Package eu.europa.esig.dss.spi.signature
Class DefaultAdvancedSignature
java.lang.Object
eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature
- All Implemented Interfaces:
IdentifierBasedObject,AdvancedSignature,Serializable
- Direct Known Subclasses:
CAdESSignature,JAdESSignature,XAdESSignature
A common implementation of
AdvancedSignature- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected List<AdvancedSignature> Cached list of embedded counter signaturesprotected List<DSSDocument> In case of a detached signature this is the signed document.protected ManifestFileIn case of a ASiC-E signature this is the found related manifest file.protected SignatureCertificateSourceCached offline signature certificate sourceprotected List<ReferenceValidation> This variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES)protected OfflineCRLSourceCached offline signature CRL sourceprotected SignatureCryptographicVerificationThis variable contains the result of the signature mathematical validation.protected SignatureIdentifierUnique signature identifierprotected OfflineOCSPSourceCached offline signature OCSP sourceprotected SignaturePolicyThe SignaturePolicy identifierprotected TimestampSourceCached offline signature timestamp sourceprotected CertificateSourceThe certificate source of a signing certificateA list of error messages occurred during a structure validation -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedDefault constructor instantiating object with null values -
Method Summary
Modifier and TypeMethodDescriptionvoidaddExternalEvidenceRecord(EvidenceRecord evidenceRecord) Adds an evidence record covering the signature filebooleanChecks if all certificate chains present in the signature are self-signedprotected abstract SignaturePolicyThis method extracts a signature policy from a signature and builds the objectprotected abstract BaselineRequirementsCheckercreateBaselineRequirementsChecker(CertificateVerifier certificateVerifier) Instantiates aBaselineRequirementsCheckeraccording to the signature formatbooleanprotected abstract List<SignatureScope> Finds signature scopesReturns a list of all evidence recordsReturns a list of all timestamps found in the signatureReturns the archive Timestampsprotected BaselineRequirementsCheckerReturns a cached instance of theBaselineRequirementsCheckerETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.Returns an unmodifiable list of all certificate tokens encapsulated in the signatureGets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objectsGets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objectsGets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objectsReturns container's contentReturns the content timestampsprotected ListCertificateSourceReturns a merged certificate source for values incorporated within counter signaturesprotected ListRevocationSource<CRL> Returns a merged CRL source for values incorporated within counter signaturesprotected ListRevocationSource<OCSP> Returns a merged OCSP source for values incorporated within counter signaturesReturns detached contentsReturns a list of detached evidence recordsReturns a list of detached timestamps NOTE: used for ASiC with CAdES onlyReturns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdESgetDSSId()This method returns theSignatureIdentifier.Returns a list of embedded evidence recordsgetId()This method returns the DSS unique signature id.This method returns a relatedManifestFilein the case of ASiC-E signature.Gets master signatureGets signature's cryptographic validation resultThis method returns the signature filename (useful for ASiC and multiple signature files)protected abstract SignatureIdentifierBuilderReturns a builder to define and build a signature IdReturns the Signature Policy OID from the signature.Returns a list of found SignatureScopesReturns the signature timestampsReturns the list of roles of the signer.This method returns the signing certificate token or null if there is no valid signing certificate.Returns a message if the structure validation failsReturns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).booleanChecks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existencebooleanChecks the presence of signing certificate covered by the signature, what is the proof -BES profile existencebooleanChecks if the signature is conformant to AdES-BASELINE-B levelbooleanChecks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existencebooleanChecks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existencebooleanChecks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existenceinthashCode()booleanChecks if the LTA-level is present in the signaturebooleanChecks if the LT-level is present in the signaturebooleanChecks if the T-level is present in the signaturebooleanChecks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existencebooleanChecks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existencevoidinitBaselineRequirementsChecker(CertificateVerifier certificateVerifier) This method creates an offline copy ofcertificateVerifierand instantiates aBaselineRequirementsCheckerbooleanChecks if the current signature is a counter signature (i.e. has a Master