Module jpms_dss_spi
Package eu.europa.esig.dss.spi.signature

Class DefaultAdvancedSignature

java.lang.Object
eu.europa.esig.dss.spi.signature.DefaultAdvancedSignature
All Implemented Interfaces:
eu.europa.esig.dss.model.identifier.IdentifierBasedObject, AdvancedSignature, Serializable
public abstract class DefaultAdvancedSignature extends Object implements AdvancedSignature
A common implementation of AdvancedSignature
See Also:

  • Field Details

    • detachedContents

      protected List<eu.europa.esig.dss.model.DSSDocument> detachedContents
      In case of a detached signature this is the signed document.

    • manifestFile

      protected eu.europa.esig.dss.model.ManifestFile manifestFile
      In case of a ASiC-E signature this is the found related manifest file.

    • referenceValidations

      protected List<eu.europa.esig.dss.model.ReferenceValidation> referenceValidations
      This variable contains a list of reference validations (reference tag for XAdES or message-digest for CAdES)

    • signatureCryptographicVerification

      protected eu.europa.esig.dss.model.signature.SignatureCryptographicVerification signatureCryptographicVerification
      This variable contains the result of the signature mathematical validation. It is initialised when the method checkSignatureIntegrity is called.

    • structureValidationMessages

      protected List<String> structureValidationMessages
      A list of error messages occurred during a structure validation

    • signingCertificateSource

      protected CertificateSource signingCertificateSource
      The certificate source of a signing certificate

    • offlineCertificateSource

      protected SignatureCertificateSource offlineCertificateSource
      Cached offline signature certificate source

    • signatureCRLSource

      protected OfflineCRLSource signatureCRLSource
      Cached offline signature CRL source

    • signatureOCSPSource

      protected OfflineOCSPSource signatureOCSPSource
      Cached offline signature OCSP source

    • signatureTimestampSource

      protected TimestampSource signatureTimestampSource
      Cached offline signature timestamp source

    • counterSignatures

      protected List<AdvancedSignature> counterSignatures
      Cached list of embedded counter signatures

    • signaturePolicy

      protected eu.europa.esig.dss.model.signature.SignaturePolicy signaturePolicy
      The SignaturePolicy identifier

    • signatureIdentifier

      protected SignatureIdentifier signatureIdentifier
      Unique signature identifier

  • Constructor Details

    • DefaultAdvancedSignature

      protected DefaultAdvancedSignature()
      Default constructor instantiating object with null values

  • Method Details

    • getSignatureIdentifierBuilder

      protected abstract SignatureIdentifierBuilder getSignatureIdentifierBuilder()
      Returns a builder to define and build a signature Id
      Returns:
      SignatureIdentifierBuilder

    • setSigningCertificateSource

      public void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Description copied from interface: AdvancedSignature
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Specified by:
      setSigningCertificateSource in interface AdvancedSignature
      Parameters:
      signingCertificateSource - the certificate source to resolve missing signing certificate

    • getFilename

      public String getFilename()
      Description copied from interface: AdvancedSignature
      This method returns the signature filename (useful for ASiC and multiple signature files)
      Specified by:
      getFilename in interface AdvancedSignature
      Returns:
      the signature filename

    • setFilename

      public void setFilename(String filename)
      Description copied from interface: AdvancedSignature
      This method allows to set the signature filename (useful in case of ASiC)
      Specified by:
      setFilename in interface AdvancedSignature
      Parameters:
      filename - String

    • getDetachedContents

      public List<eu.europa.esig.dss.model.DSSDocument> getDetachedContents()
      Description copied from interface: AdvancedSignature
      Returns detached contents
      Specified by:
      getDetachedContents in interface AdvancedSignature
      Returns:
      in the case of the detached signature this is the List of signed contents.

    • setDetachedContents

      public void setDetachedContents(List<eu.europa.esig.dss.model.DSSDocument> detachedContents)
      Description copied from interface: AdvancedSignature
      This method allows to set the signed contents in the case of the detached signature.
      Specified by:
      setDetachedContents in interface AdvancedSignature
      Parameters:
      detachedContents - List of DSSDocument representing the signed detached contents.

