Module jpms_dss_spi
Package eu.europa.esig.dss.spi.validation.analyzer

Class DefaultDocumentAnalyzer

java.lang.Object
eu.europa.esig.dss.spi.validation.analyzer.DefaultDocumentAnalyzer
All Implemented Interfaces:
DocumentAnalyzer
public abstract class DefaultDocumentAnalyzer extends Object implements DocumentAnalyzer
This class contains a common code for processing of signed documents

  • Field Details

    • document

      protected eu.europa.esig.dss.model.DSSDocument document
      The document to be validated (with the signature(s) or timestamp(s))

    • detachedContents

      protected List<eu.europa.esig.dss.model.DSSDocument> detachedContents
      In case of a detached signature this List contains the signed documents.

    • detachedEvidenceRecordDocuments

      protected List<eu.europa.esig.dss.model.DSSDocument> detachedEvidenceRecordDocuments
      Contains a list of evidence record documents detached from the signature

    • containerContents

      protected List<eu.europa.esig.dss.model.DSSDocument> containerContents
      In case of an ASiC signature this List of container documents.

    • manifestFile

      protected eu.europa.esig.dss.model.ManifestFile manifestFile
      A related ManifestFile to the provided document

    • signingCertificateSource

      protected CertificateSource signingCertificateSource
      Certificate source to find signing certificate

    • certificateVerifier

      protected CertificateVerifier certificateVerifier
      The reference to the certificate verifier. The current DSS implementation proposes CommonCertificateVerifier. This verifier encapsulates the references to different sources used in the signature validation process.

  • Constructor Details

    • DefaultDocumentAnalyzer

      protected DefaultDocumentAnalyzer()
      The default constructor

  • Method Details

    • fromDocument

      public static DocumentAnalyzer fromDocument(eu.europa.esig.dss.model.DSSDocument dssDocument)
      This method guesses the document format and returns an appropriate document reader.
      Parameters:
      dssDocument - The instance of DSSDocument to validate
      Returns:
      returns the specific instance of DocumentReader in terms of the document type

    • getDocument

      public eu.europa.esig.dss.model.DSSDocument getDocument()
      Description copied from interface: DocumentAnalyzer
      Gets document to be validated
      Specified by:
      getDocument in interface DocumentAnalyzer
      Returns:
      DSSDocument

    • setSigningCertificateSource

      public void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Description copied from interface: DocumentAnalyzer
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Specified by:
      setSigningCertificateSource in interface DocumentAnalyzer
      Parameters:
      signingCertificateSource - the certificate source

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed. The certificate verifier is used to pass these values. Note that once this setter is called any change in the content of the CommonTrustedCertificateSource or in adjunct certificate source is not taken into account.
      Specified by:
      setCertificateVerifier in interface DocumentAnalyzer
      Parameters:
      certificateVerifier - CertificateVerifier

    • setValidationContextExecutor

      public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)
      Description copied from interface: DocumentAnalyzer
      This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)
      Specified by:
      setValidationContextExecutor in interface DocumentAnalyzer
      Parameters:
      validationContextExecutor - ValidationContextExecutor

    • getTokenIdentifierProvider

      public eu.europa.esig.dss.model.identifier.TokenIdentifierProvider getTokenIdentifierProvider()
      Gets TokenIdentifierProvider
      Specified by:
      getTokenIdentifierProvider in interface DocumentAnalyzer
      Returns:
      TokenIdentifierProvider

    • setTokenIdentifierProvider

      public void setTokenIdentifierProvider(eu.europa.esig.dss.model.identifier.TokenIdentifierProvider tokenIdentifierProvider)
      Description copied from interface: DocumentAnalyzer
      Sets the TokenIdentifierProvider
      Specified by:
      setTokenIdentifierProvider in interface DocumentAnalyzer
      Parameters:
      tokenIdentifierProvider - TokenIdentifierProvider

    • setDetachedContents

      public void setDetachedContents(List<eu.europa.esig.dss.model.DSSDocument> detachedContents)
      Description copied from interface: DocumentAnalyzer
      Sets the List of DSSDocument containing the original contents to sign, for detached signature scenarios.
      Specified by:
      setDetachedContents in interface DocumentAnalyzer
      Parameters:
      detachedContents - the List of DSSDocument to set