signature)booleanReturns true if the validation of the signature has been performed only on Signer's Document Representation (SDR).booleanReturns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR).voidThis method resets the source of certificates.voidThis method resets the sources of the revocation data.voidThis method resets the timestamp source.voidsetContainerContents(List<DSSDocument> containerContents) This method allows to set the archive container contents in the case of ASiC-S signature.voidsetDetachedContents(List<DSSDocument> detachedContents) This method allows to set the signed contents in the case of the detached signature.voidsetManifestFile(ManifestFile manifestFile) This method allows to set a manifest file in the case of ASiC-E signature.voidsetMasterSignature(AdvancedSignature masterSignature) This setter allows to indicate the master signature.voidsetSignatureFilename(String signatureFilename) This method allows to set the signature filename (useful in case of ASiC)voidsetSigningCertificateSource(CertificateSource signingCertificateSource) Set a certificate source which allows to find the signing certificate by kid or certificate's digesttoString()This method processes the structure validation of the signature.Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface eu.europa.esig.dss.spi.signature.AdvancedSignature
addExternalTimestamp, checkSignatureIntegrity, getCertificateSource, getCertifiedSignerRoles, getClaimedSignerRoles, getCommitmentTypeIndications, getContentType, getCounterSignatures, getCRLSource, getDAIdentifier, getDataFoundUpToLevel, getDataToBeSignedRepresentation, getDigestAlgorithm, getEncryptionAlgorithm, getMaskGenerationFunction, getMimeType, getOCSPSource, getReferenceValidations, getSignatureAlgorithm, getSignatureDigestReference, getSignatureForm, getSignaturePolicyStore, getSignatureProductionPlace, getSignatureValue, getSignedAssertions, getSigningTime, getTimestampSource
-
Field Details
-
detachedContents
In case of a detached signature this is the signed document. -
manifestFile
In case of a ASiC-E signature this is the found related manifest file. -
referenceValidations
This variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES) -
signatureCryptographicVerification
This variable contains the result of the signature mathematical validation. It is initialised when the methodcheckSignatureIntegrityis called. -
structureValidationMessages
-
signingCertificateSource
The certificate source of a signing certificate -
offlineCertificateSource
Cached offline signature certificate source -
signatureCRLSource
Cached offline signature CRL source -
signatureOCSPSource
Cached offline signature OCSP source -
signatureTimestampSource
Cached offline signature timestamp source -
counterSignatures
Cached list of embedded counter signatures -
signaturePolicy
The SignaturePolicy identifier -
signatureIdentifier
Unique signature identifier
-
-
Constructor Details
-
DefaultAdvancedSignature
protected DefaultAdvancedSignature()Default constructor instantiating object with null values
-
-
Method Details
-
getSignatureIdentifierBuilder
Returns a builder to define and build a signature Id- Returns:
SignatureIdentifierBuilder
-
setSigningCertificateSource
Description copied from interface:AdvancedSignatureSet a certificate source which allows to find the signing certificate by kid or certificate's digest- Specified by:
setSigningCertificateSourcein interfaceAdvancedSignature- Parameters:
signingCertificateSource- the certificate source to resolve missing signing certificate
-
getSignatureFilename
Description copied from interface:AdvancedSignatureThis method returns the signature filename (useful for ASiC and multiple signature files)- Specified by:
getSignatureFilenamein interfaceAdvancedSignature- Returns:
- the signature filename
-
setSignatureFilename
Description copied from interface:AdvancedSignatureThis method allows to set the signature filename (useful in case of ASiC)- Specified by:
setSignatureFilenamein interfaceAdvancedSignature- Parameters:
signatureFilename-String
-
getDetachedContents
Description copied from interface:AdvancedSignatureReturns detached contents- Specified by:
getDetachedContentsin interfaceAdvancedSignature- Returns:
- in the case of the detached signature this is the
Listof signed contents.
-
setDetachedContents
Description copied from interface:AdvancedSignatureThis method allows to set the signed contents in the case of the detached signature.- Specified by:
setDetachedContentsin interfaceAdvancedSignature- Parameters:
detachedContents-ListofDSSDocumentrepresenting the signed detached contents.
-
getContainerContents
Description copied from interface:AdvancedSignatureReturns container's content- Specified by:
getContainerContentsin interfaceAdvancedSignature- Returns:
- in case of ASiC-S signature returns a list of an archive container documents
-
setContainerContents
Description copied from interface:AdvancedSignatureThis method allows to set the archive container contents in the case of ASiC-S signature.- Specified by:
setContainerContentsin interfaceAdvancedSignature- Parameters:
containerContents-ListofDSSDocumentrepresenting the archive container contents.
