Package eu.europa.esig.dss.cades.validation

Class CAdESSignature

java.lang.Object

eu.europa.esig.dss.validation.DefaultAdvancedSignature

eu.europa.esig.dss.cades.validation.CAdESSignature

All Implemented Interfaces:

AdvancedSignature, Serializable

Direct Known Subclasses:

PAdESSignature

public class CAdESSignature
extends DefaultAdvancedSignature

CAdES Signature class helper

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class eu.europa.esig.dss.validation.DefaultAdvancedSignature

DefaultAdvancedSignature.ValidationDataForInclusion

Field Summary

Fields inherited from class eu.europa.esig.dss.validation.DefaultAdvancedSignature

candidatesForSigningCertificate, certPool, detachedContents, manifestFiles, offlineCertificateSource, providedSigningCertificateToken, referenceValidations, signatureCRLSource, signatureCryptographicVerification, signatureIdentifier, signatureOCSPSource, signaturePolicy, signatureTimestampSource, structureValidation

Constructor Summary

Constructors

Constructor	Description
CAdESSignature(byte[] data)
CAdESSignature(byte[] data, CertificatePool certPool)
CAdESSignature(org.bouncycastle.cms.CMSSignedData cms, CertificatePool certPool)	The default constructor for CAdESSignature.
CAdESSignature(org.bouncycastle.cms.CMSSignedData cms, CertificatePool certPool, List<DSSDocument> detachedContents)
CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation)
CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation, CertificatePool certPool)	The default constructor for CAdESSignature.

Method Summary

Modifier and Type	Method	Description
protected SignatureIdentifier	buildSignatureIdentifier()	Build and defines signatureIdentifier value
void	checkSignatureIntegrity()	Verifies the signature integrity; checks if the signed content has not been tampered with.
void	checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider)
void	checkSigningCertificate()	This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.
CandidatesForSigningCertificate	getCandidatesForSigningCertificate()	ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.
List<CertificateRef>	getCertificateRefs()	Retrieve list of certificate ref
SignatureCertificateSource	getCertificateSource()	Gets a certificate source which contains ALL certificates embedded in the signature.
List<SignerRole>	getCertifiedSignerRoles()	Returns the certified roles of the signer.
List<SignerRole>	getClaimedSignerRoles()	Returns the claimed roles of the signer.
org.bouncycastle.cms.CMSSignedData	getCmsSignedData()
CommitmentType	getCommitmentTypeIndication()	This method obtains the information concerning commitment type indication linked to the signature
String	getContentHints()
String	getContentIdentifier()
String	getContentType()	Returns the value of the signed attribute content-type
List<AdvancedSignature>	getCounterSignatures()	Returns a list of counter signatures applied to this signature
SignatureCRLSource	getCRLSource()	Gets a CRL source which contains ALL CRLs embedded in the signature.
String	getDAIdentifier()	This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES
DigestAlgorithm	getDigestAlgorithm()	Retrieves the digest algorithm used for generating the signature.
EncryptionAlgorithm	getEncryptionAlgorithm()	Retrieves the encryption algorithm used for generating the signature.
MaskGenerationFunction	getMaskGenerationFunction()	Retrieves the mask generation function used for generating the signature.
Set<DigestAlgorithm>	getMessageDigestAlgorithms()
byte[]	getMessageDigestValue()
String	getMimeType()	Returns the value of the signed attribute mime-type
SignatureOCSPSource	getOCSPSource()	Gets an OCSP source which contains ALL OCSP responses embedded in the signature.
DSSDocument	getOriginalDocument()
DigestAlgorithm	getPSSHashAlgorithm()
List<ReferenceValidation>	getReferenceValidations()	Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)
List<ReferenceValidation>	getReferenceValidations(org.bouncycastle.cms.SignerInformation signerInformationToCheck)
SignatureAlgorithm	getSignatureAlgorithm()	Retrieves the signature algorithm (or cipher) used for generating the signature.
SignatureDigestReference	getSignatureDigestReference(DigestAlgorithm digestAlgorithm)	TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch.
SignatureForm	getSignatureForm()	Specifies the format of the signature
SignatureLevel[]	getSignatureLevels()
SignatureProductionPlace	getSignatureProductionPlace()	Returns information about the place where the signature was generated
byte[]	getSignatureValue()	Returns the digital signature value
org.bouncycastle.cms.SignerId	getSignerId()	Returns SignerId of the related to the signature signerInformation
org.bouncycastle.cms.SignerInformation	getSignerInformation()
Date	getSigningTime()	Returns the signing time included within the signature.
List<TimestampedReference>	getTimestampReferencesForArchiveTimestamp(List<TimestampToken> timestampedTimestamps)
CAdESTimestampSource	getTimestampSource()	Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.
boolean	isCounterSignature()	Checks if the signature is a counter signature
boolean	isDataForSignatureLevelPresent(SignatureLevel signatureLevel)

