Package eu.europa.esig.dss.validation

Interface AdvancedSignature

All Superinterfaces:
IdentifierBasedObject, Serializable
All Known Implementing Classes:
CAdESSignature, DefaultAdvancedSignature, JAdESSignature, PAdESSignature, XAdESSignature
public interface AdvancedSignature extends IdentifierBasedObject, Serializable
Provides an abstraction for an Advanced Electronic Signature. This ease the validation process. Every signature format : XAdES, CAdES and PAdES are treated the same.

  • Method Details

    • getSignatureFilename

      String getSignatureFilename()
      This method returns the signature filename (useful for ASiC and multiple signature files)
      Returns:
      the signature filename

    • setSignatureFilename

      void setSignatureFilename(String signatureFilename)
      This method allows to set the signature filename (useful in case of ASiC)
      Parameters:
      signatureFilename - String

    • getDetachedContents

      List<DSSDocument> getDetachedContents()
      Returns detached contents
      Returns:
      in the case of the detached signature this is the List of signed contents.

    • setDetachedContents

      void setDetachedContents(List<DSSDocument> detachedContents)
      This method allows to set the signed contents in the case of the detached signature.
      Parameters:
      detachedContents - List of DSSDocument representing the signed detached contents.

    • getContainerContents

      List<DSSDocument> getContainerContents()
      Returns container's content
      Returns:
      in case of ASiC-S signature returns a list of an archive container documents

    • setContainerContents

      void setContainerContents(List<DSSDocument> containerContents)
      This method allows to set the archive container contents in the case of ASiC-S signature.
      Parameters:
      containerContents - List of DSSDocument representing the archive container contents.

    • getManifestFile

      ManifestFile getManifestFile()
      This method returns a related ManifestFile in the case of ASiC-E signature.
      Returns:
      manifestFile ManifestFile

    • setManifestFile

      void setManifestFile(ManifestFile manifestFile)
      This method allows to set a manifest file in the case of ASiC-E signature.
      Parameters:
      manifestFile - ManifestFile

    • setSigningCertificateSource

      void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Parameters:
      signingCertificateSource - the certificate source to resolve missing signing certificate

    • getSignatureForm

      SignatureForm getSignatureForm()
      Specifies the format of the signature
      Returns:
      SignatureForm

    • getSignatureAlgorithm

      SignatureAlgorithm getSignatureAlgorithm()
      Retrieves the signature algorithm (or cipher) used for generating the signature.
      Returns:
      SignatureAlgorithm

    • getEncryptionAlgorithm

      EncryptionAlgorithm getEncryptionAlgorithm()
      Retrieves the encryption algorithm used for generating the signature.
      Returns:
      EncryptionAlgorithm

    • getDigestAlgorithm

      DigestAlgorithm getDigestAlgorithm()
      Retrieves the digest algorithm used for generating the signature.
      Returns:
      DigestAlgorithm

    • getMaskGenerationFunction

      MaskGenerationFunction getMaskGenerationFunction()
      Retrieves the mask generation function used for generating the signature.
      Returns:
      MaskGenerationFunction

    • getSigningTime

      Date getSigningTime()
      Returns the signing time included within the signature.
      Returns:
      Date representing the signing time or null

    • getCertificateSource

      SignatureCertificateSource getCertificateSource()
      Gets a certificate source which contains ALL certificates embedded in the signature.
      Returns:
      SignatureCertificateSource

    • getCompleteCertificateSource

      ListCertificateSource getCompleteCertificateSource()
      Gets a ListCertificateSource representing a merged source from signatureCertificateSource and all included to the signature timestamp objects
      Returns:
      ListCertificateSource

    • getCRLSource

      OfflineRevocationSource<CRL> getCRLSource()
      Gets a CRL source which contains ALL CRLs embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getOCSPSource

      OfflineRevocationSource<OCSP> getOCSPSource()
      Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getCompleteCRLSource