-
getManifestFile
Description copied from interface:AdvancedSignatureThis method returns a relatedManifestFilein the case of ASiC-E signature.- Specified by:
getManifestFilein interfaceAdvancedSignature- Returns:
- manifestFile
ManifestFile
-
setManifestFile
Description copied from interface:AdvancedSignatureThis method allows to set a manifest file in the case of ASiC-E signature.- Specified by:
setManifestFilein interfaceAdvancedSignature- Parameters:
manifestFile-ManifestFile
-
getDSSId
Description copied from interface:AdvancedSignatureThis method returns theSignatureIdentifier.- Specified by:
getDSSIdin interfaceAdvancedSignature- Specified by:
getDSSIdin interfaceIdentifierBasedObject- Returns:
- unique
SignatureIdentifier
-
getId
Description copied from interface:AdvancedSignatureThis method returns the DSS unique signature id. It allows to unambiguously identify each signature.- Specified by:
getIdin interfaceAdvancedSignature- Returns:
- The signature unique Id
-
getCompleteCertificateSource
Description copied from interface:AdvancedSignatureGets a ListCertificateSource representing a merged source fromsignatureCertificateSourceand all included to the signature timestamp objects- Specified by:
getCompleteCertificateSourcein interfaceAdvancedSignature- Returns:
ListCertificateSource
-
getCompleteCRLSource
Description copied from interface:AdvancedSignatureGets a ListRevocationSource representing a merged source fromsignatureCRLSourseand all included to the signature timestamp objects- Specified by:
getCompleteCRLSourcein interfaceAdvancedSignature- Returns:
ListRevocationSource
-
getCompleteOCSPSource
Description copied from interface:AdvancedSignatureGets a ListRevocationSource representing a merged source fromsignatureOCSPSourseand all included to the signature timestamp objects- Specified by:
getCompleteOCSPSourcein interfaceAdvancedSignature- Returns:
ListRevocationSource
-
getCounterSignaturesCertificateSource
Returns a merged certificate source for values incorporated within counter signatures- Returns:
ListCertificateSource
-
getCounterSignaturesCRLSource
Returns a merged CRL source for values incorporated within counter signatures- Returns:
- CRL
ListRevocationSource
-
getCounterSignaturesOCSPSource
Returns a merged OCSP source for values incorporated within counter signatures- Returns:
- OCSP
ListRevocationSource
-
resetCertificateSource
public void resetCertificateSource()This method resets the source of certificates. It must be called when any certificate is added to the KeyInfo or CertificateValues (XAdES), or 'xVals' (JAdES). NOTE: used in XAdES and JAdES -
resetRevocationSources
public void resetRevocationSources()This method resets the sources of the revocation data. It must be called when -LT level is created. NOTE: used in XAdES and JAdES -
resetTimestampSource
public void resetTimestampSource()This method resets the timestamp source. It must be called when -LT level is created. NOTE: used in XAdES and JAdES -
getCandidatesForSigningCertificate
ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.- Specified by:
getCandidatesForSigningCertificatein interfaceAdvancedSignature- Returns:
CandidatesForSigningCertificate
-
initBaselineRequirementsChecker
Description copied from interface:AdvancedSignatureThis method creates an offline copy ofcertificateVerifierand instantiates aBaselineRequirementsChecker- Specified by:
initBaselineRequirementsCheckerin interfaceAdvancedSignature- Parameters:
certificateVerifier-CertificateVerifier
-
getCertificates
Returns an unmodifiable list of all certificate tokens encapsulated in the signature- Specified by:
getCertificatesin interfaceAdvancedSignature- Returns:
- a list of certificate contained within the signature
- See Also:
-
setMasterSignature
Description copied from interface:AdvancedSignatureThis setter allows to indicate the master signature. It means that this is a countersignature.- Specified by:
setMasterSignaturein interfaceAdvancedSignature- Parameters:
masterSignature-AdvancedSignature
-
getMasterSignature
Description copied from interface:AdvancedSignatureGets master signature- Specified by:
getMasterSignaturein interfaceAdvancedSignature- Returns:
AdvancedSignature
-
isCounterSignature
public boolean isCounterSignature()Description copied from interface:AdvancedSignatureChecks if the current signature is a counter signature (i.e. has a Master signature)- Specified by:
isCounterSignaturein interfaceAdvancedSignature- Returns:
- TRUE if it is a counter signature, FALSE otherwise
-
getSignatureCryptographicVerification
Description copied from interface:AdvancedSignatureGets signature's cryptographic validation result- Specified by:
getSignatureCryptographicVerificationin interfaceAdvancedSignature- Returns:
- SignatureCryptographicVerification with all the information collected during the validation process.
