TimestampSignatureValidator.java

/* DigiDoc4J library
*
* This software is released under either the GNU Library General Public
* License (see LICENSE.LGPL).
*
* Note that the only valid version of the LGPL license as far as this
* project is concerned is the original GNU Library General Public License
* Version 2.1, February 1999
*/

package org.digidoc4j.impl.bdoc.xades.validation;

import java.util.Date;
import java.util.List;

import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.digidoc4j.Configuration;
import org.digidoc4j.exceptions.TimestampAfterOCSPResponseTimeException;
import org.digidoc4j.exceptions.TimestampAndOcspResponseTimeDeltaTooLargeException;
import org.digidoc4j.impl.bdoc.xades.XadesSignature;
import org.digidoc4j.utils.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.europa.esig.dss.validation.TimestampToken;
import eu.europa.esig.dss.xades.validation.XAdESSignature;

public class TimestampSignatureValidator extends TimemarkSignatureValidator {

  private final static Logger logger = LoggerFactory.getLogger(TimemarkSignatureValidator.class);
  private XadesSignature signature;
  private Configuration configuration;

  public TimestampSignatureValidator(XadesSignature signature, Configuration configuration) {
    super(signature);
    this.signature = signature;
    this.configuration = configuration;
  }

  @Override
  protected void populateValidationErrors() {
    super.populateValidationErrors();
    addSigningTimeErrors();
  }

  private void addSigningTimeErrors() {
    XAdESSignature xAdESSignature = signature.getDssSignature();
    List<TimestampToken> signatureTimestamps = xAdESSignature.getSignatureTimestamps();
    if (signatureTimestamps == null || signatureTimestamps.isEmpty()) {
      return;
    }
    Date timestamp = signatureTimestamps.get(0).getGenerationTime();
    if (timestamp == null) {
      return;
    }
    List<BasicOCSPResp> ocspResponses = xAdESSignature.getOCSPSource().getContainedOCSPResponses();
    if (ocspResponses == null || ocspResponses.isEmpty()) {
      return;
    }
    Date ocspTime = ocspResponses.get(0).getProducedAt();
    if (ocspTime == null) {
      return;
    }
    if (!DateUtils.isInRangeMinutes(timestamp, ocspTime, configuration.getRevocationAndTimestampDeltaInMinutes())) {
      logger.error("The difference between the OCSP response production time and the signature time stamp is too large");
      addValidationError(new TimestampAndOcspResponseTimeDeltaTooLargeException());
    }
    if (ocspTime.before(timestamp)) {
      logger.error("OCSP response production time is before timestamp time");
      addValidationError(new TimestampAfterOCSPResponseTimeException());
    }
  }
}