Module jpms_dss_xades
Package eu.europa.esig.dss.xades.validation

Class XAdESSignature

java.lang.Object
eu.europa.esig.dss.validation.DefaultAdvancedSignature
eu.europa.esig.dss.xades.validation.XAdESSignature
All Implemented Interfaces:
eu.europa.esig.dss.model.identifier.IdentifierBasedObject, eu.europa.esig.dss.validation.AdvancedSignature, Serializable
public class XAdESSignature extends eu.europa.esig.dss.validation.DefaultAdvancedSignature
Parse an XAdES signature structure. Note that for each signature to be validated a new instance of this object must be created.
See Also:

  • Constructor Details

    • XAdESSignature

      public XAdESSignature(Element signatureElement)
      This constructor is used when creating the signature. The default XPathQueryHolder is set.
      Parameters:
      signatureElement - the signature DOM element

    • XAdESSignature

      public XAdESSignature(Element signatureElement, List<eu.europa.esig.xades.definition.XAdESPath> xadesPathHolders)
      The default constructor for XAdESSignature.
      Parameters:
      signatureElement - the signature DOM element
      xadesPathHolders - List of XAdESPaths to use when handling signature

  • Method Details

    • setDisableXSWProtection

      public void setDisableXSWProtection(boolean disableXSWProtection)
      NOT RECOMMENDED : This parameter allows to disable protection against XML Signature wrapping attacks (XSW). It disables the research by XPath expression for defined Type attributes.
      Parameters:
      disableXSWProtection - true to disable the protection

    • recursiveNamespaceBrowser

      public void recursiveNamespaceBrowser(Element element)
      This method sets the namespace which will determinate the XAdESPaths to use. The content of the Transform element is ignored.
      Parameters:
      element - Element

    • getXAdESPathsHolders

      public List<eu.europa.esig.xades.definition.XAdESPath> getXAdESPathsHolders()
      Returns a list of used XAdESPaths
      Returns:
      a list of XAdESPaths

    • getXAdESPaths

      public eu.europa.esig.xades.definition.XAdESPath getXAdESPaths()
      Gets the current XAdESPaths
      Returns:
      XAdESPath

    • getXmldSigNamespace

      public eu.europa.esig.dss.xml.common.definition.DSSNamespace getXmldSigNamespace()
      Returns the XMLDSIG namespace
      Returns:
      DSSNamespace

    • getXadesNamespace

      public eu.europa.esig.dss.xml.common.definition.DSSNamespace getXadesNamespace()
      Returns the XAdES namespace
      Returns:
      DSSNamespace

    • getSignatureElement

      public Element getSignatureElement()
      Returns the w3c.dom encapsulated signature element.
      Returns:
      the signatureElement

    • getSignatureForm

      public eu.europa.esig.dss.enumerations.SignatureForm getSignatureForm()

    • getEncryptionAlgorithm

      public eu.europa.esig.dss.enumerations.EncryptionAlgorithm getEncryptionAlgorithm()

    • getDigestAlgorithm

      public eu.europa.esig.dss.enumerations.DigestAlgorithm getDigestAlgorithm()

    • getMaskGenerationFunction

      public eu.europa.esig.dss.enumerations.MaskGenerationFunction getMaskGenerationFunction()

    • getSignatureAlgorithm

      public eu.europa.esig.dss.enumerations.SignatureAlgorithm getSignatureAlgorithm()

    • getCertificateSource

      public eu.europa.esig.dss.spi.SignatureCertificateSource getCertificateSource()

    • getCRLSource

      public eu.europa.esig.dss.spi.x509.revocation.crl.OfflineCRLSource getCRLSource()

    • getOCSPSource

      public eu.europa.esig.dss.spi.x509.revocation.ocsp.OfflineOCSPSource getOCSPSource()

    • getTimestampSource

      public XAdESTimestampSource getTimestampSource()

    • getSigningTime

      public Date getSigningTime()

    • getSignaturePolicy

      public XAdESSignaturePolicy getSignaturePolicy()
      Specified by:
      getSignaturePolicy in interface eu.europa.esig.dss.validation.AdvancedSignature
      Overrides:
      getSignaturePolicy in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • buildSignaturePolicy

      protected XAdESSignaturePolicy buildSignaturePolicy()
      Specified by:
      buildSignaturePolicy in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • getSignatureProductionPlace

      public eu.europa.esig.dss.validation.SignatureProductionPlace getSignatureProductionPlace()

