Package eu.europa.esig.dss.xades.validation

Class XAdESSignature

java.lang.Object

eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

eu.europa.esig.dss.xades.validation.XAdESSignature

All Implemented Interfaces:

IdentifierBasedObject, AdvancedSignature, Serializable

public class XAdESSignature
extends DefaultAdvancedSignature

Parse an XAdES signature structure. Note that for each signature to be validated a new instance of this object must be created.

See Also:

• Serialized Form

Field Summary

Fields inherited from class eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

counterSignatures, detachedContents, manifestFile, offlineCertificateSource, referenceValidations, signatureCRLSource, signatureCryptographicVerification, signatureIdentifier, signatureOCSPSource, signaturePolicy, signatureTimestampSource, signingCertificateSource, structureValidationMessages

Constructor Summary

Constructors

Constructor	Description
XAdESSignature(Element signatureElement)	This constructor is used when creating the signature.
XAdESSignature(Element signatureElement, List<XAdESPath> xadesPathHolders)	The default constructor for XAdESSignature.

Method Summary

Modifier and Type	Method	Description
void	addExternalTimestamp(TimestampToken timestamp)	This method allows to add an external timestamp.
protected XAdESSignaturePolicy	buildSignaturePolicy()	This method extracts a signature policy from a signature and builds the object
void	checkSignatureIntegrity()	Verifies the signature integrity; checks if the signed content has not been tampered with.
protected XAdESBaselineRequirementsChecker	createBaselineRequirementsChecker(CertificateVerifier certificateVerifier)	Instantiates a BaselineRequirementsChecker according to the signature format
protected List<SignatureScope>	findSignatureScopes()	Finds signature scopes
protected XAdESBaselineRequirementsChecker	getBaselineRequirementsChecker()	Returns a cached instance of the BaselineRequirementsChecker
SignatureCertificateSource	getCertificateSource()	Gets a certificate source which contains ALL certificates embedded in the signature.
Element	getCertificateValues()	Gets xades:CertificateValues element
List<SignerRole>	getCertifiedSignerRoles()	Returns the certified roles of the signer.
List<SignerRole>	getClaimedSignerRoles()	Returns the claimed roles of the signer.
List<CommitmentTypeIndication>	getCommitmentTypeIndications()	This method obtains the information concerning commitment type indication linked to the signature
Element	getCompleteCertificateRefs()	Gets xades:CompleteCertificateRefs or xades141:CompleteCertificateRefsV2 element
Element	getCompleteRevocationRefs()	Gets xades:CompleteRevocationRefs
String	getContentType()	Returns the value of the signed attribute content-type
List<AdvancedSignature>	getCounterSignatures()	This method retrieves the potential countersignatures embedded in the XAdES signature document.
OfflineCRLSource	getCRLSource()	Gets a CRL source which contains ALL CRLs embedded in the signature.
String	getDAIdentifier()	This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
SignatureLevel	getDataFoundUpToLevel()	This method returns the signature level
Digest	getDataToBeSignedRepresentation()	TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.
DigestAlgorithm	getDigestAlgorithm()	Retrieves the digest algorithm used for generating the signature.
EncryptionAlgorithm	getEncryptionAlgorithm()	Retrieves the encryption algorithm used for generating the signature.
Element	getLastTimestampValidationData()	This method returns the last timestamp validation data for an archive timestamp.
Element	getManifestById(String id)	Gets ds:Manifest by its Id
MaskGenerationFunction	getMaskGenerationFunction()	Deprecated.
String	getMimeType()	Returns the value of the signed attribute mime-type
Node	getObjectById(String id)	Gets ds:Object by its Id
NodeList	getObjects()	This method returns the list of ds:Object elements for the current signature element.
OfflineOCSPSource	getOCSPSource()	Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
List<org.apache.xml.security.signature.Reference>	getReferences()	Gets a list of found references
List<ReferenceValidation>	getReferenceValidations()	Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)
NodeList	getRefsOnlyTimestampTimeStamp()	Gets xades:RefsOnlyTimestamp node list
Element	getRevocationValues()	Gets xades:RevocationValues element
NodeList	getSigAndRefsTimeStamp()	Gets xades:SigAndRefsTimeStamp node list
SignatureAlgorithm	getSignatureAlgorithm()	Retrieves the signature algorithm (or cipher) used for generating the signature.
SignatureDigestReference	getSignatureDigestReference(DigestAlgorithm digestAlgorithm)	TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents.
Element	getSignatureElement()	Returns the w3c.dom encapsulated signature element.
SignatureForm	getSignatureForm()	Specifies the format of the signature
protected SignatureIdentifierBuilder	getSignatureIdentifierBuilder()	Returns a builder to define and build a signature Id
List<Element>	getSignatureObjects()	Gets a list of found signature ds:Object elements
XAdESSignaturePolicy	getSignaturePolicy()	Returns the Signature Policy OID from the signature.
SignaturePolicyStore	getSignaturePolicyStore()	Returns the Signature Policy Store from the signature
SignatureProductionPlace	getSignatureProductionPlace()	Returns information about the place where the signature was generated
byte[]	getSignatureValue()	Returns the digital signature value
String	getSignatureValueBase64()	Returns a base64 SignatureValue
String	getSignatureValueId()	Returns Id of the ds:SignatureValue element
List<SignerRole>	getSignedAssertions()	Returns the list of embedded signed assertions.
List<String>	getSignedDataObjectProperties()	Retrieves the name of each node found under the SignedDataObjectProperties element
Element	getSignedInfo()	Returns the ds:SignedInfo element
List<String>	getSignedProperties()	Retrieves the name of each node found under the SignedProperties element
List<String>	getSignedSignatureProperties()	Retrieves the name of each node found under the SignedSignatureProperties element
Date	getSigningTime()	Returns the signing time included within the signature.
XAdESTimestampSource	getTimestampSource()	Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
List<String>	getUnsignedProperties()	Retrieves the name of each node found under the UnsignedProperties element
List<String>	getUnsignedSignatureProperties()	Retrieves the name of each node found under the UnsignedSignatureProperties element
DSSNamespace	getXadesNamespace()	Returns the XAdES namespace
XAdESPath	getXAdESPaths()	Gets the current XAdESPaths
List<XAdESPath>	getXAdESPathsHolders()	Returns a list of used XAdESPaths
DSSNamespace	getXmldSigNamespace()	Returns the XMLDSIG namespace
void	recursiveNamespaceBrowser(Element element)	This method sets the namespace which will determinate the XAdESPaths to use.
void	registerXAdESPaths(XAdESPath xadesPaths)	This method allows to register a new XAdESPaths.
void	setDisableXSWProtection(boolean disableXSWProtection)	NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW).
List<String>	validateStructure()	This method processes the structure validation of the signature.

