See: Description
| Interface | Description |
|---|---|
| Rule |
Rule contains one logical step of signature verification policy.
|
| Class | Description |
|---|---|
| AggregationChainInputHashVerificationRule |
Verifies that if RFC3161 record is present then the calculated output hash (from RFC3161 record) equals to
aggregation chain input hash.
|
| AggregationHashChainAlgorithmDeprecatedRule |
Verifies if the aggregation hash chain uses a hash algorithm that was deprecated at the aggregation time.
|
| AggregationHashChainConsistencyRule |
Verifies that all aggregation hash chains are consistent (e.g previous aggregation output hash equals to
current aggregation chain input hash).
|
| AggregationHashChainIndexConsistencyRule |
Verifies that aggregation chain indices are matching corresponding aggregation chains (e.g all left and
right links are correctly defined in the chain index).
|
| AggregationHashChainIndexSuccessorRule |
Checks that chain index of a aggregation hash chain is successor to it's parent aggregation hash chain index.
|
| AggregationHashChainLinkMetadataRule |
Verifies that all metadata structures in aggregation hash chain links are valid.
|
| AggregationHashChainTimeConsistencyRule |
Checks that aggregation hash chain aggregation times are consistent (e.g previous aggregation
hash chain aggregation time to current aggregation hash chain aggregation time).
|
| BaseRule |
Abstract class for all rules
|
| CalendarAuthenticationRecordAggregationHashRule |
Verifies that calendar authentication record publication hash equals to calendar hash chain
publication hash.
|
| CalendarAuthenticationRecordAggregationTimeRule |
Verifies that calendar authentication record publication time equals to calendar hash chain
publication time.
|
| CalendarAuthenticationRecordExistenceRule |
Verifies that KSI signature contains calendar authentication record element.
|
| CalendarAuthenticationRecordSignatureVerificationRule |
Validates calendar authentication record signature.
|
| CalendarHashChainAggregationAlgorithmObsoleteRule |
Verifies that calendar hash chain aggregation(derived from the left link) hash algorithms were
obsolete at the publication time.
|
| CalendarHashChainAggregationTimeRule |
Verifies that calendar hash chain aggregation time equals to last aggregation hash chain
aggregation time.
|
| CalendarHashChainAlgorithmDeprecatedExtenderResponseRule |
Verifies if any of the response calendar hash chain aggregation hash algorithms (derived from the left link)
were deprecated at the publication time.
|
| CalendarHashChainAlgorithmDeprecatedRule |
Verifies if any of the calendar hash chain aggregation hash algorithms (derived from the left link)
were deprecated at the publication time.
|
| CalendarHashChainDoesNotExistRule |
Checks that KSI signature does not contain calendar hash chain.
|
| CalendarHashChainExistenceRule |
Checks if KSI signature contains calendar hash chain.
|
| CalendarHashChainInputHashVerificationRule |
Verifies that last aggregation hash chain output hash equals to calendar hash chain input hash.
|
| CalendarHashChainRegistrationTimeRule |
Verifies that calendar hash chain registration time (calculated from the shape of the calendar
hash chain) equals to calendar hash chain aggregation time.
|
| CertificateExistenceRule |
Checks if publications file contains certificate with certificate id present in calendar
authentication record.
|
| CertificateValidityRule |
Checks if certificate was valid at aggregation time.
|
| CompositeRule |
This class represents a rule composed of a set of rules.
|
| DocumentHashAlgorithmVerificationRule |
Verifies that document hash provided and it's hash algorithm match with the hash algorithm of
the input hash of the first aggregation chain or RFC-3161 record if present.
|
| DocumentHashVerificationRule |
Verifies document hash.
|
| ExtendedSignatureCalendarChainAggregationTimeRule |
Checks that extended signature contains correct aggregation time.
|
| ExtendedSignatureCalendarChainInputHashRule |
Checks that extended signature contains correct calendar hash chain input hash (e.g matches with
aggregation chain root hash).
