Package eu.europa.esig.dss.cades.validation

Class CAdESSignature

java.lang.Object

eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

eu.europa.esig.dss.cades.validation.CAdESSignature

All Implemented Interfaces:

IdentifierBasedObject, AdvancedSignature, Serializable

Direct Known Subclasses:

PAdESSignature

public class CAdESSignature
extends DefaultAdvancedSignature

CAdES Signature class helper

See Also:

• Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

counterSignatures, detachedContents, manifestFile, offlineCertificateSource, referenceValidations, signatureCRLSource, signatureCryptographicVerification, signatureIdentifier, signatureOCSPSource, signaturePolicy, signatureTimestampSource, signingCertificateSource, structureValidationMessages

Constructor Summary

Constructors

Constructor	Description
CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation)	The default constructor for CAdESSignature.

Method Summary

Modifier and Type	Method	Description
void	addExternalTimestamp(TimestampToken timestamp)	This method allows to add an external timestamp.
protected SignaturePolicy	buildSignaturePolicy()	This method extracts a signature policy from a signature and builds the object
void	checkSignatureIntegrity()	Verifies the signature integrity; checks if the signed content has not been tampered with.
protected CAdESBaselineRequirementsChecker	createBaselineRequirementsChecker(CertificateVerifier certificateVerifier)	Instantiates a BaselineRequirementsChecker according to the signature format
protected List<SignatureScope>	findSignatureScopes()	Finds signature scopes
protected CAdESBaselineRequirementsChecker	getBaselineRequirementsChecker()	Returns a cached instance of the BaselineRequirementsChecker
SignatureCertificateSource	getCertificateSource()	Gets a certificate source which contains ALL certificates embedded in the signature.
List<SignerRole>	getCertifiedSignerRoles()	Returns the certified roles of the signer.
List<SignerRole>	getClaimedSignerRoles()	Returns the claimed roles of the signer.
org.bouncycastle.cms.CMSSignedData	getCmsSignedData()	Gets CMSSignedData
List<CommitmentTypeIndication>	getCommitmentTypeIndications()	This method obtains the information concerning commitment type indication linked to the signature
String	getContentHints()	Gets Content Hints
String	getContentIdentifier()	Gets ContentIdentifier String
String	getContentType()	Returns the value of the signed attribute content-type
List<AdvancedSignature>	getCounterSignatures()	Returns a list of counter signatures applied to this signature
protected org.bouncycastle.cms.SignerInformationStore	getCounterSignatureStore()	Returns a SignerInformationStore containing counter signatures
OfflineCRLSource	getCRLSource()	Gets a CRL source which contains ALL CRLs embedded in the signature.
String	getDAIdentifier()	This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
SignatureLevel	getDataFoundUpToLevel()	This method returns the signature level
Digest	getDataToBeSignedRepresentation()	TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.
DigestAlgorithm	getDigestAlgorithm()	Retrieves the digest algorithm used for generating the signature.
EncryptionAlgorithm	getEncryptionAlgorithm()	Retrieves the encryption algorithm used for generating the signature.
MaskGenerationFunction	getMaskGenerationFunction()	Deprecated.
Set<DigestAlgorithm>	getMessageDigestAlgorithms()	Returns a set of used DigestAlgorithms incorporated into the CMSSignedData
byte[]	getMessageDigestValue()	Returns a digest value incorporated in an attribute "message-digest" in CMS Signed Data
String	getMimeType()	Returns the value of the signed attribute mime-type
OfflineOCSPSource	getOCSPSource()	Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
DSSDocument	getOriginalDocument()	Returns the original signed document
List<ReferenceValidation>	getReferenceValidations()	Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)
List<ReferenceValidation>	getReferenceValidations(org.bouncycastle.cms.SignerInformation signerInformationToCheck)	Returns the reference validation
SignatureAlgorithm	getSignatureAlgorithm()	Retrieves the signature algorithm (or cipher) used for generating the signature.
SignatureDigestReference	getSignatureDigestReference(DigestAlgorithm digestAlgorithm)	TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of CAdES signatures, the input to the digest value computation shall be one of the DER-encoded instances of SignedInfo type present within the CMS structure.
SignatureForm	getSignatureForm()	Specifies the format of the signature
protected SignatureIdentifierBuilder	getSignatureIdentifierBuilder()	Returns a builder to define and build a signature Id
SignaturePolicyStore	getSignaturePolicyStore()	Returns the Signature Policy Store from the signature
SignatureProductionPlace	getSignatureProductionPlace()	Returns information about the place where the signature was generated
byte[]	getSignatureValue()	Returns the digital signature value
List<SignerRole>	getSignedAssertions()	Returns the list of embedded signed assertions.
protected DSSDocument	getSignerDocumentContent()	This method extracts a document content that was signed NOTE: Some differences are possible with PAdES
org.bouncycastle.cms.SignerId	getSignerId()	Returns SignerId of the related to the signature signerInformation
org.bouncycastle.cms.SignerInformation	getSignerInformation()	Gets a SignedInformation
Set<SignerIdentifier>	getSignerInformationStoreInfos()	Returns a Set of CertificateIdentifier extracted from a SignerInformationStore of CMS Signed Data
Date	getSigningTime()	Returns the signing time included within the signature.
CAdESTimestampSource	getTimestampSource()	Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
boolean	isCounterSignature()	Checks if the current signature is a counter signature (i.e. has a Master signature)

