Package eu.europa.esig.dss.xades.validation

Class XAdESSignature

java.lang.Object
eu.europa.esig.dss.validation.DefaultAdvancedSignature
eu.europa.esig.dss.xades.validation.XAdESSignature
All Implemented Interfaces:
IdentifierBasedObject, AdvancedSignature, Serializable
public class XAdESSignature extends DefaultAdvancedSignature
Parse an XAdES signature structure. Note that for each signature to be validated a new instance of this object must be created.
See Also:

  • Constructor Details

    • XAdESSignature

      public XAdESSignature(Element signatureElement)
      This constructor is used when creating the signature. The default XPathQueryHolder is set.
      Parameters:
      signatureElement - the signature DOM element

    • XAdESSignature

      public XAdESSignature(Element signatureElement, List<XAdESPaths> xadesPathsHolders)
      The default constructor for XAdESSignature.
      Parameters:
      signatureElement - the signature DOM element
      xadesPathsHolders - List of XAdESPaths to use when handling signature

  • Method Details

    • setDisableXSWProtection

      public void setDisableXSWProtection(boolean disableXSWProtection)
      NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW). It disables the research by XPath expression for defined Type attributes.
      Parameters:
      disableXSWProtection - true to disable the protection

    • recursiveNamespaceBrowser

      public void recursiveNamespaceBrowser(Element element)
      This method sets the namespace which will determinate the XAdESPaths to use. The content of the Transform element is ignored.
      Parameters:
      element - Element

    • getXAdESPathsHolders

      public List<XAdESPaths> getXAdESPathsHolders()
      Returns a list of used XAdESPaths
      Returns:
      a list of XAdESPaths

    • getXAdESPaths

      public XAdESPaths getXAdESPaths()
      Gets the current XAdESPaths
      Returns:
      XAdESPaths

    • getXmldSigNamespace

      public DSSNamespace getXmldSigNamespace()
      Returns the XMLDSIG namespace
      Returns:
      DSSNamespace

    • getXadesNamespace

      public DSSNamespace getXadesNamespace()
      Returns the XAdES namespace
      Returns:
      DSSNamespace

    • getSignatureElement

      public Element getSignatureElement()
      Returns the w3c.dom encapsulated signature element.
      Returns:
      the signatureElement

    • getSignatureForm

      public SignatureForm getSignatureForm()
      Description copied from interface: AdvancedSignature
      Specifies the format of the signature
      Returns:
      SignatureForm

    • getEncryptionAlgorithm

      public EncryptionAlgorithm getEncryptionAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the encryption algorithm used for generating the signature.
      Returns:
      EncryptionAlgorithm

    • getDigestAlgorithm

      public DigestAlgorithm getDigestAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the digest algorithm used for generating the signature.
      Returns:
      DigestAlgorithm

    • getMaskGenerationFunction

      public MaskGenerationFunction getMaskGenerationFunction()
      Description copied from interface: AdvancedSignature
      Retrieves the mask generation function used for generating the signature.
      Returns:
      MaskGenerationFunction

    • getSignatureAlgorithm

      public SignatureAlgorithm getSignatureAlgorithm()
      Description copied from interface: AdvancedSignature
      Retrieves the signature algorithm (or cipher) used for generating the signature.
      Returns:
      SignatureAlgorithm

    • getCertificateSource

      public SignatureCertificateSource getCertificateSource()
      Description copied from interface: AdvancedSignature
      Gets a certificate source which contains ALL certificates embedded in the signature.
      Returns:
      SignatureCertificateSource

    • getCRLSource

      public OfflineCRLSource getCRLSource()
      Description copied from interface: AdvancedSignature
      Gets a CRL source which contains ALL CRLs embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getOCSPSource

      public OfflineOCSPSource getOCSPSource()
      Description copied from interface: AdvancedSignature
      Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
      Returns:
      OfflineRevocationSource

    • getTimestampSource

      public XAdESTimestampSource getTimestampSource()
      Description copied from interface: AdvancedSignature
      Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
      Returns:
      SignatureTimestampSource

    • getSigningTime

      public Date getSigningTime()
      Description copied from interface: AdvancedSignature
      Returns the signing time included within the signature.
      Returns:
      Date representing the signing time or null

    • getSignaturePolicy

      public XAdESSignaturePolicy getSignaturePolicy()
      Description copied from interface: AdvancedSignature
      Returns the Signature Policy OID from the signature.
      Specified by:
      getSignaturePolicy in interface AdvancedSignature
      Overrides:
      getSignaturePolicy in class DefaultAdvancedSignature
      Returns:
      SignaturePolicy

    • buildSignaturePolicy

      protected XAdESSignaturePolicy buildSignaturePolicy()
      Description copied from class: DefaultAdvancedSignature
      This method extracts a signature policy from a signature and builds the object
      Specified by:
      buildSignaturePolicy in class DefaultAdvancedSignature
      Returns:
      SignaturePolicy

