POEExtraction.java example

Explorer
sd-dss-master
- apps
  - dss
  - sscd-mocca-adapter
    - src
      - main
        java
        eu
        europa
        ec
        markt
        dss
        mocca
        MOCCAPrivateKeyEntry.java
        MOCCASignatureTokenConnection.java
        PINGUIAdapter.java
/*
 * DSS - Digital Signature Services
 *
 * Copyright (C) 2013 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel
 *
 * Developed by: 2013 ARHS Developments S.A. (rue Nicolas Bové 2B, L-1253 Luxembourg) http://www.arhs-developments.com
 *
 * This file is part of the "DSS - Digital Signature Services" project.
 *
 * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of
 * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the
 * License, or (at your option) any later version.
 *
 * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License along with
 * "DSS - Digital Signature Services".  If not, see <http://www.gnu.org/licenses/>.
 */

package eu.europa.ec.markt.dss.validation102853.process;

import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.validation102853.xml.XmlDom;
import eu.europa.ec.markt.dss.validation102853.rules.AttributeName;
import eu.europa.ec.markt.dss.validation102853.rules.AttributeValue;
import eu.europa.ec.markt.dss.validation102853.rules.ExceptionMessage;
import eu.europa.ec.markt.dss.validation102853.rules.Indication;
import eu.europa.ec.markt.dss.validation102853.rules.NodeName;
import eu.europa.ec.markt.dss.validation102853.rules.NodeValue;
import eu.europa.ec.markt.dss.validation102853.rules.SubIndication;