Methods inherited from class eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

addExternalEvidenceRecord, areAllSelfSignedCertificates, equals, getAllEvidenceRecords, getAllTimestamps, getArchiveTimestamps, getCandidatesForSigningCertificate, getCertificates, getCompleteCertificateSource, getCompleteCRLSource, getCompleteOCSPSource, getContainerContents, getContentTimestamps, getCounterSignaturesCertificateSource, getCounterSignaturesCRLSource, getCounterSignaturesOCSPSource, getDetachedContents, getDetachedEvidenceRecords, getDetachedTimestamps, getDocumentTimestamps, getDSSId, getEmbeddedEvidenceRecords, getId, getManifestFile, getMasterSignature, getSignatureCryptographicVerification, getSignatureFilename, getSignaturePolicy, getSignatureScopes, getSignatureTimestamps, getSignerRoles, getSigningCertificateToken, getStructureValidationResult, getTimestampsX1, getTimestampsX2, hasAProfile, hasBESProfile, hasBProfile, hasCProfile, hasEPESProfile, hasExtendedTProfile, hashCode, hasLTAProfile, hasLTProfile, hasTProfile, hasXLProfile, hasXProfile, initBaselineRequirementsChecker, isDocHashOnlyValidation, isHashOnlyValidation, resetCertificateSource, resetRevocationSources, resetTimestampSource, setContainerContents, setDetachedContents, setManifestFile, setMasterSignature, setSignatureFilename, setSigningCertificateSource, toString, validateStructure

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

CAdESSignature

public CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData,
 org.bouncycastle.cms.SignerInformation signerInformation)

The default constructor for CAdESSignature.

Parameters:

cmsSignedData - CMSSignedData

signerInformation - an expanded SignerInfo block from a CMS Signed message

Method Details

getSignatureForm

public SignatureForm getSignatureForm()

Description copied from interface: AdvancedSignature

Specifies the format of the signature

Returns:

SignatureForm

getCertificateSource

public SignatureCertificateSource getCertificateSource()

Description copied from interface: AdvancedSignature

Gets a certificate source which contains ALL certificates embedded in the signature.

Returns:

SignatureCertificateSource

getCRLSource

public OfflineCRLSource getCRLSource()

Description copied from interface: AdvancedSignature

Gets a CRL source which contains ALL CRLs embedded in the signature.

Returns:

OfflineRevocationSource

getOCSPSource

public OfflineOCSPSource getOCSPSource()

Description copied from interface: AdvancedSignature

Gets an OCSP source which contains ALL OCSP responses embedded in the signature.