    • getContainerContents

      public List<eu.europa.esig.dss.model.DSSDocument> getContainerContents()
      Description copied from interface: AdvancedSignature
      Returns container's content
      Specified by:
      getContainerContents in interface AdvancedSignature
      Returns:
      in case of ASiC-S signature returns a list of an archive container documents

    • setContainerContents

      public void setContainerContents(List<eu.europa.esig.dss.model.DSSDocument> containerContents)
      Description copied from interface: AdvancedSignature
      This method allows to set the archive container contents in the case of ASiC-S signature.
      Specified by:
      setContainerContents in interface AdvancedSignature
      Parameters:
      containerContents - List of DSSDocument representing the archive container contents.

    • getManifestFile

      public eu.europa.esig.dss.model.ManifestFile getManifestFile()
      Description copied from interface: AdvancedSignature
      This method returns a related ManifestFile in the case of ASiC-E signature.
      Specified by:
      getManifestFile in interface AdvancedSignature
      Returns:
      manifestFile ManifestFile

    • setManifestFile

      public void setManifestFile(eu.europa.esig.dss.model.ManifestFile manifestFile)
      Description copied from interface: AdvancedSignature
      This method allows to set a manifest file in the case of ASiC-E signature.
      Specified by:
      setManifestFile in interface AdvancedSignature
      Parameters:
      manifestFile - ManifestFile

    • getDSSId

      public SignatureIdentifier getDSSId()
      Description copied from interface: AdvancedSignature
      This method returns the SignatureIdentifier.
      Specified by:
      getDSSId in interface AdvancedSignature
      Specified by:
      getDSSId in interface eu.europa.esig.dss.model.identifier.IdentifierBasedObject
      Returns:
      unique SignatureIdentifier

    • getId

      public String getId()
      Description copied from interface: AdvancedSignature
      This method returns the DSS unique signature id. It allows to unambiguously identify each signature.
      Specified by:
      getId in interface AdvancedSignature
      Returns:
      The signature unique Id

    • getCompleteCertificateSource

      public ListCertificateSource getCompleteCertificateSource()
      Description copied from interface: AdvancedSignature
      Gets a ListCertificateSource representing a merged source from signatureCertificateSource and all included to the signature timestamp objects
      Specified by:
      getCompleteCertificateSource in interface AdvancedSignature
      Returns:
      ListCertificateSource

    • getCompleteCRLSource

      public ListRevocationSource<eu.europa.esig.dss.model.x509.revocation.crl.CRL> getCompleteCRLSource()
      Description copied from interface: AdvancedSignature
      Gets a ListRevocationSource representing a merged source from signatureCRLSourse and all included to the signature timestamp objects
      Specified by:
      getCompleteCRLSource in interface AdvancedSignature
      Returns:
      ListRevocationSource

    • getCompleteOCSPSource

      public ListRevocationSource<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP> getCompleteOCSPSource()
      Description copied from interface: AdvancedSignature
      Gets a ListRevocationSource representing a merged source from signatureOCSPSourse and all included to the signature timestamp objects
      Specified by:
      getCompleteOCSPSource in interface AdvancedSignature
      Returns:
      ListRevocationSource

    • getCounterSignaturesCertificateSource

      protected ListCertificateSource getCounterSignaturesCertificateSource()
      Returns a merged certificate source for values incorporated within counter signatures
      Returns:
      ListCertificateSource

    • getCounterSignaturesCRLSource

      protected ListRevocationSource<eu.europa.esig.dss.model.x509.revocation.crl.CRL> getCounterSignaturesCRLSource()
      Returns a merged CRL source for values incorporated within counter signatures
      Returns:
      CRL ListRevocationSource

    • getCounterSignaturesOCSPSource

      protected ListRevocationSource<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP> getCounterSignaturesOCSPSource()
      Returns a merged OCSP source for values incorporated within counter signatures
      Returns:
      OCSP ListRevocationSource

    • resetCertificateSource

      public void resetCertificateSource()
      This method resets the source of certificates. It must be called when any certificate is added to the KeyInfo or CertificateValues (XAdES), or 'xVals' (JAdES). NOTE: used in XAdES and JAdES

