Class EvidenceRecordTimeStampSequenceVerifier
java.lang.Object
eu.europa.esig.dss.evidencerecord.common.validation.EvidenceRecordTimeStampSequenceVerifier
- Direct Known Subclasses:
ASN1EvidenceRecordTimeStampSequenceVerifier,XmlEvidenceRecordTimeStampSequenceVerifier
This class performs a verification of complete Evidence Record Archive Time-Stamp Sequence
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final DefaultEvidenceRecordEvidence record to be validated -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedEvidenceRecordTimeStampSequenceVerifier(DefaultEvidenceRecord evidenceRecord) Evidence record to be validated -
Method Summary
Modifier and TypeMethodDescriptionprotected booleancheckHashTreeValidity(ArchiveTimeStampObject archiveTimeStamp, ArchiveTimeStampChainObject archiveTimeStampChain) This method verifies whether theArchiveTimeStampObjectand its hash-tree is valid relatively the parentArchiveTimeStampChainObjectprotected DSSMessageDigestcomputeDigestValueGroupHash(DigestAlgorithm digestAlgorithm, DigestValueGroup digestValueGroup, DSSMessageDigest... otherObjectDigests) Computes a hash value for a group of hashesprotected abstract DSSMessageDigestcomputeTimeStampHash(ArchiveTimeStampObject archiveTimeStamp) Computes hash onarchiveTimeStampelement provided thearchiveTimeStampChain's attributesprotected abstract DSSMessageDigestcomputeTimeStampSequenceHash(ArchiveTimeStampChainObject archiveTimeStampChain) Computes hash of currentArchiveTimeStampSequenceElementprotected ReferenceValidationcreateEmptyReference(DigestMatcherType digestMatcherType, boolean digestFound) This method creates an empty referenceprotected booleandigestMatch(Digest digest, ReferenceValidation reference) This method verifies whether thedigestmatch to the value delivered from thereferenceprotected List<ReferenceValidation> ensureReferenceValidationOfType(List<ReferenceValidation> referenceValidations, DigestMatcherType digestMatcherType, boolean digestFound) This method ensures the list ofreferenceValidationscontains aReferenceValidationof typedigestMatcherTypeprotected List<ReferenceValidation> ensureReferenceValidations(List<ReferenceValidation> referenceValidations) Checks the list oftimestampValidationsfor completeness.protected abstract DataObjectDigestBuildergetDataObjectDigestBuilder(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain) ReturnsDataObjectDigestBuildercorresponding to the current implementationprotected byte[]getDocumentDigest(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain) Returns digest value for the documentprotected List<? extends DigestValueGroup> getHashTree(List<? extends DigestValueGroup> originalHashTree, List<DSSDocument> detachedContents, ManifestFile manifestFile, ArchiveTimeStampChainObject archiveTimeStampChain, ArchiveTimeStampObject archiveTimeStamp, DSSMessageDigest lastTimeStampHash, DSSMessageDigest lastTimeStampSequenceHash) This method returns a relevant HashTree, and created a "virtual" HashTree when a HashTree is omitted in the TimeStampprotected List<byte[]> getLastTimeStampSequenceHashList(DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedDocuments) Returns a list of hashes computed on a given previous time-stamp sequence hashprotected DSSDocumentgetMatchingDocument(Digest digest, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents) This method returns a document with matchingDigestfrom a provided list ofdetachedContentsprotected DSSDocumentgetMatchingDocument(ManifestEntry manifestEntry, List<DSSDocument> detachedContents) This method returns a matching document for the givenmanifestEntryprotected ManifestEntrygetMatchingManifestEntry(ManifestFile manifestFile, Digest digest, DSSDocument document) Returns a validated manifest entry matching the givendigestordocumentGets a list of reference validationsprotected List<ReferenceValidation> validateAdditionalDigest(List<ReferenceValidation> referenceValidations, Digest digest, DigestMatcherType type) This method validates for a presence of adigestwithin the list ofreferenceValidations, to identify a presence of a particularDigestMatcherType.protected List<ReferenceValidation> validateArchiveDataObjects(DigestValueGroup digestValueGroup, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents, ManifestFile manifestFile) This method is used to verify archive data objects for presence document digests withindigestValueGroup.protected List<ReferenceValidation> validateArchiveTimeStampDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampHash) This method is used to verify presence of ArchiveTimeStamp digests within the reference validation list.protected List<ReferenceValidation> validateArchiveTimeStampSequenceDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampSequenceHashes) This method is used to verify presence of ArchiveTimeStampSequence digests within the reference validation list.protected List<ReferenceValidation> validateMasterSignatureDigest(List<ReferenceValidation> referenceValidations, DigestAlgorithm digestAlgorithm, DSSMessageDigest lastTimeStampSequenceHash) This method is used to verify presence of master signature digests within the reference validation list.protected voidverify()Performs verification of the Evidence Record.
