/** * This is the default constructor to instantiate this container. * * @param diagnosticDataJaxb * the JAXB {@code DiagnosticData} * @param detailedReport * the JAXB {@code DetailedReport} */ protected AbstractReports(final eu.europa.esig.dss.jaxb.diagnostic.DiagnosticData diagnosticDataJaxb, final eu.europa.esig.dss.jaxb.detailedreport.DetailedReport detailedReport) { this.diagnosticData = diagnosticDataJaxb; this.diagnosticDataWrapper = new DiagnosticData(diagnosticDataJaxb); this.detailedReport = detailedReport; this.detailedReportWrapper = new DetailedReport(detailedReport); }
private Map<String, XmlBasicBuildingBlocks> executeAllBasicBuildingBlocks() { Map<String, XmlBasicBuildingBlocks> bbbs = new HashMap<String, XmlBasicBuildingBlocks>(); switch (validationLevel) { case ARCHIVAL_DATA: case LONG_TERM_DATA: process(diagnosticData.getAllRevocationData(), Context.REVOCATION, bbbs); process(diagnosticData.getAllTimestamps(), Context.TIMESTAMP, bbbs); process(diagnosticData.getAllSignatures(), Context.SIGNATURE, bbbs); process(diagnosticData.getAllCounterSignatures(), Context.COUNTER_SIGNATURE, bbbs); break; case TIMESTAMPS: process(diagnosticData.getAllTimestamps(), Context.TIMESTAMP, bbbs); process(diagnosticData.getAllSignatures(), Context.SIGNATURE, bbbs); process(diagnosticData.getAllCounterSignatures(), Context.COUNTER_SIGNATURE, bbbs); break; case BASIC_SIGNATURES: process(diagnosticData.getAllSignatures(), Context.SIGNATURE, bbbs); process(diagnosticData.getAllCounterSignatures(), Context.COUNTER_SIGNATURE, bbbs); break; default: throw new DSSException("Unsupported validation level " + validationLevel); } return bbbs; }
private void addSignatures(SimpleReport simpleReport, boolean container) { validSignatureCount = 0; totalSignatureCount = 0; List<SignatureWrapper> signatures = diagnosticData.getSignatures(); for (SignatureWrapper signature : signatures) { addSignature(simpleReport, signature, container); } }
private String getCountryCode() { String signingCertId = dssReports.getDiagnosticData().getSigningCertificateId(); Optional<String> countryCode = dssReports.getDiagnosticData().getUsedCertificates().stream() .filter(cert -> cert.getId().equals(signingCertId)) .map(CertificateWrapper::getCountryName) .findFirst(); return countryCode.orElse(null); } }
private Date getBestSignatureTime(String signatureFormat, String signatureId) { SignatureWrapper signature = dssReports.getDiagnosticData().getSignatureById(signatureId); if (signatureFormat.equals(LT_TM_XAdES_SIGNATURE_FORMAT)) { for (RevocationWrapper revocationData : dssReports.getDiagnosticData().getAllRevocationData()) { return revocationData.getProductionDate(); } } else { List<TimestampWrapper> timeStamps = signature.getTimestampList(); return timeStamps.isEmpty() ? null : timeStamps.get(0).getProductionTime(); } return null; }
void validateRevocationFreshness(eu.europa.esig.dss.validation.reports.Reports reports) { DiagnosticData diagnosticData = reports.getDiagnosticData(); if (diagnosticData.getUsedCertificates() != null && diagnosticData.getSigningCertificateId() != null) { for (CertificateWrapper certificateWrapper : diagnosticData.getUsedCertificates()) { for (SignatureWrapper signatureWrapper : diagnosticData.getSignatures()) { if (certificateWrapper.getId().equals(signatureWrapper.getSigningCertificateId()) && !signatureWrapper.getTimestampList().isEmpty()) { TimestampWrapper timeStampWrapper = getFirstTimestamp(signatureWrapper.getTimestampList()); if (timeStampWrapper.getProductionTime() == null) return; boolean revocationFreshnessCheckInvokeError = isRevocationFreshnessCheckInvalid(certificateWrapper, timeStampWrapper); if (revocationFreshnessCheckInvokeError) { reports.getSimpleReport().getErrors(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } else { boolean revocationFreshnessCheckInvokeWarning = certificateWrapper.getRevocationData().stream().anyMatch( r -> !CRL_REVOCATION_SOURCE.equals(r.getSource()) && isInRangeMillis(r.getProductionDate(), timeStampWrapper.getProductionTime(), REVOCATION_FRESHNESS_FIFTEEN_MINUTES_DIFFERENCE)); if (revocationFreshnessCheckInvokeWarning) { reports.getSimpleReport().getWarnings(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } } } } } } }
private void extractRevocationDataFromCertificateChain(Set<RevocationWrapper> result, List<String> certificateChainIds) { for (String certificateId : certificateChainIds) { CertificateWrapper certificate = diagnosticData.getUsedCertificateById(certificateId); if (certificate != null && certificate.getRevocationData() != null) { result.addAll(certificate.getRevocationData()); } } }
detailedReport.getBasicBuildingBlocks().addAll(bbbs.values()); for (SignatureWrapper signature : diagnosticData.getSignatures()) { CertificateWrapper signingCertificate = diagnosticData.getUsedCertificateById(signature.getSigningCertificateId()); if (signingCertificate != null) { CertificateWrapper rootCertificate = diagnosticData.getUsedCertificateById(signingCertificate.getLastChainCertificateId()); rootCertificate, detailedReport.getTLAnalysis(), diagnosticData.getLOTLCountryCode()); signatureAnalysis.setValidationSignatureQualification(qualificationBlock.execute());