    • resetRevocationSources

      public void resetRevocationSources()
      This method resets the sources of the revocation data. It must be called when -LT level is created. NOTE: used in XAdES and JAdES

    • resetTimestampSource

      public void resetTimestampSource()
      This method resets the timestamp source. It must be called when -LT level is created. NOTE: used in XAdES and JAdES

    • getCandidatesForSigningCertificate

      public CandidatesForSigningCertificate getCandidatesForSigningCertificate()
      ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.
      Specified by:
      getCandidatesForSigningCertificate in interface AdvancedSignature
      Returns:
      CandidatesForSigningCertificate

    • initBaselineRequirementsChecker

      public void initBaselineRequirementsChecker(CertificateVerifier certificateVerifier)
      Description copied from interface: AdvancedSignature
      This method creates an offline copy of certificateVerifier and instantiates a BaselineRequirementsChecker
      Specified by:
      initBaselineRequirementsChecker in interface AdvancedSignature
      Parameters:
      certificateVerifier - CertificateVerifier

    • getCertificates

      public List<eu.europa.esig.dss.model.x509.CertificateToken> getCertificates()
      Returns an unmodifiable list of all certificate tokens encapsulated in the signature
      Specified by:
      getCertificates in interface AdvancedSignature
      Returns:
      a list of certificate contained within the signature
      See Also:

    • setMasterSignature

      public void setMasterSignature(AdvancedSignature masterSignature)
      Description copied from interface: AdvancedSignature
      This setter allows to indicate the master signature. It means that this is a countersignature.
      Specified by:
      setMasterSignature in interface AdvancedSignature
      Parameters:
      masterSignature - AdvancedSignature

    • getMasterSignature

      public AdvancedSignature getMasterSignature()
      Description copied from interface: AdvancedSignature
      Gets master signature
      Specified by:
      getMasterSignature in interface AdvancedSignature
      Returns:
      AdvancedSignature

    • isCounterSignature

      public boolean isCounterSignature()
      Description copied from interface: AdvancedSignature
      Checks if the current signature is a counter signature (i.e. has a Master signature)
      Specified by:
      isCounterSignature in interface AdvancedSignature
      Returns:
      TRUE if it is a counter signature, FALSE otherwise

    • getSignatureCryptographicVerification

      public eu.europa.esig.dss.model.signature.SignatureCryptographicVerification getSignatureCryptographicVerification()
      Description copied from interface: AdvancedSignature
      Gets signature's cryptographic validation result
      Specified by:
      getSignatureCryptographicVerification in interface AdvancedSignature
      Returns:
      SignatureCryptographicVerification with all the information collected during the validation process.

    • getSignerRoles

      public List<eu.europa.esig.dss.model.signature.SignerRole> getSignerRoles()
      Description copied from interface: AdvancedSignature
      Returns the list of roles of the signer.
      Specified by:
      getSignerRoles in interface AdvancedSignature
      Returns:
      list of the SignerRoles

    • getSigningCertificateToken

      public eu.europa.esig.dss.model.x509.CertificateToken getSigningCertificateToken()
      Description copied from interface: AdvancedSignature
      This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the method checkSignatureIntegrity must be called.
      Specified by:
      getSigningCertificateToken in interface AdvancedSignature
      Returns:
      CertificateToken

    • getStructureValidationResult

      public List<String> getStructureValidationResult()
      Description copied from interface: AdvancedSignature
      Returns a message if the structure validation fails
      Specified by:
      getStructureValidationResult in interface AdvancedSignature
      Returns:
      a list of String error messages if validation fails, an empty list if structural validation succeeds

    • validateStructure

      protected List<String> validateStructure()
      This method processes the structure validation of the signature.
      Returns:
      list of String errors

    • getSignatureScopes

      public List<eu.europa.esig.dss.model.scope.SignatureScope> getSignatureScopes()
      Description copied from interface: AdvancedSignature
      Returns a list of found SignatureScopes
      Specified by:
      getSignatureScopes in interface AdvancedSignature
      Returns:
      a list of SignatureScopes