    • getSignaturePolicyStore

      public eu.europa.esig.dss.model.SignaturePolicyStore getSignaturePolicyStore()

    • getSignedAssertions

      public List<eu.europa.esig.dss.validation.SignerRole> getSignedAssertions()

    • getClaimedSignerRoles

      public List<eu.europa.esig.dss.validation.SignerRole> getClaimedSignerRoles()

    • getCertifiedSignerRoles

      public List<eu.europa.esig.dss.validation.SignerRole> getCertifiedSignerRoles()

    • getContentType

      public String getContentType()

    • getMimeType

      public String getMimeType()

    • getSignatureValueBase64

      public String getSignatureValueBase64()
      Returns a base64 SignatureValue
      Returns:
      base64 String

    • getSignatureValue

      public byte[] getSignatureValue()

    • getSignatureValueId

      public String getSignatureValueId()
      Returns Id of the ds:SignatureValue element
      Returns:
      String Id

    • getObjects

      public NodeList getObjects()
      This method returns the list of ds:Object elements for the current signature element.
      Returns:
      NodeList

    • getCompleteCertificateRefs

      public Element getCompleteCertificateRefs()
      Gets xades:CompleteCertificateRefs or xades141:CompleteCertificateRefsV2 element
      Returns:
      Element

    • getCompleteRevocationRefs

      public Element getCompleteRevocationRefs()
      Gets xades:CompleteRevocationRefs
      Returns:
      Element

    • getSigAndRefsTimeStamp

      public NodeList getSigAndRefsTimeStamp()
      Gets xades:SigAndRefsTimeStamp node list
      Returns:
      NodeList

    • getRefsOnlyTimestampTimeStamp

      public NodeList getRefsOnlyTimestampTimeStamp()
      Gets xades:RefsOnlyTimestamp node list
      Returns:
      NodeList

    • getCertificateValues

      public Element getCertificateValues()
      Gets xades:CertificateValues element
      Returns:
      Element

    • getRevocationValues

      public Element getRevocationValues()
      Gets xades:RevocationValues element
      Returns:
      Element

    • addExternalTimestamp

      public void addExternalTimestamp(eu.europa.esig.dss.spi.x509.tsp.TimestampToken timestamp)

    • getBaselineRequirementsChecker

      protected XAdESBaselineRequirementsChecker getBaselineRequirementsChecker()
      Overrides:
      getBaselineRequirementsChecker in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • createBaselineRequirementsChecker

      protected XAdESBaselineRequirementsChecker createBaselineRequirementsChecker()
      Specified by:
      createBaselineRequirementsChecker in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • hasTProfile

      public boolean hasTProfile()
      Checks if the T-level is present in the signature. In case of a signature with BDOC signature policy, T-level is indicated by the presence of a time-mark-conformant OCSP response.
      Overrides:
      hasTProfile in class eu.europa.esig.dss.validation.DefaultAdvancedSignature
      Returns:
      true if the T-level is present, false otherwise

    • hasBESProfile

      public boolean hasBESProfile()
      Checks the presence of signing certificate covered by the signature, what is the proof -BES profile existence
      Returns:
      true if BES Profile is detected

    • hasEPESProfile

      public boolean hasEPESProfile()
      Checks the presence of SignaturePolicyIdentifier element in the signature, what is the proof -EPES profile existence
      Returns:
      true if EPES Profile is detected

    • hasExtendedTProfile

      public boolean hasExtendedTProfile()
      Checks the presence of SignatureTimeStamp element in the signature, what is the proof -T profile existence
      Returns:
      true if T Profile is detected

    • hasCProfile

      public boolean hasCProfile()
      Checks the presence of CompleteCertificateRefs and CompleteRevocationRefs segments in the signature, what is the proof -C profile existence
      Returns:
      true if C Profile is detected

    • hasXProfile

      public boolean hasXProfile()
      Checks the presence of SigAndRefsTimeStamp segment in the signature, what is the proof -X profile existence
      Returns:
      true if the -X extension is present

    • hasXLProfile

      public boolean hasXLProfile()
      Checks the presence of CertificateValues/RevocationValues segment in the signature, what is the proof -XL profile existence
      Returns:
      true if the -XL extension is present

    • hasAProfile

      public boolean hasAProfile()
      Checks the presence of ArchiveTimeStamp element in the signature, what is the proof -A profile existence
      Returns:
      true if the -A extension is present

    • checkSignatureIntegrity

      public void checkSignatureIntegrity()

    • getReferenceValidations

      public List<eu.europa.esig.dss.model.ReferenceValidation> getReferenceValidations()

    • getSignatureDigestReference

      public eu.europa.esig.dss.validation.SignatureDigestReference getSignatureDigestReference(eu.europa.esig.dss.enumerations.DigestAlgorithm digestAlgorithm)
      TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of XAdES signatures, the input of the digest value computation shall be the result of applying the canonicalization algorithm identified within the CanonicalizationMethod child element's value to the corresponding ds:Signature element and its contents. The canonicalization shall be computed keeping this ds:Signature element as a descendant of the XML root element, without detaching it.

