digidoc4j icon indicating copy to clipboard operation
digidoc4j copied to clipboard

Published 20 hours ago verified publisher icon open-eid

Check if certificate is e-Seal

Open elion opened this issue 6 years ago • 4 comments

Feature request

Add a method to check if a certificate is an e-Seal.

elion avatar Oct 30 '18 13:10 elion

This has been added to backlog for analysis.

naare avatar Nov 05 '18 10:11 naare

Feature request

Add a method to check if a certificate is an e-Seal.

We have some questions regarding the purpose of this functionality. What is your use case for this?

  1. Would you like to check random certificate with digidoc4j whether it is meant for eSeal or eSig?
  2. Would you like to check whether the given signatures in container are given with eSeal or eSig?
  3. Something else?

naare avatar Nov 06 '18 09:11 naare

Original use case would be number 2. However, number 1 would solve both 1 and 2 as we can find the signer certificate from signature.

elion avatar Nov 06 '18 10:11 elion

In essence it is already possible to determine whether the signature is given by e-seal after validation. getSignatureQualification(); method returns signature qualification object. In case of detection of e-seal, the readible variable will include "Seal" string.

public enum SignatureQualification { QESIG("QESig", "Qualified Electronic Signature"), QESEAL("QESeal", "Qualified Electronic Seal"), QES("QES?", "Qualified Electronic Signature or Seal"), ADESIG_QC("AdESig-QC", "Advanced Electronic Signature supported by a Qualified Certificate"), ADESEAL_QC("AdESeal-QC", "Advanced Electronic Seal supported by a Qualified Certificate"), ADES_QC("AdES?-QC", "Advanced Electronic Signature or Seal supported by a Qualified Certificate"), ADESIG("AdESig", "Advanced Electronic Signature"), ADESEAL("AdESeal", "Advanced Electronic Seal"), ADES("AdES?", "Advanced Electronic Signature or Seal"), INDETERMINATE_QESIG("Indeterminate QESig", "Indeterminate Qualified Electronic Signature"), INDETERMINATE_QESEAL("Indeterminate QESeal", "Indeterminate Qualified Electronic Seal"), INDETERMINATE_QES("Indeterminate QES?", "Indeterminate Qualified Electronic Signature or Seal"), INDETERMINATE_ADESIG_QC("Indeterminate AdESig-QC", "Indeterminate Advanced Electronic Signature supported by a Qualified Certificate"), INDETERMINATE_ADESEAL_QC("Indeterminate AdESeal-QC", "Indeterminate Advanced Electronic Seal supported by a Qualified Certificate"), INDETERMINATE_ADES_QC("Indeterminate AdES?-QC", "Indeterminate Advanced Electronic Signature or Seal supported by a Qualified Certificate"), INDETERMINATE_ADESIG("Indeterminate AdESig", "Indeterminate Advanced Electronic Signature"), INDETERMINATE_ADESEAL("Indeterminate AdESeal", "Indeterminate Advanced Electronic Seal"), INDETERMINATE_ADES("Indeterminate AdES?", "Indeterminate Advanced Electronic Signature or Seal"), NOT_ADES_QC_QSCD("Not AdES but QC with QSCD", "Not Advanced Electronic Signature but supported by a Qualified Certificate"), NOT_ADES_QC("Not AdES but QC", "Not Advanced Electronic Signature but supported by a Qualified Certificate"), NOT_ADES("Not AdES", "Not Advanced Electronic Signature"), NA("N/A", "Not applicable");

We will implement the use case 2. Current plan is to implement a method that returns three states based on the qualification: SIGNATURE, SEAL, UNKNOWN.

naare avatar Jan 29 '19 11:01 naare