Package eu.europa.esig.dss.validation.timestamp

Class TimestampToken

java.lang.Object
eu.europa.esig.dss.model.x509.Token
eu.europa.esig.dss.validation.timestamp.TimestampToken
All Implemented Interfaces:
Serializable
Direct Known Subclasses:
PdfTimestampToken
public class TimestampToken
extends Token
SignedToken containing a TimeStamp.
See Also:
Serialized Form

  • Constructor Details

    • TimestampToken

      public TimestampToken​(byte[] binaries, TimestampType type) throws org.bouncycastle.tsp.TSPException, IOException, org.bouncycastle.cms.CMSException
      Default constructor
      Parameters:
      binaries - byte array
      type - TimestampType
      Throws:
      org.bouncycastle.tsp.TSPException - if timestamp creation exception occurs
      IOException - if IOException occurs
      org.bouncycastle.cms.CMSException - if CMS data building exception occurs

    • TimestampToken

      public TimestampToken​(byte[] binaries, TimestampType type, List<TimestampedReference> timestampedReferences) throws org.bouncycastle.tsp.TSPException, IOException, org.bouncycastle.cms.CMSException
      Default constructor with timestamped references
      Parameters:
      binaries - byte array
      type - TimestampType
      timestampedReferences - a list of TimestampedReferences
      Throws:
      org.bouncycastle.tsp.TSPException - if timestamp creation exception occurs
      IOException - if IOException occurs
      org.bouncycastle.cms.CMSException - if CMS data building exception occurs

    • TimestampToken

      public TimestampToken​(org.bouncycastle.cms.CMSSignedData cms, TimestampType type, List<TimestampedReference> timestampedReferences) throws org.bouncycastle.tsp.TSPException, IOException
      Default constructor with timestamped references
      Parameters:
      cms - CMSSignedData
      type - TimestampType
      timestampedReferences - a list of TimestampedReferences
      Throws:
      org.bouncycastle.tsp.TSPException - if timestamp creation exception occurs
      IOException - if IOException occurs

    • TimestampToken

      public TimestampToken​(org.bouncycastle.tsp.TimeStampToken timeStamp, TimestampType type, List<TimestampedReference> timestampedReferences)
      Constructor with an indication of the timestamp type. The default constructor for TimestampToken.
      Parameters:
      timeStamp - TimeStampToken
      type - TimestampType
      timestampedReferences - timestamped references timestamp comes from

  • Method Details

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Description copied from class: Token
      Returns the X500Principal of the certificate which was used to sign this token.
      Specified by:
      getIssuerX500Principal in class Token
      Returns:
      the issuer's X500Principal

    • getAbbreviation

      public String getAbbreviation()
      Description copied from class: Token
      This method returns the DSS abbreviation of the token. It is used for debugging purpose.
      Overrides:
      getAbbreviation in class Token
      Returns:
      an abbreviation for the certificate

    • getCertificateSource

      public TimestampCertificateSource getCertificateSource()
      Returns TimestampCertificateSource for the timestamp
      Returns:
      TimestampCertificateSource

    • getCRLSource

      public TimestampCRLSource getCRLSource()
      Returns TimestampCRLSource for the timestamp
      Returns:
      TimestampCRLSource

    • getOCSPSource

      public TimestampOCSPSource getOCSPSource()
      Returns TimestampOCSPSource for the timestamp
      Returns:
      TimestampOCSPSource

    • isSignatureValid

      public boolean isSignatureValid()
      Indicates if the token's signature is intact. The method isSignedBy(CertificateToken) must be called to set this flag. Note: return false if the check isSignedBy() was not performed or the signer's public key does not much. In order to check if the validation has been performed, use the method getSignatureValidity() that returns a three-state value.
      Returns:
      true if the signature is valid (== SignatureValidity.VALID)

    • isSignedBy

      public boolean isSignedBy​(CertificateToken certificateToken)
      Checks if the OCSP token is signed by the given publicKey
      Overrides:
      isSignedBy in class Token
      Parameters:
      certificateToken - the candidate to be tested
      Returns:
      true if this token is signed by the given public key

    • isSignedBy

      public boolean isSignedBy​(PublicKey publicKey)
      Description copied from class: Token
      Checks if the OCSP token is signed by the given publicKey
      Overrides:
      isSignedBy in class Token
      Parameters:
      publicKey - the candidate to be tested
      Returns:
      true if this token is signed by the given public key

