Package eu.europa.esig.dss.evidencerecord.common.validation

Class EvidenceRecordTimeStampSequenceVerifier

java.lang.Object

eu.europa.esig.dss.evidencerecord.common.validation.EvidenceRecordTimeStampSequenceVerifier

Direct Known Subclasses:

ASN1EvidenceRecordTimeStampSequenceVerifier, XmlEvidenceRecordTimeStampSequenceVerifier

public abstract class EvidenceRecordTimeStampSequenceVerifier
extends Object

This class performs a verification of complete Evidence Record Archive Time-Stamp Sequence

Field Summary

Fields

Modifier and Type	Field	Description
protected final DefaultEvidenceRecord	evidenceRecord	Evidence record to be validated

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	EvidenceRecordTimeStampSequenceVerifier(DefaultEvidenceRecord evidenceRecord)	Evidence record to be validated

Method Summary

Modifier and Type	Method	Description
protected boolean	checkHashTreeValidity(ArchiveTimeStampObject archiveTimeStamp, ArchiveTimeStampChainObject archiveTimeStampChain)	This method verifies whether the ArchiveTimeStampObject and its hash-tree is valid relatively the parent ArchiveTimeStampChainObject
protected DSSMessageDigest	computeDigestValueGroupHash(DigestAlgorithm digestAlgorithm, DigestValueGroup digestValueGroup, DSSMessageDigest... otherObjectDigests)	Computes a hash value for a group of hashes
protected abstract DSSMessageDigest	computeTimeStampHash(ArchiveTimeStampObject archiveTimeStamp)	Computes hash on archiveTimeStamp element provided the archiveTimeStampChain's attributes
protected abstract DSSMessageDigest	computeTimeStampSequenceHash(ArchiveTimeStampChainObject archiveTimeStampChain)	Computes hash of current ArchiveTimeStampSequenceElement
protected abstract DataObjectDigestBuilder	getDataObjectDigestBuilder(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain)	Returns DataObjectDigestBuilder corresponding to the current implementation
protected byte[]	getDocumentDigest(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain)	Returns digest value for the document
protected List<? extends DigestValueGroup>	getHashTree(List<? extends DigestValueGroup> originalHashTree, List<DSSDocument> detachedContents, ManifestFile manifestFile, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampHash, DSSMessageDigest lastTimeStampSequenceHash)	This method returns a relevant HashTree, and created a "virtual" HashTree when a HashTree is omitted in the TimeStamp
protected List<byte[]>	getLastTimeStampSequenceHashList(DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedDocuments)	Returns a list of hashes computed on a given previous time-stamp sequence hash
protected DSSDocument	getMatchingDocument(Digest digest, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents)	This method returns a document with matching Digest from a provided list of detachedContents
protected DSSDocument	getMatchingDocument(ManifestEntry manifestEntry, List<DSSDocument> detachedContents)	This method returns a matching document for the given manifestEntry
protected ManifestEntry	getMatchingManifestEntry(ManifestFile manifestFile, Digest digest, DSSDocument document)	Returns a validated manifest entry matching the given digest or document
List<ReferenceValidation>	getReferenceValidations()	Gets a list of reference validations
protected List<ReferenceValidation>	validateArchiveDataObjects(DigestValueGroup digestValueGroup, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents, ManifestFile manifestFile)	This method is used to verify archive data objects for presence document digests within digestValueGroup.
protected List<ReferenceValidation>	validateArchiveTimeStampDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampHash)	This method is used to verify presence of ArchiveTimeStamp digests within the reference validation list.
protected List<ReferenceValidation>	validateArchiveTimeStampSequenceDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampSequenceHashes)	This method is used to verify presence of ArchiveTimeStampSequence digests within the reference validation list.
protected void	verify()	Performs verification of the Evidence Record.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

evidenceRecord

protected final DefaultEvidenceRecord evidenceRecord

Evidence record to be validated

Constructor Details

EvidenceRecordTimeStampSequenceVerifier

protected EvidenceRecordTimeStampSequenceVerifier(DefaultEvidenceRecord evidenceRecord)

