Package eu.europa.esig.dss.cades.evidencerecord

Class CAdESEvidenceRecordDigestBuilder

java.lang.Object
eu.europa.esig.dss.spi.validation.evidencerecord.AbstractSignatureEvidenceRecordDigestBuilder
eu.europa.esig.dss.cades.evidencerecord.CAdESEvidenceRecordDigestBuilder
All Implemented Interfaces:
SignatureEvidenceRecordDigestBuilder
public class CAdESEvidenceRecordDigestBuilder extends AbstractSignatureEvidenceRecordDigestBuilder
Computes message-imprint of a CMS signature to be protected by an evidence-record

  • Field Details

    • detachedDocument

      protected DSSDocument detachedDocument
      Original document in case of a detached signature

    • derEncoded

      protected boolean derEncoded
      Sets whether the signature shall be DER-encoded for a hash computation (as per ETSI TS 119 122-3 v1.1.1)

  • Constructor Details

    • CAdESEvidenceRecordDigestBuilder

      public CAdESEvidenceRecordDigestBuilder(DSSDocument signatureDocument)
      Default constructor to instantiate CAdESEvidenceRecordDigestBuilder with a SHA-256 digest algorithm
      Parameters:
      signatureDocument - DSSDocument to compute message-imprint for

    • CAdESEvidenceRecordDigestBuilder

      public CAdESEvidenceRecordDigestBuilder(DSSDocument signatureDocument, DigestAlgorithm digestAlgorithm)
      Constructor to instantiate CAdESEvidenceRecordDigestBuilder with a custom digest algorithm
      Parameters:
      signatureDocument - DSSDocument to compute message-imprint for
      digestAlgorithm - DigestAlgorithm to be used

    • CAdESEvidenceRecordDigestBuilder

      protected CAdESEvidenceRecordDigestBuilder(AdvancedSignature signature, SignatureAttribute evidenceRecordAttribute, DigestAlgorithm digestAlgorithm)
      Constructor to instantiate CAdESEvidenceRecordDigestBuilder from a signature for the given evidenceRecordAttribute. This constructor is used on validation of existing evidence record.
      Parameters:
      signature - AdvancedSignature containing the incorporated evidence record
      evidenceRecordAttribute - SignatureAttribute location of the evidence record
      digestAlgorithm - DigestAlgorithm to be used

  • Method Details

    • setDetachedContent

      public CAdESEvidenceRecordDigestBuilder setDetachedContent(DSSDocument detachedDocument)
      Sets an original document in case of a detached signature. When set, please use #buildExternalEvidenceRecordDigest to compute hash for both the signature and the original document
      Parameters:
      detachedDocument - DSSDocument original document covered by the signature
      Returns:
      this builder

    • setDEREncoded

      public CAdESEvidenceRecordDigestBuilder setDEREncoded(boolean derEncoded)
      Sets whether a signature shall be DER-encoded prior to the hash computation
      Parameters:
      derEncoded - whether signature shall be DER encoded
      Returns:
      this builder

    • setParallelEvidenceRecord

      public CAdESEvidenceRecordDigestBuilder setParallelEvidenceRecord(boolean parallelEvidenceRecord)
      Description copied from class: AbstractSignatureEvidenceRecordDigestBuilder
      Sets whether the message-imprint for an evidence record shall be computed as for a parallel evidence-record (i.e. to be incorporated within the latest evidence-record attribute, when available). Otherwise, will compute message-imprint based on the whole signature's content, including coverage of other existing evidence-record. Default : FALSE (computes digest based on the whole signature's content)
      Overrides:
      setParallelEvidenceRecord in class AbstractSignatureEvidenceRecordDigestBuilder
      Parameters:
      parallelEvidenceRecord - whether the message-imprint for an evidence record shall be computed as for a parallel evidence-record
      Returns:
      this builder

    • build

      public Digest build()
      Description copied from interface: SignatureEvidenceRecordDigestBuilder
      Generates hash value for the signature enveloping the evidence-record. Note: the method is not supported for ASiC containers
      Returns:
      Digest containing the hash value of the binaries and the used digest algorithm

    • buildExternalEvidenceRecordDigest

      public List<Digest> buildExternalEvidenceRecordDigest()
      This method build a group of digests to be covered in case of an external-evidence-record incorporation. Note: the original detached document shall be provided within #setDetachedContent method.
      Returns:
      a list of Digest, containing the signature digest on the first position, and digest of a detached document on the second position

    • getCMS

      protected CMS getCMS()
      Gets a CMS
      Returns:
      CMS

    • getDigest

      protected Digest getDigest(CMS cms)
      Gets digest of cms to be protected by an evidence record
      Parameters:
      cms - CMS to cover
      Returns:
      Digest

    • getCMSContentInfoMessageImprint

      protected byte[] getCMSContentInfoMessageImprint(CMS cms)
      Returns a CMSSignedData's message-imprint to be protected by an evidence record
      Parameters:
      cms - CMSSignedData
      Returns:
      encoded message-imprint binaries

    • getCMSSignedDataBeforeLastEvidenceRecord

      protected CMS getCMSSignedDataBeforeLastEvidenceRecord(CMS cms)
      Creates a CMS that have been protected by the latest evidence-record
      Parameters:
      cms - CMS protected by evidence-record(s)
      Returns:
      original CMS

    • getEncoded

      protected byte[] getEncoded(CMS cms)
      Gets encoded CMS binaries
      Parameters:
      cms - CMS
      Returns:
      byte array