Package eu.europa.esig.dss.spi.signature
Interface AdvancedSignature
- All Superinterfaces:
IdentifierBasedObject,Serializable
- All Known Implementing Classes:
CAdESSignature,DefaultAdvancedSignature,JAdESSignature,PAdESSignature,XAdESSignature
Provides an abstraction for an Advanced Electronic Signature. This ease the validation process. Every signature
format : XAdES, CAdES and PAdES are treated the same.
-
Method Summary
Modifier and TypeMethodDescriptionvoidaddExternalEvidenceRecord(EvidenceRecord evidenceRecord) Adds an evidence record covering the signature filevoidaddExternalTimestamp(TimestampToken timestamp) This method allows to add an external timestamp.booleanChecks if all certificate chains present in the signature are self-signedvoidVerifies the signature integrity; checks if the signed content has not been tampered with.Returns a list of all evidence recordsReturns a list of all timestamps found in the signatureReturns the archive TimestampsGets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature.Get certificates embedded in the signatureGets a certificate source which contains ALL certificates embedded in the signature.Returns the certified roles of the signer.Returns the claimed roles of the signer.This method obtains the information concerning commitment type indication linked to the signatureGets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objectsGets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objectsGets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objectsReturns container's contentReturns the content timestampsReturns the value of the signed attribute content-typeReturns a list of counter signatures applied to this signatureGets a CRL source which contains ALL CRLs embedded in the signature.This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdESThis method returns the signature levelTS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.Returns detached contentsReturns a list of detached evidence recordsReturns a list of detached timestamps NOTE: used for ASiC with CAdES onlyRetrieves the digest algorithm used for generating the signature.Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdESgetDSSId()This method returns theSignatureIdentifier.Returns a list of embedded evidence recordsRetrieves the encryption algorithm used for generating the signature.getId()This method returns the DSS unique signature id.This method returns a relatedManifestFilein the case of ASiC-E signature.Deprecated.since DSS 6.1.Gets master signatureReturns the value of the signed attribute mime-typeGets an OCSP source which contains ALL OCSP responses embedded in the signature.Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)Retrieves the signature algorithm (or cipher) used for generating the signature.Gets signature's cryptographic validation resultgetSignatureDigestReference(DigestAlgorithm digestAlgorithm) Returns a signature reference element as defined in TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML componentThis method returns the signature filename (useful for ASiC and multiple signature files)Specifies the format of the signatureReturns the Signature Policy OID from the signature.Returns the Signature Policy Store from the signatureReturns information about the place where the signature was generatedReturns a list of found SignatureScopesReturns the signature timestampsbyte[]Returns the digital signature valueReturns the list of embedded signed assertions.Returns the list of roles of the signer.This method returns the signing certificate token or null if there is no valid signing certificate.Returns the signing time included within the signature.Returns a message if the structure validation failsGets a Signature Timestamp source which contains ALL timestamps embedded in the signature.Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).booleanChecks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existencebooleanChecks the presence of signing certificate covered by the signature, what is the proof -BES profile existencebooleanChecks if the signature is conformant to AdES-BASELINE-B levelbooleanChecks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existencebooleanChecks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existencebooleanChecks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existencebooleanChecks if the LTA-level is present in the signaturebooleanChecks if the LT-level is present in the signaturebooleanChecks if the T-level is present in the signaturebooleanChecks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existencebooleanChecks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existencevoidinitBaselineRequirementsChecker(CertificateVerifier certificateVerifier) This method creates an offline copy ofcertificateVerifierand instantiates aBaselineRequirementsCheckerbooleanChecks if the current signature is a counter signature (i.e. has a Master signature)booleanReturns true if the validation of the signature has been performed only on Signer's Document Representation (SDR).booleanReturns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR).voidsetContainerContents(List<DSSDocument> containerContents) This method allows to set the archive container contents in the case of ASiC-S signature.voidsetDetachedContents(List<DSSDocument> detachedContents) This method allows to set the signed contents in the case of the detached signature.voidsetManifestFile(ManifestFile manifestFile) This method allows to set a manifest file in the case of ASiC-E signature.voidsetMasterSignature(AdvancedSignature masterSignature) This setter allows to indicate the master signature.voidsetSignatureFilename(String signatureFilename) This method allows to set the signature filename (useful in case of ASiC)voidsetSigningCertificateSource(CertificateSource signingCertificateSource) Set a certificate source which allows to find the signing certificate by kid or certificate's digest
-
Method Details
-
getSignatureFilename
String getSignatureFilename()This method returns the signature filename (useful for ASiC and multiple signature files)- Returns:
- the signature filename
-
setSignatureFilename
-
getDetachedContents
List<DSSDocument> getDetachedContents()Returns detached contents- Returns:
- in the case of the detached signature this is the
Listof signed contents.
