Package eu.europa.esig.dss.cades.validation

Class CAdESSignature

java.lang.Object
eu.europa.esig.dss.validation.DefaultAdvancedSignature
eu.europa.esig.dss.cades.validation.CAdESSignature
All Implemented Interfaces:
IdentifierBasedObject, AdvancedSignature, Serializable
Direct Known Subclasses:
PAdESSignature
public class CAdESSignature extends DefaultAdvancedSignature
CAdES Signature class helper
See Also:

  • Constructor Details

    • CAdESSignature

      public CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation)
      The default constructor for CAdESSignature.
      Parameters:
      cmsSignedData - CMSSignedData
      signerInformation - an expanded SignerInfo block from a CMS Signed message

  • Method Details

    • getSignatureForm

      public SignatureForm getSignatureForm()
      Description copied from interface: AdvancedSignature
      Specifies the format of the signature
      Returns:
      SignatureForm

    • getCertificateSource

      public SignatureCertificateSource getCertificateSource()
      Description copied from interface: AdvancedSignature
      Gets a certificate source which contains ALL certificates embedded in the signature.
      Returns:
      SignatureCertificateSource

    • getCRLSource

      public OfflineCRLSource getCRLSource()
      Description copied from interface: AdvancedSignature
      Gets a CRL source which contains ALL CRLs embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getOCSPSource

      public OfflineOCSPSource getOCSPSource()
      Description copied from interface: AdvancedSignature
      Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getTimestampSource

      public CAdESTimestampSource getTimestampSource()
      Description copied from interface: AdvancedSignature
      Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
      Returns:
      SignatureTimestampSource

    • getSignerId

      public org.bouncycastle.cms.SignerId getSignerId()
      Returns SignerId of the related to the signature signerInformation
      Returns:
      SignerId

    • buildSignaturePolicy

      protected SignaturePolicy buildSignaturePolicy()
      Description copied from class: DefaultAdvancedSignature
      This method extracts a signature policy from a signature and builds the object
      Specified by:
      buildSignaturePolicy in class DefaultAdvancedSignature
      Returns:
      SignaturePolicy

    • getSignaturePolicyStore

      public SignaturePolicyStore getSignaturePolicyStore()
      Description copied from interface: AdvancedSignature
      Returns the Signature Policy Store from the signature
      Returns:
      SignaturePolicyStore

    • getSigningTime

      public Date getSigningTime()
      Description copied from interface: AdvancedSignature
      Returns the signing time included within the signature.
      Returns:
      Date representing the signing time or null

    • getCmsSignedData

      public org.bouncycastle.cms.CMSSignedData getCmsSignedData()
      Gets CMSSignedData
      Returns:
      CMSSignedData the cmsSignedData

    • getSignatureProductionPlace

      public SignatureProductionPlace getSignatureProductionPlace()
      Description copied from interface: AdvancedSignature
      Returns information about the place where the signature was generated
      Returns:
      SignatureProductionPlace

    • getCommitmentTypeIndications

      public List<CommitmentTypeIndication> getCommitmentTypeIndications()
      Description copied from interface: AdvancedSignature
      This method obtains the information concerning commitment type indication linked to the signature
      Returns:
      a list of CommitmentTypeIndications

    • getSignedAssertions

      public List<SignerRole> getSignedAssertions()
      Description copied from interface: AdvancedSignature
      Returns the list of embedded signed assertions.
      Returns:
      list of the assertions s

    • getClaimedSignerRoles

      public List<SignerRole> getClaimedSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the claimed roles of the signer.
      Returns:
      list of the SignerRoles

    • getCertifiedSignerRoles

      public List<SignerRole> getCertifiedSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the certified roles of the signer.
      Returns:
      list of the SignerRoles

    • getEncryptionAlgorithm

      public EncryptionAlgorithm getEncryptionAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the encryption algorithm used for generating the signature.
      Returns:
      EncryptionAlgorithm

    • getDigestAlgorithm

      public DigestAlgorithm getDigestAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the digest algorithm used for generating the signature.
      Returns:
      DigestAlgorithm

    • getMaskGenerationFunction

      public MaskGenerationFunction getMaskGenerationFunction()
      Description copied from interface: AdvancedSignature
      Retrieves the mask generation function used for generating the signature.
      Returns:
      MaskGenerationFunction

    • getSignatureAlgorithm

      public SignatureAlgorithm getSignatureAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the signature algorithm (or cipher) used for generating the signature.
      Returns:
      SignatureAlgorithm

    • checkSignatureIntegrity

      public void checkSignatureIntegrity()
      Description copied from interface: AdvancedSignature
      Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

    • getReferenceValidations

      public List<ReferenceValidation> getReferenceValidations(org.bouncycastle.cms.SignerInformation signerInformationToCheck)
      Returns the reference validation
      Parameters:
      signerInformationToCheck - SignerInformation
      Returns:
      a list of ReferenceValidations

    • getSignerDocumentContent

      protected DSSDocument getSignerDocumentContent()
      This method extracts a document content that was signed NOTE: Some differences are possible with PAdES
      Returns:
      DSSDocument

    • getReferenceValidations

      public List<ReferenceValidation> getReferenceValidations()
      Description copied from interface: AdvancedSignature
      Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)
      Returns:
      a list with one or more ReferenceValidation

    • getSignatureDigestReference

      public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)
      TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of CAdES signatures, the input to the digest value computation shall be one of the DER-encoded instances of SignedInfo type present within the CMS structure.
      Parameters:
      digestAlgorithm - DigestAlgorithm to use
      Returns:
      SignatureDigestReference

    • getDataToBeSignedRepresentation

      public Digest getDataToBeSignedRepresentation()
      Description copied from interface: AdvancedSignature
      TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.
      Returns:
      Digest DTBSR, which is then used to create the signature.

