Package eu.europa.esig.dss.validation

Interface AdvancedSignature

    • Method Detail

      • getSignatureFilename

        String getSignatureFilename()
        This method returns the signature filename (useful for ASiC and multiple signature files)
        Returns:
        the signature filename

      • setSignatureFilename

        void setSignatureFilename​(String signatureFilename)
        This method allows to set the signature filename (useful in case of ASiC)

      • getDetachedContents

        List<DSSDocument> getDetachedContents()
        Returns:
        in the case of the detached signature this is the List of signed contents.

      • setDetachedContents

        void setDetachedContents​(List<DSSDocument> detachedContents)
        This method allows to set the signed contents in the case of the detached signature.
        Parameters:
        detachedContents - List of DSSDocument representing the signed detached contents.

      • getContainerContents

        List<DSSDocument> getContainerContents()
        Returns:
        in case of ASiC signature returns a list of container documents

      • setContainerContents

        void setContainerContents​(List<DSSDocument> containerContents)
        This method allows to set the container contents in the case of ASiC signature.
        Parameters:
        containerContents - List of DSSDocument representing the container contents.

      • setManifestFiles

        void setManifestFiles​(List<ManifestFile> manifestFiles)
        This method allows to set the manifest files in the case of ASiC-E signature.
        Parameters:
        manifestFiles - List of ManifestFiles

      • getManifestedDocuments

        List<DSSDocument> getManifestedDocuments()
        Returns:
        in case of ASiC-E signature returns a list of DSSDocuments contained in the related signature manifest

      • getProvidedSigningCertificateToken

        CertificateToken getProvidedSigningCertificateToken()
        Returns:
        This method returns the provided signing certificate or null

      • setProvidedSigningCertificateToken

        void setProvidedSigningCertificateToken​(CertificateToken certificateToken)
        This method allows to provide a signing certificate to be used in the validation process. It can happen in the case of a non-AdES signature without the signing certificate within the signature.
        Parameters:
        certificateToken - CertificateToken representing the signing certificate token.

      • getSignatureForm

        SignatureForm getSignatureForm()
        Specifies the format of the signature

      • getSignatureAlgorithm

        SignatureAlgorithm getSignatureAlgorithm()
        Retrieves the signature algorithm (or cipher) used for generating the signature.
        Returns:
        SignatureAlgorithm

      • getEncryptionAlgorithm

        EncryptionAlgorithm getEncryptionAlgorithm()
        Retrieves the encryption algorithm used for generating the signature.
        Returns:
        EncryptionAlgorithm

      • getDigestAlgorithm

        DigestAlgorithm getDigestAlgorithm()
        Retrieves the digest algorithm used for generating the signature.
        Returns:
        DigestAlgorithm

      • getMaskGenerationFunction

        MaskGenerationFunction getMaskGenerationFunction()
        Retrieves the mask generation function used for generating the signature.
        Returns:
        MaskGenerationFunction

      • getSigningTime

        Date getSigningTime()
        Returns the signing time included within the signature.
        Returns:
        Date representing the signing time or null

      • getCertificateSource

        SignatureCertificateSource getCertificateSource()
        Gets a certificate source which contains ALL certificates embedded in the signature.
        Returns:

      • getCRLSource

        SignatureCRLSource getCRLSource()
        Gets a CRL source which contains ALL CRLs embedded in the signature.
        Returns:
        SignatureCRLSource

      • getOCSPSource

        SignatureOCSPSource getOCSPSource()
        Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
        Returns:
        SignatureOCSPSource

      • getCompleteCRLSource

        ListCRLSource getCompleteCRLSource()
        Gets a ListCRLSource representing a merged source from signatureCRLSourse and all included to the signature timestamp objects
        Returns:
        ListCRLSource

      • getCompleteOCSPSource

        ListOCSPSource getCompleteOCSPSource()
        Gets a ListOCSPSource representing a merged source from signatureOCSPSourse and all included to the signature timestamp objects
        Returns:
        ListOCSPSource

      • getTimestampSource

        SignatureTimestampSource getTimestampSource()
        Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
        Returns:
        SignatureTimestampSource

      • getCandidatesForSigningCertificate

        CandidatesForSigningCertificate getCandidatesForSigningCertificate()
        Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature. If the signing certificate is identified then it is cached and the subsequent calls to this method will return this cached value. This method never returns null.
        Returns:

      • setMasterSignature

        void setMasterSignature​(AdvancedSignature masterSignature)
        This setter allows to indicate the master signature. It means that this is a countersignature.
        Parameters:
        masterSignature - AdvancedSignature

      • getMasterSignature

        AdvancedSignature getMasterSignature()
        Returns:
        AdvancedSignature

      • getSigningCertificateToken

        CertificateToken getSigningCertificateToken()
        This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the method checkSignatureIntegrity must be called.
        Returns:

      • checkSignatureIntegrity

        void checkSignatureIntegrity()
        Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

      • getSignatureCryptographicVerification

        SignatureCryptographicVerification getSignatureCryptographicVerification()
        Returns:
        SignatureCryptographicVerification with all the information collected during the validation process.