Methods inherited from class eu.europa.esig.dss.validation.DefaultAdvancedSignature

addEncapsulatedCertificatesFromTimestamp, addExternalTimestamp, addReference, addReferences, addReferencesForCertificates, addReferencesForPreviousTimestamps, addReferencesFromRevocationData, areAllSelfSignedCertificates, equals, findRefsForRevocationIdentifier, findRefsForRevocationToken, findSignatureScope, getAllFoundRevocationIdentifiers, getAllRevocationTokens, getAllTimestamps, getArchiveTimestamps, getAttributeRevocationCRLReferences, getAttributeRevocationOCSPReferences, getAttributeRevocationTokens, getAttributeRevocationValuesTokens, getCertificateListWithinSignatureAndTimestamps, getCertificateMapWithinSignatureAndTimestamps, getCertificates, getCMSSignedDataRevocationTokens, getCompleteCRLSource, getCompleteOCSPSource, getCompleteRevocationCRLReferences, getCompleteRevocationOCSPReferences, getCompleteRevocationTokens, getContainerContents, getContentTimestampReferences, getContentTimestamps, getDataFoundUpToLevel, getDetachedContents, getDocumentTimestamps, getDSSDictionaryRevocationTokens, getDSSId, getId, getManifestedDocuments, getMasterSignature, getOrphanCertificateRefs, getOrphanRevocationRefs, getPdfRevision, getPolicyId, getProvidedSigningCertificateToken, getRevocationValuesTokens, getSignatureCryptographicVerification, getSignatureFilename, getSignatureScopes, getSignatureTimestampReferences, getSignatureTimestamps, getSignatureValidationContext, getSignerRoles, getSigningCertificateTimestampReferences, getSigningCertificateToken, getStructureValidationResult, getTimestampedReferencesFromCertificates, getTimestampRevocationCRLReferences, getTimestampRevocationOCSPReferences, getTimestampSignedDataRevocationTokens, getTimestampSourceCertificates, getTimestampsX1, getTimestampsX2, getTimestampValidationDataTokens, getValidationDataForInclusion, getVRIDictionaryRevocationTokens, hashCode, hasLTAProfile, hasLTProfile, hasTProfile, isDocHashOnlyValidation, isHashOnlyValidation, prepareTimestamps, setContainerContents, setDetachedContents, setManifestFiles, setMasterSignature, setProvidedSigningCertificateToken, setSignatureFilename, validateStructure

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CAdESSignature

public CAdESSignature(byte[] data) throws org.bouncycastle.cms.CMSException

Parameters:

data - byte array representing CMSSignedData

Throws:

org.bouncycastle.cms.CMSException

CAdESSignature

public CAdESSignature(byte[] data, CertificatePool certPool) throws org.bouncycastle.cms.CMSException

Parameters:

data - byte array representing CMSSignedData

certPool - can be null

Throws:

org.bouncycastle.cms.CMSException

CAdESSignature

public CAdESSignature(org.bouncycastle.cms.CMSSignedData cms, CertificatePool certPool)

The default constructor for CAdESSignature.

