private boolean isIssuanceBeforeControlTime(RevocationWrapper revocationData) { Date issuanceDate = revocationData.getProductionDate(); return issuanceDate.before(controlTime); }
public RevocationWrapper getLatestRevocationData() { RevocationWrapper latest = null; for (RevocationWrapper revoc : getRevocationData()) { if (latest == null || (latest.getProductionDate() != null && revoc != null && revoc.getProductionDate() != null && revoc.getProductionDate().after(latest.getProductionDate()))) { latest = revoc; } } return latest; }
@Override protected boolean process() { if (revocationData != null) { long maxFreshness = getMaxFreshness(); long validationDateTime = validationDate.getTime(); long limit = validationDateTime - maxFreshness; Date productionDate = revocationData.getProductionDate(); return productionDate != null && productionDate.after(new Date(limit)); } return false; }
@Override protected boolean process() { if (revocationData != null && revocationData.getNextUpdate() != null) { long maxFreshness = getMaxFreshness(); long validationDateTime = validationDate.getTime(); long limit = validationDateTime - maxFreshness; Date productionDate = revocationData.getProductionDate(); return productionDate != null && productionDate.after(new Date(limit)); } return false; }
private Date getBestSignatureTime(String signatureFormat, String signatureId) { SignatureWrapper signature = dssReports.getDiagnosticData().getSignatureById(signatureId); if (signatureFormat.equals(LT_TM_XAdES_SIGNATURE_FORMAT)) { for (RevocationWrapper revocationData : dssReports.getDiagnosticData().getAllRevocationData()) { return revocationData.getProductionDate(); } } else { List<TimestampWrapper> timeStamps = signature.getTimestampList(); return timeStamps.isEmpty() ? null : timeStamps.get(0).getProductionTime(); } return null; }
private boolean isRevocationFreshnessCheckInvalid(CertificateWrapper certificateWrapper, TimestampWrapper timeStampWrapper) { return certificateWrapper.getRevocationData().stream().anyMatch( r -> { if (CRL_REVOCATION_SOURCE.equals(r.getSource())) { return !(timeStampWrapper.getProductionTime().after(r.getThisUpdate()) && timeStampWrapper.getProductionTime().before(r.getNextUpdate())); } return isInRangeMillis(r.getProductionDate(), timeStampWrapper.getProductionTime(), REVOCATION_FRESHNESS_DAY_DIFFERENCE); }); }
void validateRevocationFreshness(eu.europa.esig.dss.validation.reports.Reports reports) { DiagnosticData diagnosticData = reports.getDiagnosticData(); if (diagnosticData.getUsedCertificates() != null && diagnosticData.getSigningCertificateId() != null) { for (CertificateWrapper certificateWrapper : diagnosticData.getUsedCertificates()) { for (SignatureWrapper signatureWrapper : diagnosticData.getSignatures()) { if (certificateWrapper.getId().equals(signatureWrapper.getSigningCertificateId()) && !signatureWrapper.getTimestampList().isEmpty()) { TimestampWrapper timeStampWrapper = getFirstTimestamp(signatureWrapper.getTimestampList()); if (timeStampWrapper.getProductionTime() == null) return; boolean revocationFreshnessCheckInvokeError = isRevocationFreshnessCheckInvalid(certificateWrapper, timeStampWrapper); if (revocationFreshnessCheckInvokeError) { reports.getSimpleReport().getErrors(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } else { boolean revocationFreshnessCheckInvokeWarning = certificateWrapper.getRevocationData().stream().anyMatch( r -> !CRL_REVOCATION_SOURCE.equals(r.getSource()) && isInRangeMillis(r.getProductionDate(), timeStampWrapper.getProductionTime(), REVOCATION_FRESHNESS_FIFTEEN_MINUTES_DIFFERENCE)); if (revocationFreshnessCheckInvokeWarning) { reports.getSimpleReport().getWarnings(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } } } } } } }
Set<RevocationWrapper> revocations = certificate.getRevocationData(); for (RevocationWrapper revocation : revocations) { if ((latestCompliantRevocation == null || revocation.getProductionDate().after(latestCompliantRevocation.getProductionDate())) && isConsistant(certificate, revocation) && isIssuanceBeforeControlTime(revocation)) { latestCompliantRevocation = revocation; controlTime = latestCompliantRevocation.getRevocationDate(); } else if (!isFresh(latestCompliantRevocation, controlTime)) { controlTime = latestCompliantRevocation.getProductionDate();
private XmlXCV executeX509CertificateValidation() { if (Context.CERTIFICATE.equals(context)) { CertificateWrapper certificate = (CertificateWrapper) token; X509CertificateValidation xcv = new X509CertificateValidation(diagnosticData, certificate, currentTime, certificate.getNotBefore(), context, policy); return xcv.execute(); } else { CertificateWrapper certificate = diagnosticData.getUsedCertificateById(token.getSigningCertificateId()); if (certificate != null) { if (Context.SIGNATURE.equals(context) || Context.COUNTER_SIGNATURE.equals(context)) { X509CertificateValidation xcv = new X509CertificateValidation(diagnosticData, certificate, currentTime, certificate.getNotBefore(), context, policy); return xcv.execute(); } else if (Context.TIMESTAMP.equals(context)) { X509CertificateValidation xcv = new X509CertificateValidation(diagnosticData, certificate, currentTime, ((TimestampWrapper) token).getProductionTime(), context, policy); return xcv.execute(); } else if (Context.REVOCATION.equals(context)) { X509CertificateValidation xcv = new X509CertificateValidation(diagnosticData, certificate, currentTime, ((RevocationWrapper) token).getProductionDate(), context, policy); return xcv.execute(); } } } return null; }
RevocationWrapper revocationData = certificate.getLatestRevocationData(); if (revocationData != null) { revocation.setProductionDate(revocationData.getProductionDate()); revocation.setRevocationDate(revocationData.getRevocationDate()); revocation.setRevocationReason(revocationData.getReason());