- Add the Codota plugin to your IDE and get smart completions
private void myMethod () {Charset c =
String charsetName;Charset.forName(charsetName)
- Smart code suggestions by Codota
}
private boolean getBoolValue(final XmlDom xmlDom, final String xPath) { return xmlDom == null ? false : xmlDom.getBoolValue(xPath); }
/** * This method indicates if the certificate signature is valid and the revocation status is valid. * * @param dssCertificateId DSS certificate identifier to be checked * @return certificate validity */ public boolean isValidCertificate(final int dssCertificateId) { final XmlDom certificate = getElement("/DiagnosticData/UsedCertificates/Certificate[@Id='%s']", dssCertificateId); final boolean signatureValid = certificate.getBoolValue("./BasicSignature/SignatureValid/text()"); final boolean revocationValid = certificate.getBoolValue("./Revocation/Status/text()"); final boolean trusted = certificate.getBoolValue("./Trusted/text()"); final boolean validity = signatureValid && (trusted ? true : revocationValid); return validity; }
/** * Indicates if the -T level is technically valid. It means that the signature and the digest are valid. * * @param signatureId The identifier of the signature. * @return true if the signature and digest are valid */ public boolean isTLevelTechnicallyValid(final String signatureId) { final List<XmlDom> timestamps = getElements("/DiagnosticData/Signature[@Id='%s']/Timestamps/Timestamp[@Type='%s']", signatureId, TimestampType.SIGNATURE_TIMESTAMP.name()); for (final XmlDom timestamp : timestamps) { final boolean signatureValid = timestamp.getBoolValue("./BasicSignature/SignatureValid/text()"); final boolean messageImprintIntact = timestamp.getBoolValue("./MessageImprintDataIntact/text()"); if (signatureValid && messageImprintIntact) { return true; } } return false; }
final boolean isQCC = certificate.getBoolValue("./QCStatement/QCC/text()"); final boolean isQCP = certificate.getBoolValue("./QCStatement/QCP/text()"); final boolean isQCPPlus = certificate.getBoolValue("./QCStatement/QCPPlus/text()");
/** * Indicates if the -A (-LTA) level is technically valid. It means that the signature of the archive timestamps are valid and their imprint is valid too. * * @param signatureId The identifier of the signature. * @return true if the signature and digest are valid */ public boolean isALevelTechnicallyValid(final String signatureId) { final List<XmlDom> timestamps = getElements("/DiagnosticData/Signature[@Id='%s']/Timestamps/Timestamp[@Type='%s']", signatureId, TimestampType.ARCHIVE_TIMESTAMP.name()); for (final XmlDom timestamp : timestamps) { final boolean signatureValid = timestamp.getBoolValue("./BasicSignature/SignatureValid/text()"); final boolean messageImprintIntact = timestamp.getBoolValue("./MessageImprintDataIntact/text()"); if (signatureValid && messageImprintIntact) { return true; } } return false; }
final boolean qcSSCD = certificate.getBoolValue("./QCStatement/QCSSCD/text()"); final boolean qcpPlus = certificate.getBoolValue("./QCStatement/QCPPlus/text()");
protected boolean isTrustedProspectiveCertificateChain(final ProcessParameters params) { final String lastChainCertId = contextElement.getValue("./CertificateChain/ChainCertificate[last()]/@Id"); final XmlDom lastChainCertificate = params.getCertificate(lastChainCertId); boolean lastChainCertificateTrusted = false; if (lastChainCertificate != null) { lastChainCertificateTrusted = lastChainCertificate.getBoolValue("./Trusted/text()"); } return lastChainCertificateTrusted; }
/** * Indicates if the -X level is technically valid. It means that the signature and the digest are valid. * * @param signatureId The identifier of the signature. * @return true if the signature and digest are valid */ public boolean isXLevelTechnicallyValid(final String signatureId) { final List<XmlDom> vdroTimestamps = getElements("/DiagnosticData/Signature[@Id='%s']/Timestamps/Timestamp[@Type='%s']", signatureId, TimestampType.VALIDATION_DATA_REFSONLY_TIMESTAMP.name()); final List<XmlDom> vdTimestamps = getElements("/DiagnosticData/Signature[@Id='%s']/Timestamps/Timestamp[@Type='%s']", signatureId, TimestampType.VALIDATION_DATA_TIMESTAMP.name()); final List<XmlDom> timestamps = new ArrayList<XmlDom>(vdroTimestamps); timestamps.addAll(vdroTimestamps); for (final XmlDom timestamp : timestamps) { final boolean signatureValid = timestamp.getBoolValue("./BasicSignature/SignatureValid/text()"); final boolean messageImprintIntact = timestamp.getBoolValue("./MessageImprintDataIntact/text()"); if (signatureValid && messageImprintIntact) { return true; } } return false; }