Methods inherited from class eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature

addExternalEvidenceRecord, areAllSelfSignedCertificates, equals, getAllEvidenceRecords, getAllTimestamps, getArchiveTimestamps, getCandidatesForSigningCertificate, getCertificates, getCompleteCertificateSource, getCompleteCRLSource, getCompleteOCSPSource, getContainerContents, getContentTimestamps, getCounterSignaturesCertificateSource, getCounterSignaturesCRLSource, getCounterSignaturesOCSPSource, getDetachedContents, getDetachedEvidenceRecords, getDetachedTimestamps, getDocumentTimestamps, getDSSId, getEmbeddedEvidenceRecords, getId, getManifestFile, getMasterSignature, getSignatureCryptographicVerification, getSignatureFilename, getSignatureScopes, getSignatureTimestamps, getSignerRoles, getSigningCertificateToken, getStructureValidationResult, getTimestampsX1, getTimestampsX2, hasAProfile, hasBESProfile, hasBProfile, hasCProfile, hasEPESProfile, hasExtendedTProfile, hashCode, hasLTAProfile, hasLTProfile, hasTProfile, hasXLProfile, hasXProfile, initBaselineRequirementsChecker, isCounterSignature, isDocHashOnlyValidation, isHashOnlyValidation, resetCertificateSource, resetRevocationSources, resetTimestampSource, setContainerContents, setDetachedContents, setManifestFile, setMasterSignature, setSignatureFilename, setSigningCertificateSource, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

XAdESSignature

public XAdESSignature(Element signatureElement)

This constructor is used when creating the signature. The default XPathQueryHolder is set.