|
| ExtendedSignatureCalendarChainRootHashRule |
Checks that reproduced calendar hash chain (reproduced by sending extension request with the same
aggregation and publication time as the attached calendar chain) matches with the already present calendar hash chain
root hash.
|
| ExtendedSignatureCalendarHashChainRightLinksMatchesRule |
Checks that: the extended calendar hash chain contains the same count of right
links the extended calendar hash chain right links are equal to the not extended
calendar hash chain right links
|
| ExtendingPermittedVerificationRule |
Checks is signature extending is permitted or not.
|
| InputHashLevelVerificationRule |
Verifies that user provided input hash level is less than or equal to first aggregation hash chain's first
link's level corrector value.
|
| NotRule |
Inverts rule results where:
!OK = NA
!NA = OK
!FAIL = FAIL
|
| PublicationsFileContainsPublicationRule |
Checks if publications file contains publication closest to signature registration time.
|
| PublicationsFileContainsSignaturePublicationRule |
Checks if publications file contains signature publication.
|
| PublicationsFileExtendedSignatureInputHashRule |
Checks that extender response input hash equals with signature aggregation root hash.
|
| PublicationsFilePublicationHashMatchesExtenderResponseRule |
Verifies that publications file publication hash matches with extender response calendar root hash.
|
| PublicationsFilePublicationTimeMatchesExtenderResponseRule |
Verifies that publications file publication time matches with extender response calendar chain
shape.
|
| Rfc3161InternalHashAlgorithmsDeprecatedRule |
Verifies that the RFC-3161 record uses internally a hash functions that were not deprecated at the aggregation time.
|
| Rfc3161OutputHashAlgorithmDeprecatedRule |
Verifies if the RFC3161 compatibility record output hash algorithm was deprecated at the time of signing.
|
| Rfc3161RecordIndexRule |
Verifies the index of the RFC3161 record.
|
| Rfc3161RecordTimeRule |
Verifies that RFC3161 record aggregation time equals to first aggregation chain aggregation time.
|
| SignatureDoesNotContainPublicationRule |
Checks that signature does not contain publication record.
|
| SignatureInputHashAlgorithmDeprecatedRule |
Verifies that the hash algorithm of the input hash of the signature (input hash of the first aggregation hash chain
or if present the input hash of the RFC-3161 record) was not deprecated at the aggregation time.
|
| SignaturePublicationRecordExistenceRule |
Checks if the KSI signature contains publication record or not.
|
| SignaturePublicationRecordPublicationHashRule |
Checks if the KSI signature contains publication record or not.
|
| SignaturePublicationRecordPublicationTimeRule |
Checks if the KSI signature contains correct publication record publication time.
|
| UserProvidedPublicationCalendarHashChainAlgorithmDeprecatedRule |
Verifies if any of the extender response calendar hash chain aggregation hash algorithms (derived from the left link)
were deprecated at the publication time.
|
| UserProvidedPublicationCreationTimeVerificationRule |
Checks that signature is created before user provided publication.
|
| UserProvidedPublicationExistenceRule |
Verifies if user has provided the publication or not.
|
| UserProvidedPublicationExtendedSignatureInputHashRule |
Checks that extender response input hash equals with signature aggregation root hash.
|
| UserProvidedPublicationHashEqualsToSignaturePublicationHashRule |
Verifies that user provided publication data hash equals to signature publication record data hash.
|
| UserProvidedPublicationHashMatchesExtendedResponseRule |
Verifies that user provided publication hash matches with extender response calendar root hash.
|
| UserProvidedPublicationTimeEqualsToSignaturePublicationTimeRule |
Verifies that user provided publication time equals to signature publication time
|
| UserProvidedPublicationTimeMatchesExtendedResponseRule |
Verifies that user provided publication time matches with extender response calendar chain shape.
|
| UserProvidedPublicationTimeNotEqualToSignaturePublicationTimeRule |
Verifies that user provided publication time does not equal to signature publication time
|
Copyright © 2024 Guardtime. All rights reserved.