    • setDetachedEvidenceRecordDocuments

      public void setDetachedEvidenceRecordDocuments(List<eu.europa.esig.dss.model.DSSDocument> detachedEvidenceRecordDocuments)
      Description copied from interface: DocumentAnalyzer
      Sets a List of DSSDocument containing the evidence record documents covering the signature document.
      Specified by:
      setDetachedEvidenceRecordDocuments in interface DocumentAnalyzer
      Parameters:
      detachedEvidenceRecordDocuments - the List of DSSDocument to set

    • setContainerContents

      public void setContainerContents(List<eu.europa.esig.dss.model.DSSDocument> containerContents)
      Description copied from interface: DocumentAnalyzer
      Sets the List of DSSDocument containing the original container content for ASiC-S signatures.
      Specified by:
      setContainerContents in interface DocumentAnalyzer
      Parameters:
      containerContents - the List of DSSDocument to set

    • setManifestFile

      public void setManifestFile(eu.europa.esig.dss.model.ManifestFile manifestFile)
      Description copied from interface: DocumentAnalyzer
      Sets a related ManifestFile to the document to be validated.
      Specified by:
      setManifestFile in interface DocumentAnalyzer
      Parameters:
      manifestFile - a ManifestFile to set

    • getValidationTime

      public Date getValidationTime()
      Returns validation time In case if the validation time is not provided, initialize the current time value from the system
      Specified by:
      getValidationTime in interface DocumentAnalyzer
      Returns:
      Date validation time

    • setValidationTime

      public void setValidationTime(Date validationTime)
      Allows to define a custom validation time
      Specified by:
      setValidationTime in interface DocumentAnalyzer
      Parameters:
      validationTime - Date

    • setDetachedEvidenceRecords

      public void setDetachedEvidenceRecords(List<EvidenceRecord> evidenceRecords)
      Sets a list of detached evidence records
      Parameters:
      evidenceRecords - a list of EvidenceRecords

    • getSignaturePolicyProvider

      protected SignaturePolicyProvider getSignaturePolicyProvider()
      Returns a signaturePolicyProvider If not defined, returns a default provider
      Returns:
      SignaturePolicyProvider

    • setSignaturePolicyProvider

      public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)
      Description copied from interface: DocumentAnalyzer
      This method allows to set a provider for Signature policies
      Specified by:
      setSignaturePolicyProvider in interface DocumentAnalyzer
      Parameters:
      signaturePolicyProvider - SignaturePolicyProvider

    • validate

      public ValidationContext validate()
      Description copied from interface: DocumentAnalyzer
      This method performs validation of the document
      Specified by:
      validate in interface DocumentAnalyzer
      Returns:
      ValidationContext

    • prepareValidationContext

      protected <T extends AdvancedSignature> ValidationContext prepareValidationContext(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps, Collection<EvidenceRecord> detachedEvidenceRecords, CertificateVerifier certificateVerifier)
      Initializes and fills ValidationContext with necessary data sources
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      detachedTimestamps - a collection of detached TimestampTokens
      detachedEvidenceRecords - a collection of detached EvidenceRecords
      certificateVerifier - CertificateVerifier to be used for the validation
      Returns:
      ValidationContext

    • createValidationContext

      protected ValidationContext createValidationContext()
      This method creates a new instance of ValidationContext performing preparation of validation data, certificate chain building, revocation request, as well as custom validation checks execution.
      Returns:
      ValidationContext

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures)
      Description copied from interface: DocumentAnalyzer
      Extracts a validation data for provided collection of signatures
      Specified by:
      getValidationData in interface DocumentAnalyzer
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      Returns:
      ValidationDataContainer

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps)
      Description copied from interface: DocumentAnalyzer
      Extracts a validation data for provided collection of signatures and/or timestamps
      Specified by:
      getValidationData in interface DocumentAnalyzer
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      detachedTimestamps - a collection of detached TimestampTokens
      Returns:
      ValidationDataContainer

    • instantiateValidationDataContainer

      protected ValidationDataContainer instantiateValidationDataContainer()
      Creates a new instance of ValidationDataContainer
      Returns:
      ValidationDataContainer

    • getAllEvidenceRecords

      protected List<EvidenceRecord> getAllEvidenceRecords(List<AdvancedSignature> signatures, List<EvidenceRecord> detachedEvidenceRecords)
      Returns a list of all found evidence records (embedded and detached)
      Parameters:
      signatures - a list of AdvancedSignatures
      detachedEvidenceRecords - a list of detached EvidenceRecords
      Returns:
      a list of all EvidenceRecords