    • checkIsSignedBy

      protected SignatureValidity checkIsSignedBy​(CertificateToken candidate)
      Checks if timestamp is signed by teh given certificate
      Parameters:
      candidate - CertificateToken
      Returns:
      SignatureValidity

    • checkIsSignedBy

      protected SignatureValidity checkIsSignedBy​(PublicKey publicKey)
      Description copied from class: Token
      Verifies if the current token has been signed by the specified publicKey
      Specified by:
      checkIsSignedBy in class Token
      Parameters:
      publicKey - PublicKey of a signing candidate
      Returns:
      SignatureValidity

    • matchData

      public boolean matchData​(DSSDocument timestampedData)
      Checks if the TimeStampToken matches the signed data.
      Parameters:
      timestampedData - a DSSDocument representing the timestamped data
      Returns:
      true if the data is verified by the TimeStampToken

    • matchData

      public boolean matchData​(DSSDocument timestampedData, boolean suppressMatchWarnings)
      Checks if the TimeStampToken matches the signed data. This method is used when we want to test whether the TimeStampToken matches the signed data calculated according to ETSI TS 101 733 v2.2.1 and depending on the result re-run the message imprint calculation according to ETSI TS 101 733 v1.8.3. It is part of solution for the issue DSS-1401 (https://ec.europa.eu/cefdigital/tracker/browse/DSS-1401)
      Parameters:
      timestampedData - a DSSDocument representing the timestamped data
      suppressMatchWarnings - if true the message imprint match warning logs are suppressed.
      Returns:
      true if the data is verified by the TimeStampToken

    • matchData

      public boolean matchData​(byte[] expectedMessageImprintValue)
      Checks if the TimeStampToken matches the signed data.
      Parameters:
      expectedMessageImprintValue - the expected message-imprint value
      Returns:
      true if the data is verified by the TimeStampToken

    • matchData

      public boolean matchData​(byte[] expectedMessageImprintValue, boolean suppressMatchWarnings)
      Checks if the TimeStampToken matches the signed data.
      Parameters:
      expectedMessageImprintValue - the expected message-imprint value
      suppressMatchWarnings - if true the message imprint match warning logs are suppressed.
      Returns:
      true if the data is verified by the TimeStampToken

    • isProcessed

      public boolean isProcessed()
      Checks if the timestamp's signature has been validated
      Returns:
      TRUE if the timestamp's signature has been validated, FALSE otherwise

    • getTimeStampType

      public TimestampType getTimeStampType()
      Retrieves the type of the timestamp token.
      Returns:
      TimestampType

    • getGenerationTime

      public Date getGenerationTime()
      Retrieves the timestamp generation time.
      Returns:
      Date

    • getCreationDate

      public Date getCreationDate()
      Description copied from class: Token
      Returns the creation date of this token. This date is mainly used to retrieve the correct issuer within a collection of renewed certificates (new certificate with the same key pair).
      Specified by:
      getCreationDate in class Token
      Returns:
      the creation date of the token (notBefore for a certificate, productionDate for revocation data,...)

    • getMessageImprint

      public Digest getMessageImprint()
      This method returns the embedded message-imprint value
      Returns:
      a Digest DTO with the algorithm and the value

    • isMessageImprintDataFound

      public Boolean isMessageImprintDataFound()
      Returns:
      true if the message imprint data was found, false otherwise

    • isMessageImprintDataIntact

      public Boolean isMessageImprintDataIntact()
      The method matchData must be invoked previously.
      Returns:
      true if the message imprint data is intact, false otherwise

    • getFileName

      public String getFileName()
      This method returns the file name of a detached timestamp
      Returns:
      String

    • setFileName

      public void setFileName​(String fileName)
      Sets the filename of a detached timestamp
      Parameters:
      fileName - String

    • getManifestFile

      public ManifestFile getManifestFile()
      This method returns the covered manifest file NOTE: applicable only for ASiC-E CAdES
      Returns:
      ManifestFile

    • setManifestFile

      public void setManifestFile​(ManifestFile manifestFile)
      Sets the manifest file covered by the current timestamp NOTE: applicable only for ASiC-E CAdES
      Parameters:
      manifestFile - ManifestFile