    • getSignatureProductionPlace

      public SignatureProductionPlace getSignatureProductionPlace()
      Description copied from interface: AdvancedSignature
      Returns information about the place where the signature was generated
      Returns:
      SignatureProductionPlace

    • getSignaturePolicyStore

      public SignaturePolicyStore getSignaturePolicyStore()
      Description copied from interface: AdvancedSignature
      Returns the Signature Policy Store from the signature
      Returns:
      SignaturePolicyStore

    • getSignedAssertions

      public List<SignerRole> getSignedAssertions()
      Description copied from interface: AdvancedSignature
      Returns the list of embedded signed assertions.
      Returns:
      list of the assertions s

    • getClaimedSignerRoles

      public List<SignerRole> getClaimedSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the claimed roles of the signer.
      Returns:
      list of the SignerRoles

    • getCertifiedSignerRoles

      public List<SignerRole> getCertifiedSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the certified roles of the signer.
      Returns:
      list of the SignerRoles

    • getContentType

      public String getContentType()
      Description copied from interface: AdvancedSignature
      Returns the value of the signed attribute content-type
      Returns:
      content type as String

    • getMimeType

      public String getMimeType()
      Description copied from interface: AdvancedSignature
      Returns the value of the signed attribute mime-type
      Returns:
      mime type as String

    • getSignatureValueBase64

      public String getSignatureValueBase64()
      Returns a base64 SignatureValue
      Returns:
      base64 String

    • getSignatureValue

      public byte[] getSignatureValue()
      Description copied from interface: AdvancedSignature
      Returns the digital signature value
      Returns:
      digital signature value byte array

    • getSignatureValueId

      public String getSignatureValueId()
      Returns Id of the ds:SignatureValue element
      Returns:
      String Id

    • getObjects

      public NodeList getObjects()
      This method returns the list of ds:Object elements for the current signature element.
      Returns:
      NodeList

    • getCompleteCertificateRefs

      public Element getCompleteCertificateRefs()
      Gets xades:CompleteCertificateRefs or xades141:CompleteCertificateRefsV2 element
      Returns:
      Element

    • getCompleteRevocationRefs

      public Element getCompleteRevocationRefs()
      Gets xades:CompleteRevocationRefs
      Returns:
      Element

    • getSigAndRefsTimeStamp

      public NodeList getSigAndRefsTimeStamp()
      Gets xades:SigAndRefsTimeStamp node list
      Returns:
      NodeList

    • getRefsOnlyTimestampTimeStamp

      public NodeList getRefsOnlyTimestampTimeStamp()
      Gets xades:RefsOnlyTimestamp node list
      Returns:
      NodeList

    • getCertificateValues

      public Element getCertificateValues()
      Gets xades:CertificateValues element
      Returns:
      Element

    • getRevocationValues

      public Element getRevocationValues()
      Gets xades:RevocationValues element
      Returns:
      Element

    • addExternalTimestamp

      public void addExternalTimestamp(TimestampToken timestamp)
      Description copied from interface: AdvancedSignature
      This method allows to add an external timestamp. The given timestamp must be processed before. NOTE: The method is supported only for CAdES signatures
      Parameters:
      timestamp - the timestamp token

    • getBaselineRequirementsChecker

      protected XAdESBaselineRequirementsChecker getBaselineRequirementsChecker()
      Description copied from class: DefaultAdvancedSignature
      Returns a cached instance of the BaselineRequirementsChecker
      Overrides:
      getBaselineRequirementsChecker in class DefaultAdvancedSignature
      Returns:
      BaselineRequirementsChecker

    • createBaselineRequirementsChecker

      protected XAdESBaselineRequirementsChecker createBaselineRequirementsChecker()
      Description copied from class: DefaultAdvancedSignature
      Instantiates a BaselineRequirementsChecker according to the signature format
      Specified by:
      createBaselineRequirementsChecker in class DefaultAdvancedSignature
      Returns:
      BaselineRequirementsChecker

    • hasBESProfile

      public boolean hasBESProfile()
      Checks the presence of signing certificate covered by the signature, what is the proof -BES profile existence
      Returns:
      true if BES Profile is detected

    • hasEPESProfile

      public boolean hasEPESProfile()
      Checks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existence
      Returns:
      true if EPES Profile is detected

    • hasExtendedTProfile

      public boolean hasExtendedTProfile()
      Checks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existence
      Returns:
      true if T Profile is detected

    • hasCProfile

      public boolean hasCProfile()
      Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence
      Returns:
      true if C Profile is detected

    • hasXProfile

      public boolean hasXProfile()
      Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence
      Returns:
      true if the -X extension is present

    • hasXLProfile

      public boolean hasXLProfile()
      Checks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existence
      Returns:
      true if the -XL extension is present

    • hasAProfile

      public boolean hasAProfile()
      Checks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existence
      Returns:
      true if the -A extension is present