-
setDetachedContents
This method allows to set the signed contents in the case of the detached signature.- Parameters:
detachedContents-ListofDSSDocumentrepresenting the signed detached contents.
-
getContainerContents
List<DSSDocument> getContainerContents()Returns container's content- Returns:
- in case of ASiC-S signature returns a list of an archive container documents
-
setContainerContents
This method allows to set the archive container contents in the case of ASiC-S signature.- Parameters:
containerContents-ListofDSSDocumentrepresenting the archive container contents.
-
getManifestFile
ManifestFile getManifestFile()This method returns a relatedManifestFilein the case of ASiC-E signature.- Returns:
- manifestFile
ManifestFile
-
setManifestFile
This method allows to set a manifest file in the case of ASiC-E signature.- Parameters:
manifestFile-ManifestFile
-
setSigningCertificateSource
Set a certificate source which allows to find the signing certificate by kid or certificate's digest- Parameters:
signingCertificateSource- the certificate source to resolve missing signing certificate
-
getSignatureForm
-
getSignatureAlgorithm
SignatureAlgorithm getSignatureAlgorithm()Retrieves the signature algorithm (or cipher) used for generating the signature.- Returns:
SignatureAlgorithm
-
getEncryptionAlgorithm
EncryptionAlgorithm getEncryptionAlgorithm()Retrieves the encryption algorithm used for generating the signature.- Returns:
EncryptionAlgorithm
-
getDigestAlgorithm
DigestAlgorithm getDigestAlgorithm()Retrieves the digest algorithm used for generating the signature.- Returns:
DigestAlgorithm
-
getMaskGenerationFunction
Deprecated.since DSS 6.1. Please use#getEncryptionAlgorithmmethod instead in order to determine mask generation function (i.e. EncryptionAlgorithm.RSA for none MGF, EncryptionAlgorithm.RSASSA_PSS for MGF1)Retrieves the mask generation function used for generating the signature.- Returns:
MaskGenerationFunction
-
getSigningTime
Date getSigningTime()Returns the signing time included within the signature.- Returns:
Daterepresenting the signing time or null
-
getCertificateSource
SignatureCertificateSource getCertificateSource()Gets a certificate source which contains ALL certificates embedded in the signature.- Returns:
SignatureCertificateSource
-
getCompleteCertificateSource
ListCertificateSource getCompleteCertificateSource()Gets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objects- Returns:
ListCertificateSource
-
getCRLSource
OfflineRevocationSource<CRL> getCRLSource()Gets a CRL source which contains ALL CRLs embedded in the signature.- Returns:
OfflineRevocationSource
-
getOCSPSource
OfflineRevocationSource<OCSP> getOCSPSource()Gets an OCSP source which contains ALL OCSP responses embedded in the signature.- Returns:
OfflineRevocationSource
-
getCompleteCRLSource
ListRevocationSource<CRL> getCompleteCRLSource()Gets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objects- Returns:
ListRevocationSource
-
getCompleteOCSPSource
ListRevocationSource<OCSP> getCompleteOCSPSource()Gets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objects- Returns:
ListRevocationSource
-
getTimestampSource
TimestampSource getTimestampSource()Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.- Returns:
SignatureTimestampSource
-
getCandidatesForSigningCertificate
CandidatesForSigningCertificate getCandidatesForSigningCertificate()Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature. If the signing certificate is identified then it is cached and the subsequent calls to this method will return this cached value. This method never returns null.- Returns:
CandidatesForSigningCertificate
-
initBaselineRequirementsChecker
This method creates an offline copy ofcertificateVerifierand instantiates aBaselineRequirementsChecker- Parameters:
certificateVerifier-CertificateVerifier
-
setMasterSignature
This setter allows to indicate the master signature. It means that this is a countersignature.- Parameters:
masterSignature-AdvancedSignature
-
getMasterSignature
-
isCounterSignature
boolean isCounterSignature()Checks if the current signature is a counter signature (i.e. has a Master signature)- Returns:
- TRUE if it is a counter signature, FALSE otherwise
-
getSigningCertificateToken
CertificateToken getSigningCertificateToken()This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the methodcheckSignatureIntegritymust be called.- Returns:
CertificateToken
-
checkSignatureIntegrity
void checkSignatureIntegrity()Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by callingsetProvidedSigningCertificateTokenIn the case of a detached signature the signed content must be provided by callingsetProvidedSigningCertificateToken -
getSignatureCryptographicVerification
SignatureCryptographicVerification getSignatureCryptographicVerification()Gets signature's cryptographic validation result- Returns:
- SignatureCryptographicVerification with all the information collected during the validation process.