      ListRevocationSource<CRL> getCompleteCRLSource()
      Gets a ListRevocationSource representing a merged source from signatureCRLSourse and all included to the signature timestamp objects
      Returns:
      ListRevocationSource

    • getCompleteOCSPSource

      ListRevocationSource<OCSP> getCompleteOCSPSource()
      Gets a ListRevocationSource representing a merged source from signatureOCSPSourse and all included to the signature timestamp objects
      Returns:
      ListRevocationSource

    • getTimestampSource

      TimestampSource getTimestampSource()
      Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
      Returns:
      SignatureTimestampSource

    • getCandidatesForSigningCertificate

      CandidatesForSigningCertificate getCandidatesForSigningCertificate()
      Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature. If the signing certificate is identified then it is cached and the subsequent calls to this method will return this cached value. This method never returns null.
      Returns:
      CandidatesForSigningCertificate

    • prepareOfflineCertificateVerifier

      void prepareOfflineCertificateVerifier(CertificateVerifier certificateVerifier)
      This method prepares an offline CertificateVerifier. The instance is used to know if all required revocation data are present
      Parameters:
      certificateVerifier - the configured CertificateVerifier with all external sources

    • setMasterSignature

      void setMasterSignature(AdvancedSignature masterSignature)
      This setter allows to indicate the master signature. It means that this is a countersignature.
      Parameters:
      masterSignature - AdvancedSignature

    • getMasterSignature

      AdvancedSignature getMasterSignature()
      Gets master signature
      Returns:
      AdvancedSignature

    • isCounterSignature

      boolean isCounterSignature()
      Checks if the current signature is a counter signature (i.e. has a Master signature)
      Returns:
      TRUE if it is a counter signature, FALSE otherwise

    • getSigningCertificateToken

      CertificateToken getSigningCertificateToken()
      This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the method checkSignatureIntegrity must be called.
      Returns:
      CertificateToken

    • checkSignatureIntegrity

      void checkSignatureIntegrity()
      Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

    • getSignatureCryptographicVerification

      SignatureCryptographicVerification getSignatureCryptographicVerification()
      Gets signature's cryptographic validation result
      Returns:
      SignatureCryptographicVerification with all the information collected during the validation process.

    • getSignaturePolicy

      SignaturePolicy getSignaturePolicy()
      Returns the Signature Policy OID from the signature.
      Returns:
      SignaturePolicy

    • getSignaturePolicyStore

      SignaturePolicyStore getSignaturePolicyStore()
      Returns the Signature Policy Store from the signature
      Returns:
      SignaturePolicyStore

    • getSignatureProductionPlace

      SignatureProductionPlace getSignatureProductionPlace()
      Returns information about the place where the signature was generated
      Returns:
      SignatureProductionPlace

    • getCommitmentTypeIndications

      List<CommitmentTypeIndication> getCommitmentTypeIndications()
      This method obtains the information concerning commitment type indication linked to the signature
      Returns:
      a list of CommitmentTypeIndications

    • getContentType

      String getContentType()
      Returns the value of the signed attribute content-type
      Returns:
      content type as String

    • getMimeType

      String getMimeType()
      Returns the value of the signed attribute mime-type
      Returns:
      mime type as String

    • getSignerRoles

      List<SignerRole> getSignerRoles()
      Returns the list of roles of the signer.
      Returns:
      list of the SignerRoles

    • getSignedAssertions

      List<SignerRole> getSignedAssertions()
      Returns the list of embedded signed assertions.
      Returns:
      list of the assertions s

    • getClaimedSignerRoles

      List<SignerRole> getClaimedSignerRoles()
      Returns the claimed roles of the signer.
      Returns:
      list of the SignerRoles

    • getCertifiedSignerRoles

      List<SignerRole> getCertifiedSignerRoles()
      Returns the certified roles of the signer.
      Returns:
      list of the SignerRoles

    • getCertificates

      List<CertificateToken> getCertificates()
      Get certificates embedded in the signature
      Returns:
      a list of certificate contained within the signature

    • getContentTimestamps

      List<TimestampToken> getContentTimestamps()
      Returns the content timestamps
      Returns:
      List of TimestampToken

