eu.europa.esig.dss.validation

Interface AdvancedSignature

All Superinterfaces:

Serializable

All Known Implementing Classes:

DefaultAdvancedSignature

public interface AdvancedSignature
extends Serializable

Provides an abstraction for an Advanced Electronic Signature. This ease the validation process. Every signature format : XAdES, CAdES and PAdES are treated the same.

Method Summary

Methods

Modifier and Type	Method and Description
void	addExternalTimestamp(TimestampToken timestamp) This method allows to add an external timestamp.
void	checkSignatureIntegrity() Verifies the signature integrity; checks if the signed content has not been tampered with.
void	checkSignaturePolicy(SignaturePolicyProvider signaturePolicyDetector)
void	checkSigningCertificate() This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.
void	findSignatureScope(SignatureScopeFinder signatureScopeFinder)
byte[]	getArchiveTimestampData(TimestampToken timestampToken, String canonicalizationMethod) Archive timestamp seals the data of the signature in a specific order.
List<TimestampToken>	getArchiveTimestamps() Returns the archive Timestamps
CandidatesForSigningCertificate	getCandidatesForSigningCertificate() Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature.
List<CertificateRef>	getCertificateRefs() Retrieve list of certificate ref
List<CertificateToken>	getCertificates() Get certificates embedded in the signature
SignatureCertificateSource	getCertificateSource() Gets a certificate source which contains ALL certificates embedded in the signature.
List<CertifiedRole>	getCertifiedSignerRoles() Returns the certified role of the signer.
String[]	getClaimedSignerRoles() Returns the claimed role of the signer.
CommitmentType	getCommitmentTypeIndication() This method obtains the information concerning commitment type indication linked to the signature
String	getContentHints()
String	getContentIdentifier()
byte[]	getContentTimestampData(TimestampToken timestampToken) Returns the content timestamp data (timestamped or to be).
List<TimestampToken>	getContentTimestamps() Returns the content timestamps
String	getContentType() Returns the content type of the signed data
List<AdvancedSignature>	getCounterSignatures() Returns a list of counter signatures applied to this signature
List<CRLRef>	getCRLRefs()
OfflineCRLSource	getCRLSource() Gets a CRL source which contains ALL CRLs embedded in the signature.
SignatureLevel	getDataFoundUpToLevel()
List<DSSDocument>	getDetachedContents()
DigestAlgorithm	getDigestAlgorithm() Retrieves the digest algorithm used for generating the signature.
EncryptionAlgorithm	getEncryptionAlgorithm() Retrieves the encryption algorithm used for generating the signature.
String	getId() This method returns the DSS unique signature id.
MaskGenerationFunction	getMaskGenerationFunction() Retrieves the mask generation function used for generating the signature.
AdvancedSignature	getMasterSignature()
List<OCSPRef>	getOCSPRefs()
OfflineOCSPSource	getOCSPSource() Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
SignaturePolicy	getPolicyId() Returns the Signature Policy OID from the signature.
CertificateToken	getProvidedSigningCertificateToken()
SignatureAlgorithm	getSignatureAlgorithm() Retrieves the signature algorithm (or cipher) used for generating the signature.
SignatureCryptographicVerification	getSignatureCryptographicVerification()
String	getSignatureFilename() This method returns the signature filename (useful for ASiC and multiple signature files)
SignatureForm	getSignatureForm() Specifies the format of the signature
SignatureLevel[]	getSignatureLevels()
SignatureProductionPlace	getSignatureProductionPlace() Returns information about the place where the signature was generated
List<SignatureScope>	getSignatureScopes()
byte[]	getSignatureTimestampData(TimestampToken timestampToken, String canonicalizationMethod) Returns the data (signature value) that was timestamped by the SignatureTimeStamp for the given timestamp.
List<TimestampToken>	getSignatureTimestamps() Returns the signature timestamps
CertificateToken	getSigningCertificateToken() This method returns the signing certificate token or null if there is no valid signing certificate.
Date	getSigningTime() Returns the signing time included within the signature.
String	getStructureValidationResult()
List<TimestampReference>	getTimestampedReferences() Returns the List of TimestampReference representing digest value of the certification path references and the revocation status references.
List<TimestampToken>	getTimestampsX1() Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.
List<TimestampToken>	getTimestampsX2() Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
byte[]	getTimestampX1Data(TimestampToken timestampToken, String canonicalizationMethod) Returns the data to be time-stamped.
byte[]	getTimestampX2Data(TimestampToken timestampToken, String canonicalizationMethod) Returns the data to be time-stamped which contains the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).
Set<DigestAlgorithm>	getUsedCertificatesDigestAlgorithms() Returns the set of digest algorithms used to build the certificate's digest.
boolean	isDataForSignatureLevelPresent(SignatureLevel signatureLevel)
void	prepareTimestamps(ValidationContext validationContext)
void	setDetachedContents(List<DSSDocument> detachedContents) This method allows to set the signed contents in the case of the detached signature.
void	setMasterSignature(AdvancedSignature masterSignature) This setter allows to indicate the master signature.
void	setProvidedSigningCertificateToken(CertificateToken certificateToken) This method allows to provide a signing certificate to be used in the validation process.
void	setSignatureFilename(String signatureFilename) This method allows to set the signature filename (useful in case of ASiC)
void	validateStructure() This method allows the structure validation of the signature.
void	validateTimestamps()

