Package eu.europa.esig.dss.validation

Class DefaultAdvancedSignature

java.lang.Object
eu.europa.esig.dss.validation.DefaultAdvancedSignature
All Implemented Interfaces:
IdentifierBasedObject, AdvancedSignature, Serializable
Direct Known Subclasses:
CAdESSignature, JAdESSignature, XAdESSignature
public abstract class DefaultAdvancedSignature extends Object implements AdvancedSignature
A common implementation of AdvancedSignature
See Also:

  • Field Details

    • detachedContents

      protected List<DSSDocument> detachedContents
      In case of a detached signature this is the signed document.

    • manifestFile

      protected ManifestFile manifestFile
      In case of a ASiC-E signature this is the found related manifest file.

    • referenceValidations

      protected List<ReferenceValidation> referenceValidations
      This variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES)

    • signatureCryptographicVerification

      protected SignatureCryptographicVerification signatureCryptographicVerification
      This variable contains the result of the signature mathematical validation. It is initialised when the method checkSignatureIntegrity is called.

    • structureValidationMessages

      protected List<String> structureValidationMessages
      A list of error messages occurred during a structure validation

    • offlineCertificateVerifier

      protected CertificateVerifier offlineCertificateVerifier
      The offline copy of a CertificateVerifier

    • signingCertificateSource

      protected CertificateSource signingCertificateSource
      The certificate source of a signing certificate

    • offlineCertificateSource

      protected SignatureCertificateSource offlineCertificateSource
      Cached offline signature certificate source

    • signatureCRLSource

      protected OfflineCRLSource signatureCRLSource
      Cached offline signature CRL source

    • signatureOCSPSource

      protected OfflineOCSPSource signatureOCSPSource
      Cached offline signature OCSP source

    • signatureTimestampSource

      protected TimestampSource signatureTimestampSource
      Cached offline signature timestamp source

    • counterSignatures

      protected List<AdvancedSignature> counterSignatures
      Cached list of embedded counter signatures

    • signaturePolicy

      protected SignaturePolicy signaturePolicy
      The SignaturePolicy identifier

    • signatureIdentifier

      protected SignatureIdentifier signatureIdentifier
      Unique signature identifier

  • Constructor Details

    • DefaultAdvancedSignature

      protected DefaultAdvancedSignature()
      Default constructor instantiating object with null values

  • Method Details

    • getSignatureIdentifierBuilder

      protected abstract SignatureIdentifierBuilder getSignatureIdentifierBuilder()
      Returns a builder to define and build a signature Id
      Returns:
      SignatureIdentifierBuilder

    • setSigningCertificateSource

      public void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Description copied from interface: AdvancedSignature
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Specified by:
      setSigningCertificateSource in interface AdvancedSignature
      Parameters:
      signingCertificateSource - the certificate source to resolve missing signing certificate

    • getSignatureFilename

      public String getSignatureFilename()
      Description copied from interface: AdvancedSignature
      This method returns the signature filename (useful for ASiC and multiple signature files)
      Specified by:
      getSignatureFilename in interface AdvancedSignature
      Returns:
      the signature filename

    • setSignatureFilename

      public void setSignatureFilename(String signatureFilename)
      Description copied from interface: AdvancedSignature
      This method allows to set the signature filename (useful in case of ASiC)
      Specified by:
      setSignatureFilename in interface AdvancedSignature
      Parameters:
      signatureFilename - String

    • getDetachedContents

      public List<DSSDocument> getDetachedContents()
      Description copied from interface: AdvancedSignature
      Returns detached contents
      Specified by:
      getDetachedContents in interface AdvancedSignature
      Returns:
      in the case of the detached signature this is the List of signed contents.

    • setDetachedContents

      public void setDetachedContents(List<DSSDocument> detachedContents)
      Description copied from interface: AdvancedSignature
      This method allows to set the signed contents in the case of the detached signature.
      Specified by:
      setDetachedContents in interface AdvancedSignature
      Parameters:
      detachedContents - List of DSSDocument representing the signed detached contents.