    • getSignatureTimestamps

      List<TimestampToken> getSignatureTimestamps()
      Returns the signature timestamps
      Returns:
      List of TimestampToken

    • getTimestampsX1

      List<TimestampToken> getTimestampsX1()
      Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.
      Returns:
      List of TimestampToken

    • getTimestampsX2

      List<TimestampToken> getTimestampsX2()
      Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
      Returns:
      List of TimestampToken

    • getArchiveTimestamps

      List<TimestampToken> getArchiveTimestamps()
      Returns the archive Timestamps
      Returns:
      List of TimestampTokens

    • getDocumentTimestamps

      List<TimestampToken> getDocumentTimestamps()
      Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES
      Returns:
      List of TimestampTokens

    • getDetachedTimestamps

      List<TimestampToken> getDetachedTimestamps()
      Returns a list of detached timestamps NOTE: used for ASiC with CAdES only
      Returns:
      a list of TimestampTokens

    • getAllTimestamps

      List<TimestampToken> getAllTimestamps()
      Returns a list of all timestamps found in the signature
      Returns:
      List of TimestampTokens

    • addExternalTimestamp

      void addExternalTimestamp(TimestampToken timestamp)
      This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures
      Parameters:
      timestamp - the timestamp token

    • getCounterSignatures

      List<AdvancedSignature> getCounterSignatures()
      Returns a list of counter signatures applied to this signature
      Returns:
      a List of AdvancedSignatures representing the counter signatures

    • getDSSId

      SignatureIdentifier getDSSId()
      This method returns the SignatureIdentifier.
      Specified by:
      getDSSId in interface IdentifierBasedObject
      Returns:
      unique SignatureIdentifier

    • getId

      String getId()
      This method returns the DSS unique signature id. It allows to unambiguously identify each signature.
      Returns:
      The signature unique Id

    • getDAIdentifier

      String getDAIdentifier()
      This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
      Returns:
      The signature identifier

    • getDataFoundUpToLevel

      SignatureLevel getDataFoundUpToLevel()
      This method returns the signature level
      Returns:
      a value of SignatureLevel

    • areAllSelfSignedCertificates

      boolean areAllSelfSignedCertificates()
      Checks if all certificate chains present in the signature are self-signed
      Returns:
      TRUE if all certificates are self-signed, false otherwise

    • getStructureValidationResult

      List<String> getStructureValidationResult()
      Returns a message if the structure validation fails
      Returns:
      a list of String error messages if validation fails, an empty list if structural validation succeeds

    • findSignatureScope

      void findSignatureScope(SignatureScopeFinder signatureScopeFinder)
      Runs SignatureScopeFinder
      Parameters:
      signatureScopeFinder - SignatureScopeFinder to use

    • getSignatureScopes

      List<SignatureScope> getSignatureScopes()
      Returns a list of found SignatureScopes NOTE: the method findSignatureScope(signatureScopeFinder) shall be called before
      Returns:
      a list of SignatureScopes

    • isDocHashOnlyValidation

      boolean isDocHashOnlyValidation()
      Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)
      Returns:
      true of it is DocHashOnly validation, false otherwise

    • isHashOnlyValidation

      boolean isHashOnlyValidation()
      Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.
      Returns:
      true of it is HashOnly validation, false otherwise

    • getSignatureValue

      byte[] getSignatureValue()
      Returns the digital signature value
      Returns:
      digital signature value byte array

    • getReferenceValidations

      List<ReferenceValidation> getReferenceValidations()
      Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)
      Returns:
      a list with one or more ReferenceValidation

    • getSignatureDigestReference

      SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)
      Returns a signature reference element as defined in TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component
      Parameters:
      digestAlgorithm - DigestAlgorithm to use
      Returns:
      SignatureDigestReference

    • getDataToBeSignedRepresentation

      Digest getDataToBeSignedRepresentation()
      TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.
      Returns:
      Digest DTBSR, which is then used to create the signature.