/**
 * 9.2.3 POE extraction<br>
 * <p/>
 * 9.2.3.1 Description<br>
 * <p/>
 * This building block derives POEs from a given time-stamp. This process assumes the following about the time-stamp:<br>
 * <p/>
 * • The time-stamp has been accepted as VALID.<br>
 * • The cryptographic hash function used in the time-stamp (MessageImprint.hashAlgorithm) is considered reliable at the
 * generation time of the time-stamp.<br>
 * <p/>
 * In the simple case, a time-stamp gives a POE for each data item protected by the time-stamp at the generation
 * date/time of the token. For instance, a time-stamp on the signature value gives a POE of the signature value (the
 * binary data) at the generation date/time of the time-stamp.<br>
 * A time-stamp may also give an indirect POE when it is computed on the hash value of some data instead of the data
 * itself. In this case, we will use the following property (indirect POE):<br>
 * <p/>
 * • If we have a POE for h(d) at a date T1, where h is a cryptographic hash function and d is some data (e.g. a
 * certificate).<br>
 * • And h is asserted in the cryptographic constraints to be trusted until at least a date T after T1.<br>
 * • And we have a POE for d at a date T after T1.<br>
 * <p/>
 * Then, we can derive from the time-stamp a POE for d at T1.
 * <p/>
 * 9.2.3.2 Input<br>
 * - Signature ............................ Mandatory<br>
 * - An attribute with a time-stamp token . Mandatory<br>
 * - A set of POEs ........................ Mandatory (but may be empty)<br>
 * - Cryptographic constraints ............ Optional<br>
 * <p/>
 * 9.2.3.3 Output<br>
 * - A set of POEs.<br>
 * <p/>
 * 9.2.3.4 Processing<br>
 * <p/>
 * The following steps shall be performed, depending on the type of the AdES time-stamp:<br>
 * <p/>
 * 9.2.3.4.1 Extraction from a time-stamp on the signature<br>
 * <p/>
 * Return the set of POEs resulting from the following: add a POE for the signature value at the generation time of the
 * time-stamp.<br>
 * <p/>
 * NOTE: It is possible to infer an indirect POE for the signed data objects (including the signed attributes). However,
 * this is true for some signature algorithms but not all of them (in particular this require that the signature
 * algorithm has the message recovery property and that we have a proof of existence of the public key at the generation
 * time of the time-stamp).<br>
 * <p/>
 * 9.2.3.4.2 Extraction from a time-stamp on certificates and revocation references<br>
 * <p/>
 * Return the set of POEs resulting from the following. All the POEs are added with the generation time of the
 * time-stamp on certificates and revocation references.<br>
 * <p/>
 * For each reference in the attribute complete-certificate-references and complete-revocation-reference:<br>
 * <p/>
 * 1) Add a POE for the hash value h(C) of the certificate C (respectively h(R) of the revocation status information R).<br>
 * <p/>
 * 2) If the set of POEs includes a POE for a certificate C (respectively a revocation status information R) at a
 * date/time T after the generation date/time of the time-stamp, add a POE for C (respectively R).<br>
 * <p/>
 * 9.2.3.4.3 Extraction from a time-stamp on the signature and certificates and revocation references<br>
 * <p/>
 * Return the set of POEs resulting from the following. All the POEs are added with the generation time of the
 * time-stamp on the signature and certificates and revocation references:<br>
 * <p/>
 * 1) Do the extraction process from a time-stamp on the signature (see clause 9.2.3.4.1).<br>
 * 2) Do the extraction process from a time-stamp on certificates and revocation references (see clause 9.2.3.4.2).<br>
 * <p/>
 * 9.2.3.4.4 Extraction from an archive-time-stamp<br>
 * <p/>
 * Return the set of POEs resulting from the following. All the POEs are added with the generation time of the archive
 * time-stamp:<br>
 * <p/>
 * 1) Add a POE for each signed object.<br>
 * 2) Add a POE for the signature value.<br>
 * 3) Add a POE for each certificate and revocation status information present in the signature.<br>
 * 4) Add a POE for each signed and unsigned attribute (except the attribute containing this archive time-stamp and any
 * archive-time-stamp attribute added after this attribute) present in the signature. This implicitly includes the
 * addition of a POE (direct or indirect POE) for any time-stamp, certificate or revocation information status
 * encapsulated in these attributes.<br>
 * <p/>
 * 9.2.3.4.5 Extraction from a long-term-validation attribute<br>
 * <p/>
 * This process applies only to CAdES [1]. If the long-term-validation attribute does not include the poeValue field, no
 * POEs are extracted. If the poeValue field is present with a time-stamp, perform the process below. Processing
 * poeValue field when an ERS [17] is present is out of the scope of the present document.
 * <p/>
 * Return the set of POEs resulting from the following. All the POEs are added with the generation time of the
 * time-stamp present in the poeValue:<br>
 * <p/>
 * 1) Add a POE for the signed object if available in the SignedData.<br>
 * 2) Add a POE for the signature value.<br>
 * 3) Add a POE for each certificate (respectively revocation information status) in SignedData.certificates
 * (respectively in SignedData.crls) or in long-term-validation.extraCertificates (respectively in long-term-validation.
 * extraRevocation).<br>
 * 4) Add a POE for each signed and unsigned attribute (except the attribute containing this poeValue and the
 * long-term-validation attributes added after it). This implicitly includes the addition of a POE (direct or indirect
 * POE) for any time-stamp, certificate or revocation information status encapsulated in these attributes.<br>
 * <p/>
 * // This is the part of the new CAdES specification:<br>
 * // http://www.etsi.org/deliver/etsi_ts/101700_101799/101733/02.01.01_60/ts_101733v020101p.pdf<br>
 * <p/>
 * 9.2.3.4.6 Extraction from a PDF document time-stamp<br>
 * <p/>
 * This process applies only to PAdES [14]. Return the set of POEs resulting from the following. All the POEs are added
 * with the generation time of the document time-stamp:<br>
 * <p/>
 * 1) Add a POE for any SignedData included in the ByteRange protected by the document time-stamp. This implicitly
 * includes the addition of a POE (direct or indirect POE) for any time-stamp token, certificate or revocation
 * information status encapsulated in these SignedData.<br>
 * 2) Add a POE for each certificate or revocation information status in a Document Security Store included in the
 * ByteRange protected by the document time-stamp.<br>
 * 3) Add a POE for each document time-stamp included in the ByteRange protected by the document time-stamp. This
 * implicitly includes the addition of a POE (direct or indirect POE) for any certificate or revocation information
 * status encapsulated in these time-stamps.<br>
 *
 * @author bielecro
 */
public abstract class POEExtraction implements Indication, SubIndication, NodeName, NodeValue, AttributeName, AttributeValue, ExceptionMessage {

}