      • checkSigningCertificate

        void checkSigningCertificate()
        This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.

      • getPolicyId

        SignaturePolicy getPolicyId()
        Returns the Signature Policy OID from the signature.
        Returns:
        SignaturePolicy

      • getSignatureProductionPlace

        SignatureProductionPlace getSignatureProductionPlace()
        Returns information about the place where the signature was generated
        Returns:
        SignatureProductionPlace

      • getCommitmentTypeIndication

        CommitmentType getCommitmentTypeIndication()
        This method obtains the information concerning commitment type indication linked to the signature
        Returns:
        CommitmentType

      • getContentType

        String getContentType()
        Returns the value of the signed attribute content-type
        Returns:
        content type as String

      • getMimeType

        String getMimeType()
        Returns the value of the signed attribute mime-type
        Returns:
        mime type as String

      • getContentIdentifier

        String getContentIdentifier()
        Returns:
        content identifier as String

      • getContentHints

        String getContentHints()
        Returns:
        content hints as String

      • getSignerRoles

        List<SignerRole> getSignerRoles()
        Returns the list of roles of the signer.
        Returns:
        list of the SignerRoles

      • getClaimedSignerRoles

        List<SignerRole> getClaimedSignerRoles()
        Returns the claimed roles of the signer.
        Returns:
        list of the SignerRoles

      • getCertifiedSignerRoles

        List<SignerRole> getCertifiedSignerRoles()
        Returns the certified roles of the signer.
        Returns:
        list of the SignerRoles

      • getCertificates

        List<CertificateToken> getCertificates()
        Get certificates embedded in the signature
        Returns:
        a list of certificate contained within the signature

      • getCertificateListWithinSignatureAndTimestamps

        List<CertificateToken> getCertificateListWithinSignatureAndTimestamps()
        Returns a list of all certificates found into signature and timestamps
        Returns:
        list of CertificateTokens

      • getContentTimestamps

        List<TimestampToken> getContentTimestamps()
        Returns the content timestamps
        Returns:
        List of TimestampToken

      • getSignatureTimestamps

        List<TimestampToken> getSignatureTimestamps()
        Returns the signature timestamps
        Returns:
        List of TimestampToken

      • getTimestampsX1

        List<TimestampToken> getTimestampsX1()
        Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.
        Returns:
        List of TimestampToken

      • getTimestampsX2

        List<TimestampToken> getTimestampsX2()
        Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
        Returns:
        List of TimestampToken

      • getArchiveTimestamps

        List<TimestampToken> getArchiveTimestamps()
        Returns the archive Timestamps
        Returns:
        List of TimestampTokens

      • getDocumentTimestamps

        List<TimestampToken> getDocumentTimestamps()
        Returns a list of timestamps defined with the 'DocTimeStamp' type NOTE: applicable only for PAdES
        Returns:
        List of TimestampTokens

      • getAllTimestamps

        List<TimestampToken> getAllTimestamps()
        Returns a list of all timestamps found in the signature
        Returns:
        List of TimestampTokens

      • addExternalTimestamp

        void addExternalTimestamp​(TimestampToken timestamp)
        This method allows to add an external timestamp. The given timestamp must be processed before.
        Parameters:
        timestamp - the timestamp token

      • getCounterSignatures

        List<AdvancedSignature> getCounterSignatures()
        Returns a list of counter signatures applied to this signature
        Returns:
        a List of AdvancedSignatures representing the counter signatures

      • getCertificateRefs

        List<CertificateRef> getCertificateRefs()
        Retrieve list of certificate ref
        Returns:
        List of CertificateRef

      • getId

        String getId()
        This method returns the DSS unique signature id. It allows to unambiguously identify each signature.
        Returns:
        The signature unique Id

      • getDAIdentifier

        String getDAIdentifier()
        This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
        Returns:
        The signature identifier

      • isDataForSignatureLevelPresent

        boolean isDataForSignatureLevelPresent​(SignatureLevel signatureLevel)
        Parameters:
        signatureLevel - SignatureLevel to be checked
        Returns:
        true if the signature contains the data needed for this SignatureLevel. Doesn't mean any validity of the data found.

      • getSignatureLevels

        SignatureLevel[] getSignatureLevels()
        Returns:
        the list of signature levels for this type of signature, in the simple to complete order. Example: B,T,LT,LTA

      • validateStructure

        void validateStructure()
        This method allows the structure validation of the signature.