    • getDataToBeSignedRepresentation

      public eu.europa.esig.dss.model.Digest getDataToBeSignedRepresentation()

    • getSignedInfo

      public Element getSignedInfo()
      Returns the ds:SignedInfo element
      Returns:
      Element ds:SignedInfo

    • getObjectById

      public Node getObjectById(String id)
      Gets ds:Object by its Id
      Parameters:
      id - String object Id
      Returns:
      Node

    • getManifestById

      public Element getManifestById(String id)
      Gets ds:Manifest by its Id
      Parameters:
      id - String manifest Id
      Returns:
      Element Manifest

    • getCounterSignatures

      public List<eu.europa.esig.dss.validation.AdvancedSignature> getCounterSignatures()
      This method retrieves the potential countersignatures embedded in the XAdES signature document. From ETSI TS 101 903 v1.4.2: 7.2.4.1 Countersignature identifier in Type attribute of ds:Reference A XAdES signature containing a ds:Reference element whose Type attribute has value "http://uri.etsi.org/01903#CountersignedSignature" will indicate that is is, in fact, a countersignature of the signature referenced by this element. 7.2.4.2 Enveloped countersignatures: the CounterSignature element The CounterSignature is an unsigned property that qualifies the signature. A XAdES signature MAY have more than one CounterSignature properties. As indicated by its name, it contains one countersignature of the qualified signature.
      Returns:
      a list containing the countersignatures embedded in the XAdES signature document

    • getSignatureIdentifierBuilder

      protected eu.europa.esig.dss.validation.SignatureIdentifierBuilder getSignatureIdentifierBuilder()
      Specified by:
      getSignatureIdentifierBuilder in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • getDAIdentifier

      public String getDAIdentifier()

    • getUnsignedSignatureProperties

      public List<String> getUnsignedSignatureProperties()
      Retrieves the name of each node found under the UnsignedSignatureProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedSignatureProperties

      public List<String> getSignedSignatureProperties()
      Retrieves the name of each node found under the SignedSignatureProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedProperties

      public List<String> getSignedProperties()
      Retrieves the name of each node found under the SignedProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getUnsignedProperties

      public List<String> getUnsignedProperties()
      Retrieves the name of each node found under the UnsignedProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getSignedDataObjectProperties

      public List<String> getSignedDataObjectProperties()
      Retrieves the name of each node found under the SignedDataObjectProperties element
      Returns:
      an ArrayList containing the retrieved node names

    • getDataFoundUpToLevel

      public eu.europa.esig.dss.enumerations.SignatureLevel getDataFoundUpToLevel()

    • validateStructure

      public List<String> validateStructure()
      Overrides:
      validateStructure in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • findSignatureScopes

      protected List<eu.europa.esig.dss.model.scope.SignatureScope> findSignatureScopes()
      Specified by:
      findSignatureScopes in class eu.europa.esig.dss.validation.DefaultAdvancedSignature

    • getLastTimestampValidationData

      public Element getLastTimestampValidationData()
      This method returns the last timestamp validation data for an archive timestamp.
      Returns:
      Element xades141:TimestampValidationData

    • getCommitmentTypeIndications

      public List<eu.europa.esig.dss.validation.CommitmentTypeIndication> getCommitmentTypeIndications()

    • getReferences

      public List<org.apache.xml.security.signature.Reference> getReferences()
      Gets a list of found references
      Returns:
      a list of References

    • getSignatureObjects

      public List<Element> getSignatureObjects()
      Gets a list of found signature ds:Object elements
      Returns:
      a list of Elements

    • registerXAdESPaths

      public void registerXAdESPaths(eu.europa.esig.xades.definition.XAdESPath xadesPaths)
      This method allows to register a new XAdESPaths.
      Parameters:
      xadesPaths - XAdESPaths to register