    • getContainerContents

      public List<DSSDocument> getContainerContents()
      Description copied from interface: AdvancedSignature
      Returns container's content
      Specified by:
      getContainerContents in interface AdvancedSignature
      Returns:
      in case of ASiC-S signature returns a list of an archive container documents

    • setContainerContents

      public void setContainerContents(List<DSSDocument> containerContents)
      Description copied from interface: AdvancedSignature
      This method allows to set the archive container contents in the case of ASiC-S signature.
      Specified by:
      setContainerContents in interface AdvancedSignature
      Parameters:
      containerContents - List of DSSDocument representing the archive container contents.

    • getManifestFile

      public ManifestFile getManifestFile()
      Description copied from interface: AdvancedSignature
      This method returns a related ManifestFile in the case of ASiC-E signature.
      Specified by:
      getManifestFile in interface AdvancedSignature
      Returns:
      manifestFile ManifestFile

    • setManifestFile

      public void setManifestFile(ManifestFile manifestFile)
      Description copied from interface: AdvancedSignature
      This method allows to set a manifest file in the case of ASiC-E signature.
      Specified by:
      setManifestFile in interface AdvancedSignature
      Parameters:
      manifestFile - ManifestFile

    • getDSSId

      public SignatureIdentifier getDSSId()
      Description copied from interface: AdvancedSignature
      This method returns the SignatureIdentifier.
      Specified by:
      getDSSId in interface AdvancedSignature
      Specified by:
      getDSSId in interface IdentifierBasedObject
      Returns:
      unique SignatureIdentifier

    • getId

      public String getId()
      Description copied from interface: AdvancedSignature
      This method returns the DSS unique signature id. It allows to unambiguously identify each signature.
      Specified by:
      getId in interface AdvancedSignature
      Returns:
      The signature unique Id

    • getCompleteCertificateSource

      public ListCertificateSource getCompleteCertificateSource()
      Description copied from interface: AdvancedSignature
      Gets a ListCertificateSource representing a merged source from signatureCertificateSource and all included to the signature timestamp objects
      Specified by:
      getCompleteCertificateSource in interface AdvancedSignature
      Returns:
      ListCertificateSource

    • getCompleteCRLSource

      public ListRevocationSource<CRL> getCompleteCRLSource()
      Description copied from interface: AdvancedSignature
      Gets a ListRevocationSource representing a merged source from signatureCRLSourse and all included to the signature timestamp objects
      Specified by:
      getCompleteCRLSource in interface AdvancedSignature
      Returns:
      ListRevocationSource

    • getCompleteOCSPSource

      public ListRevocationSource<OCSP> getCompleteOCSPSource()
      Description copied from interface: AdvancedSignature
      Gets a ListRevocationSource representing a merged source from signatureOCSPSourse and all included to the signature timestamp objects
      Specified by:
      getCompleteOCSPSource in interface AdvancedSignature
      Returns:
      ListRevocationSource

    • getCounterSignaturesCertificateSource

      protected ListCertificateSource getCounterSignaturesCertificateSource()
      Returns a merged certificate source for values incorporated within counter signatures
      Returns:
      ListCertificateSource

    • getCounterSignaturesCRLSource

      protected ListRevocationSource<CRL> getCounterSignaturesCRLSource()
      Returns a merged CRL source for values incorporated within counter signatures
      Returns:
      CRL ListRevocationSource

    • getCounterSignaturesOCSPSource

      protected ListRevocationSource<OCSP> getCounterSignaturesOCSPSource()
      Returns a merged OCSP source for values incorporated within counter signatures
      Returns:
      OCSP ListRevocationSource

    • resetCertificateSource

      public void resetCertificateSource()
      This method resets the source of certificates. It must be called when any certificate is added to the KeyInfo or CertificateValues (XAdES), or 'xVals' (JAdES). NOTE: used in XAdES and JAdES