Evidence record to be validated

Parameters:

evidenceRecord - EvidenceRecord

Method Details

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations()

Gets a list of reference validations

Returns:

a list of ReferenceValidations

verify

protected void verify()

Performs verification of the Evidence Record. Generated reference validations and time-stamp tokens

getHashTree

protected List<? extends DigestValueGroup> getHashTree(List<? extends DigestValueGroup> originalHashTree,
 List<DSSDocument> detachedContents,
 ManifestFile manifestFile,
 ArchiveTimeStampChainObject archiveTimeStampChain,
 DSSMessageDigest lastTimeStampHash,
 DSSMessageDigest lastTimeStampSequenceHash)

This method returns a relevant HashTree, and created a "virtual" HashTree when a HashTree is omitted in the TimeStamp

Parameters:

originalHashTree - a list of DigestValueGroup, representing an original HashTree extracted from a time-stamp token

detachedContents - a list of DSSDocuments, provided to the validation as a detached content

manifestFile - ManifestFile when present

archiveTimeStampChain - ArchiveTimeStampChainObject archive time-stamp chain containing the time-stamp

lastTimeStampHash - DSSMessageDigest digest of the previous archive-time-stamp, when applicable

lastTimeStampSequenceHash - DSSMessageDigest digest of the previous archive-time-stamp-sequence, when applicable

Returns:

a list of DigestValueGroup, representing a HashTree to be used for an archive-time-stamp validation

checkHashTreeValidity

protected boolean checkHashTreeValidity(ArchiveTimeStampObject archiveTimeStamp,
 ArchiveTimeStampChainObject archiveTimeStampChain)

This method verifies whether the ArchiveTimeStampObject and its hash-tree is valid relatively the parent ArchiveTimeStampChainObject

Parameters:

archiveTimeStamp - ArchiveTimeStampObject

archiveTimeStampChain - ArchiveTimeStampChainObject

Returns:

TRUE if the validation succeeds, FALSE otherwise

getLastTimeStampSequenceHashList

protected List<byte[]> getLastTimeStampSequenceHashList(DSSMessageDigest lastTimeStampSequenceHash,
 List<DSSDocument> detachedDocuments)

Returns a list of hashes computed on a given previous time-stamp sequence hash

Parameters:

lastTimeStampSequenceHash - DSSMessageDigest of the previous ArchiveTimeStampSequence

detachedDocuments - a list of detached DSSDocuments

Returns:

a list of byte arrays

getDocumentDigest

protected byte[] getDocumentDigest(DSSDocument document,
 ArchiveTimeStampChainObject archiveTimeStampChain)

Returns digest value for the document

Parameters:

document - DSSDocument to get digest value for

archiveTimeStampChain - ArchiveTimeStampChainObject of the current hashtree

Returns:

byte array representing document digest

getDataObjectDigestBuilder

protected abstract DataObjectDigestBuilder getDataObjectDigestBuilder(DSSDocument document,
 ArchiveTimeStampChainObject archiveTimeStampChain)

Returns DataObjectDigestBuilder corresponding to the current implementation

Parameters:

document - DSSDocument document to build digest for

archiveTimeStampChain - ArchiveTimeStampChainObject of the current hashtree

Returns:

DataObjectDigestBuilder

validateArchiveTimeStampDigest

protected List<ReferenceValidation> validateArchiveTimeStampDigest(List<ReferenceValidation> referenceValidations,
 DSSMessageDigest lastTimeStampHash)

This method is used to verify presence of ArchiveTimeStamp digests within the reference validation list. If entry is not present, created one, when applicable