      • populateCRLTokenLists

        void populateCRLTokenLists​(SignatureCRLSource signatureCRLSource)
        Fills all the missing CRLTokens from the given signatureCRLSource

      • populateOCSPTokenLists

        void populateOCSPTokenLists​(SignatureOCSPSource signatureOCSPSource)
        Fills all the missing OCSPTokens from the given signatureOCSPSource

      • getStructureValidationResult

        String getStructureValidationResult()

      • isDocHashOnlyValidation

        boolean isDocHashOnlyValidation()
        Returns true if the validation of the signature has been performed only on Signer's Document Representation (SDR). (An SDR typically is built on a cryptographic hash of the Signer's Document)
        Returns:
        true of it is DocHashOnly validation, false otherwise

      • isHashOnlyValidation

        boolean isHashOnlyValidation()
        Returns true if the validation of the signature has been performed only on Data To Be Signed Representation (DTBSR). EN 319 102-1 v1.1.1 (4.2.8 Data to be signed representation (DTBSR)): The DTBS preparation component shall take the DTBSF and hash it according to the hash algorithm specified in the cryptographic suite. The result of this process is the DTBSR, which is then used to create the signature. NOTE: In order for the produced hash to be representative of the DTBSF, the hashing function has the property that it is computationally infeasible to find collisions for the expected signature lifetime. Should the hash function become weak in the future, additional security measures, such as applying time-stamp tokens, can be taken.
        Returns:
        true of it is HashOnly validation, false otherwise

      • getSignatureValue

        byte[] getSignatureValue()
        Returns the digital signature value
        Returns:
        digital signature value byte array

      • getReferenceValidations

        List<ReferenceValidation> getReferenceValidations()
        Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)
        Returns:
        a list with one or more ReferenceValidation

      • getRevocationValuesTokens

        List<RevocationToken> getRevocationValuesTokens()
        Retrieves the list of all RevocationTokens present in 'RevocationValues' element NOTE: Applicable only for CAdES and XAdES revocation sources
        Returns:
        list of RevocationTokens

      • getAttributeRevocationValuesTokens

        List<RevocationToken> getAttributeRevocationValuesTokens()
        Retrieves the list of all RevocationTokens present in 'AttributeRevocationValues' element NOTE: Applicable only for XAdES revocation source
        Returns:
        list of RevocationTokens

      • getTimestampValidationDataTokens

        List<RevocationToken> getTimestampValidationDataTokens()
        Retrieves the list of all RevocationTokens present in 'TimestampValidationData/RevocationValues' element NOTE: Applicable only for XAdES revocation source
        Returns:
        list of RevocationTokens

      • getDSSDictionaryRevocationTokens

        List<RevocationToken> getDSSDictionaryRevocationTokens()
        Retrieves the list of all RevocationTokens present in 'DSS' dictionary NOTE: Applicable only for PAdES revocation source
        Returns:
        list of RevocationTokens

      • getVRIDictionaryRevocationTokens

        List<RevocationToken> getVRIDictionaryRevocationTokens()
        Retrieves the list of all RevocationTokens present in 'VRI' dictionary NOTE: Applicable only for PAdES revocation source
        Returns:
        list of RevocationTokens

      • getCompleteRevocationTokens

        List<RevocationToken> getCompleteRevocationTokens()
        Retrieves the list of all RevocationTokens present in 'CompleteRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of RevocationTokens

      • getAttributeRevocationTokens

        List<RevocationToken> getAttributeRevocationTokens()
        Retrieves the list of all RevocationTokens present in 'AttributeRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of RevocationTokens

      • getCompleteRevocationCRLReferences

        List<CRLRef> getCompleteRevocationCRLReferences()
        Retrieves a list of all CRLRefs present in 'CompleteRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of CRLRefs

      • getAttributeRevocationCRLReferences

        List<CRLRef> getAttributeRevocationCRLReferences()
        Retrieves a list of all CRLRefs present in 'AttributeRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of CRLRefs

      • getTimestampRevocationCRLReferences

        List<CRLRef> getTimestampRevocationCRLReferences()
        Retrieves a list of all CRLRefs present in a timestamp element NOTE: Applicable only for CAdES revocation source
        Returns:
        list of CRLRefs

      • getCompleteRevocationOCSPReferences

        List<OCSPRef> getCompleteRevocationOCSPReferences()
        Retrieves a list of all OCSPRefs present in 'CompleteRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of OCSPRefs

      • getAttributeRevocationOCSPReferences

        List<OCSPRef> getAttributeRevocationOCSPReferences()
        Retrieves a list of all OCSPRefs present in 'AttributeRevocationRefs' element NOTE: Applicable only for XAdES and CAdES revocation sources
        Returns:
        list of OCSPRefs

      • getTimestampRevocationOCSPReferences

        List<OCSPRef> getTimestampRevocationOCSPReferences()
        Retrieves a list of all OCSPRefs present in a timestamp element NOTE: Applicable only for CAdES revocation source
        Returns:
        list of OCSPRefs

      • getAllFoundRevocationRefs

        List<RevocationRef> getAllFoundRevocationRefs()
        Retrieves a list of all found RevocationRefs present in the signature
        Returns:
        list of RevocationRefs

      • getOrphanRevocationRefs

        List<RevocationRef> getOrphanRevocationRefs()
        Returns a list of all orphan RevocationRefs found into the signature
        Returns:
        list of RevocationRefs

      • getMessageDigestValue

        byte[] getMessageDigestValue()

      • getSignatureFieldName

        String getSignatureFieldName()

      • getSignerName

        String getSignerName()

      • getFilter

        String getFilter()

      • getSubFilter

        String getSubFilter()

      • getContactInfo

        String getContactInfo()

      • getReason

        String getReason()

      • getSignatureByteRange

        int[] getSignatureByteRange()