org.digidoc4j.impl.bdoc.xades.validation.TimemarkSignatureValidator.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.digidoc4j.impl.bdoc.xades.validation.TimemarkSignatureValidator.java

Introduction

Here is the source code for org.digidoc4j.impl.bdoc.xades.validation.TimemarkSignatureValidator.java

Source

/* DigiDoc4J library
*
* This software is released under either the GNU Library General Public
* License (see LICENSE.LGPL).
*
* Note that the only valid version of the LGPL license as far as this
* project is concerned is the original GNU Library General Public License
* Version 2.1, February 1999
*/

package org.digidoc4j.impl.bdoc.xades.validation;

import java.security.cert.X509Certificate;
import java.util.Date;

import org.apache.commons.lang.StringUtils;
import org.digidoc4j.exceptions.SignedWithExpiredCertificateException;
import org.digidoc4j.exceptions.UntrustedRevocationSourceException;
import org.digidoc4j.impl.bdoc.xades.XadesSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.europa.esig.dss.validation.reports.Reports;
import eu.europa.esig.dss.validation.reports.wrapper.DiagnosticData;

public class TimemarkSignatureValidator extends XadesSignatureValidator {

    private final static Logger logger = LoggerFactory.getLogger(TimemarkSignatureValidator.class);
    private XadesSignature signature;

    public TimemarkSignatureValidator(XadesSignature signature) {
        super(signature);
        this.signature = signature;
    }

    @Override
    protected void populateValidationErrors() {
        super.populateValidationErrors();
        addCertificateExpirationError();
        addRevocationErrors();
    }

    private void addCertificateExpirationError() {
        Date signingTime = signature.getTrustedSigningTime();
        if (signingTime == null) {
            return;
        }
        X509Certificate signerCert = signature.getSigningCertificate().getX509Certificate();
        Date notBefore = signerCert.getNotBefore();
        Date notAfter = signerCert.getNotAfter();
        boolean isCertValid = signingTime.compareTo(notBefore) >= 0 && signingTime.compareTo(notAfter) <= 0;
        if (!isCertValid) {
            logger.error("Signature has been created with expired certificate");
            addValidationError(new SignedWithExpiredCertificateException());
        }
    }

    private void addRevocationErrors() {
        Reports validationReport = signature.validate().getReport();
        DiagnosticData diagnosticData = validationReport.getDiagnosticData();
        if (diagnosticData == null) {
            return;
        }
        String signingCertificateId = diagnosticData.getSigningCertificateId();
        String certificateRevocationSource = diagnosticData.getCertificateRevocationSource(signingCertificateId);
        logger.debug("Revocation source is " + certificateRevocationSource);
        if (StringUtils.equalsIgnoreCase("CRLToken", certificateRevocationSource)) {
            logger.error("Signing certificate revocation source is CRL instead of OCSP");
            addValidationError(new UntrustedRevocationSourceException());
        }
    }
}