Parameters:

referenceValidations - a list of ReferenceValidations

lastTimeStampHash - DSSMessageDigest

Returns:

an updated list of ReferenceValidations

validateArchiveTimeStampSequenceDigest

protected List<ReferenceValidation> validateArchiveTimeStampSequenceDigest(List<ReferenceValidation> referenceValidations,
 DSSMessageDigest lastTimeStampSequenceHashes)

This method is used to verify presence of ArchiveTimeStampSequence digests within the reference validation list. If entry is not present, created one, when applicable

Parameters:

referenceValidations - a list of ReferenceValidations

lastTimeStampSequenceHashes - DSSMessageDigest

Returns:

an updated list of ReferenceValidations

validateArchiveDataObjects

protected List<ReferenceValidation> validateArchiveDataObjects(DigestValueGroup digestValueGroup,
 ArchiveTimeStampChainObject archiveTimeStampChain,
 DSSMessageDigest lastTimeStampSequenceHash,
 List<DSSDocument> detachedContents,
 ManifestFile manifestFile)

This method is used to verify archive data objects for presence document digests within digestValueGroup.

Parameters:

digestValueGroup - DigestValueGroup to find document corresponding digest in

archiveTimeStampChain - ArchiveTimeStampChainObject defines configuration for validation

lastTimeStampSequenceHash - DSSMessageDigest hash of the last archive time-stamp sequence

detachedContents - a list of detached DSSDocuments

manifestFile - ManifestFile, when present

Returns:

a list of ReferenceValidations

getMatchingManifestEntry

protected ManifestEntry getMatchingManifestEntry(ManifestFile manifestFile,
 Digest digest,
 DSSDocument document)

Returns a validated manifest entry matching the given digest or document

Parameters:

manifestFile - ManifestFile

digest - Digest

document - DSSDocument

Returns:

ManifestEntry, if found

getMatchingDocument

protected DSSDocument getMatchingDocument(Digest digest,
 ArchiveTimeStampChainObject archiveTimeStampChain,
 DSSMessageDigest lastTimeStampSequenceHash,
 List<DSSDocument> detachedContents)

This method returns a document with matching Digest from a provided list of detachedContents

Parameters:

digest - Digest to check

archiveTimeStampChain - ArchiveTimeStampChainObject defines configuration for validation

lastTimeStampSequenceHash - DSSMessageDigest hash of the last archive time-stamp sequence

detachedContents - a list of DSSDocuments

Returns:

DSSDocument if matching document found, NULL otherwise

getMatchingDocument

protected DSSDocument getMatchingDocument(ManifestEntry manifestEntry,
 List<DSSDocument> detachedContents)

This method returns a matching document for the given manifestEntry

Parameters:

manifestEntry - ManifestEntry to get matching document for

detachedContents - a list of DSSDocuments provided within a container

Returns:

DSSDocument matching document when found, NULL otherwise

computeTimeStampHash

protected abstract DSSMessageDigest computeTimeStampHash(ArchiveTimeStampObject archiveTimeStamp)

Computes hash on archiveTimeStamp element provided the archiveTimeStampChain's attributes

Parameters:

archiveTimeStamp - ArchiveTimeStampObject to compute hash on

Returns:

DSSMessageDigest

computeTimeStampSequenceHash

protected abstract DSSMessageDigest computeTimeStampSequenceHash(ArchiveTimeStampChainObject archiveTimeStampChain)

Computes hash of current ArchiveTimeStampSequenceElement

Parameters:

archiveTimeStampChain - ArchiveTimeStampChainObject to compute hash for

Returns:

DSSMessageDigest

computeDigestValueGroupHash

protected DSSMessageDigest computeDigestValueGroupHash(DigestAlgorithm digestAlgorithm,
 DigestValueGroup digestValueGroup,
 DSSMessageDigest... otherObjectDigests)

Computes a hash value for a group of hashes

Parameters:

digestAlgorithm - DigestAlgorithm to be used for a hash computation

digestValueGroup - DigestValueGroup containing grouped elements from a hash tree

otherObjectDigests - additional hash values obtained from other computations

Returns:

DSSMessageDigest