Skip to content

Commit 6373f56

Browse files
Improve invalid timestamp detection while signing
1 parent 3888267 commit 6373f56

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

dss-document/src/main/java/eu/europa/esig/dss/validation/SignatureValidationContext.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -693,16 +693,26 @@ private void registerTimestampUsageDate(TimestampToken timestampToken) {
693693
protected boolean isTimestampValid(TimestampToken timestampToken) {
694694
if (!extractPOEFromUntrustedChains && !containsTrustAnchor(getCertChain(timestampToken))) {
695695
LOG.warn("POE extraction is skipped for untrusted timestamp : {}.", timestampToken.getDSSIdAsString());
696+
TokenStatus status = new TokenStatus();
697+
status.addRelatedTokenAndErrorMessage(timestampToken, "untrusted_timestamp");
698+
certificateVerifier.getAlertOnMissingRevocationData().alert(status);
696699
return false;
697700
}
698701
if (!timestampToken.isMessageImprintDataIntact()) {
699702
LOG.warn("POE extraction is skipped for timestamp : {}. The message-imprint is not intact!",
700703
timestampToken.getDSSIdAsString());
704+
TokenStatus status = new TokenStatus();
705+
status.addRelatedTokenAndErrorMessage(timestampToken, "message_imprint_not_intact");
706+
certificateVerifier.getAlertOnMissingRevocationData().alert(status);
701707
return false;
702708
}
703709
if (!timestampToken.isSignatureIntact()) {
704710
LOG.warn("POE extraction is skipped for timestamp : {}. The signature is not intact!",
705711
timestampToken.getDSSIdAsString());
712+
713+
TokenStatus status = new TokenStatus();
714+
status.addRelatedTokenAndErrorMessage(timestampToken, "signature_not_intact");
715+
certificateVerifier.getAlertOnMissingRevocationData().alert(status);
706716
return false;
707717
}
708718
return true;

0 commit comments

Comments
 (0)