    • findSignatureScopes

      protected abstract List<eu.europa.esig.dss.model.scope.SignatureScope> findSignatureScopes()
      Finds signature scopes
      Returns:
      a list of SignatureScopes

    • getContentTimestamps

      public List<TimestampToken> getContentTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the content timestamps
      Specified by:
      getContentTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getSignatureTimestamps

      public List<TimestampToken> getSignatureTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the signature timestamps
      Specified by:
      getSignatureTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getTimestampsX1

      public List<TimestampToken> getTimestampsX1()
      Description copied from interface: AdvancedSignature
      Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.
      Specified by:
      getTimestampsX1 in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getTimestampsX2

      public List<TimestampToken> getTimestampsX2()
      Description copied from interface: AdvancedSignature
      Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
      Specified by:
      getTimestampsX2 in interface AdvancedSignature
      Returns:
      List of TimestampToken

    • getArchiveTimestamps

      public List<TimestampToken> getArchiveTimestamps()
      Description copied from interface: AdvancedSignature
      Returns the archive Timestamps
      Specified by:
      getArchiveTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getDocumentTimestamps

      public List<TimestampToken> getDocumentTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES
      Specified by:
      getDocumentTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getDetachedTimestamps

      public List<TimestampToken> getDetachedTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of detached timestamps NOTE: used for ASiC with CAdES only
      Specified by:
      getDetachedTimestamps in interface AdvancedSignature
      Returns:
      a list of TimestampTokens

    • getAllTimestamps

      public List<TimestampToken> getAllTimestamps()
      Description copied from interface: AdvancedSignature
      Returns a list of all timestamps found in the signature
      Specified by:
      getAllTimestamps in interface AdvancedSignature
      Returns:
      List of TimestampTokens

    • getEmbeddedEvidenceRecords

      public List<EvidenceRecord> getEmbeddedEvidenceRecords()
      Description copied from interface: AdvancedSignature
      Returns a list of embedded evidence records
      Specified by:
      getEmbeddedEvidenceRecords in interface AdvancedSignature
      Returns:
      a list of EvidenceRecords

    • addExternalEvidenceRecord

      public void addExternalEvidenceRecord(EvidenceRecord evidenceRecord)
      Description copied from interface: AdvancedSignature
      Adds an evidence record covering the signature file
      Specified by:
      addExternalEvidenceRecord in interface AdvancedSignature
      Parameters:
      evidenceRecord - EvidenceRecord

    • getDetachedEvidenceRecords

      public List<EvidenceRecord> getDetachedEvidenceRecords()
      Description copied from interface: AdvancedSignature
      Returns a list of detached evidence records
      Specified by:
      getDetachedEvidenceRecords in interface AdvancedSignature
      Returns:
      a list of EvidenceRecords

    • getAllEvidenceRecords

      public List<EvidenceRecord> getAllEvidenceRecords()
      Description copied from interface: AdvancedSignature
      Returns a list of all evidence records
      Specified by:
      getAllEvidenceRecords in interface AdvancedSignature
      Returns:
      a list of EvidenceRecords

    • getSignaturePolicy

      public eu.europa.esig.dss.model.signature.SignaturePolicy getSignaturePolicy()
      Description copied from interface: AdvancedSignature
      Returns the Signature Policy OID from the signature.
      Specified by:
      getSignaturePolicy in interface AdvancedSignature
      Returns:
      SignaturePolicy

    • buildSignaturePolicy

      protected abstract eu.europa.esig.dss.model.signature.SignaturePolicy buildSignaturePolicy()
      This method extracts a signature policy from a signature and builds the object
      Returns:
      SignaturePolicy

    • getBaselineRequirementsChecker

      protected BaselineRequirementsChecker getBaselineRequirementsChecker()
      Returns a cached instance of the BaselineRequirementsChecker
      Returns:
      BaselineRequirementsChecker

    • createBaselineRequirementsChecker

      protected abstract BaselineRequirementsChecker createBaselineRequirementsChecker(CertificateVerifier certificateVerifier)
      Instantiates a BaselineRequirementsChecker according to the signature format
      Parameters:
      certificateVerifier - CertificateVerifier to be used
      Returns:
      BaselineRequirementsChecker