    • prepareSignatureValidationContext

      protected <T extends AdvancedSignature> void prepareSignatureValidationContext(ValidationContext validationContext, Collection<T> allSignatures)
      Prepares the validationContext for signature validation process
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      validationContext - ValidationContext
      allSignatures - a collection of all AdvancedSignatures to be validated

    • prepareSignatureForVerification

      protected <T extends AdvancedSignature> void prepareSignatureForVerification(ValidationContext validationContext, Collection<T> allSignatureList)
      This method prepares a SignatureValidationContext for signatures validation
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      validationContext - ValidationContext is the implementation of the validators for: certificates, timestamps and revocation data.
      allSignatureList - Collection of AdvancedSignatures to validate including the countersignatures

    • prepareDetachedTimestampValidationContext

      protected void prepareDetachedTimestampValidationContext(ValidationContext validationContext, Collection<TimestampToken> timestamps)
      Prepares the validationContext for a timestamp validation process
      Parameters:
      validationContext - ValidationContext
      timestamps - a collection of detached timestamps

    • prepareDetachedEvidenceRecordValidationContext

      protected void prepareDetachedEvidenceRecordValidationContext(ValidationContext validationContext, Collection<EvidenceRecord> evidenceRecords)
      Prepares the validationContext for the evidence record validation process
      Parameters:
      validationContext - ValidationContext
      evidenceRecords - a collection of detached evidence records

    • validateContext

      protected void validateContext(ValidationContext validationContext)
      Process the validation
      Parameters:
      validationContext - ValidationContext to process

    • getSignaturePolicyValidatorLoader

      public SignaturePolicyValidatorLoader getSignaturePolicyValidatorLoader()
      Returns an instance of a corresponding to the format SignaturePolicyValidatorLoader
      Returns:
      SignaturePolicyValidatorLoader

    • getAllSignatures

      protected List<AdvancedSignature> getAllSignatures()
      Returns a list of all signatures from the validating document
      Returns:
      a list of AdvancedSignatures

    • appendCounterSignatures

      protected void appendCounterSignatures(List<AdvancedSignature> allSignatureList, AdvancedSignature signature)
      The util method to link counter signatures with the related master signatures
      Parameters:
      allSignatureList - a list of AdvancedSignatures
      signature - current AdvancedSignature

    • appendExternalEvidenceRecords

      protected void appendExternalEvidenceRecords(List<AdvancedSignature> allSignatureList)
      Appends detached evidence record provided to the validator to the corresponding signatures covering by the evidence record document
      Parameters:
      allSignatureList - a list of AdvancedSignatures

    • appendExternalEvidenceRecords

      protected void appendExternalEvidenceRecords(TimestampToken timestampToken)
      Appends the detached evidence records covering the time-stamp
      Parameters:
      timestampToken - TimestampToken

    • isTimestampCoveredByEvidenceRecord

      protected boolean isTimestampCoveredByEvidenceRecord(TimestampToken timestampToken, EvidenceRecord evidenceRecord)
      Checks whether the timestampToken is covered by the given evidenceRecord
      Parameters:
      timestampToken - TimestampToken
      evidenceRecord - EvidenceRecord
      Returns:
      TRUE if the time-stamp is covered by the evidence record, FALSE otherwise

    • coversSignature

      protected boolean coversSignature(AdvancedSignature signature, EvidenceRecord evidenceRecord)
      Verifies whether an evidenceRecord covers the signature
      Parameters:
      signature - AdvancedSignature
      evidenceRecord - EvidenceRecord
      Returns:
      TRUE if the evidence record covers the signature file, FALSE otherwise

    • getSignatures

      public List<AdvancedSignature> getSignatures()
      Description copied from interface: DocumentAnalyzer
      Retrieves the signatures found in the document
      Specified by:
      getSignatures in interface DocumentAnalyzer
      Returns:
      a list of AdvancedSignatures for validation purposes

    • buildSignatures

      protected List<AdvancedSignature> buildSignatures()
      This method build a list of signatures to be extracted from a document
      Returns:
      a list of AdvancedSignatures

