Package eu.europa.esig.dss.xades.validation

Class XAdESSignature

    • Field Detail

      • xPathQueryHolder

        protected XPathQueryHolder xPathQueryHolder
        This variable contains the XPathQueryHolder adapted to the signature schema.

    • Constructor Detail

      • XAdESSignature

        public XAdESSignature​(Element signatureElement)
        This constructor is used when creating the signature. The default XPathQueryHolder is set.
        Parameters:
        signatureElement - the signature DOM element

      • XAdESSignature

        public XAdESSignature​(Element signatureElement,
                      List<XPathQueryHolder> xPathQueryHolders,
                      CertificatePool certPool)
        The default constructor for XAdESSignature.
        Parameters:
        signatureElement - the signature DOM element
        xPathQueryHolders - List of XPathQueryHolder to use when handling signature
        certPool - the certificate pool (can be null)

    • Method Detail

      • recursiveNamespaceBrowser

        public void recursiveNamespaceBrowser​(Element element)
        This method sets the namespace which will determinate the XPathQueryHolder to use. The content of the Transform element is ignored.
        Parameters:
        element -

      • getXPathQueryHolder

        public XPathQueryHolder getXPathQueryHolder()
        This getter returns the XPathQueryHolder
        Returns:

      • getSignatureElement

        public Element getSignatureElement()
        Returns the w3c.dom encapsulated signature element.
        Returns:
        the signatureElement

      • getSignatureForm

        public SignatureForm getSignatureForm()
        Description copied from interface: AdvancedSignature
        Specifies the format of the signature

      • getEncryptionAlgorithm

        public EncryptionAlgorithm getEncryptionAlgorithm()
        Description copied from interface: AdvancedSignature
        Retrieves the encryption algorithm used for generating the signature.
        Returns:
        EncryptionAlgorithm

      • getDigestAlgorithm

        public DigestAlgorithm getDigestAlgorithm()
        Description copied from interface: AdvancedSignature
        Retrieves the digest algorithm used for generating the signature.
        Returns:
        DigestAlgorithm

      • getMaskGenerationFunction

        public MaskGenerationFunction getMaskGenerationFunction()
        Description copied from interface: AdvancedSignature
        Retrieves the mask generation function used for generating the signature.
        Returns:
        MaskGenerationFunction

      • getSignatureAlgorithm

        public SignatureAlgorithm getSignatureAlgorithm()
        Description copied from interface: AdvancedSignature
        Retrieves the signature algorithm (or cipher) used for generating the signature.
        Returns:
        SignatureAlgorithm

      • getCertificateSource

        public SignatureCertificateSource getCertificateSource()
        Description copied from interface: AdvancedSignature
        Gets a certificate source which contains ALL certificates embedded in the signature.
        Returns:

      • resetCertificateSource

        public void resetCertificateSource()
        This method resets the source of certificates. It must be called when any certificate is added to the KeyInfo or CertificateValues.

      • getCRLSource

        public SignatureCRLSource getCRLSource()
        Description copied from interface: AdvancedSignature
        Gets a CRL source which contains ALL CRLs embedded in the signature.
        Returns:
        SignatureCRLSource

      • getOCSPSource

        public SignatureOCSPSource getOCSPSource()
        Description copied from interface: AdvancedSignature
        Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
        Returns:
        SignatureOCSPSource

      • resetRevocationSources

        public void resetRevocationSources()
        This method resets the sources of the revocation data. It must be called when -LT level is created.

      • getTimestampSource

        public XAdESTimestampSource getTimestampSource()
        Description copied from interface: AdvancedSignature
        Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
        Returns:
        SignatureTimestampSource

      • resetTimestampSource

        public void resetTimestampSource()
        This method resets the timestamp source. It must be called when -LT level is created.

      • getCandidatesForSigningCertificate

        public CandidatesForSigningCertificate getCandidatesForSigningCertificate()
        Description copied from interface: AdvancedSignature
        Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature. If the signing certificate is identified then it is cached and the subsequent calls to this method will return this cached value. This method never returns null.
        Returns:

      • checkSigningCertificate

        public void checkSigningCertificate()
        Description copied from interface: AdvancedSignature
        This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.

      • getSigningTime

        public Date getSigningTime()
        Description copied from interface: AdvancedSignature
        Returns the signing time included within the signature.
        Returns:
        Date representing the signing time or null

      • getSignatureProductionPlace

        public SignatureProductionPlace getSignatureProductionPlace()
        Description copied from interface: AdvancedSignature
        Returns information about the place where the signature was generated
        Returns:
        SignatureProductionPlace

      • getCertifiedSignerRoles

        public List<SignerRole> getCertifiedSignerRoles()
        Description copied from interface: AdvancedSignature
        Returns the certified roles of the signer.
        Returns:
        list of the SignerRoles

      • getContentType

        public String getContentType()
        Description copied from interface: AdvancedSignature
        Returns the value of the signed attribute content-type
        Returns:
        content type as String

      • getMimeType

        public String getMimeType()
        Description copied from interface: AdvancedSignature
        Returns the value of the signed attribute mime-type
        Returns:
        mime type as String

      • getContentIdentifier

        public String getContentIdentifier()
        Returns:
        content identifier as String

      • getContentHints

        public String getContentHints()
        Returns:
        content hints as String

      • getSignatureValue

        public byte[] getSignatureValue()
        Description copied from interface: AdvancedSignature
        Returns the digital signature value
        Returns:
        digital signature value byte array