Method Detail

getSignatureFilename

String getSignatureFilename()

This method returns the signature filename (useful for ASiC and multiple signature files)

Returns:

the signature filename

setSignatureFilename

void setSignatureFilename(String signatureFilename)

This method allows to set the signature filename (useful in case of ASiC)

getDetachedContents

List<DSSDocument> getDetachedContents()

Returns:

in the case of the detached signature this is the List of signed contents.

setDetachedContents

void setDetachedContents(List<DSSDocument> detachedContents)

This method allows to set the signed contents in the case of the detached signature.

Parameters:

detachedContents - List of DSSDocument representing the signed detached contents.

getProvidedSigningCertificateToken

CertificateToken getProvidedSigningCertificateToken()

Returns:

This method returns the provided signing certificate or null

setProvidedSigningCertificateToken

void setProvidedSigningCertificateToken(CertificateToken certificateToken)

This method allows to provide a signing certificate to be used in the validation process. It can happen in the case of a non-AdES signature without the signing certificate within the signature.

Parameters:

certificateToken - CertificateToken representing the signing certificate token.

getSignatureForm

SignatureForm getSignatureForm()

Specifies the format of the signature

getSignatureAlgorithm

SignatureAlgorithm getSignatureAlgorithm()

Retrieves the signature algorithm (or cipher) used for generating the signature.

Returns:

SignatureAlgorithm

getEncryptionAlgorithm

EncryptionAlgorithm getEncryptionAlgorithm()

Retrieves the encryption algorithm used for generating the signature.

Returns:

EncryptionAlgorithm

getDigestAlgorithm

DigestAlgorithm getDigestAlgorithm()

Retrieves the digest algorithm used for generating the signature.

Returns:

DigestAlgorithm

getMaskGenerationFunction

MaskGenerationFunction getMaskGenerationFunction()

Retrieves the mask generation function used for generating the signature.

Returns:

MaskGenerationFunction

getSigningTime

Date getSigningTime()

Returns the signing time included within the signature.

Returns:

Date representing the signing time or null

getCertificateSource

SignatureCertificateSource getCertificateSource()

Gets a certificate source which contains ALL certificates embedded in the signature.

Returns:

getCRLSource

OfflineCRLSource getCRLSource()

Gets a CRL source which contains ALL CRLs embedded in the signature.

Returns:

getOCSPSource

OfflineOCSPSource getOCSPSource()

Gets an OCSP source which contains ALL OCSP responses embedded in the signature.

Returns:

getCandidatesForSigningCertificate

CandidatesForSigningCertificate getCandidatesForSigningCertificate()

Gets an object containing the signing certificate or information indicating why it is impossible to extract it from the signature. If the signing certificate is identified then it is cached and the subsequent calls to this method will return this cached value. This method never returns null.

Returns:

setMasterSignature

void setMasterSignature(AdvancedSignature masterSignature)

This setter allows to indicate the master signature. It means that this is a countersignature.

Parameters:

masterSignature - AdvancedSignature

getMasterSignature

AdvancedSignature getMasterSignature()

Returns:

AdvancedSignature

getSigningCertificateToken

CertificateToken getSigningCertificateToken()

This method returns the signing certificate token or null if there is no valid signing certificate. Note that to determinate the signing certificate the signature must be validated: the method checkSignatureIntegrity must be called.

Returns:

checkSignatureIntegrity

void checkSignatureIntegrity()

Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

getSignatureCryptographicVerification

SignatureCryptographicVerification getSignatureCryptographicVerification()

Returns:

SignatureCryptographicVerification with all the information collected during the validation process.

checkSigningCertificate

void checkSigningCertificate()

This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.

getPolicyId

SignaturePolicy getPolicyId()

Returns the Signature Policy OID from the signature.

Returns:

SignaturePolicy

getSignatureProductionPlace

SignatureProductionPlace getSignatureProductionPlace()

Returns information about the place where the signature was generated

Returns:

SignatureProductionPlace

getCommitmentTypeIndication

CommitmentType getCommitmentTypeIndication()

This method obtains the information concerning commitment type indication linked to the signature

Returns:

CommitmentType

getContentType

String getContentType()

Returns the content type of the signed data

Returns:

content type as String

getContentIdentifier

String getContentIdentifier()

Returns:

content identifier as String

getContentHints

String getContentHints()

Returns:

content hints as String

getClaimedSignerRoles

String[] getClaimedSignerRoles()

Returns the claimed role of the signer.

Returns:

array of the claimed roles as String array

getCertifiedSignerRoles

List<CertifiedRole> getCertifiedSignerRoles()

Returns the certified role of the signer.

