Package eu.europa.esig.dss.policy

Interface ValidationPolicy

All Known Implementing Classes:
EtsiValidationPolicy
public interface ValidationPolicy
This class encapsulates the constraint file that controls the policy to be used during the validation process. This is the base class used to implement a specific validation policy

  • Method Details

    • getSignaturePolicyConstraint

      MultiValuesConstraint getSignaturePolicyConstraint(Context context)
      Indicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigningTime element is present in the constraint file, null otherwise.

    • getSignaturePolicyIdentifiedConstraint

      LevelConstraint getSignaturePolicyIdentifiedConstraint(Context context)
      Indicates if the signature policy validation should be processed. If SignaturePolicyIdentifier found, but not relevant SignaturePolicy is retrieved, the check fails.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SignaturePolicy shall be identified

    • getSignaturePolicyStorePresentConstraint

      LevelConstraint getSignaturePolicyStorePresentConstraint(Context context)
      Indicates if a SignaturePolicyStore unsigned attribute, containing a used policy binaries, presence shall be checked
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SignaturePolicyStore presence shall be checked

    • getSignaturePolicyPolicyHashValid

      LevelConstraint getSignaturePolicyPolicyHashValid(Context context)
      Indicates if digest present in a SignaturePolicyIdentifier shall match to the extracted policy content
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SignaturePolicyIdentifier digest shall match

    • getStructuralValidationConstraint

      LevelConstraint getStructuralValidationConstraint(Context context)
      Indicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if StructuralValidation element is present in the constraint file, null otherwise.

    • getSigningCertificateRefersCertificateChainConstraint

      LevelConstraint getSigningCertificateRefersCertificateChainConstraint(Context context)
      Indicates if the Signing Certificate attribute should be checked against the certificate chain. If SigningCertificateRefersCertificateChain element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigningCertificateRefersCertificateChain element is present in the constraint file, null otherwise.

    • getReferencesToAllCertificateChainPresentConstraint

      LevelConstraint getReferencesToAllCertificateChainPresentConstraint(Context context)
      Indicates if the whole certificate chain is covered by the Signing Certificate attribute. If ReferencesToAllCertificateChainPresent element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ReferencesToAllCertificateChainPresent element is present in the constraint file, null otherwise.

    • getSigningCertificateDigestAlgorithmConstraint

      LevelConstraint getSigningCertificateDigestAlgorithmConstraint(Context context)
      Checks if a used DigestAlgorithm in signing-certificate-reference creation matches the corresponding cryptographic constraint
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigningCertificateDigestAlgorithm for a given context element is present in the constraint file, null otherwise.

    • getSigningTimeConstraint

      LevelConstraint getSigningTimeConstraint(Context context)
      Indicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigningTime element is present in the constraint file, null otherwise.

    • getContentTypeConstraint

      ValueConstraint getContentTypeConstraint(Context context)
      Indicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      ValueConstraint if ContentType element is present in the constraint file, null otherwise.

    • getContentHintsConstraint

      ValueConstraint getContentHintsConstraint(Context context)
      Indicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      ValueConstraint if ContentHints element is present in the constraint file, null otherwise.

    • getContentIdentifierConstraint

      ValueConstraint getContentIdentifierConstraint(Context context)
      Indicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      ValueConstraint if ContentIdentifier element is present in the constraint file, null otherwise.

    • getMessageDigestOrSignedPropertiesConstraint

      LevelConstraint getMessageDigestOrSignedPropertiesConstraint(Context context)
      Indicates if the signed property: message-digest (for CAdES) or SignedProperties (for XAdES) should be checked. If the relative element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if message-digests/SignedProperties element is present in the constraint file, null otherwise.

    • getEllipticCurveKeySizeConstraint

      LevelConstraint getEllipticCurveKeySizeConstraint(Context context)
      This constraint checks whether a JWA signature has a valid elliptic curve key size
      Parameters:
      context - Context
      Returns:
      LevelConstraint if EllipticCurveKeySize element is present in the constraint file, null otherwise.

