ALL CRLs embedded in the signature.
String	getDAIdentifier()	This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
SignatureLevel	getDataFoundUpToLevel()	This method returns the signature level
DigestAlgorithm	getDigestAlgorithm()	Retrieves the digest algorithm used for generating the signature.
EncryptionAlgorithm	getEncryptionAlgorithm()	Retrieves the encryption algorithm used for generating the signature.
Element	getLastTimestampValidationData()	This method returns the last timestamp validation data for an archive timestamp.
Node	getManifestById(String uri)
List<ReferenceValidation>	getManifestReferences(Node manifestNode)	Returns a list of all references contained in the given manifest
MaskGenerationFunction	getMaskGenerationFunction()	Retrieves the mask generation function used for generating the signature.
String	getMimeType()	Returns the value of the signed attribute mime-type
Node	getObjectById(String uri)
NodeList	getObjects()	This method returns the list of ds:Object elements for the current signature element.
OfflineOCSPSource	getOCSPSource()	Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
List<org.apache.xml.security.signature.Reference>	getReferences()
List<ReferenceValidation>	getReferenceValidations()	Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)
Element	getRevocationValues()
NodeList	getSigAndRefsTimeStamp()
SignatureAlgorithm	getSignatureAlgorithm()	Retrieves the signature algorithm (or cipher) used for generating the signature.
SignatureDigestReference	getSignatureDigestReference(DigestAlgorithm digestAlgorithm)	TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents.
Element	getSignatureElement()	Returns the w3c.dom encapsulated signature element.
SignatureForm	getSignatureForm()	Specifies the format of the signature
SignatureLevel[]	getSignatureLevels()
List<Element>	getSignatureObjects()
SignatureProductionPlace	getSignatureProductionPlace()	Returns information about the place where the signature was generated
byte[]	getSignatureValue()	Returns the digital signature value
String	getSignatureValueBase64()	Returns a base64 SignatureValue
String	getSignatureValueId()
List<SignerRole>	getSignedAssertions()	Returns the list of embeded signed assertions.
List<String>	getSignedDataObjectProperties()
List<String>	getSignedProperties()
List<String>	getSignedSignatureProperties()
Date	getSigningTime()	Returns the signing time included within the signature.
XAdESTimestampSource	getTimestampSource()	Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
List<String>	getUnsignedProperties()
List<String>	getUnsignedSignatureProperties()	Retrieves the name of each node found under the unsignedSignatureProperties element
DSSNamespace	getXadesNamespace()
XAdESPaths	getXAdESPaths()
DSSNamespace	getXmldSigNamespace()
boolean	hasBProfile()	Checks the presence of ... segment in the signature, what is the proof -B profile existence
boolean	hasCProfile()	Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence
boolean	hasXProfile()	Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence
void	recursiveNamespaceBrowser(Element element)	This method sets the namespace which will determinate the XAdESPaths to use.
void	registerXAdESPaths(XAdESPaths xadesPaths)	This method allows to register a new XAdESPaths.
void	resetCertificateSource()	This method resets the source of certificates.
void	resetRevocationSources()	This method resets the sources of the revocation data.
void	resetTimestampSource()	This method resets the timestamp source.
void	setDisableXSWProtection(boolean disableXSWProtection)	NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW).
void	validateStructure()	This method allows the structure validation of the signature.

Methods inherited from class eu.europa.esig.dss.validation.DefaultAdvancedSignature

addExternalTimestamp, areAllSelfSignedCertificates, equals, findSignatureScope, getAllTimestamps, getArchiveTimestamps, getCandidatesForSigningCertificate, getCertificates, getCertificateSourcesExceptLastArchiveTimestamp, getCompleteCertificateSource, getCompleteCRLSource, getCompleteOCSPSource, getContainerContents, getContentTimestamps, getDetachedContents, getDocumentTimestamps, getDSSId, getId, getManifestedDocuments, getMasterSignature, getMessageDigestValue, getPdfRevision, getPolicyId, getProvidedSigningCertificateToken, getSignatureCryptographicVerification, getSignatureFilename, getSignatureScopes, getSignatureTimestamps, getSignatureValidationContext, getSignerInformationStoreInfos, getSignerRoles, getSigningCertificateToken, getStructureValidationResult, getTimestampsX1, getTimestampsX2, hashCode, hasLTAProfile, hasLTProfile, hasTProfile, isCounterSignature, isDocHashOnlyValidation, isHashOnlyValidation, prepareOfflineCertificateVerifier, prepareTimestamps, setContainerContents, setDetachedContents, setManifestFiles, setMasterSignature, setProvidedSigningCertificateToken, setSignatureFilename, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

XAdESSignature

public XAdESSignature(Element signatureElement)

This constructor is used when creating the signature. The default XPathQueryHolder is set.