    • resetRevocationSources

      public void resetRevocationSources()
      This method resets the sources of the revocation data. It must be called when -LT level is created. NOTE: used in XAdES and JAdES

    • resetTimestampSource

      public void resetTimestampSource()
      This method resets the timestamp source. It must be called when -LT level is created. NOTE: used in XAdES and JAdES

    • getCandidatesForSigningCertificate

      public CandidatesForSigningCertificate getCandidatesForSigningCertificate()
      ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.
      Specified by:
      getCandidatesForSigningCertificate in interface AdvancedSignature
      Returns:
      CandidatesForSigningCertificate

    • prepareOfflineCertificateVerifier

      public void prepareOfflineCertificateVerifier(CertificateVerifier certificateVerifier)
      Description copied from interface: AdvancedSignature
      This method prepares an offline CertificateVerifier. The instance is used to know if all required revocation data are present
      Specified by:
      prepareOfflineCertificateVerifier in interface AdvancedSignature
      Parameters:
      certificateVerifier - the configured CertificateVerifier with all external sources

    • getCertificates

      public List<CertificateToken> getCertificates()
      Returns an unmodifiable list of all certificate tokens encapsulated in the signature
      Specified by:
      getCertificates in interface AdvancedSignature
      Returns:
      a list of certificate contained within the signature
      See Also:

    • setMasterSignature

      public void setMasterSignature(AdvancedSignature masterSignature)
      Description copied from interface: AdvancedSignature
      This setter allows to indicate the master signature. It means that this is a countersignature.
      Specified by:
      setMasterSignature in interface AdvancedSignature
      Parameters:
      masterSignature - AdvancedSignature

    • getMasterSignature

      public AdvancedSignature getMasterSignature()
      Description copied from interface: AdvancedSignature
      Gets master signature
      Specified by:
      getMasterSignature in interface AdvancedSignature
      Returns:
      AdvancedSignature

    • isCounterSignature

      public boolean isCounterSignature()
      Description copied from interface: AdvancedSignature
      Checks if the current signature is a counter signature (i.e. has a Master signature)
      Specified by:
      isCounterSignature in interface AdvancedSignature
      Returns:
      TRUE if it is a counter signature, FALSE otherwise

    • getSignatureCryptographicVerification

      public SignatureCryptographicVerification getSignatureCryptographicVerification()
      Description copied from interface: AdvancedSignature
      Gets signature's cryptographic validation result
      Specified by:
      getSignatureCryptographicVerification in interface AdvancedSignature
      Returns:
      SignatureCryptographicVerification with all the information collected during the validation process.

    • getSignerRoles

      public List<SignerRole> getSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the list of roles of the signer.
      Specified by:
      getSignerRoles in interface AdvancedSignature
      Returns:
      list of the SignerRoles

    • getSigningCertificateToken

      public CertificateToken getSigningCertificateToken()
      Description copied from interface: AdvancedSignature
      This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the method checkSignatureIntegrity must be called.
      Specified by:
      getSigningCertificateToken in interface AdvancedSignature
      Returns:
      CertificateToken

    • getStructureValidationResult

      public List<String> getStructureValidationResult()
      Description copied from interface: AdvancedSignature
      Returns a message if the structure validation fails
      Specified by:
      getStructureValidationResult in interface AdvancedSignature
      Returns:
      a list of String error messages if validation fails, an empty list if structural validation succeeds

    • validateStructure

      protected List<String> validateStructure()
      This method processes the structure validation of the signature.
      Returns:
      list of String errors

    • findSignatureScope

      public void findSignatureScope(SignatureScopeFinder signatureScopeFinder)
      Description copied from interface: AdvancedSignature
      Runs SignatureScopeFinder
      Specified by:
      findSignatureScope in interface AdvancedSignature
      Parameters:
      signatureScopeFinder - SignatureScopeFinder to use

    • getSignatureScopes

      public List<SignatureScope> getSignatureScopes()
      Description copied from interface: AdvancedSignature
      Returns a list of found SignatureScopes NOTE: the method findSignatureScope(signatureScopeFinder) shall be called before
      Specified by:
      getSignatureScopes in interface AdvancedSignature
      Returns:
      a list of SignatureScopes