    • hasBProfile

      public boolean hasBProfile()
      Description copied from interface: AdvancedSignature
      Checks if the signature is conformant to AdES-BASELINE-B level
      Specified by:
      hasBProfile in interface AdvancedSignature
      Returns:
      TRUE if the B-level is present, FALSE otherwise

    • hasTProfile

      public boolean hasTProfile()
      Description copied from interface: AdvancedSignature
      Checks if the T-level is present in the signature
      Specified by:
      hasTProfile in interface AdvancedSignature
      Returns:
      TRUE if the T-level is present, FALSE otherwise

    • hasLTProfile

      public boolean hasLTProfile()
      Description copied from interface: AdvancedSignature
      Checks if the LT-level is present in the signature
      Specified by:
      hasLTProfile in interface AdvancedSignature
      Returns:
      TRUE if the LT-level is present, FALSE otherwise

    • hasLTAProfile

      public boolean hasLTAProfile()
      Description copied from interface: AdvancedSignature
      Checks if the LTA-level is present in the signature
      Specified by:
      hasLTAProfile in interface AdvancedSignature
      Returns:
      TRUE if the LTA-level is present, FALSE otherwise

    • hasBESProfile

      public boolean hasBESProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of signing certificate covered by the signature, what is the proof of the -BES profile existence
      Specified by:
      hasBESProfile in interface AdvancedSignature
      Returns:
      true if BES Profile is detected

    • hasEPESProfile

      public boolean hasEPESProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of SignaturePolicyIdentifier element in the signature, what is the proof of the -EPES profile existence
      Specified by:
      hasEPESProfile in interface AdvancedSignature
      Returns:
      true if EPES Profile is detected

    • hasExtendedTProfile

      public boolean hasExtendedTProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of SignatureTimeStamp element in the signature, what is the proof of the -T profile existence
      Specified by:
      hasExtendedTProfile in interface AdvancedSignature
      Returns:
      true if T Profile is detected

    • hasCProfile

      public boolean hasCProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof of the -C profile existence
      Specified by:
      hasCProfile in interface AdvancedSignature
      Returns:
      true if C Profile is detected

    • hasXProfile

      public boolean hasXProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof of the -X profile existence
      Specified by:
      hasXProfile in interface AdvancedSignature
      Returns:
      true if the -X extension is present

    • hasXLProfile

      public boolean hasXLProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof of the -XL profile existence
      Specified by:
      hasXLProfile in interface AdvancedSignature
      Returns:
      true if the -XL extension is present

    • hasAProfile

      public boolean hasAProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of ArchiveTimeStamp element in the signature, what is the proof of the -A profile existence
      Specified by:
      hasAProfile in interface AdvancedSignature
      Returns:
      true if the -A extension is present

    • hasERSProfile

      public boolean hasERSProfile()
      Description copied from interface: AdvancedSignature
      Checks the presence of SealingEvidenceRecord element in the signature, what is the proof of the -ERS profile existence
      Specified by:
      hasERSProfile in interface AdvancedSignature
      Returns:
      true if the -A extension is present

    • areAllSelfSignedCertificates

      public boolean areAllSelfSignedCertificates()
      Description copied from interface: AdvancedSignature
      Checks if all certificate chains present in the signature are self-signed
      Specified by:
      areAllSelfSignedCertificates in interface AdvancedSignature
      Returns:
      TRUE if all certificates are self-signed, false otherwise

    • isDocHashOnlyValidation

      public boolean isDocHashOnlyValidation()
      Description copied from interface: AdvancedSignature
      Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)
      Specified by:
      isDocHashOnlyValidation in interface AdvancedSignature
      Returns:
      true of it is DocHashOnly validation, false otherwise

    • isHashOnlyValidation

      public boolean isHashOnlyValidation()
      Description copied from interface: AdvancedSignature
      Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.
      Specified by:
      isHashOnlyValidation in interface AdvancedSignature
      Returns:
      true of it is HashOnly validation, false otherwise

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object