Parameters:

signatureElement - the signature DOM element

XAdESSignature

public XAdESSignature(Element signatureElement,
 List<XAdESPath> xadesPathHolders)

The default constructor for XAdESSignature.

Parameters:

signatureElement - the signature DOM element

xadesPathHolders - List of XAdESPaths to use when handling signature

Method Details

setDisableXSWProtection

public void setDisableXSWProtection(boolean disableXSWProtection)

NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW). It disables the research by XPath expression for defined Type attributes.

Parameters:

disableXSWProtection - true to disable the protection

recursiveNamespaceBrowser

public void recursiveNamespaceBrowser(Element element)

This method sets the namespace which will determinate the XAdESPaths to use. The content of the Transform element is ignored.

Parameters:

element - Element

getXAdESPathsHolders

public List<XAdESPath> getXAdESPathsHolders()

Returns a list of used XAdESPaths

Returns:

a list of XAdESPaths

getXAdESPaths

public XAdESPath getXAdESPaths()

Gets the current XAdESPaths

Returns:

XAdESPath

getXmldSigNamespace

public DSSNamespace getXmldSigNamespace()

Returns the XMLDSIG namespace

Returns:

DSSNamespace

getXadesNamespace

public DSSNamespace getXadesNamespace()

Returns the XAdES namespace

Returns:

DSSNamespace

getSignatureElement

public Element getSignatureElement()

Returns the w3c.dom encapsulated signature element.

Returns:

the signatureElement

getSignatureForm

public SignatureForm getSignatureForm()

Description copied from interface: AdvancedSignature

Specifies the format of the signature

Returns:

SignatureForm

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the encryption algorithm used for generating the signature.

Returns:

EncryptionAlgorithm

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the digest algorithm used for generating the signature.

Returns:

DigestAlgorithm

getMaskGenerationFunction

@Deprecated
public MaskGenerationFunction getMaskGenerationFunction()

Deprecated.

Description copied from interface: AdvancedSignature

Retrieves the mask generation function used for generating the signature.

Returns:

MaskGenerationFunction

getSignatureAlgorithm

public SignatureAlgorithm getSignatureAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the signature algorithm (or cipher) used for generating the signature.

Returns:

SignatureAlgorithm

getCertificateSource

public SignatureCertificateSource getCertificateSource()

Description copied from interface: AdvancedSignature

Gets a certificate source which contains ALL certificates embedded in the signature.

Returns:

SignatureCertificateSource

getCRLSource

public OfflineCRLSource getCRLSource()

Description copied from interface: AdvancedSignature

Gets a CRL source which contains ALL CRLs embedded in the signature.

Returns:

OfflineRevocationSource

getOCSPSource

public OfflineOCSPSource getOCSPSource()

Description copied from interface: AdvancedSignature

Gets an OCSP source which contains ALL OCSP responses embedded in the signature.

Returns:

OfflineRevocationSource

getTimestampSource

public XAdESTimestampSource getTimestampSource()

Description copied from interface: AdvancedSignature

Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.

Returns:

SignatureTimestampSource

getSigningTime

public Date getSigningTime()

Description copied from interface: AdvancedSignature

Returns the signing time included within the signature.

Returns:

Date representing the signing time or null

getSignaturePolicy

public XAdESSignaturePolicy getSignaturePolicy()

Description copied from interface: AdvancedSignature

Returns the Signature Policy OID from the signature.

Specified by:

getSignaturePolicy in interface AdvancedSignature

Overrides:

getSignaturePolicy in class DefaultAdvancedSignature

Returns:

SignaturePolicy

buildSignaturePolicy

protected XAdESSignaturePolicy buildSignaturePolicy()

Description copied from class: DefaultAdvancedSignature

This method extracts a signature policy from a signature and builds the object

Specified by:

buildSignaturePolicy in class DefaultAdvancedSignature

Returns:

SignaturePolicy

getSignatureProductionPlace

public SignatureProductionPlace getSignatureProductionPlace()

Description copied from interface: AdvancedSignature

Returns information about the place where the signature was generated

Returns:

SignatureProductionPlace

getSignaturePolicyStore

public SignaturePolicyStore getSignaturePolicyStore()

Description copied from interface: AdvancedSignature

Returns the Signature Policy Store from the signature

Returns:

SignaturePolicyStore

getSignedAssertions

public List<SignerRole> getSignedAssertions()

Description copied from interface: AdvancedSignature

Returns the list of embedded signed assertions.