Parameters:

signatureElement - the signature DOM element

XAdESSignature

public XAdESSignature(Element signatureElement, List<XAdESPaths> xadesPathsHolders)

The default constructor for XAdESSignature.

Parameters:

signatureElement - the signature DOM element

xadesPathsHolders - List of XAdESPaths to use when handling signature

Method Details

setDisableXSWProtection

public void setDisableXSWProtection(boolean disableXSWProtection)

NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW). It disables the research by XPath expression for defined Type attributes.

Parameters:

disableXSWProtection - true to disable the protection

recursiveNamespaceBrowser

public void recursiveNamespaceBrowser(Element element)

This method sets the namespace which will determinate the XAdESPaths to use. The content of the Transform element is ignored.

Parameters:

element -

getXAdESPaths

public XAdESPaths getXAdESPaths()

getXmldSigNamespace

public DSSNamespace getXmldSigNamespace()

getXadesNamespace

public DSSNamespace getXadesNamespace()

getSignatureElement

public Element getSignatureElement()

Returns the w3c.dom encapsulated signature element.

Returns:

the signatureElement

getSignatureForm

public SignatureForm getSignatureForm()

Description copied from interface: AdvancedSignature

Specifies the format of the signature

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the encryption algorithm used for generating the signature.

Returns:

EncryptionAlgorithm

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the digest algorithm used for generating the signature.

Returns:

DigestAlgorithm

getMaskGenerationFunction

public MaskGenerationFunction getMaskGenerationFunction()

Description copied from interface: AdvancedSignature

Retrieves the mask generation function used for generating the signature.

Returns:

MaskGenerationFunction

getSignatureAlgorithm

public SignatureAlgorithm getSignatureAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the signature algorithm (or cipher) used for generating the signature.

Returns:

SignatureAlgorithm

getCertificateSource

public SignatureCertificateSource getCertificateSource()

Description copied from interface: AdvancedSignature

Gets a certificate source which contains ALL certificates embedded in the signature.

Returns:

resetCertificateSource

public void resetCertificateSource()

This method resets the source of certificates. It must be called when any certificate is added to the KeyInfo or CertificateValues.

getCRLSource

public OfflineCRLSource getCRLSource()

Description copied from interface: AdvancedSignature

Gets a CRL source which contains ALL CRLs embedded in the signature.

Returns:

OfflineRevocationSource

getOCSPSource

public OfflineOCSPSource getOCSPSource()

Description copied from interface: AdvancedSignature

Gets an OCSP source which contains ALL OCSP responses embedded in the signature.

Returns:

OfflineRevocationSource

resetRevocationSources

public void resetRevocationSources()

This method resets the sources of the revocation data. It must be called when -LT level is created.

getTimestampSource

public XAdESTimestampSource getTimestampSource()

Description copied from interface: AdvancedSignature

Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.

Returns:

SignatureTimestampSource

resetTimestampSource

public void resetTimestampSource()

This method resets the timestamp source. It must be called when -LT level is created.

getSigningTime

public Date getSigningTime()

Description copied from interface: AdvancedSignature

Returns the signing time included within the signature.

Returns:

Date representing the signing time or null

checkSignaturePolicy

public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider)

getSignatureProductionPlace

public SignatureProductionPlace getSignatureProductionPlace()

Description copied from interface: AdvancedSignature

Returns information about the place where the signature was generated

Returns:

SignatureProductionPlace

getSignedAssertions

public List<SignerRole> getSignedAssertions()

Description copied from interface: AdvancedSignature

Returns the list of embeded signed assertions.

Returns:

list of the assertions s

getClaimedSignerRoles

public List<SignerRole> getClaimedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the claimed roles of the signer.

Returns:

list of the SignerRoles

getCertifiedSignerRoles

public List<SignerRole> getCertifiedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the certified roles of the signer.

Returns:

list of the SignerRoles

getContentType

public String getContentType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute content-type

Returns:

content type as String

getMimeType

public String getMimeType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute mime-type

Returns:

mime type as String

getContentIdentifier

public String getContentIdentifier()

Returns:

content identifier as String

getContentHints

public String getContentHints()

Returns:

content hints as String

getSignatureValueBase64

public String getSignatureValueBase64()

Returns a base64 SignatureValue

Returns:

base64 String

getSignatureValue

public byte[] getSignatureValue()

Description copied from interface: AdvancedSignature

Returns the digital signature value

Returns:

digital signature value byte array

getSignatureValueId

public String getSignatureValueId()

getObjects

public NodeList getObjects()

This method returns the list of ds:Object elements for the current signature element.