-
getSignaturePolicy
SignaturePolicy getSignaturePolicy()Returns the Signature Policy OID from the signature.- Returns:
SignaturePolicy
-
getSignaturePolicyStore
SignaturePolicyStore getSignaturePolicyStore()Returns the Signature Policy Store from the signature- Returns:
SignaturePolicyStore
-
getSignatureProductionPlace
SignatureProductionPlace getSignatureProductionPlace()Returns information about the place where the signature was generated- Returns:
SignatureProductionPlace
-
getCommitmentTypeIndications
List<CommitmentTypeIndication> getCommitmentTypeIndications()This method obtains the information concerning commitment type indication linked to the signature- Returns:
- a list of
CommitmentTypeIndications
-
getContentType
String getContentType()Returns the value of the signed attribute content-type- Returns:
- content type as
String
-
getMimeType
String getMimeType()Returns the value of the signed attribute mime-type- Returns:
- mime type as
String
-
getSignerRoles
List<SignerRole> getSignerRoles()Returns the list of roles of the signer.- Returns:
- list of the
SignerRoles
-
getSignedAssertions
List<SignerRole> getSignedAssertions()Returns the list of embedded signed assertions.- Returns:
- list of the assertions s
-
getClaimedSignerRoles
List<SignerRole> getClaimedSignerRoles()Returns the claimed roles of the signer.- Returns:
- list of the
SignerRoles
-
getCertifiedSignerRoles
List<SignerRole> getCertifiedSignerRoles()Returns the certified roles of the signer.- Returns:
- list of the
SignerRoles
-
getCertificates
List<CertificateToken> getCertificates()Get certificates embedded in the signature- Returns:
- a list of certificate contained within the signature
-
getContentTimestamps
List<TimestampToken> getContentTimestamps()Returns the content timestamps- Returns:
ListofTimestampToken
-
getSignatureTimestamps
List<TimestampToken> getSignatureTimestamps()Returns the signature timestamps- Returns:
ListofTimestampToken
-
getTimestampsX1
List<TimestampToken> getTimestampsX1()Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.- Returns:
ListofTimestampToken
-
getTimestampsX2
List<TimestampToken> getTimestampsX2()Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).- Returns:
ListofTimestampToken
-
getArchiveTimestamps
List<TimestampToken> getArchiveTimestamps()Returns the archive Timestamps- Returns:
ListofTimestampTokens
-
getDocumentTimestamps
List<TimestampToken> getDocumentTimestamps()Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES- Returns:
ListofTimestampTokens
-
getDetachedTimestamps
List<TimestampToken> getDetachedTimestamps()Returns a list of detached timestamps NOTE: used for ASiC with CAdES only- Returns:
- a list of
TimestampTokens
-
getAllTimestamps
List<TimestampToken> getAllTimestamps()Returns a list of all timestamps found in the signature- Returns:
ListofTimestampTokens
-
addExternalTimestamp
This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures- Parameters:
timestamp- the timestamp token
-
getCounterSignatures
List<AdvancedSignature> getCounterSignatures()Returns a list of counter signatures applied to this signature- Returns:
- a
ListofAdvancedSignaturesrepresenting the counter signatures
-
getEmbeddedEvidenceRecords
List<EvidenceRecord> getEmbeddedEvidenceRecords()Returns a list of embedded evidence records- Returns:
- a list of
EvidenceRecords
-
addExternalEvidenceRecord
Adds an evidence record covering the signature file- Parameters:
evidenceRecord-EvidenceRecord
-
getDetachedEvidenceRecords
List<EvidenceRecord> getDetachedEvidenceRecords()Returns a list of detached evidence records- Returns:
- a list of
EvidenceRecords
-
getAllEvidenceRecords
List<EvidenceRecord> getAllEvidenceRecords()Returns a list of all evidence records- Returns:
- a list of
EvidenceRecords
-
getDSSId