Returns:

list of the assertions s

getClaimedSignerRoles

public List<SignerRole> getClaimedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the claimed roles of the signer.

Returns:

list of the SignerRoles

getCertifiedSignerRoles

public List<SignerRole> getCertifiedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the certified roles of the signer.

Returns:

list of the SignerRoles

getContentType

public String getContentType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute content-type

Returns:

content type as String

getMimeType

public String getMimeType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute mime-type

Returns:

mime type as String

getSignatureValueBase64

public String getSignatureValueBase64()

Returns a base64 SignatureValue

Returns:

base64 String

getSignatureValue

public byte[] getSignatureValue()

Description copied from interface: AdvancedSignature

Returns the digital signature value

Returns:

digital signature value byte array

getSignatureValueId

public String getSignatureValueId()

Returns Id of the ds:SignatureValue element

Returns:

String Id

getObjects

public NodeList getObjects()

This method returns the list of ds:Object elements for the current signature element.

Returns:

NodeList

getCompleteCertificateRefs

public Element getCompleteCertificateRefs()

Gets xades:CompleteCertificateRefs or xades141:CompleteCertificateRefsV2 element

Returns:

Element

getCompleteRevocationRefs

public Element getCompleteRevocationRefs()

Gets xades:CompleteRevocationRefs

Returns:

Element

getSigAndRefsTimeStamp

public NodeList getSigAndRefsTimeStamp()

Gets xades:SigAndRefsTimeStamp node list

Returns:

NodeList

getRefsOnlyTimestampTimeStamp

public NodeList getRefsOnlyTimestampTimeStamp()

Gets xades:RefsOnlyTimestamp node list

Returns:

NodeList

getCertificateValues

public Element getCertificateValues()

Gets xades:CertificateValues element

Returns:

Element

getRevocationValues

public Element getRevocationValues()

Gets xades:RevocationValues element

Returns:

Element

addExternalTimestamp

public void addExternalTimestamp(TimestampToken timestamp)

Description copied from interface: AdvancedSignature

This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures

Parameters:

timestamp - the timestamp token

getBaselineRequirementsChecker

protected XAdESBaselineRequirementsChecker getBaselineRequirementsChecker()

Description copied from class: DefaultAdvancedSignature

Returns a cached instance of the BaselineRequirementsChecker

Overrides:

getBaselineRequirementsChecker in class DefaultAdvancedSignature

Returns:

BaselineRequirementsChecker

createBaselineRequirementsChecker

protected XAdESBaselineRequirementsChecker createBaselineRequirementsChecker(CertificateVerifier certificateVerifier)

Description copied from class: DefaultAdvancedSignature

Instantiates a BaselineRequirementsChecker according to the signature format

Specified by:

createBaselineRequirementsChecker in class DefaultAdvancedSignature

Parameters:

certificateVerifier - CertificateVerifier to be used

Returns:

BaselineRequirementsChecker

checkSignatureIntegrity

public void checkSignatureIntegrity()

Description copied from interface: AdvancedSignature

Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations()

Description copied from interface: AdvancedSignature

Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)

Returns:

a list with one or more ReferenceValidation

getSignatureDigestReference

public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)

TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents. The canonicalization shall be computed keeping this ds:Signature element as a descendant of the XML root element, without detaching it.

Parameters:

digestAlgorithm - DigestAlgorithm to use

Returns:

SignatureDigestReference

getDataToBeSignedRepresentation

public Digest getDataToBeSignedRepresentation()

Description copied from interface: AdvancedSignature

TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.

