Guardtime.KSI.Signature.Verification.Rule Namespace |
Classes| Class | Description | |
|---|---|---|
 | AggregationChainInputHashVerificationRule | Obsolete.
This rule verifies RFC3161 output hash equals to aggregation chain input hash.
If RFC3161 record is not present then Ok is returned.
|
| AggregationHashChainAlgorithmDeprecatedRule |
Verifies that aggregation hash chains use hash algorithms that were not deprecated at the aggregation time.
|
| AggregationHashChainConsistencyRule |
Rule verifies if all aggregation hash chains are consistent. e.g. previous aggregation hash chain output hash
equals to current aggregation hash chain input hash.
|
| AggregationHashChainIndexRule | Obsolete.
Rule checks that shape of the aggregation hash chain matches with chain index.
|
| AggregationHashChainIndexSuccessorRule |
This rule checks that chain index of a aggregation hash chain is successor to it's parent aggregation hash chain index.
|
| AggregationHashChainMetadataRule |
Rule verifies if all metadata tags in aggregation hash chains are valid.
|
| AggregationHashChainShapeRule |
Rule checks that shape of the aggregation hash chain matches with chain index.
|
| AggregationHashChainTimeConsistencyRule |
Rule checks that aggregation hash chain times are consistent. It means that previous aggregation hash chain
aggregation time equals to current one.
|
| CalendarAuthenticationRecordAggregationHashRule |
Rule verifies that calendar authentication record publication hash equals to calendar hash chain output hash.
Without calendar authentication record Ok is returned.
|
| CalendarAuthenticationRecordAggregationTimeRule | Obsolete. |
| CalendarAuthenticationRecordExistenceRule |
Rule verifies that KSI signature contains calendar authentication record.
|
| CalendarAuthenticationRecordPublicationTimeRule |
Rule verifies that calendar authentication record publication time equals to calendar hash chain publication time.
Without calendar authentication record Ok is returned.
|
| CalendarAuthenticationRecordSignatureVerificationRule |
Rule validates calendar authentication record signature. Signature is made from calendar authentication record
publication data. X.509 certificate is searched from publications file and when found, it is used to validate PKI
signature in calendar authentication record.
|
| CalendarHashChainAggregationTimeRule |
Rule verifies calendar hash chain aggregation time equality to last aggregation hash chain aggregation time.
Without calendar authentication record Ok is returned.
|
| CalendarHashChainAlgorithmDeprecatedRule |
Verifies that calendar hash chain right link hash algorithms were not deprecated at the publication time.
If calendar hash chain is missing then status Ok is returned.
|
| CalendarHashChainAlgorithmObsoleteRule |
Verifies that calendar hash chain right link hash algorithms were not obsolete at the publication time.
If calendar hash chain is missing then status Ok is returned.
|
| CalendarHashChainExistenceRule |
Rule for checking if KSI signature contains calendar hash chain.
Used for key-based and publication-based verification policies.
|
| CalendarHashChainInputHashVerificationRule |
Rule verifies that last aggregation hash chain output hash is equal to calendar hash chain input hash. If calendar
hash chain is missing, status Ok is returned.
|
| CalendarHashChainRegistrationTimeRule |
Rule is used to verify calendar hash chain registration time (calculated from calendar hash chain shape) equality
to calendar hash chain aggregation time. If calendar hash chain is missing then status
Ok is returned.
|
| CertificateExistenceRule |
Rule checks if publications file contains certificate with certificate id contained in calendar authentication
record.
|
| DocumentHashLevelVerificationRule |
This rule verifies that given document hash level is not greater than the first link level correction of the first aggregation hash chain.
In case RFC3161 signature the given document hash level must be 0.
If the level is equal to or less than expected then Ok is returned.
|
| DocumentHashVerificationRule |
This rule verifies document hash. If RFC3161 record is present then document hash must equal to RFC3161 record input hash.
Otherwise document hash is compared to aggregation hash chain input hash.
