package eu.europa.esig.dss.cades.signature;
import static org.junit.Assert.assertEquals;
import java.util.Date;
import org.junit.Before;
import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.InMemoryDocument;
import eu.europa.esig.dss.MimeType;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.SignatureLevel;
import eu.europa.esig.dss.SignaturePackaging;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.signature.DocumentSignatureService;
import eu.europa.esig.dss.test.gen.CertificateService;
import eu.europa.esig.dss.test.mock.MockPrivateKeyEntry;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.policy.rules.SubIndication;
import eu.europa.esig.dss.validation.reports.SimpleReport;
/**
* Cryptographic signature is valid with expired certificate
*
*/
public class CAdESLevelBWithExpiredCertificate extends AbstractCAdESTestSignature {
private DocumentSignatureService<CAdESSignatureParameters> service;
private CAdESSignatureParameters signatureParameters;
private DSSDocument documentToSign;
private MockPrivateKeyEntry privateKeyEntry;
@Before
public void init() throws Exception {
documentToSign = new InMemoryDocument("Hello World".getBytes());
CertificateService certificateService = new CertificateService();
privateKeyEntry = certificateService.generateExpiredCertificateChain(SignatureAlgorithm.RSA_SHA512, false);
signatureParameters = new CAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(privateKeyEntry.getCertificate());
signatureParameters.setCertificateChain(privateKeyEntry.getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.CAdES_BASELINE_B);
signatureParameters.setDigestAlgorithm(DigestAlgorithm.SHA512);
signatureParameters.setSignWithExpiredCertificate(true);
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
service = new CAdESService(certificateVerifier);
}
@Override
protected void verifySimpleReport(SimpleReport simpleReport) {
super.verifySimpleReport(simpleReport);
Indication indication = simpleReport.getIndication(simpleReport.getFirstSignatureId());
assertEquals(Indication.INDETERMINATE, indication);
SubIndication subIndication = simpleReport.getSubIndication(simpleReport.getFirstSignatureId());
assertEquals(SubIndication.NO_CERTIFICATE_CHAIN_FOUND, subIndication);
}
@Override
protected DocumentSignatureService<CAdESSignatureParameters> getService() {
return service;
}
@Override
protected CAdESSignatureParameters getSignatureParameters() {
return signatureParameters;
}
@Override
protected MimeType getExpectedMime() {
return MimeType.PKCS7;
}
@Override
protected boolean isBaselineT() {
return false;
}
@Override
protected boolean isBaselineLTA() {
return false;
}
@Override
protected DSSDocument getDocumentToSign() {
return documentToSign;
}
@Override
protected MockPrivateKeyEntry getPrivateKeyEntry() {
return privateKeyEntry;
}
}