Package se.swedenconnect.sigval.commons.svt

Class AbstractSVTSigValClaimsIssuer<T>

java.lang.Object

se.swedenconnect.sigval.svt.issuer.SVTIssuer<T>

se.swedenconnect.sigval.commons.svt.AbstractSVTSigValClaimsIssuer<T>

Type Parameters:

T - The signature validation input data class

public abstract class AbstractSVTSigValClaimsIssuer<T>
extends se.swedenconnect.sigval.svt.issuer.SVTIssuer<T>

Abstract implementation of the SVT signature validation claims issuer providing some basic common functions that may be common to several implementations of SVT issuer. E.g. for XML and PDF

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields inherited from class se.swedenconnect.sigval.svt.issuer.SVTIssuer

certificates, jwsAlgorithm, signer

Constructor Summary

Constructors

Constructor	Description
AbstractSVTSigValClaimsIssuer(com.nimbusds.jose.JWSAlgorithm algorithm, Object privateKey, List<X509Certificate> certificates)

Method Summary

Modifier and Type	Method	Description
se.swedenconnect.sigval.svt.claims.TimeValidationClaims	extractTimeValClaims(TimeValidationResult timeValidationResult, String hashAlgoUri)	Extracts the time validation claims from a time validation result object.
protected String	getB64Hash(byte[] bytes, String hashAlgoUri)	Create a Base64 hash value string based on input data and hash algorithm URI
protected se.swedenconnect.sigval.svt.claims.CertReferenceClaims	getCertRef(ExtendedSigValResult sigResult, String hashAlgoUri)	Gets the certificate reference claims for signature validation result
protected List<se.swedenconnect.sigval.svt.claims.PolicyValidationClaims>	getSignaturePolicyValidations(ExtendedSigValResult sigResult)	Returns the signature policy validation claims
protected boolean	isCertPathMatch(List<X509Certificate> validatedCertificatePath, List<X509Certificate> signatureCertificateChain)	Compares the validated path against the signature certificate path and determines if the validated path is altered.
protected boolean	isVerifiedTime(se.swedenconnect.sigval.svt.claims.TimeValidationClaims timeValidationClaims)	Test if provided time validation claims indicates presence of verified time

Methods inherited from class se.swedenconnect.sigval.svt.issuer.SVTIssuer

getSignedSvtJWT, getSvtJwtClaims, getSvtProfile, validateSignatureSVTClaims, valueTest, verify

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AbstractSVTSigValClaimsIssuer

public AbstractSVTSigValClaimsIssuer(com.nimbusds.jose.JWSAlgorithm algorithm,
 Object privateKey,
 List<X509Certificate> certificates)
                              throws NoSuchAlgorithmException,
com.nimbusds.jose.JOSEException

Parameters:

algorithm - the algorithm used to sign the SVT as well as selecting the Hash algorithm used to generate SVT hash values

privateKey - private key used to sign the SVT

certificates - certificates supporting the SVT signature

Throws:

NoSuchAlgorithmException - unsupported algorithm

com.nimbusds.jose.JOSEException - JOSE exception

Method Details

getCertRef

protected se.swedenconnect.sigval.svt.claims.CertReferenceClaims getCertRef(ExtendedSigValResult sigResult,
 String hashAlgoUri)
                                                                     throws CertificateEncodingException,
NoSuchAlgorithmException,
IOException

Gets the certificate reference claims for signature validation result

Updated logic 2020-10-23. If chain is using certs from the signature, the same chain is stored as cert hashes of individual certs in the same order as if complete certs are stored

Parameters:

sigResult - signature validation result data

hashAlgoUri - the hash algorithm used to hash data

Returns:

certificate reference claims

Throws:

CertificateEncodingException - certificate errors

NoSuchAlgorithmException - unsupported algorithm

IOException - data parsing errors

isCertPathMatch

protected boolean isCertPathMatch(List<X509Certificate> validatedCertificatePath,
 List<X509Certificate> signatureCertificateChain)

Compares the validated path against the signature certificate path and determines if the validated path is altered.

Parameters:

validatedCertificatePath - the validated certificate path

signatureCertificateChain - the certificates obtained from the signature

Returns:

true if the signature certificate path contains all certificates of the validated certificate path

isVerifiedTime

protected boolean isVerifiedTime(se.swedenconnect.sigval.svt.claims.TimeValidationClaims timeValidationClaims)

Test if provided time validation claims indicates presence of verified time

Parameters:

timeValidationClaims - time validation claims

Returns:

true if time validation claims contains verified time

getSignaturePolicyValidations

protected List<se.swedenconnect.sigval.svt.claims.PolicyValidationClaims> getSignaturePolicyValidations(ExtendedSigValResult sigResult)

Returns the signature policy validation claims

Parameters:

sigResult - result of signature validation

Returns:

list of policy validation claims

getB64Hash

protected String getB64Hash(byte[] bytes,
 String hashAlgoUri)
                     throws NoSuchAlgorithmException

Create a Base64 hash value string based on input data and hash algorithm URI

Parameters:

bytes - bytes to hash

hashAlgoUri - hash algorithm URI

Returns:

Base64 string with hash value

Throws:

NoSuchAlgorithmException - unsupported hash algorithm

extractTimeValClaims

public se.swedenconnect.sigval.svt.claims.TimeValidationClaims extractTimeValClaims(TimeValidationResult timeValidationResult,
 String hashAlgoUri)

Extracts the time validation claims from a time validation result object. In particular this function also adds a hash of the timestamp if present using the SVT assigned hash algorithm

Parameters:

timeValidationResult - time stamp validation result

hashAlgoUri - SVT hash algorithm

Returns:

time validation claims