      • getObjects

        public NodeList getObjects()
        This method returns the list of ds:Object elements for the current signature element.
        Returns:

      • getCompleteCertificateRefs

        public Element getCompleteCertificateRefs()

      • getCompleteRevocationRefs

        public Element getCompleteRevocationRefs()

      • getSigAndRefsTimeStamp

        public NodeList getSigAndRefsTimeStamp()

      • getCertificateValues

        public Element getCertificateValues()

      • getRevocationValues

        public Element getRevocationValues()

      • hasBProfile

        public boolean hasBProfile()
        Checks the presence of ... segment in the signature, what is the proof -B profile existence
        Returns:
        true if B Profile is detected

      • hasCProfile

        public boolean hasCProfile()
        Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence
        Returns:
        true if C Profile is detected

      • hasXProfile

        public boolean hasXProfile()
        Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence
        Returns:
        true if the -X extension is present

      • checkSignatureIntegrity

        public void checkSignatureIntegrity()
        Description copied from interface: AdvancedSignature
        Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

      • getReferenceValidations

        public List<ReferenceValidation> getReferenceValidations()
        Description copied from interface: AdvancedSignature
        Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)
        Returns:
        a list with one or more ReferenceValidation

      • getSignatureDigestReference

        public SignatureDigestReference getSignatureDigestReference​(DigestAlgorithm digestAlgorithm)
        TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents. The canonicalization shall be computed keeping this ds:Signature element as a descendant of the XML root element, without detaching it.
        Parameters:
        digestAlgorithm - DigestAlgorithm to use
        Returns:
        SignatureDigestReference

      • getManifestReferences

        public List<ReferenceValidation> getManifestReferences​(Node manifestNode)
        Returns a list of all references contained in the given manifest
        Parameters:
        manifestNode - Node to get references from
        Returns:
        list of ReferenceValidation objects

      • getObjectById

        public Node getObjectById​(String uri)

      • getManifestById

        public Node getManifestById​(String uri)

      • getSigningCertificateValidityList

        protected List<CertificateValidity> getSigningCertificateValidityList​(PublicKey extractedPublicKey)
        This method returns a List of SigningCertificateValidity base on the provided providedSigningCertificateToken. The field candidatesForSigningCertificate is instantiated.
        Parameters:
        extractedPublicKey - provided public key: PublicKey
        Returns:

      • getCounterSignatures

        public List<AdvancedSignature> getCounterSignatures()
        This method retrieves the potential countersignatures embedded in the XAdES signature document. From ETSI TS 101 903 v1.4.2: 7.2.4.1 Countersignature identifier in Type attribute of ds:Reference A XAdES signature containing a ds:Reference element whose Type attribute has value "http://uri.etsi.org/01903#CountersignedSignature" will indicate that is is, in fact, a countersignature of the signature referenced by this element. 7.2.4.2 Enveloped countersignatures: the CounterSignature element The CounterSignature is an unsigned property that qualifies the signature. A XAdES signature MAY have more than one CounterSignature properties. As indicated by its name, it contains one countersignature of the qualified signature.
        Returns:
        a list containing the countersignatures embedded in the XAdES signature document

      • getCertificateRefs

        public List<CertificateRef> getCertificateRefs()
        Description copied from interface: AdvancedSignature
        Retrieve list of certificate ref
        Returns:
        List of CertificateRef

      • getDAIdentifier

        public String getDAIdentifier()
        Description copied from interface: AdvancedSignature
        This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
        Returns:
        The signature identifier

      • getUnsignedSignatureProperties

        public List<String> getUnsignedSignatureProperties()
        Retrieves the name of each node found under the unsignedSignatureProperties element
        Returns:
        an ArrayList containing the retrieved node names

      • getSignedSignatureProperties

        public List<String> getSignedSignatureProperties()

      • getSignedProperties

        public List<String> getSignedProperties()

      • getUnsignedProperties

        public List<String> getUnsignedProperties()

      • getSignedDataObjectProperties

        public List<String> getSignedDataObjectProperties()

      • isDataForSignatureLevelPresent

        public boolean isDataForSignatureLevelPresent​(SignatureLevel signatureLevel)
        Parameters:
        signatureLevel - SignatureLevel to be checked
        Returns:
        true if the signature contains the data needed for this SignatureLevel. Doesn't mean any validity of the data found.

      • getSignatureLevels

        public SignatureLevel[] getSignatureLevels()
        Returns:
        the list of signature levels for this type of signature, in the simple to complete order. Example: B,T,LT,LTA

      • getLastTimestampValidationData

        public Element getLastTimestampValidationData()
        This method returns the last timestamp validation data for an archive timestamp.
        Returns:

      • getCommitmentTypeIndication

        public CommitmentType getCommitmentTypeIndication()
        Description copied from interface: AdvancedSignature
        This method obtains the information concerning commitment type indication linked to the signature
        Returns:
        CommitmentType

      • getReferences

        public List<org.apache.xml.security.signature.Reference> getReferences()

      • getSignatureObjects

        public List<Element> getSignatureObjects()
        Returns:

      • registerXPathQueryHolder

        public void registerXPathQueryHolder​(XPathQueryHolder xPathQueryHolder)
        This method allows to register a new XPathQueryHolder.
        Parameters:
        xPathQueryHolder - XPathQueryHolder to register