    • getMessageDigestAlgorithms

      public Set<DigestAlgorithm> getMessageDigestAlgorithms()
      Returns a set of used DigestAlgorithms incorporated into the CMSSignedData
      Returns:
      a set of DigestAlgorithms

    • getMessageDigestValue

      public byte[] getMessageDigestValue()
      Returns a digest value incorporated in an attribute "message-digest" in CMS Signed Data
      Returns:
      a byte array representing a signed content digest value

    • getContentType

      public String getContentType()
      Description copied from interface: AdvancedSignature
      Returns the value of the signed attribute content-type
      Returns:
      content type as String

    • getMimeType

      public String getMimeType()
      Description copied from interface: AdvancedSignature
      Returns the value of the signed attribute mime-type
      Returns:
      mime type as String

    • getContentIdentifier

      public String getContentIdentifier()
      Gets ContentIdentifier String
      Returns:
      content identifier as String

    • getContentHints

      public String getContentHints()
      Gets Content Hints
      Returns:
      content hints as String

    • getSignerInformation

      public org.bouncycastle.cms.SignerInformation getSignerInformation()
      Gets a SignedInformation
      Returns:
      SignerInformation the signerInformation

    • getSignatureValue

      public byte[] getSignatureValue()
      Description copied from interface: AdvancedSignature
      Returns the digital signature value
      Returns:
      digital signature value byte array

    • isCounterSignature

      public boolean isCounterSignature()
      Description copied from interface: AdvancedSignature
      Checks if the current signature is a counter signature (i.e. has a Master signature)
      Specified by:
      isCounterSignature in interface AdvancedSignature
      Overrides:
      isCounterSignature in class DefaultAdvancedSignature
      Returns:
      TRUE if it is a counter signature, FALSE otherwise

    • getCounterSignatures

      public List<AdvancedSignature> getCounterSignatures()
      Description copied from interface: AdvancedSignature
      Returns a list of counter signatures applied to this signature
      Returns:
      a List of AdvancedSignatures representing the counter signatures

    • getCounterSignatureStore

      protected org.bouncycastle.cms.SignerInformationStore getCounterSignatureStore()
      Returns a SignerInformationStore containing counter signatures
      Returns:
      SignerInformationStore

    • getOriginalDocument

      public DSSDocument getOriginalDocument()
      Returns the original signed document
      Returns:
      DSSDocument

    • getSignatureIdentifierBuilder

      protected SignatureIdentifierBuilder getSignatureIdentifierBuilder()
      Description copied from class: DefaultAdvancedSignature
      Returns a builder to define and build a signature Id
      Specified by:
      getSignatureIdentifierBuilder in class DefaultAdvancedSignature
      Returns:
      SignatureIdentifierBuilder

    • getDAIdentifier

      public String getDAIdentifier()
      Description copied from interface: AdvancedSignature
      This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
      Returns:
      The signature identifier

    • getSignerInformationStoreInfos

      public Set<SignerIdentifier> getSignerInformationStoreInfos()
      Returns a Set of CertificateIdentifier extracted from a SignerInformationStore of CMS Signed Data
      Returns:
      a Set of SignerIdentifiers

    • addExternalTimestamp

      public void addExternalTimestamp(TimestampToken timestamp)
      Description copied from interface: AdvancedSignature
      This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures
      Parameters:
      timestamp - the timestamp token

    • getDataFoundUpToLevel

      public SignatureLevel getDataFoundUpToLevel()
      Description copied from interface: AdvancedSignature
      This method returns the signature level
      Returns:
      a value of SignatureLevel

    • getBaselineRequirementsChecker

      protected CAdESBaselineRequirementsChecker getBaselineRequirementsChecker()
      Description copied from class: DefaultAdvancedSignature
      Returns a cached instance of the BaselineRequirementsChecker
      Overrides:
      getBaselineRequirementsChecker in class DefaultAdvancedSignature
      Returns:
      BaselineRequirementsChecker

    • createBaselineRequirementsChecker

      protected CAdESBaselineRequirementsChecker createBaselineRequirementsChecker()
      Description copied from class: DefaultAdvancedSignature
      Instantiates a BaselineRequirementsChecker according to the signature format
      Specified by:
      createBaselineRequirementsChecker in class DefaultAdvancedSignature
      Returns:
      BaselineRequirementsChecker

    • hasBESProfile

      public boolean hasBESProfile()
      Checks the presence of signing certificate covered by the signature, what is the proof -BES profile existence
      Returns:
      true if BES Profile is detected

    • hasEPESProfile

      public boolean hasEPESProfile()
      Checks the presence of signature-policy-identifier element in the signature, what is the proof -EPES profile existence
      Returns:
      true if EPES Profile is detected

    • hasExtendedTProfile

      public boolean hasExtendedTProfile()
      Checks the presence of signature-time-stamp element in the signature, what is the proof -T profile existence
      Returns:
      true if T Profile is detected

    • hasCProfile

      public boolean hasCProfile()
      Checks if the signature has the 101733-C profile
      Returns:
      TRUE if the signature has a 101733-C profile, FALSE otherwise

    • hasXProfile

      public boolean hasXProfile()
      Checks if the signature has the 101733-X profile
      Returns:
      TRUE if the signature has a 101733-X profile, FALSE otherwise

    • hasXLProfile

      public boolean hasXLProfile()
      Checks if the signature has the 101733-XL profile
      Returns:
      TRUE if the signature has a 101733-XL profile, FALSE otherwise

    • hasAProfile

      public boolean hasAProfile()
      Checks if the signature has the 101733-A profile
      Returns:
      TRUE if the signature has a 101733-A profile, FALSE otherwise