/** * This method returns the type of the qualification of the signature (signing certificate). * * @param signCert * @return */ private SignatureType getSignatureType(final XmlDom signCert) { final CertificateQualification certQualification = new CertificateQualification(); certQualification.setQcp(signCert.getBoolValue("./QCStatement/QCP/text()")); certQualification.setQcpp(signCert.getBoolValue("./QCStatement/QCPPlus/text()")); certQualification.setQcc(signCert.getBoolValue("./QCStatement/QCC/text()")); certQualification.setQcsscd(signCert.getBoolValue("./QCStatement/QCSSCD/text()")); final TLQualification trustedListQualification = new TLQualification(); final String caqc = InvolvedServiceInfo.getServiceTypeIdentifier(signCert); final List<String> qualifiers = InvolvedServiceInfo.getQualifiers(signCert); trustedListQualification.setCaqc(TSLConstant.CA_QC.equals(caqc)); trustedListQualification.setQcCNoSSCD(InvolvedServiceInfo.isQC_NO_SSCD(qualifiers)); trustedListQualification.setQcForLegalPerson(InvolvedServiceInfo.isQC_FOR_LEGAL_PERSON(qualifiers)); trustedListQualification.setQcSSCDAsInCert(InvolvedServiceInfo.isQCSSCD_STATUS_AS_IN_CERT(qualifiers)); trustedListQualification.setQcWithSSCD(qualifiers.contains(TSLConstant.QC_WITH_SSCD) || qualifiers.contains(TSLConstant.QC_WITH_SSCD_119612)); final SignatureType signatureType = SignatureQualification.getSignatureType(certQualification, trustedListQualification); return signatureType; }
private boolean checkSigningCertificateAttributePresentConstraint(final Conclusion conclusion) { final Constraint constraint = params.getCurrentValidationPolicy().getSigningCertificateAttributePresentConstraint(contextName); if (constraint == null) { return true; } constraint.create(validationDataXmlNode, BBB_ICS_ISASCP); final boolean digestValueMatch = contextElement.getBoolValue("./SigningCertificate/AttributePresent/text()"); constraint.setValue(digestValueMatch); constraint.setIndications(INVALID, FORMAT_FAILURE, BBB_ICS_ISASCP_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * Check of: is the timestamp message imprint data intact * * @param conclusion the conclusion to use to add the result of the check. * @param timestamp * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkMessageImprintDataIntactConstraint(final Conclusion conclusion, final XmlDom timestamp) { final Constraint constraint = constraintData.getMessageImprintDataIntactConstraint(); if (constraint == null) { return true; } constraint.create(timestampXmlNode, ADEST_IMIVC); final boolean messageImprintDataIntact = timestamp.getBoolValue(XP_MESSAGE_IMPRINT_DATA_INTACT); constraint.setValue(messageImprintDataIntact); constraint.setIndications(ADEST_IMIVC_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * 2) Check the integrity of the signed data objects. In case of failure, abort the signature validation process * with INVALID/HASH_FAILURE. * * @param conclusion the conclusion to use to add the result of the check. * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkReferenceDataIntactConstraint(Conclusion conclusion) { final Constraint constraint = constraintData.getReferenceDataIntactConstraint(); if (constraint == null) { return true; } constraint.create(subProcessNode, BBB_CV_IRDOI); final boolean referenceDataIntact = contextElement.getBoolValue(XP_REFERENCE_DATA_INTACT); constraint.setValue(referenceDataIntact); constraint.setIndications(INVALID, HASH_FAILURE, BBB_CV_IRDOI_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * 1) Obtain the signed data objects(s) if not provided in the inputs (e.g. by dereferencing an URI present in the * signature). If the signed data object (s) cannot be obtained, abort with the indication * INDETERMINATE/SIGNED_DATA_NOT_FOUND. * * @param conclusion the conclusion to use to add the result of the check. * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkReferenceDataExistenceConstraint(Conclusion conclusion) { final Constraint constraint = constraintData.getReferenceDataExistenceConstraint(); if (constraint == null) { return true; } constraint.create(subProcessNode, BBB_CV_IRDOF); final boolean referenceDataFound = contextElement.getBoolValue(XP_REFERENCE_DATA_FOUND); constraint.setValue(referenceDataFound); constraint.setIndications(INDETERMINATE, SIGNED_DATA_NOT_FOUND, BBB_CV_IRDOF_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * 3) Verify the cryptographic signature using the public key extracted from the signer's certificate in the * chain, the signature value and the signature algorithm extracted from the signature. If this cryptographic * verification outputs a success indication, terminate with VALID. Otherwise, terminate with * INVALID/SIG_CRYPTO_FAILURE. * * @param conclusion the conclusion to use to add the result of the check. * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkSignatureIntactConstraint(Conclusion conclusion) { final Constraint constraint = constraintData.getSignatureIntactConstraint(); if (constraint == null) { return true; } constraint.create(subProcessNode, BBB_CV_ISI); final boolean signatureIntact = contextElement.getBoolValue(XP_SIGNATURE_INTACT); constraint.setValue(signatureIntact); constraint.setIndications(INVALID, SIG_CRYPTO_FAILURE, BBB_CV_ISI_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); } }