    • getDetachedTimestamps

      public List<TimestampToken> getDetachedTimestamps()
      Description copied from interface: DocumentAnalyzer
      Retrieves the detached timestamps found in the document
      Specified by:
      getDetachedTimestamps in interface DocumentAnalyzer
      Returns:
      a list of TimestampToken for validation purposes

    • buildDetachedTimestamps

      protected List<TimestampToken> buildDetachedTimestamps()
      Builds a list of detached TimestampTokens extracted from the document
      Returns:
      a list of TimestampTokens

    • getTimestampReaders

      protected List<TimestampAnalyzer> getTimestampReaders()
      Returns a list of timestamp validators for timestamps embedded into the container
      Returns:
      a list of TimestampAnalyzers

    • getDetachedEvidenceRecords

      public List<EvidenceRecord> getDetachedEvidenceRecords()
      Description copied from interface: DocumentAnalyzer
      Retrieves the detached evidence records found in the document
      Specified by:
      getDetachedEvidenceRecords in interface DocumentAnalyzer
      Returns:
      a list of Evidence Records for validation purposes

    • buildDetachedEvidenceRecords

      protected List<EvidenceRecord> buildDetachedEvidenceRecords()
      Builds a list of detached EvidenceRecords extracted from the document
      Returns:
      a list of EvidenceRecords

    • buildEvidenceRecord

      protected EvidenceRecord buildEvidenceRecord(eu.europa.esig.dss.model.DSSDocument evidenceRecordDocument)
      Builds an evidence record from the given DSSDocument
      Parameters:
      evidenceRecordDocument - DSSDocument containing an evidence record
      Returns:
      EvidenceRecord

    • getEvidenceRecord

      protected EvidenceRecord getEvidenceRecord(EvidenceRecordAnalyzer evidenceRecordAnalyzer)
      Gets an evidence record from a evidenceRecordAnalyzer
      Parameters:
      evidenceRecordAnalyzer - EvidenceRecordAnalyzer
      Returns:
      EvidenceRecord

    • getEvidenceRecordScopes

      protected List<eu.europa.esig.dss.model.scope.SignatureScope> getEvidenceRecordScopes(EvidenceRecord evidenceRecord)
      Finds evidence record scopes
      Parameters:
      evidenceRecord - EvidenceRecord
      Returns:
      a list of SignatureScopes

    • processSignaturesValidation

      protected <T extends AdvancedSignature> void processSignaturesValidation(Collection<T> allSignatureList)
      Performs cryptographic validation of the signatures
      Type Parameters:
      T - AdvancedSignature
      Parameters:
      allSignatureList - a collection of AdvancedSignatures

    • getTimestampedReferences

      protected List<TimestampedReference> getTimestampedReferences(List<eu.europa.esig.dss.model.scope.SignatureScope> signatureScopes)
      Returns a list of timestamped references from the given list of SignatureScopes
      Parameters:
      signatureScopes - a list of SignatureScopes
      Returns:
      a list of TimestampedReferences

    • addReference

      protected boolean addReference(eu.europa.esig.dss.model.scope.SignatureScope signatureScope)
      Checks if the signature scope shall be added as a timestamped reference NOTE: used to avoid duplicates in ASiC with CAdES validator, due to covered signature/timestamp files
      Parameters:
      signatureScope - SignatureScope to check
      Returns:
      TRUE if the timestamped reference shall be created for the given SignatureScope, FALSE otherwise

    • getOriginalDocuments

      public List<eu.europa.esig.dss.model.DSSDocument> getOriginalDocuments(String signatureId)
      Description copied from interface: DocumentAnalyzer
      This method returns the signed document(s) without their signature(s)
      Specified by:
      getOriginalDocuments in interface DocumentAnalyzer
      Parameters:
      signatureId - the DSS ID of the signature to extract original signer data for
      Returns:
      list of DSSDocuments

    • getSignatureById

      public AdvancedSignature getSignatureById(String signatureId)
      Returns the signature with the given id. Processes custom TokenIdentifierProvider and counter signatures
      Parameters:
      signatureId - String id of a signature to be extracted
      Returns:
      AdvancedSignature with the given id if found, NULL otherwise

    • validateSignaturePolicy

      protected void validateSignaturePolicy(AdvancedSignature signature)
      This method is used to perform validation of the signature policy's identifier, when present
      Parameters:
      signature - AdvancedSignature, which policy will be verified