-
getSignerRoles
Description copied from interface:AdvancedSignatureReturns the list of roles of the signer.- Specified by:
getSignerRolesin interfaceAdvancedSignature- Returns:
- list of the
SignerRoles
-
getSigningCertificateToken
Description copied from interface:AdvancedSignatureThis method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the methodcheckSignatureIntegritymust be called.- Specified by:
getSigningCertificateTokenin interfaceAdvancedSignature- Returns:
CertificateToken
-
getStructureValidationResult
Description copied from interface:AdvancedSignatureReturns a message if the structure validation fails- Specified by:
getStructureValidationResultin interfaceAdvancedSignature- Returns:
- a list of
Stringerror messages if validation fails, an empty list if structural validation succeeds
-
validateStructure
-
getSignatureScopes
Description copied from interface:AdvancedSignatureReturns a list of found SignatureScopes- Specified by:
getSignatureScopesin interfaceAdvancedSignature- Returns:
- a list of
SignatureScopes
-
findSignatureScopes
Finds signature scopes- Returns:
- a list of
SignatureScopes
-
getContentTimestamps
Description copied from interface:AdvancedSignatureReturns the content timestamps- Specified by:
getContentTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getSignatureTimestamps
Description copied from interface:AdvancedSignatureReturns the signature timestamps- Specified by:
getSignatureTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getTimestampsX1
Description copied from interface:AdvancedSignatureReturns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.- Specified by:
getTimestampsX1in interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getTimestampsX2
Description copied from interface:AdvancedSignatureReturns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).- Specified by:
getTimestampsX2in interfaceAdvancedSignature- Returns:
ListofTimestampToken
-
getArchiveTimestamps
Description copied from interface:AdvancedSignatureReturns the archive Timestamps- Specified by:
getArchiveTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
getDocumentTimestamps
Description copied from interface:AdvancedSignatureReturns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES- Specified by:
getDocumentTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
getDetachedTimestamps
Description copied from interface:AdvancedSignatureReturns a list of detached timestamps NOTE: used for ASiC with CAdES only- Specified by:
getDetachedTimestampsin interfaceAdvancedSignature- Returns:
- a list of
TimestampTokens
-
getAllTimestamps
Description copied from interface:AdvancedSignatureReturns a list of all timestamps found in the signature- Specified by:
getAllTimestampsin interfaceAdvancedSignature- Returns:
ListofTimestampTokens
-
getEmbeddedEvidenceRecords
Description copied from interface:AdvancedSignatureReturns a list of embedded evidence records- Specified by:
getEmbeddedEvidenceRecordsin interfaceAdvancedSignature- Returns:
- a list of
EvidenceRecords
-
addExternalEvidenceRecord
Description copied from interface:AdvancedSignatureAdds an evidence record covering the signature file- Specified by:
addExternalEvidenceRecordin interfaceAdvancedSignature- Parameters:
evidenceRecord-EvidenceRecord
-
getDetachedEvidenceRecords
Description copied from interface:AdvancedSignatureReturns a list of detached evidence records- Specified by:
getDetachedEvidenceRecordsin interfaceAdvancedSignature- Returns:
- a list of
EvidenceRecords
-
getAllEvidenceRecords
Description copied from interface:AdvancedSignatureReturns a list of all evidence records- Specified by:
getAllEvidenceRecordsin interfaceAdvancedSignature- Returns:
- a list of
EvidenceRecords
-
getSignaturePolicy
Description copied from interface:AdvancedSignatureReturns the Signature Policy OID from the signature.- Specified by:
getSignaturePolicyin interfaceAdvancedSignature- Returns:
SignaturePolicy
-
buildSignaturePolicy
This method extracts a signature policy from a signature and builds the object- Returns:
SignaturePolicy
-
getBaselineRequirementsChecker
Returns a cached instance of theBaselineRequirementsChecker- Returns:
BaselineRequirementsChecker
-
createBaselineRequirementsChecker