If document hash is not provided then Ok is returned.
|
| ExtendedSignatureAggregationChainRightLinksMatchesRule | Obsolete. |
| ExtendedSignatureCalendarChainAggregationTimeRule |
Rule checks that extended signature contains correct aggregation time.
|
| ExtendedSignatureCalendarChainInputHashRule |
Rule checks that extended signature contains correct calendar hash chain input hash. It means that input hash
equals to aggregation hash chain root hash.
|
| ExtendedSignatureCalendarChainRootHashRule |
Rule checks that extender response calendar hash chain (extension request with current calendar hash chain
aggregation and publication time is used) matches with current calendar hash chain root hash. If current signature
does not contain calendar hash chain, Ok is returned.
|
| ExtendedSignatureCalendarHashChainRightLinksMatchRule |
Checks if extended signature calendar hash chain right links are equal to not extended signature right links.
|
| ExtenderResponseCalendarHashChainAlgorithmDeprecatedRule |
Verifies that extender response calendar hash chain right link hash algorithms are not deprecated.
|
| ExtendingPermittedVerificationRule |
Rule checks that extending is permitted by user.
|
| InputHashAlgorithmDeprecatedRule |
This rule verifies that input hash algorithm is not deprecated at aggregation time. If RFC3161 record is present then RFC3161 record input hash algorithm deprecation is checked.
|
| InputHashAlgorithmVerificationRule |
This rule verifies input hash algorithm. If RFC3161 record is present then intput hash algorithm must equal to RFC3161 record input hash algorithm.
Otherwise input hash algorithm is compared to aggregation hash chain input hash algorithm.
If input hash is not provided then Ok is returned.
|
| OkResultRule |
Rule that always returns Ok |
| PublicationsFileExtendedSignatureInputHashRule |
Rule checks that extender response calendar hash chain input hash matches with signature aggregation root hash.
|
| PublicationsFilePublicationHashMatchesExtenderResponseRule |
Rule checks that publications file publication hash matches with extender response calendar hash chain root hash.
|
| PublicationsFilePublicationTimeMatchesExtenderResponseRule |
Rule checks that publications file publication time matches with extender response calendar hash chain shape.
|
| PublicationsFileSignaturePublicationMatchRule |
Rule checks if publications file and signature publication record match.
|
| Rfc3161RecordAggregationTimeRule |
This rule verifies that aggregation hash chain aggregation time and RFC3161 record aggregation time match.
If RFC3161 record is not present then Ok is returned.
|
| Rfc3161RecordChainIndexRule |
This rule verifies that aggregation hash chain index and RFC3161 record chain index match.
If RFC3161 record is not present then Ok is returned.
|
| Rfc3161RecordHashAlgorithmDeprecatedRule |
Verifies that all hash algorithms used internally in RFC3161 record were not deprecated at the aggregation time.
If RFC3161 record is not present then Ok is returned.
|
| Rfc3161RecordOutputHashAlgorithmDeprecatedRule |
Verifies that RFC3161 record output hash algorithm was not deprecated at the aggregation time.
If RFC3161 record is not present then Ok is returned.
|
| Rfc3161RecordOutputHashVerificationRule |
This rule verifies RFC3161 output hash equals to aggregation chain input hash.
If RFC3161 record is not present then Ok is returned.
|
| SignaturePublicationRecordExistenceRule |
Rule checks if KSI signature contains publication record.
|
| SignaturePublicationRecordPublicationHashRule |
Rule checks if KSI signature calendar hash chain publication hash matches signature publication record publication hash.
If publication record is missing, Ok is returned.
|
| SignaturePublicationRecordPublicationTimeRule |
Rule checks if KSI signature calendar hash chain publication time matches signature publication record publication time.
If publication record is missing, Ok is returned.
|
| UserProvidedPublicationCreationTimeVerificationRule |
Rule checks that signature is created before user provided publication.
|
| UserProvidedPublicationExistenceRule |
Rule checks that user has provided a publication.
|
| UserProvidedPublicationExtendedSignatureInputHashRule |
Rule checks that extender response input hash equals to signature aggregation root hash.
|
| UserProvidedPublicationHashMatchesExtendedResponseRule |
Rule checks that user provided publication hash matches extender response calendar hash chain root hash.
|
| UserProvidedPublicationTimeMatchesExtendedResponseRule |
Rule checks that user provided publication time matches extender response calendar hash chain shape.
|
| UserProvidedPublicationVerificationRule |
Rule checks that user provided publication equals to publication in KSI signature.
|
| VerificationRule |
Verification rule.
|