-
Field Details
-
evidenceRecord
Evidence record to be validated
-
-
Constructor Details
-
EvidenceRecordTimeStampSequenceVerifier
Evidence record to be validated- Parameters:
evidenceRecord-EvidenceRecord
-
-
Method Details
-
getReferenceValidations
Gets a list of reference validations- Returns:
- a list of
ReferenceValidations
-
verify
protected void verify()Performs verification of the Evidence Record. Generated reference validations and time-stamp tokens -
getHashTree
protected List<? extends DigestValueGroup> getHashTree(List<? extends DigestValueGroup> originalHashTree, List<DSSDocument> detachedContents, ManifestFile manifestFile, ArchiveTimeStampChainObject archiveTimeStampChain, ArchiveTimeStampObject archiveTimeStamp, DSSMessageDigest lastTimeStampHash, DSSMessageDigest lastTimeStampSequenceHash) This method returns a relevant HashTree, and created a "virtual" HashTree when a HashTree is omitted in the TimeStamp- Parameters:
originalHashTree- a list ofDigestValueGroup, representing an original HashTree extracted from a time-stamp tokendetachedContents- a list ofDSSDocuments, provided to the validation as a detached contentmanifestFile-ManifestFilewhen presentarchiveTimeStampChain-ArchiveTimeStampChainObjectarchive time-stamp chain containing the time-stamparchiveTimeStamp-ArchiveTimeStampObjectcurrent archive time-stamplastTimeStampHash-DSSMessageDigestdigest of the previous archive-time-stamp, when applicablelastTimeStampSequenceHash-DSSMessageDigestdigest of the previous archive-time-stamp-sequence, when applicable- Returns:
- a list of
DigestValueGroup, representing a HashTree to be used for an archive-time-stamp validation
-
checkHashTreeValidity
protected boolean checkHashTreeValidity(ArchiveTimeStampObject archiveTimeStamp, ArchiveTimeStampChainObject archiveTimeStampChain) This method verifies whether theArchiveTimeStampObjectand its hash-tree is valid relatively the parentArchiveTimeStampChainObject- Parameters:
archiveTimeStamp-ArchiveTimeStampObjectarchiveTimeStampChain-ArchiveTimeStampChainObject- Returns:
- TRUE if the validation succeeds, FALSE otherwise
-
getLastTimeStampSequenceHashList
protected List<byte[]> getLastTimeStampSequenceHashList(DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedDocuments) Returns a list of hashes computed on a given previous time-stamp sequence hash- Parameters:
lastTimeStampSequenceHash-DSSMessageDigestof the previous ArchiveTimeStampSequencedetachedDocuments- a list of detachedDSSDocuments- Returns:
- a list of byte arrays
-
getDocumentDigest
protected byte[] getDocumentDigest(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain) Returns digest value for the document- Parameters:
document-DSSDocumentto get digest value forarchiveTimeStampChain-ArchiveTimeStampChainObjectof the current hashtree- Returns:
- byte array representing document digest
-
getDataObjectDigestBuilder
protected abstract DataObjectDigestBuilder getDataObjectDigestBuilder(DSSDocument document, ArchiveTimeStampChainObject archiveTimeStampChain) ReturnsDataObjectDigestBuildercorresponding to the current implementation- Parameters:
document-DSSDocumentdocument to build digest forarchiveTimeStampChain-ArchiveTimeStampChainObjectof the current hashtree- Returns:
DataObjectDigestBuilder
-
validateArchiveTimeStampDigest
protected List<ReferenceValidation> validateArchiveTimeStampDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampHash) This method is used to verify presence of ArchiveTimeStamp digests within the reference validation list. If entry is not present, creates one, when applicable- Parameters:
referenceValidations- a list ofReferenceValidationslastTimeStampHash-DSSMessageDigest- Returns:
- an updated list of
ReferenceValidations
-
validateArchiveTimeStampSequenceDigest
protected List<ReferenceValidation> validateArchiveTimeStampSequenceDigest(List<ReferenceValidation> referenceValidations, DSSMessageDigest lastTimeStampSequenceHashes) This method is used to verify presence of ArchiveTimeStampSequence digests within the reference validation list. If entry is not present, creates one, when applicable- Parameters:
referenceValidations- a list ofReferenceValidationslastTimeStampSequenceHashes-DSSMessageDigest- Returns:
- an updated list of
ReferenceValidations
-
validateMasterSignatureDigest
protected List<ReferenceValidation> validateMasterSignatureDigest(List<ReferenceValidation> referenceValidations, DigestAlgorithm digestAlgorithm, DSSMessageDigest lastTimeStampSequenceHash) This method is used to verify presence of master signature digests within the reference validation list. If entry is not present, creates one, when applicable- Parameters:
referenceValidations- a list ofReferenceValidationsdigestAlgorithm-DigestAlgorithmused by the hashtreelastTimeStampSequenceHash-DSSMessageDigestif present- Returns:
- an updated list of
ReferenceValidations
-
validateAdditionalDigest