    • getContentTimestamps

      public List<TimestampToken> getContentTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the content timestamps
      Specified by:
      getContentTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getSignatureTimestamps

      public List<TimestampToken> getSignatureTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the signature timestamps
      Specified by:
      getSignatureTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getTimestampsX1

      public List<TimestampToken> getTimestampsX1()
      Description copied from interface: AdvancedSignature
      Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.
      Specified by:
      getTimestampsX1 in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getTimestampsX2

      public List<TimestampToken> getTimestampsX2()
      Description copied from interface: AdvancedSignature
      Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
      Specified by:
      getTimestampsX2 in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getArchiveTimestamps

      public List<TimestampToken> getArchiveTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the archive Timestamps
      Specified by:
      getArchiveTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getDocumentTimestamps

      public List<TimestampToken> getDocumentTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES
      Specified by:
      getDocumentTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getDetachedTimestamps

      public List<TimestampToken> getDetachedTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of detached timestamps NOTE: used for ASiC with CAdES only
      Specified by:
      getDetachedTimestamps in interface AdvancedSignature
      Returns:
      a list of TimestampTokens

    • getAllTimestamps

      public List<TimestampToken> getAllTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of all timestamps found in the signature
      Specified by:
      getAllTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getSignaturePolicy

      public SignaturePolicy getSignaturePolicy()
      Description copied from interface: AdvancedSignature
      Returns the Signature Policy OID from the signature.
      Specified by:
      getSignaturePolicy in interface AdvancedSignature
      Returns:
      SignaturePolicy

    • buildSignaturePolicy

      protected abstract SignaturePolicy buildSignaturePolicy()
      This method extracts a signature policy from a signature and builds the object
      Returns:
      SignaturePolicy

    • getBaselineRequirementsChecker

      protected BaselineRequirementsChecker getBaselineRequirementsChecker()
      Returns a cached instance of the BaselineRequirementsChecker
      Returns:
      BaselineRequirementsChecker

    • createBaselineRequirementsChecker

      protected abstract BaselineRequirementsChecker createBaselineRequirementsChecker()
      Instantiates a BaselineRequirementsChecker according to the signature format
      Returns:
      BaselineRequirementsChecker

    • hasBProfile

      public boolean hasBProfile()
      Checks if the signature is conformant to AdES-BASELINE-B level
      Returns:
      TRUE if the B-level is present, FALSE otherwise

    • hasTProfile

      public boolean hasTProfile()
      Checks if the T-level is present in the signature
      Returns:
      TRUE if the T-level is present, FALSE otherwise

    • hasLTProfile

      public boolean hasLTProfile()
      Checks if the LT-level is present in the signature
      Returns:
      TRUE if the LT-level is present, FALSE otherwise

    • hasLTAProfile

      public boolean hasLTAProfile()
      Checks if the LTA-level is present in the signature
      Returns:
      TRUE if the LTA-level is present, FALSE otherwise

    • areAllSelfSignedCertificates

      public boolean areAllSelfSignedCertificates()
      Description copied from interface: AdvancedSignature
      Checks if all certificate chains present in the signature are self-signed
      Specified by:
      areAllSelfSignedCertificates in interface AdvancedSignature
      Returns:
      TRUE if all certificates are self-signed, false otherwise

    • isDocHashOnlyValidation

      public boolean isDocHashOnlyValidation()
      Description copied from interface: AdvancedSignature
      Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)
      Specified by:
      isDocHashOnlyValidation in interface AdvancedSignature
      Returns:
      true of it is DocHashOnly validation, false otherwise

    • isHashOnlyValidation

      public boolean isHashOnlyValidation()
      Description copied from interface: AdvancedSignature
      Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.
      Specified by:
      isHashOnlyValidation in interface AdvancedSignature
      Returns:
      true of it is HashOnly validation, false otherwise

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object