    • getTimestampedReferences

      public List<TimestampedReference> getTimestampedReferences()
      Returns:
      List of TimestampReferences

    • getArchiveTimestampType

      public ArchiveTimestampType getArchiveTimestampType()
      Returns:
      ArchiveTimestampType in the case of an archive timestamp, null otherwise

    • setArchiveTimestampType

      public void setArchiveTimestampType​(ArchiveTimestampType archiveTimestampType)
      Archive timestamps can be of different sub type.
      Parameters:
      archiveTimestampType - ArchiveTimestampType

    • getCanonicalizationMethod

      public String getCanonicalizationMethod()
      Applies only from XAdES timestamps
      Returns:
      String representing the canonicalization method used by the timestamp

    • setCanonicalizationMethod

      public void setCanonicalizationMethod​(String canonicalizationMethod)
      Allows to set the canonicalization method used by the timestamp. Applies only with XAdES timestamps.
      Parameters:
      canonicalizationMethod - String representing the canonicalization method

    • getEncoded

      public byte[] getEncoded()
      Description copied from class: Token
      Returns the encoded form of the wrapped token.
      Specified by:
      getEncoded in class Token
      Returns:
      the encoded form of the wrapped token

    • getTimestampIncludes

      public List<TimestampInclude> getTimestampIncludes()
      Returns the covered references by the current timestamp (XAdES IndividualDataObjectsTimeStamp)
      Returns:
      a list of timestamp's includes

    • setTimestampIncludes

      public void setTimestampIncludes​(List<TimestampInclude> timestampIncludes)
      Sets the covered references by the current timestamp (XAdES IndividualDataObjectsTimeStamp)
      Parameters:
      timestampIncludes - a list of timestamp's includes

    • getTimestampScopes

      public List<SignatureScope> getTimestampScopes()
      Returns the scope of the current timestamp (detached timestamps only)
      Returns:
      a list of SignatureScope

    • setTimestampScopes

      public void setTimestampScopes​(List<SignatureScope> timestampScopes)
      Sets timestamp's signature scopes
      Parameters:
      timestampScopes - a list of SignatureScopes

    • getCertificates

      public List<CertificateToken> getCertificates()
      Returns the list of wrapped certificates.
      Returns:
      List of CertificateToken

    • getCertificateRefs

      public Set<CertificateRef> getCertificateRefs()
      Returns the Set of contained certificate references.
      Returns:
      Set of CertificateRef

    • getUnsignedAttributes

      public org.bouncycastle.asn1.cms.AttributeTable getUnsignedAttributes()
      Gets unsigned attribute table
      Returns:
      AttributeTable

    • getTimeStamp

      public org.bouncycastle.tsp.TimeStampToken getTimeStamp()
      Gets BouncyCastle implementation of a TimestampToken
      Returns:
      TimeStampToken

    • getTimestampAttribute

      public SignatureAttribute getTimestampAttribute()
      Gets the timestamp's element attribute (XAdES, JAdES)
      Returns:
      SignatureAttribute

    • setTimestampAttribute

      public void setTimestampAttribute​(SignatureAttribute attribute)
      Sets the timestamp's element attribute (XAdES, JAdES)
      Parameters:
      attribute - SignatureAttribute

    • toString

      public String toString​(String indentStr)
      Description copied from class: Token
      Returns a string representation of the token.
      Specified by:
      toString in class Token
      Parameters:
      indentStr - the indentation to use
      Returns:
      string representation of the token

    • getSignerInformationStoreInfos

      public Set<CertificateIdentifier> getSignerInformationStoreInfos()
      Returns a list of found CertificateIdentifier in the SignerInformationStore
      Returns:
      a list of CertificateIdentifiers

    • getCandidatesForSigningCertificate

      public CandidatesForSigningCertificate getCandidatesForSigningCertificate()
      Returns an object with signing candidates
      Returns:
      CandidatesForSigningCertificate

    • getSignerInformation

      public org.bouncycastle.cms.SignerInformation getSignerInformation()
      Returns used signer information from CMS Signed Data object
      Returns:
      SignerInformation

    • buildTokenIdentifier

      protected TokenIdentifier buildTokenIdentifier()
      Description copied from class: Token
      Builds a token unique identifier
      Specified by:
      buildTokenIdentifier in class Token
      Returns:
      TokenIdentifier