SignatureIdentifier getDSSId()This method returns theSignatureIdentifier.- Specified by:
getDSSIdin interfaceIdentifierBasedObject- Returns:
- unique
SignatureIdentifier
-
getId
String getId()This method returns the DSS unique signature id. It allows to unambiguously identify each signature.- Returns:
- The signature unique Id
-
getDAIdentifier
String getDAIdentifier()This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES- Returns:
- The signature identifier
-
getDataFoundUpToLevel
SignatureLevel getDataFoundUpToLevel()This method returns the signature level- Returns:
- a value of
SignatureLevel
-
hasBProfile
boolean hasBProfile()Checks if the signature is conformant to AdES-BASELINE-B level- Returns:
- TRUE if the B-level is present, FALSE otherwise
-
hasTProfile
boolean hasTProfile()Checks if the T-level is present in the signature- Returns:
- TRUE if the T-level is present, FALSE otherwise
-
hasLTProfile
boolean hasLTProfile()Checks if the LT-level is present in the signature- Returns:
- TRUE if the LT-level is present, FALSE otherwise
-
hasLTAProfile
boolean hasLTAProfile()Checks if the LTA-level is present in the signature- Returns:
- TRUE if the LTA-level is present, FALSE otherwise
-
hasBESProfile
boolean hasBESProfile()Checks the presence of signing certificate covered by the signature, what is the proof -BES profile existence- Returns:
- true if BES Profile is detected
-
hasEPESProfile
boolean hasEPESProfile()Checks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existence- Returns:
- true if EPES Profile is detected
-
hasExtendedTProfile
boolean hasExtendedTProfile()Checks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existence- Returns:
- true if T Profile is detected
-
hasCProfile
boolean hasCProfile()Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence- Returns:
- true if C Profile is detected
-
hasXProfile
boolean hasXProfile()Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence- Returns:
- true if the -X extension is present
-
hasXLProfile
boolean hasXLProfile()Checks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existence- Returns:
- true if the -XL extension is present
-
hasAProfile
boolean hasAProfile()Checks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existence- Returns:
- true if the -A extension is present
-
areAllSelfSignedCertificates
boolean areAllSelfSignedCertificates()Checks if all certificate chains present in the signature are self-signed- Returns:
- TRUE if all certificates are self-signed, false otherwise
-
getStructureValidationResult
-
getSignatureScopes
List<SignatureScope> getSignatureScopes()Returns a list of found SignatureScopes- Returns:
- a list of
SignatureScopes
-
isDocHashOnlyValidation
boolean isDocHashOnlyValidation()Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)- Returns:
- true of it is DocHashOnly validation, false otherwise
-
isHashOnlyValidation
boolean isHashOnlyValidation()Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.- Returns:
- true of it is HashOnly validation, false otherwise
-
getSignatureValue
byte[] getSignatureValue()Returns the digital signature value- Returns:
- digital signature value byte array
-
getReferenceValidations
List<ReferenceValidation> getReferenceValidations()Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)- Returns:
- a list with one or more
ReferenceValidation
-
getSignatureDigestReference
Returns a signature reference element as defined in TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component- Parameters:
digestAlgorithm-DigestAlgorithmto use- Returns:
SignatureDigestReference
-
getDataToBeSignedRepresentation
Digest getDataToBeSignedRepresentation()TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.- Returns:
DigestDTBSR, which is then used to create the signature.
-