Returns:

OfflineRevocationSource

getTimestampSource

public CAdESTimestampSource getTimestampSource()

Description copied from interface: AdvancedSignature

Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.

Returns:

SignatureTimestampSource

getSignerId

public org.bouncycastle.cms.SignerId getSignerId()

Returns SignerId of the related to the signature signerInformation

Returns:

SignerId

findSignatureScopes

protected List<SignatureScope> findSignatureScopes()

Description copied from class: DefaultAdvancedSignature

Finds signature scopes

Specified by:

findSignatureScopes in class DefaultAdvancedSignature

Returns:

a list of SignatureScopes

buildSignaturePolicy

protected SignaturePolicy buildSignaturePolicy()

Description copied from class: DefaultAdvancedSignature

This method extracts a signature policy from a signature and builds the object

Specified by:

buildSignaturePolicy in class DefaultAdvancedSignature

Returns:

SignaturePolicy

getSignaturePolicyStore

public SignaturePolicyStore getSignaturePolicyStore()

Description copied from interface: AdvancedSignature

Returns the Signature Policy Store from the signature

Returns:

SignaturePolicyStore

getSigningTime

public Date getSigningTime()

Description copied from interface: AdvancedSignature

Returns the signing time included within the signature.

Returns:

Date representing the signing time or null

getCmsSignedData

public org.bouncycastle.cms.CMSSignedData getCmsSignedData()

Gets CMSSignedData

Returns:

CMSSignedData the cmsSignedData

getSignatureProductionPlace

public SignatureProductionPlace getSignatureProductionPlace()

Description copied from interface: AdvancedSignature

Returns information about the place where the signature was generated

Returns:

SignatureProductionPlace

getCommitmentTypeIndications

public List<CommitmentTypeIndication> getCommitmentTypeIndications()

Description copied from interface: AdvancedSignature

This method obtains the information concerning commitment type indication linked to the signature

Returns:

a list of CommitmentTypeIndications

getSignedAssertions

public List<SignerRole> getSignedAssertions()

Description copied from interface: AdvancedSignature

Returns the list of embedded signed assertions.

Returns:

list of the assertions s

getClaimedSignerRoles

public List<SignerRole> getClaimedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the claimed roles of the signer.

Returns:

list of the SignerRoles

getCertifiedSignerRoles

public List<SignerRole> getCertifiedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the certified roles of the signer.

Returns:

list of the SignerRoles

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the encryption algorithm used for generating the signature.

Returns:

EncryptionAlgorithm

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the digest algorithm used for generating the signature.

Returns:

DigestAlgorithm

getMaskGenerationFunction

@Deprecated
public MaskGenerationFunction getMaskGenerationFunction()

Deprecated.

Description copied from interface: AdvancedSignature

Retrieves the mask generation function used for generating the signature.

Returns:

MaskGenerationFunction

getSignatureAlgorithm

public SignatureAlgorithm getSignatureAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the signature algorithm (or cipher) used for generating the signature.

Returns:

SignatureAlgorithm

checkSignatureIntegrity

public void checkSignatureIntegrity()

Description copied from interface: AdvancedSignature

Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations(org.bouncycastle.cms.SignerInformation signerInformationToCheck)

Returns the reference validation

Parameters:

signerInformationToCheck - SignerInformation

Returns:

a list of ReferenceValidations

getSignerDocumentContent

protected DSSDocument getSignerDocumentContent()

This method extracts a document content that was signed NOTE: Some differences are possible with PAdES

Returns:

DSSDocument

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations()

Description copied from interface: AdvancedSignature

Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)

Returns:

a list with one or more ReferenceValidation

getSignatureDigestReference

public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)

TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of CAdES signatures, the input to the digest value computation shall be one of the DER-encoded instances of SignedInfo type present within the CMS structure.

Parameters:

digestAlgorithm - DigestAlgorithm to use

Returns:

SignatureDigestReference

getDataToBeSignedRepresentation

public Digest getDataToBeSignedRepresentation()

Description copied from interface: AdvancedSignature

TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.