    • checkSignatureIntegrity

      public void checkSignatureIntegrity()
      Description copied from interface: AdvancedSignature
      Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

    • getReferenceValidations

      public List<ReferenceValidation> getReferenceValidations()
      Description copied from interface: AdvancedSignature
      Returns individual validation foreach reference (XAdES, JAdES) or for the message-imprint (CAdES)
      Returns:
      a list with one or more ReferenceValidation

    • getSignatureDigestReference

      public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)
      TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents. The canonicalization shall be computed keeping this ds:Signature element as a descendant of the XML root element, without detaching it.
      Parameters:
      digestAlgorithm - DigestAlgorithm to use
      Returns:
      SignatureDigestReference

    • getDataToBeSignedRepresentation

      public Digest getDataToBeSignedRepresentation()
      Description copied from interface: AdvancedSignature
      TS 119 102-1 (4.2.8 Data to be signed representation (DTBSR)) : The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite.
      Returns:
      Digest DTBSR, which is then used to create the signature.

    • getSignedInfo

      public Element getSignedInfo()
      Returns the ds:SignedInfo element
      Returns:
      Element ds:SignedInfo

    • getObjectById

      public Node getObjectById(String id)
      Gets ds:Object by its Id
      Parameters:
      id - String object Id
      Returns:
      Node

    • getManifestById

      public Element getManifestById(String id)
      Gets ds:Manifest by its Id
      Parameters:
      id - String manifest Id
      Returns:
      Element Manifest

    • getCounterSignatures

      public List<AdvancedSignature> getCounterSignatures()
      This method retrieves the potential countersignatures embedded in the XAdES signature document. From ETSI TS 101 903 v1.4.2: 7.2.4.1 Countersignature identifier in Type attribute of ds:Reference A XAdES signature containing a ds:Reference element whose Type attribute has value "http://uri.etsi.org/01903#CountersignedSignature" will indicate that is is, in fact, a countersignature of the signature referenced by this element. 7.2.4.2 Enveloped countersignatures: the CounterSignature element The CounterSignature is an unsigned property that qualifies the signature. A XAdES signature MAY have more than one CounterSignature properties. As indicated by its name, it contains one countersignature of the qualified signature.
      Returns:
      a list containing the countersignatures embedded in the XAdES signature document

    • getSignatureIdentifierBuilder

      protected SignatureIdentifierBuilder getSignatureIdentifierBuilder()
      Description copied from class: DefaultAdvancedSignature
      Returns a builder to define and build a signature Id
      Specified by:
      getSignatureIdentifierBuilder in class DefaultAdvancedSignature
      Returns:
      SignatureIdentifierBuilder

    • getDAIdentifier

      public String getDAIdentifier()
      Description copied from interface: AdvancedSignature
      This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
      Returns:
      The signature identifier

    • getUnsignedSignatureProperties

      public List<String> getUnsignedSignatureProperties()
      Retrieves the name of each node found under the UnsignedSignatureProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedSignatureProperties

      public List<String> getSignedSignatureProperties()
      Retrieves the name of each node found under the SignedSignatureProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedProperties

      public List<String> getSignedProperties()
      Retrieves the name of each node found under the SignedProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getUnsignedProperties

      public List<String> getUnsignedProperties()
      Retrieves the name of each node found under the UnsignedProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedDataObjectProperties

      public List<String> getSignedDataObjectProperties()
      Retrieves the name of each node found under the SignedDataObjectProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getDataFoundUpToLevel

      public SignatureLevel getDataFoundUpToLevel()
      Description copied from interface: AdvancedSignature
      This method returns the signature level
      Returns:
      a value of SignatureLevel

    • validateStructure

      public List<String> validateStructure()
      Description copied from class: DefaultAdvancedSignature
      This method processes the structure validation of the signature.
      Overrides:
      validateStructure in class DefaultAdvancedSignature
      Returns:
      list of String errors

    • getLastTimestampValidationData

      public Element getLastTimestampValidationData()
      This method returns the last timestamp validation data for an archive timestamp.
      Returns:
      Element xades141:TimestampValidationData

    • getCommitmentTypeIndications

      public List<CommitmentTypeIndication> getCommitmentTypeIndications()
      Description copied from interface: AdvancedSignature
      This method obtains the information concerning commitment type indication linked to the signature
      Returns:
      a list of CommitmentTypeIndications

    • getReferences

      public List<org.apache.xml.security.signature.Reference> getReferences()
      Gets a list of found references
      Returns:
      a list of References

    • getSignatureObjects

      public List<Element> getSignatureObjects()
      Gets a list of found signature ds:Object elements
      Returns:
      a list of Elements

    • registerXAdESPaths

      public void registerXAdESPaths(XAdESPaths xadesPaths)
      This method allows to register a new XAdESPaths.
      Parameters:
      xadesPaths - XAdESPaths to register