search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
73 stars 39 forks source link

Check if certificate is e-Seal #49

Open elion opened 6 years ago

elion commented 6 years ago

Feature request

Add a method to check if a certificate is an e-Seal.

naare commented 6 years ago

This has been added to backlog for analysis.

naare commented 6 years ago

Feature request

Add a method to check if a certificate is an e-Seal.

We have some questions regarding the purpose of this functionality. What is your use case for this? 1) Would you like to check random certificate with digidoc4j whether it is meant for eSeal or eSig? 2) Would you like to check whether the given signatures in container are given with eSeal or eSig? 3) Something else?

elion commented 6 years ago

Original use case would be number 2. However, number 1 would solve both 1 and 2 as we can find the signer certificate from signature.

naare commented 5 years ago

In essence it is already possible to determine whether the signature is given by e-seal after validation. getSignatureQualification(); method returns signature qualification object. In case of detection of e-seal, the readible variable will include "Seal" string.

public enum SignatureQualification { QESIG("QESig", "Qualified Electronic Signature"), QESEAL("QESeal", "Qualified Electronic Seal"), QES("QES?", "Qualified Electronic Signature or Seal"), ADESIG_QC("AdESig-QC", "Advanced Electronic Signature supported by a Qualified Certificate"), ADESEAL_QC("AdESeal-QC", "Advanced Electronic Seal supported by a Qualified Certificate"), ADES_QC("AdES?-QC", "Advanced Electronic Signature or Seal supported by a Qualified Certificate"), ADESIG("AdESig", "Advanced Electronic Signature"), ADESEAL("AdESeal", "Advanced Electronic Seal"), ADES("AdES?", "Advanced Electronic Signature or Seal"), INDETERMINATE_QESIG("Indeterminate QESig", "Indeterminate Qualified Electronic Signature"), INDETERMINATE_QESEAL("Indeterminate QESeal", "Indeterminate Qualified Electronic Seal"), INDETERMINATE_QES("Indeterminate QES?", "Indeterminate Qualified Electronic Signature or Seal"), INDETERMINATE_ADESIG_QC("Indeterminate AdESig-QC", "Indeterminate Advanced Electronic Signature supported by a Qualified Certificate"), INDETERMINATE_ADESEAL_QC("Indeterminate AdESeal-QC", "Indeterminate Advanced Electronic Seal supported by a Qualified Certificate"), INDETERMINATE_ADES_QC("Indeterminate AdES?-QC", "Indeterminate Advanced Electronic Signature or Seal supported by a Qualified Certificate"), INDETERMINATE_ADESIG("Indeterminate AdESig", "Indeterminate Advanced Electronic Signature"), INDETERMINATE_ADESEAL("Indeterminate AdESeal", "Indeterminate Advanced Electronic Seal"), INDETERMINATE_ADES("Indeterminate AdES?", "Indeterminate Advanced Electronic Signature or Seal"), NOT_ADES_QC_QSCD("Not AdES but QC with QSCD", "Not Advanced Electronic Signature but supported by a Qualified Certificate"), NOT_ADES_QC("Not AdES but QC", "Not Advanced Electronic Signature but supported by a Qualified Certificate"), NOT_ADES("Not AdES", "Not Advanced Electronic Signature"), NA("N/A", "Not applicable");

We will implement the use case 2. Current plan is to implement a method that returns three states based on the qualification: SIGNATURE, SEAL, UNKNOWN.