Returns:

Digest DTBSR, which is then used to create the signature.

getMessageDigestAlgorithms

public Set<DigestAlgorithm> getMessageDigestAlgorithms()

Returns a set of used DigestAlgorithms incorporated into the CMSSignedData

Returns:

a set of DigestAlgorithms

getMessageDigestValue

public byte[] getMessageDigestValue()

Returns a digest value incorporated in an attribute "message-digest" in CMS Signed Data

Returns:

a byte array representing a signed content digest value

getContentType

public String getContentType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute content-type

Returns:

content type as String

getMimeType

public String getMimeType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute mime-type

Returns:

mime type as String

getContentIdentifier

public String getContentIdentifier()

Gets ContentIdentifier String

Returns:

content identifier as String

getContentHints

public String getContentHints()

Gets Content Hints

Returns:

content hints as String

getSignerInformation

public org.bouncycastle.cms.SignerInformation getSignerInformation()

Gets a SignedInformation

Returns:

SignerInformation the signerInformation

getSignatureValue

public byte[] getSignatureValue()

Description copied from interface: AdvancedSignature

Returns the digital signature value

Returns:

digital signature value byte array

isCounterSignature

public boolean isCounterSignature()

Description copied from interface: AdvancedSignature

Checks if the current signature is a counter signature (i.e. has a Master signature)

Specified by:

isCounterSignature in interface AdvancedSignature

Overrides:

isCounterSignature in class DefaultAdvancedSignature

Returns:

TRUE if it is a counter signature, FALSE otherwise

getCounterSignatures

public List<AdvancedSignature> getCounterSignatures()

Description copied from interface: AdvancedSignature

Returns a list of counter signatures applied to this signature

Returns:

a List of AdvancedSignatures representing the counter signatures

getCounterSignatureStore

protected org.bouncycastle.cms.SignerInformationStore getCounterSignatureStore()

Returns a SignerInformationStore containing counter signatures

Returns:

SignerInformationStore

getOriginalDocument

public DSSDocument getOriginalDocument()

Returns the original signed document

Returns:

DSSDocument

getSignatureIdentifierBuilder

protected SignatureIdentifierBuilder getSignatureIdentifierBuilder()

Description copied from class: DefaultAdvancedSignature

Returns a builder to define and build a signature Id

Specified by:

getSignatureIdentifierBuilder in class DefaultAdvancedSignature

Returns:

SignatureIdentifierBuilder

getDAIdentifier

public String getDAIdentifier()

Description copied from interface: AdvancedSignature

This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES

Returns:

The signature identifier

getSignerInformationStoreInfos

public Set<SignerIdentifier> getSignerInformationStoreInfos()

Returns a Set of CertificateIdentifier extracted from a SignerInformationStore of CMS Signed Data

Returns:

a Set of SignerIdentifiers

addExternalTimestamp

public void addExternalTimestamp(TimestampToken timestamp)

Description copied from interface: AdvancedSignature

This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures

Parameters:

timestamp - the timestamp token

getDataFoundUpToLevel

public SignatureLevel getDataFoundUpToLevel()

Description copied from interface: AdvancedSignature

This method returns the signature level

Returns:

a value of SignatureLevel

getBaselineRequirementsChecker

protected CAdESBaselineRequirementsChecker getBaselineRequirementsChecker()

Description copied from class: DefaultAdvancedSignature

Returns a cached instance of the BaselineRequirementsChecker

Overrides:

getBaselineRequirementsChecker in class DefaultAdvancedSignature

Returns:

BaselineRequirementsChecker

createBaselineRequirementsChecker

protected CAdESBaselineRequirementsChecker createBaselineRequirementsChecker(CertificateVerifier certificateVerifier)

Description copied from class: DefaultAdvancedSignature

Instantiates a BaselineRequirementsChecker according to the signature format

Specified by:

createBaselineRequirementsChecker in class DefaultAdvancedSignature

Parameters:

certificateVerifier - CertificateVerifier to be used

Returns:

BaselineRequirementsChecker