Returns:

Digest DTBSR, which is then used to create the signature.

getSignedInfo

public Element getSignedInfo()

Returns the ds:SignedInfo element

Returns:

Element ds:SignedInfo

getObjectById

public Node getObjectById(String id)

Gets ds:Object by its Id

Parameters:

id - String object Id

Returns:

Node

getManifestById

public Element getManifestById(String id)

Gets ds:Manifest by its Id

Parameters:

id - String manifest Id

Returns:

Element Manifest

getCounterSignatures

public List<AdvancedSignature> getCounterSignatures()

This method retrieves the potential countersignatures embedded in the XAdES signature document. From ETSI TS 101 903 v1.4.2: 7.2.4.1 Countersignature identifier in Type attribute of ds:Reference A XAdES signature containing a ds:Reference element whose Type attribute has value "http://uri.etsi.org/01903#CountersignedSignature" will indicate that is is, in fact, a countersignature of the signature referenced by this element. 7.2.4.2 Enveloped countersignatures: the CounterSignature element The CounterSignature is an unsigned property that qualifies the signature. A XAdES signature MAY have more than one CounterSignature properties. As indicated by its name, it contains one countersignature of the qualified signature.

Returns:

a list containing the countersignatures embedded in the XAdES signature document

getSignatureIdentifierBuilder

protected SignatureIdentifierBuilder getSignatureIdentifierBuilder()

Description copied from class: DefaultAdvancedSignature

Returns a builder to define and build a signature Id

Specified by:

getSignatureIdentifierBuilder in class DefaultAdvancedSignature

Returns:

SignatureIdentifierBuilder

getDAIdentifier

public String getDAIdentifier()

Description copied from interface: AdvancedSignature

This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES

Returns:

The signature identifier

getUnsignedSignatureProperties

public List<String> getUnsignedSignatureProperties()

Retrieves the name of each node found under the UnsignedSignatureProperties element

Returns:

an ArrayList containing the retrieved node names

getSignedSignatureProperties

public List<String> getSignedSignatureProperties()

Retrieves the name of each node found under the SignedSignatureProperties element

Returns:

an ArrayList containing the retrieved node names

getSignedProperties

public List<String> getSignedProperties()

Retrieves the name of each node found under the SignedProperties element

Returns:

an ArrayList containing the retrieved node names

getUnsignedProperties

public List<String> getUnsignedProperties()

Retrieves the name of each node found under the UnsignedProperties element

Returns:

an ArrayList containing the retrieved node names

getSignedDataObjectProperties

public List<String> getSignedDataObjectProperties()

Retrieves the name of each node found under the SignedDataObjectProperties element

Returns:

an ArrayList containing the retrieved node names

getDataFoundUpToLevel

public SignatureLevel getDataFoundUpToLevel()

Description copied from interface: AdvancedSignature

This method returns the signature level

Returns:

a value of SignatureLevel

validateStructure

public List<String> validateStructure()

Description copied from class: DefaultAdvancedSignature

This method processes the structure validation of the signature.

Overrides:

validateStructure in class DefaultAdvancedSignature

Returns:

list of String errors

findSignatureScopes

protected List<SignatureScope> findSignatureScopes()

Description copied from class: DefaultAdvancedSignature

Finds signature scopes

Specified by:

findSignatureScopes in class DefaultAdvancedSignature

Returns:

a list of SignatureScopes

getLastTimestampValidationData

public Element getLastTimestampValidationData()

This method returns the last timestamp validation data for an archive timestamp.

Returns:

Element xades141:TimestampValidationData

getCommitmentTypeIndications

public List<CommitmentTypeIndication> getCommitmentTypeIndications()

Description copied from interface: AdvancedSignature

This method obtains the information concerning commitment type indication linked to the signature

Returns:

a list of CommitmentTypeIndications

getReferences

public List<org.apache.xml.security.signature.Reference> getReferences()

Gets a list of found references

Returns:

a list of References

getSignatureObjects

public List<Element> getSignatureObjects()

Gets a list of found signature ds:Object elements

Returns:

a list of Elements

registerXAdESPaths

public void registerXAdESPaths(XAdESPath xadesPaths)

This method allows to register a new XAdESPaths.

Parameters:

xadesPaths - XAdESPaths to register