Parameters:

cms - CMSSignedData

certPool - can be null

CAdESSignature

public CAdESSignature(org.bouncycastle.cms.CMSSignedData cms, CertificatePool certPool, List<DSSDocument> detachedContents)

CAdESSignature

public CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation)

Parameters:

cmsSignedData - CMSSignedData

signerInformation - an expanded SignerInfo block from a CMS Signed message

CAdESSignature

public CAdESSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.cms.SignerInformation signerInformation, CertificatePool certPool)

The default constructor for CAdESSignature.

Parameters:

cmsSignedData - CMSSignedData

signerInformation - an expanded SignerInfo block from a CMS Signed message

certPool - can be null

Method Details

getSignatureForm

public SignatureForm getSignatureForm()

Description copied from interface: AdvancedSignature

Specifies the format of the signature

getCertificateSource

public SignatureCertificateSource getCertificateSource()

Description copied from interface: AdvancedSignature

Gets a certificate source which contains ALL certificates embedded in the signature.

Returns:

getCRLSource

public SignatureCRLSource getCRLSource()

Description copied from interface: AdvancedSignature

Gets a CRL source which contains ALL CRLs embedded in the signature.

Returns:

SignatureCRLSource

getOCSPSource

public SignatureOCSPSource getOCSPSource()

Description copied from interface: AdvancedSignature

Gets an OCSP source which contains ALL OCSP responses embedded in the signature.

Returns:

SignatureOCSPSource

getTimestampSource

public CAdESTimestampSource getTimestampSource()

Description copied from interface: AdvancedSignature

Gets a Signature Timestamp source which contains ALL timestamps embedded in the signature.

Returns:

SignatureTimestampSource

getSignerId

public org.bouncycastle.cms.SignerId getSignerId()

Returns SignerId of the related to the signature signerInformation

Returns:

SignerId

getCandidatesForSigningCertificate

public CandidatesForSigningCertificate getCandidatesForSigningCertificate()

ETSI TS 101 733 V2.2.1 (2013-04) 5.6.3 Signature Verification Process ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital signature.

Returns:

checkSignaturePolicy

public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider)

getSigningTime

public Date getSigningTime()

Description copied from interface: AdvancedSignature

Returns the signing time included within the signature.

Returns:

Date representing the signing time or null

getCmsSignedData

public org.bouncycastle.cms.CMSSignedData getCmsSignedData()

Returns:

the cmsSignedData

getSignatureProductionPlace

public SignatureProductionPlace getSignatureProductionPlace()

Description copied from interface: AdvancedSignature

Returns information about the place where the signature was generated

Returns:

SignatureProductionPlace

getCommitmentTypeIndication

public CommitmentType getCommitmentTypeIndication()

Description copied from interface: AdvancedSignature

This method obtains the information concerning commitment type indication linked to the signature

Returns:

CommitmentType

getClaimedSignerRoles

public List<SignerRole> getClaimedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the claimed roles of the signer.

Returns:

list of the SignerRoles

getCertifiedSignerRoles

public List<SignerRole> getCertifiedSignerRoles()

Description copied from interface: AdvancedSignature

Returns the certified roles of the signer.

Returns:

list of the SignerRoles

getTimestampReferencesForArchiveTimestamp

public List<TimestampedReference> getTimestampReferencesForArchiveTimestamp(List<TimestampToken> timestampedTimestamps)

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the encryption algorithm used for generating the signature.

Returns:

EncryptionAlgorithm

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the digest algorithm used for generating the signature.

Returns:

DigestAlgorithm

getPSSHashAlgorithm

public DigestAlgorithm getPSSHashAlgorithm()

getMaskGenerationFunction

public MaskGenerationFunction getMaskGenerationFunction()

Description copied from interface: AdvancedSignature

Retrieves the mask generation function used for generating the signature.

Returns:

MaskGenerationFunction

getSignatureAlgorithm

public SignatureAlgorithm getSignatureAlgorithm()

Description copied from interface: AdvancedSignature

Retrieves the signature algorithm (or cipher) used for generating the signature.