/** * This method returns the serial number of the given dss certificate identifier. * * @param dssCertificateId * DSS certificate identifier to be checked * @return serial number */ public String getCertificateSerialNumber(final String dssCertificateId) { CertificateWrapper certificate = getUsedCertificateByIdNullSafe(dssCertificateId); return certificate.getSerialNumber(); }
/** * This method returns all revocation data * * @return a set of revocation data */ public Set<RevocationWrapper> getAllRevocationData() { Set<RevocationWrapper> revocationData = new HashSet<RevocationWrapper>(); List<CertificateWrapper> certificates = getUsedCertificates(); if (Utils.isCollectionNotEmpty(certificates)) { for (CertificateWrapper certificate : certificates) { Set<RevocationWrapper> revocations = certificate.getRevocationData(); if (revocations != null) { revocationData.addAll(revocations); } } } return revocationData; }
public void init(DiagnosticData diagnosticData, Date currentTime) { Set<SignatureWrapper> signatures = diagnosticData.getAllSignatures(); for (SignatureWrapper signature : signatures) { addPOE(signature.getId(), currentTime); } Set<TimestampWrapper> timestamps = diagnosticData.getAllTimestamps(); for (TimestampWrapper timestamp : timestamps) { addPOE(timestamp.getId(), currentTime); } List<CertificateWrapper> usedCertificates = diagnosticData.getUsedCertificates(); for (CertificateWrapper certificate : usedCertificates) { addPOE(certificate.getId(), currentTime); Set<RevocationWrapper> revocations = certificate.getRevocationData(); if (Utils.isCollectionNotEmpty(revocations)) { for (RevocationWrapper revocation : revocations) { if (RevocationOrigin.SIGNATURE.name().equals(revocation.getOrigin())) { addPOE(revocation.getId(), currentTime); } } } } }
private List<SignatureScope> parseSignatureScopes(String signatureId) { return dssReports.getDiagnosticData().getSignatureById(signatureId).getSignatureScopes() .stream() .map(this::parseSignatureScope) .collect(Collectors.toList()); }
private void addRevocationErrors() { DiagnosticData diagnosticData = this.signature.validate().getReports().getDiagnosticData(); if (diagnosticData == null) { return; } String certificateRevocationSource = diagnosticData .getCertificateRevocationSource(diagnosticData.getSigningCertificateId()); this.log.debug("Revocation source is <{}>", certificateRevocationSource); if (StringUtils.equalsIgnoreCase("CRLToken", certificateRevocationSource)) { this.log.error("Signing certificate revocation source is CRL instead of OCSP"); this.addValidationError(new UntrustedRevocationSourceException()); } }
DetailedReport build() { DetailedReport detailedReport = init(); CertificateWrapper certificate = diagnosticData.getUsedCertificateById(certificateId); CertificateWrapper rootCertificate = diagnosticData.getUsedCertificateById(certificate.getLastChainCertificateId()); Map<String, XmlBasicBuildingBlocks> bbbs = new HashMap<String, XmlBasicBuildingBlocks>(); process(Collections.singleton(certificate), Context.CERTIFICATE, bbbs); detailedReport.getBasicBuildingBlocks().addAll(bbbs.values()); XmlBasicBuildingBlocks basicBuildingBlocks = bbbs.get(certificate.getId()); CertificateQualificationBlock cqb = new CertificateQualificationBlock(basicBuildingBlocks.getConclusion(), currentTime, certificate, rootCertificate, detailedReport.getTLAnalysis(), diagnosticData.getLOTLCountryCode()); detailedReport.setCertificate(cqb.execute()); return detailedReport; }
/** * This method returns the RevocationWrapper corresponding to the id * * @param id * id of the revocation data * @return revocation wrapper or null */ public RevocationWrapper getRevocationDataById(String id) { Set<RevocationWrapper> revocationData = getAllRevocationData(); for(RevocationWrapper rd : revocationData) { if(Utils.areStringsEqual(rd.getId(), id)) { return rd; } } return null; }
private String getContainerType() { if (dssReports.getDiagnosticData().getContainerInfo() != null) return dssReports.getDiagnosticData().getContainerInfo().getContainerType(); return null; }
private void addDocumentName(SimpleReport report) { report.setDocumentName(diagnosticData.getDocumentName()); }
private Date getExpirationDateForSigningCertificate(SignatureWrapper currentSignature) { CertificateWrapper signingCertificate = diagnosticData.getUsedCertificateById(currentSignature.getSigningCertificateId()); if (signingCertificate != null) { return signingCertificate.getNotAfter(); } return null; }
/** * This method indicates if the certificate signature is valid and the revocation status is valid. * * @param dssCertificateId * DSS certificate identifier to be checked * @return certificate validity */ public boolean isValidCertificate(final String dssCertificateId) { CertificateWrapper certificate = getUsedCertificateByIdNullSafe(dssCertificateId); return certificate.isValidCertificate(); }
/** * This method returns a certificate wrapper for the given certificate id * * @param id * the certificate id * @return a certificate wrapper or null */ public CertificateWrapper getUsedCertificateById(String id) { List<CertificateWrapper> certificates = getUsedCertificates(); if (Utils.isCollectionNotEmpty(certificates)) { for (CertificateWrapper certificate : certificates) { if (Utils.areStringsEqual(id, certificate.getId())) { return certificate; } } } return null; }