Returns:

array of the certified roles

getCertificates

List<CertificateToken> getCertificates()

Get certificates embedded in the signature

Returns:

a list of certificate contained within the signature

getContentTimestamps

List<TimestampToken> getContentTimestamps()

Returns the content timestamps

Returns:

List of TimestampToken

getContentTimestampData

byte[] getContentTimestampData(TimestampToken timestampToken)

Returns the content timestamp data (timestamped or to be).

Parameters:

timestampToken -

Returns:

byte array representing the canonicalized data to be timestamped

getSignatureTimestamps

List<TimestampToken> getSignatureTimestamps()

Returns the signature timestamps

Returns:

List of TimestampToken

getSignatureTimestampData

byte[] getSignatureTimestampData(TimestampToken timestampToken,
                               String canonicalizationMethod)

Returns the data (signature value) that was timestamped by the SignatureTimeStamp for the given timestamp.

Parameters:

timestampToken -

canonicalizationMethod -

Returns:

byte array representing the canonicalized data to be timestamped

getTimestampsX1

List<TimestampToken> getTimestampsX1()

Returns the time-stamp which is placed on the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.

Returns:

List of TimestampToken

getTimestampX1Data

byte[] getTimestampX1Data(TimestampToken timestampToken,
                        String canonicalizationMethod)

Returns the data to be time-stamped. The data contains the digital signature (XAdES example: ds:SignatureValue element), the signature time-stamp(s) present in the AdES-T form, the certification path references and the revocation status references.

Parameters:

timestampToken - TimestampToken or null during the creation process

canonicalizationMethod - canonicalization method

Returns:

byte array representing the canonicalized data to be timestamped

getTimestampsX2

List<TimestampToken> getTimestampsX2()

Returns the time-stamp which is computed over the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).

Returns:

List of TimestampToken

getTimestampX2Data

byte[] getTimestampX2Data(TimestampToken timestampToken,
                        String canonicalizationMethod)

Returns the data to be time-stamped which contains the concatenation of CompleteCertificateRefs and CompleteRevocationRefs elements (XAdES example).

Returns:

byte array representing the canonicalized data to be timestamped

getArchiveTimestamps

List<TimestampToken> getArchiveTimestamps()

Returns the archive Timestamps

Returns:

List of TimestampToken

getArchiveTimestampData

byte[] getArchiveTimestampData(TimestampToken timestampToken,
                             String canonicalizationMethod)

Archive timestamp seals the data of the signature in a specific order. We need to retrieve the data for each timestamp.

Parameters:

timestampToken - null when adding a new archive timestamp

canonicalizationMethod -

Returns:

byte array representing the canonicalized data to be timestamped

addExternalTimestamp

void addExternalTimestamp(TimestampToken timestamp)

This method allows to add an external timestamp. The given timestamp must be checked before.

Parameters:

timestamp - the timestamp token

getCounterSignatures

List<AdvancedSignature> getCounterSignatures()

Returns a list of counter signatures applied to this signature

Returns:

a List of AdvancedSignatures representing the counter signatures

getTimestampedReferences

List<TimestampReference> getTimestampedReferences()

Returns the List of TimestampReference representing digest value of the certification path references and the revocation status references. (XAdES example: CompleteCertificateRefs and CompleteRevocationRefs elements)

Returns:

a List of TimestampReference

getCertificateRefs

List<CertificateRef> getCertificateRefs()

Retrieve list of certificate ref

Returns:

List of CertificateRef

getCRLRefs

List<CRLRef> getCRLRefs()

Returns:

The list of CRLRefs contained in the Signature

getOCSPRefs

List<OCSPRef> getOCSPRefs()

Returns:

The list of OCSPRef contained in the Signature

getId

String getId()

This method returns the DSS unique signature id. It allows to unambiguously identify each signature.

Returns:

The signature unique Id

getUsedCertificatesDigestAlgorithms

Set<DigestAlgorithm> getUsedCertificatesDigestAlgorithms()

Returns the set of digest algorithms used to build the certificate's digest. For example, these digests are referenced in CompleteCertificateRefs in the case of XAdES signature.

Returns:

isDataForSignatureLevelPresent

boolean isDataForSignatureLevelPresent(SignatureLevel signatureLevel)

Parameters:

signatureLevel - SignatureLevel to be checked

Returns:

true if the signature contains the data needed for this SignatureLevel. Doesn't mean any validity of the data found.

getDataFoundUpToLevel

SignatureLevel getDataFoundUpToLevel()

getSignatureLevels

SignatureLevel[] getSignatureLevels()

Returns:

the list of signature levels for this type of signature, in the simple to complete order. Example: B,T,LT,LTA

prepareTimestamps

void prepareTimestamps(ValidationContext validationContext)

validateTimestamps

void validateTimestamps()

validateStructure

void validateStructure()

This method allows the structure validation of the signature.

getStructureValidationResult

String getStructureValidationResult()

checkSignaturePolicy

void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyDetector)

findSignatureScope

void findSignatureScope(SignatureScopeFinder signatureScopeFinder)

getSignatureScopes

List<SignatureScope> getSignatureScopes()