Returns:

SignatureAlgorithm

checkSignatureIntegrity

public void checkSignatureIntegrity()

Description copied from interface: AdvancedSignature

Verifies the signature integrity; checks if the signed content has not been tampered with. In the case of a non-AdES signature no including the signing certificate then the latter must be provided by calling setProvidedSigningCertificateToken In the case of a detached signature the signed content must be provided by calling setProvidedSigningCertificateToken

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations(org.bouncycastle.cms.SignerInformation signerInformationToCheck)

getReferenceValidations

public List<ReferenceValidation> getReferenceValidations()

Description copied from interface: AdvancedSignature

Returns individual validation foreach reference (XAdES) or for the message-imprint (CAdES)

Returns:

a list with one or more ReferenceValidation

getSignatureDigestReference

public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm)

TS 119 442 - V1.1.1 - Electronic Signatures and Infrastructures (ESI), ch. 5.1.4.2.1.3 XML component: In case of CAdES signatures, the input to the digest value computation shall be one of the DER-encoded instances of SignedInfo type present within the CMS structure.

Parameters:

digestAlgorithm - DigestAlgorithm to use

Returns:

SignatureDigestReference

checkSigningCertificate

public void checkSigningCertificate()

Description copied from interface: AdvancedSignature

This method checks the protection of the certificates included within the signature (XAdES: KeyInfo) against the substitution attack.

getMessageDigestAlgorithms

public Set<DigestAlgorithm> getMessageDigestAlgorithms()

getMessageDigestValue

public byte[] getMessageDigestValue()

Specified by:

getMessageDigestValue in interface AdvancedSignature

Overrides:

getMessageDigestValue in class DefaultAdvancedSignature

getContentType

public String getContentType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute content-type

Returns:

content type as String

getMimeType

public String getMimeType()

Description copied from interface: AdvancedSignature

Returns the value of the signed attribute mime-type

Returns:

mime type as String

getContentIdentifier

public String getContentIdentifier()

Returns:

content identifier as String

getContentHints

public String getContentHints()

Returns:

content hints as String

getSignerInformation

public org.bouncycastle.cms.SignerInformation getSignerInformation()

Returns:

the signerInformation

getSignatureValue

public byte[] getSignatureValue()

Description copied from interface: AdvancedSignature

Returns the digital signature value

Returns:

digital signature value byte array

isCounterSignature

public boolean isCounterSignature()

Checks if the signature is a counter signature

Returns:

TRUE if the signature is a counter signature, FALSE otherwise

getCounterSignatures

public List<AdvancedSignature> getCounterSignatures()

Description copied from interface: AdvancedSignature

Returns a list of counter signatures applied to this signature

Returns:

a List of AdvancedSignatures representing the counter signatures

getCertificateRefs

public List<CertificateRef> getCertificateRefs()

Description copied from interface: AdvancedSignature

Retrieve list of certificate ref

Returns:

List of CertificateRef

getOriginalDocument

public DSSDocument getOriginalDocument() throws DSSException

Throws:

DSSException

buildSignatureIdentifier

protected SignatureIdentifier buildSignatureIdentifier()

Description copied from class: DefaultAdvancedSignature

Build and defines signatureIdentifier value

Specified by:

buildSignatureIdentifier in class DefaultAdvancedSignature

getDAIdentifier

public String getDAIdentifier()

Description copied from interface: AdvancedSignature

This method returns an identifier provided by the Driving Application (DA) Note: used only for XAdES

Returns:

The signature identifier

isDataForSignatureLevelPresent

public boolean isDataForSignatureLevelPresent(SignatureLevel signatureLevel)

Parameters:

signatureLevel - SignatureLevel to be checked

Returns:

true if the signature contains the data needed for this SignatureLevel. Doesn't mean any validity of the data found.

getSignatureLevels

public SignatureLevel[] getSignatureLevels()

Returns:

the list of signature levels for this type of signature, in the simple to complete order. Example: B,T,LT,LTA