Package eu.europa.esig.dss.cades.signature

Class CadesLevelBaselineLTATimestampExtractor

java.lang.Object
eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor
public class CadesLevelBaselineLTATimestampExtractor extends Object
Extracts the necessary information to compute the CAdES Archive Timestamp V3.

See "5.5.2 The ats-hash-index-v3 attribute":

The ats-hash-index-v3 is invalid if it contains a reference for which the original value is not found, i.e.: - a reference represented by an entry in certificatesHashIndex which corresponds to no instance of CertificateChoices within certificates field of the root SignedData; - a reference represented by an entry in crlsHashIndex which corresponds to no instance of RevocationInfoChoice within crls field of the root SignedData; or - a reference represented by an entry in unsignedAttrValuesHashIndex which corresponds to no octet stream resulting from concatenating one of the AttributeValue instances within field Attribute.attrValues and the corresponding Attribute.attrType within one Attribute instance in unsignedAttrs field of the SignerInfo.

  • Constructor Details

    • CadesLevelBaselineLTATimestampExtractor

      public CadesLevelBaselineLTATimestampExtractor(CAdESSignature cadesSignature)
      This is the default constructor for the CadesLevelBaselineLTATimestampExtractor.
      Parameters:
      cadesSignature - CAdESSignature related to the archive timestamp

  • Method Details

    • getAtsHashIndex

      public org.bouncycastle.asn1.cms.Attribute getAtsHashIndex(org.bouncycastle.cms.SignerInformation signerInformation, DigestAlgorithm hashIndexDigestAlgorithm, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)
      The ats-hash-index unsigned attribute provides an unambiguous imprint of the essential components of a CAdES signature for use in the archive time-stamp (see 6.4.3). These essential components are elements of the following ASN.1 SET OF structures: unsignedAttrs, SignedData.certificates, and SignedData.crls.

      The ats-hash-index attribute value has the ASN.1 syntax ATSHashIndex: ATSHashIndex ::= SEQUENCE { hashIndAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256}, certificatesHashIndex SEQUENCE OF OCTET STRING, crlsHashIndex SEQUENCE OF OCTET STRING,

      Parameters:
      signerInformation - SignerInformation
      hashIndexDigestAlgorithm - DigestAlgorithm
      atsHashIndexVersionIdentifier - ASN1ObjectIdentifier version of ats-hash-index to create
      Returns:
      Attribute ats-hash-index

    • getVerifiedAtsHashIndex

      public org.bouncycastle.asn1.cms.Attribute getVerifiedAtsHashIndex(org.bouncycastle.cms.SignerInformation signerInformation, TimestampToken timestampToken)
      get the atsHash index for verification of the provided token.
      Parameters:
      signerInformation - SignerInformation
      timestampToken - TimestampToken
      Returns:
      a re-built ats-hash-index

    • getArchiveTimestampV3MessageImprint

      public DSSMessageDigest getArchiveTimestampV3MessageImprint(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.cms.Attribute atsHashIndexAttribute, DSSDocument originalDocument, DigestAlgorithm digestAlgorithm)
      Computes a message-imprint for an archive-time-stamp-v3
      Parameters:
      signerInformation - SignerInformation
      atsHashIndexAttribute - Attribute
      originalDocument - DSSDocument signed document
      digestAlgorithm - DigestAlgorithm to compute message-digest with
      Returns:
      DSSMessageDigest message-imprint digest