protected abstract BaselineRequirementsChecker createBaselineRequirementsChecker(CertificateVerifier certificateVerifier) Instantiates aBaselineRequirementsCheckeraccording to the signature format- Parameters:
certificateVerifier-CertificateVerifierto be used- Returns:
BaselineRequirementsChecker
-
hasBProfile
public boolean hasBProfile()Description copied from interface:AdvancedSignatureChecks if the signature is conformant to AdES-BASELINE-B level- Specified by:
hasBProfilein interfaceAdvancedSignature- Returns:
- TRUE if the B-level is present, FALSE otherwise
-
hasTProfile
public boolean hasTProfile()Description copied from interface:AdvancedSignatureChecks if the T-level is present in the signature- Specified by:
hasTProfilein interfaceAdvancedSignature- Returns:
- TRUE if the T-level is present, FALSE otherwise
-
hasLTProfile
public boolean hasLTProfile()Description copied from interface:AdvancedSignatureChecks if the LT-level is present in the signature- Specified by:
hasLTProfilein interfaceAdvancedSignature- Returns:
- TRUE if the LT-level is present, FALSE otherwise
-
hasLTAProfile
public boolean hasLTAProfile()Description copied from interface:AdvancedSignatureChecks if the LTA-level is present in the signature- Specified by:
hasLTAProfilein interfaceAdvancedSignature- Returns:
- TRUE if the LTA-level is present, FALSE otherwise
-
hasBESProfile
public boolean hasBESProfile()Description copied from interface:AdvancedSignatureChecks the presence of signing certificate covered by the signature, what is the proof -BES profile existence- Specified by:
hasBESProfilein interfaceAdvancedSignature- Returns:
- true if BES Profile is detected
-
hasEPESProfile
public boolean hasEPESProfile()Description copied from interface:AdvancedSignatureChecks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existence- Specified by:
hasEPESProfilein interfaceAdvancedSignature- Returns:
- true if EPES Profile is detected
-
hasExtendedTProfile
public boolean hasExtendedTProfile()Description copied from interface:AdvancedSignatureChecks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existence- Specified by:
hasExtendedTProfilein interfaceAdvancedSignature- Returns:
- true if T Profile is detected
-
hasCProfile
public boolean hasCProfile()Description copied from interface:AdvancedSignatureChecks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence- Specified by:
hasCProfilein interfaceAdvancedSignature- Returns:
- true if C Profile is detected
-
hasXProfile
public boolean hasXProfile()Description copied from interface:AdvancedSignatureChecks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence- Specified by:
hasXProfilein interfaceAdvancedSignature- Returns:
- true if the -X extension is present
-
hasXLProfile
public boolean hasXLProfile()Description copied from interface:AdvancedSignatureChecks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existence- Specified by:
hasXLProfilein interfaceAdvancedSignature- Returns:
- true if the -XL extension is present
-
hasAProfile
public boolean hasAProfile()Description copied from interface:AdvancedSignatureChecks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existence- Specified by:
hasAProfilein interfaceAdvancedSignature- Returns:
- true if the -A extension is present
-
areAllSelfSignedCertificates
public boolean areAllSelfSignedCertificates()Description copied from interface:AdvancedSignatureChecks if all certificate chains present in the signature are self-signed- Specified by:
areAllSelfSignedCertificatesin interfaceAdvancedSignature- Returns:
- TRUE if all certificates are self-signed, false otherwise
-
isDocHashOnlyValidation
public boolean isDocHashOnlyValidation()Description copied from interface:AdvancedSignatureReturns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)- Specified by:
isDocHashOnlyValidationin interfaceAdvancedSignature- Returns:
- true of it is DocHashOnly validation, false otherwise
-
isHashOnlyValidation
public boolean isHashOnlyValidation()Description copied from interface:AdvancedSignatureReturns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.- Specified by:
isHashOnlyValidationin interfaceAdvancedSignature- Returns:
- true of it is HashOnly validation, false otherwise
-
equals
-
hashCode
-
toString
-