protected List<ReferenceValidation> validateAdditionalDigest(List<ReferenceValidation> referenceValidations, Digest digest, DigestMatcherType type) This method validates for a presence of adigestwithin the list ofreferenceValidations, to identify a presence of a particularDigestMatcherType. If a digest value is found, the method assigns the givenDigestMatcherTypeto the matching reference. Otherwise, it creates an empty reference, if applicable.- Parameters:
referenceValidations- a list ofReferenceValidations to evaluatedigest-Digesttarget digest to be foundtype-DigestMatcherType- Returns:
- a list of processed
ReferenceValidations
-
digestMatch
This method verifies whether thedigestmatch to the value delivered from thereference- Parameters:
digest-Digestreference-ReferenceValidation- Returns:
- TRUE if the digest values match, FALSE otherwise
-
validateArchiveDataObjects
protected List<ReferenceValidation> validateArchiveDataObjects(DigestValueGroup digestValueGroup, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents, ManifestFile manifestFile) This method is used to verify archive data objects for presence document digests withindigestValueGroup.- Parameters:
digestValueGroup-DigestValueGroupto find document corresponding digest inarchiveTimeStampChain-ArchiveTimeStampChainObjectdefines configuration for validationlastTimeStampSequenceHash-DSSMessageDigesthash of the last archive time-stamp sequencedetachedContents- a list of detachedDSSDocumentsmanifestFile-ManifestFile, when present- Returns:
- a list of
ReferenceValidations
-
getMatchingManifestEntry
protected ManifestEntry getMatchingManifestEntry(ManifestFile manifestFile, Digest digest, DSSDocument document) Returns a validated manifest entry matching the givendigestordocument- Parameters:
manifestFile-ManifestFiledigest-Digestdocument-DSSDocument- Returns:
ManifestEntry, if found
-
getMatchingDocument
protected DSSDocument getMatchingDocument(Digest digest, ArchiveTimeStampChainObject archiveTimeStampChain, DSSMessageDigest lastTimeStampSequenceHash, List<DSSDocument> detachedContents) This method returns a document with matchingDigestfrom a provided list ofdetachedContents- Parameters:
digest-Digestto checkarchiveTimeStampChain-ArchiveTimeStampChainObjectdefines configuration for validationlastTimeStampSequenceHash-DSSMessageDigesthash of the last archive time-stamp sequencedetachedContents- a list ofDSSDocuments- Returns:
DSSDocumentif matching document found, NULL otherwise
-
getMatchingDocument
protected DSSDocument getMatchingDocument(ManifestEntry manifestEntry, List<DSSDocument> detachedContents) This method returns a matching document for the givenmanifestEntry- Parameters:
manifestEntry-ManifestEntryto get matching document fordetachedContents- a list ofDSSDocuments provided within a container- Returns:
DSSDocumentmatching document when found, NULL otherwise
-
computeTimeStampHash
Computes hash onarchiveTimeStampelement provided thearchiveTimeStampChain's attributes- Parameters:
archiveTimeStamp-ArchiveTimeStampObjectto compute hash on- Returns:
DSSMessageDigest
-
computeTimeStampSequenceHash
protected abstract DSSMessageDigest computeTimeStampSequenceHash(ArchiveTimeStampChainObject archiveTimeStampChain) Computes hash of currentArchiveTimeStampSequenceElement- Parameters:
archiveTimeStampChain-ArchiveTimeStampChainObjectto compute hash for- Returns:
DSSMessageDigest
-
ensureReferenceValidations
protected List<ReferenceValidation> ensureReferenceValidations(List<ReferenceValidation> referenceValidations) Checks the list oftimestampValidationsfor completeness. Adds missing references, if needed- Parameters:
referenceValidations- a list ofReferenceValidations- Returns:
- a list of
ReferenceValidations
-
ensureReferenceValidationOfType
protected List<ReferenceValidation> ensureReferenceValidationOfType(List<ReferenceValidation> referenceValidations, DigestMatcherType digestMatcherType, boolean digestFound) This method ensures the list ofreferenceValidationscontains aReferenceValidationof typedigestMatcherType- Parameters:
referenceValidations- a list ofReferenceValidationsdigestMatcherType-DigestMatcherTypedigestFound- whether digest has been found- Returns:
- a list of
ReferenceValidations
-
createEmptyReference
protected ReferenceValidation createEmptyReference(DigestMatcherType digestMatcherType, boolean digestFound) This method creates an empty reference- Parameters:
digestMatcherType-DigestMatcherTypeto usedigestFound- whether digest has been found- Returns:
ReferenceValidation
-
computeDigestValueGroupHash
protected DSSMessageDigest computeDigestValueGroupHash(DigestAlgorithm digestAlgorithm, DigestValueGroup digestValueGroup, DSSMessageDigest... otherObjectDigests) Computes a hash value for a group of hashes- Parameters:
digestAlgorithm-DigestAlgorithmto be used for a hash computationdigestValueGroup-DigestValueGroupcontaining grouped elements from a hash treeotherObjectDigests- additional hash values obtained from other computations- Returns:
DSSMessageDigest
-