Returns:

getCompleteCertificateRefs

public Element getCompleteCertificateRefs()

getCompleteRevocationRefs

public Element getCompleteRevocationRefs()

getSigAndRefsTimeStamp

public NodeList getSigAndRefsTimeStamp()

getCertificateValues

public Element getCertificateValues()

getRevocationValues

public Element getRevocationValues()

hasBProfile

public boolean hasBProfile()

Checks the presence of ... segment in the signature, what is the proof -B profile existence

Returns:

true if B Profile is detected

hasCProfile

public boolean hasCProfile()

Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence

Returns:

true if C Profile is detected

hasXProfile

public boolean hasXProfile()

Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence

Returns:

true if the -X extension is present

checkSignatureIntegrity

public void checkSignatureIntegrity()

Description copied from interface: AdvancedSignature

Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations()

Description copied from interface: AdvancedSignature

Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)

Returns:

a list with one or more ReferenceValidation

getSignatureDigestReference

public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)

TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents. The canonicalization shall be computed keeping this ds:Signature element as a descendant of the XML root element, without detaching it.

Parameters:

digestAlgorithm - DigestAlgorithm to use

Returns:

SignatureDigestReference

getManifestReferences

public List<ReferenceValidation> getManifestReferences(Node manifestNode)

Returns a list of all references contained in the given manifest

Parameters:

manifestNode - Node to get references from

Returns:

list of ReferenceValidation objects

getObjectById

public Node getObjectById(String uri)

getManifestById

public Node getManifestById(String uri)

getCounterSignatures

public List<AdvancedSignature> getCounterSignatures()

This method retrieves the potential countersignatures embedded in the XAdES signature document. From ETSI TS 101 903 v1.4.2: 7.2.4.1 Countersignature identifier in Type attribute of ds:Reference A XAdES signature containing a ds:Reference element whose Type attribute has value "http://uri.etsi.org/01903#CountersignedSignature" will indicate that is is, in fact, a countersignature of the signature referenced by this element. 7.2.4.2 Enveloped countersignatures: the CounterSignature element The CounterSignature is an unsigned property that qualifies the signature. A XAdES signature MAY have more than one CounterSignature properties. As indicated by its name, it contains one countersignature of the qualified signature.

Returns:

a list containing the countersignatures embedded in the XAdES signature document

buildSignatureIdentifier

protected SignatureIdentifier buildSignatureIdentifier()

Description copied from class: DefaultAdvancedSignature

Build and defines signatureIdentifier value

Specified by:

buildSignatureIdentifier in class DefaultAdvancedSignature

getDAIdentifier

public String getDAIdentifier()

Description copied from interface: AdvancedSignature

This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES

Returns:

The signature identifier

getUnsignedSignatureProperties

public List<String> getUnsignedSignatureProperties()

Retrieves the name of each node found under the unsignedSignatureProperties element

Returns:

an ArrayList containing the retrieved node names

getSignedSignatureProperties

public List<String> getSignedSignatureProperties()

getSignedProperties

public List<String> getSignedProperties()

getUnsignedProperties

public List<String> getUnsignedProperties()

getSignedDataObjectProperties

public List<String> getSignedDataObjectProperties()

getDataFoundUpToLevel

public SignatureLevel getDataFoundUpToLevel()

Description copied from interface: AdvancedSignature

This method returns the signature level

Returns:

a value of SignatureLevel

getSignatureLevels

public SignatureLevel[] getSignatureLevels()

Returns:

the list of signature levels for this type of signature, in the simple to complete order. Example: B,T,LT,LTA

validateStructure

public void validateStructure()

Description copied from interface: AdvancedSignature

This method allows the structure validation of the signature.

Specified by:

validateStructure in interface AdvancedSignature

Overrides:

validateStructure in class DefaultAdvancedSignature

getLastTimestampValidationData

public Element getLastTimestampValidationData()

This method returns the last timestamp validation data for an archive timestamp.

Returns:

getCommitmentTypeIndications

public List<CommitmentTypeIndication> getCommitmentTypeIndications()

Description copied from interface: AdvancedSignature

This method obtains the information concerning commitment type indication linked to the signature

Returns:

a list of CommitmentTypeIndications

getReferences

public List<org.apache.xml.security.signature.Reference> getReferences()

getSignatureObjects

public List<Element> getSignatureObjects()

Returns:

registerXAdESPaths

public void registerXAdESPaths(XAdESPaths xadesPaths)

This method allows to register a new XAdESPaths.

Parameters:

xadesPaths - XAdESPaths to register