/** * Check of: is the timestamp message imprint data found * <p/> * 4) Signature time-stamp validation: Perform the following steps: * <p/> * a) Message imprint verification: For each time-stamp token in the set of signature time-stamp tokens, do the * message imprint verification as specified in clauses 8.4.1 or 8.4.2 depending on the type of the signature. * If the verification fails, remove the token from the set. * * @param conclusion the conclusion to use to add the result of the check. * @param timestamp * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkMessageImprintDataFoundConstraint(final Conclusion conclusion, final XmlDom timestamp) { final Constraint constraint = constraintData.getMessageImprintDataFoundConstraint(); if (constraint == null) { return true; } constraint.create(timestampXmlNode, ADEST_IMIDF); final boolean messageImprintDataIntact = timestamp.getBoolValue(XP_MESSAGE_IMPRINT_DATA_FOUND); constraint.setValue(messageImprintDataIntact); constraint.setIndications(ADEST_IMIDF_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * This method checks if the digest value of the signing certificate is within the signature * * @param conclusion the conclusion to use to add the result of the check. * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkDigestValuePresentConstraint(final Conclusion conclusion) { final Constraint constraint = params.getCurrentValidationPolicy().getSigningCertificateDigestValuePresentConstraint(contextName); if (constraint == null) { return true; } constraint.create(validationDataXmlNode, BBB_ICS_ISACDP); final boolean digestValueMatch = contextElement.getBoolValue("./SigningCertificate/DigestValuePresent/text()"); constraint.setValue(digestValueMatch); constraint.setIndications(INVALID, FORMAT_FAILURE, BBB_ICS_ISACDP_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
/** * This method checks the signature of the given certificate. * * @param conclusion the conclusion to use to add the result of the check. * @param certificateId * @param certificateXmlDom * @param subContext * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkCertificateSignatureConstraint(final Conclusion conclusion, final String certificateId, final XmlDom certificateXmlDom, final String subContext) { final Constraint constraint = constraintData.getCertificateSignatureConstraint(contextName, subContext); if (constraint == null) { return true; } constraint.create(validationDataXmlNode, BBB_XCV_ICSI); constraint.setValue(certificateXmlDom.getBoolValue(XP_SIGNATURE_VALID)); constraint.setIndications(INDETERMINATE, NO_CERTIFICATE_CHAIN_FOUND, BBB_XCV_ICSI_ANS); constraint.setAttribute(CERTIFICATE_ID, certificateId); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
final boolean issuerSerialMatch = contextElement.getBoolValue("./SigningCertificate/IssuerSerialMatch/text()"); constraint.setValue(issuerSerialMatch); constraint.setIndications(INDETERMINATE, NO_SIGNER_CERTIFICATE_FOUND, BBB_ICS_AIDNASNE_ANS);
/** * Check of structural validation (only for XAdES signature: XSD schema validation) * * @param conclusion the conclusion to use to add the result of the check. * @return false if the check failed and the process should stop, true otherwise. */ private boolean checkStructuralValidationConstraint(final Conclusion conclusion) { final Constraint constraint = constraintData.getStructuralValidationConstraint(); if (constraint == null) { return true; } constraint.create(subProcessNode, BBB_SAV_ISSV); final boolean structureValid = signatureContext.getBoolValue("./StructuralValidation/Valid/text()"); constraint.setValue(structureValid); final String message = signatureContext.getValue("./StructuralValidation/Message/text()"); if (DSSUtils.isNotBlank(message)) { constraint.setAttribute("Log", message); } constraint.setIndications(INVALID, SIG_CONSTRAINTS_FAILURE, BBB_SAV_ISSV_ANS); constraint.setConclusionReceiver(conclusion); return constraint.check(); }
final boolean digestValueMatch = contextElement.getBoolValue("./SigningCertificate/DigestValueMatch/text()"); constraint.setValue(digestValueMatch); constraint.setIndications(INVALID, FORMAT_FAILURE, BBB_ICS_ICDVV_ANS);