    • getCommitmentTypeIndicationConstraint

      MultiValuesConstraint getCommitmentTypeIndicationConstraint(Context context)
      Indicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.
      Parameters:
      context - Context
      Returns:
      MultiValuesConstraint if CommitmentTypeIndication element is present in the constraint file, null otherwise.

    • getSignerLocationConstraint

      LevelConstraint getSignerLocationConstraint(Context context)
      Indicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SignerLocation element is present in the constraint file, null otherwise.

    • getContentTimestampConstraint

      LevelConstraint getContentTimestampConstraint(Context context)
      Indicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ContentTimeStamp element is present in the constraint file, null otherwise.

    • getContentTimestampMessageImprintConstraint

      LevelConstraint getContentTimestampMessageImprintConstraint(Context context)
      Indicates if the signed property: content-time-stamp message-imprint should be checked. If ContentTimeStampMessageImprint element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ContentTimeStampMessageImprint element is present in the constraint file, null otherwise.

    • getClaimedRoleConstraint

      MultiValuesConstraint getClaimedRoleConstraint(Context context)
      Indicates if the unsigned property: claimed-role should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      MultiValuesConstraint if ClaimedRoles element is present in the constraint file, null otherwise.

    • getCertifiedRolesConstraint

      MultiValuesConstraint getCertifiedRolesConstraint(Context context)
      Return the mandated signer role.
      Parameters:
      context - Context
      Returns:
      MultiValuesConstraint

    • getPolicyName

      String getPolicyName()
      Returns the name of the policy.
      Returns:
      String

    • getPolicyDescription

      String getPolicyDescription()
      Returns the policy description.
      Returns:
      String

    • getSignatureCryptographicConstraint

      CryptographicConstraint getSignatureCryptographicConstraint(Context context)
      This method creates the SignatureCryptographicConstraint corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.
      Parameters:
      context - The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
      Returns:
      SignatureCryptographicConstraint if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.

    • getCertificateCryptographicConstraint

      CryptographicConstraint getCertificateCryptographicConstraint(Context context, SubContext subContext)
      This method creates the SignatureCryptographicConstraint corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.
      Parameters:
      context - The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
      subContext - the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate
      Returns:
      SignatureCryptographicConstraint if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.

    • getCertificateCAConstraint

      LevelConstraint getCertificateCAConstraint(Context context, SubContext subContext)
      Returns certificate CA constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CA for a given context element is present in the constraint file, null otherwise.

    • getCertificateMaxPathLengthConstraint

      LevelConstraint getCertificateMaxPathLengthConstraint(Context context, SubContext subContext)
      Returns certificate MaxPathLength constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if MaxPathLength for a given context element is present in the constraint file, null otherwise.

    • getCertificateKeyUsageConstraint

      MultiValuesConstraint getCertificateKeyUsageConstraint(Context context, SubContext subContext)
      Returns certificate key usage constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if key-usage for a given context element is present in the constraint file, null otherwise.

    • getCertificateExtendedKeyUsageConstraint

      MultiValuesConstraint getCertificateExtendedKeyUsageConstraint(Context context, SubContext subContext)
      Returns certificate extended key usage constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if extended key-usage for a given context element is present in the constraint file, null otherwise.

    • getCertificatePolicyTreeConstraint

      LevelConstraint getCertificatePolicyTreeConstraint(Context context, SubContext subContext)
      Returns certificate PolicyTree constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if PolicyTree for a given context element is present in the constraint file, null otherwise.

    • getCertificateNameConstraintsConstraint

      LevelConstraint getCertificateNameConstraintsConstraint(Context context, SubContext subContext)
      Returns certificate NameConstraints constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if NameConstraints for a given context element is present in the constraint file, null otherwise.

    • getCertificateSupportedCriticalExtensionsConstraint

      MultiValuesConstraint getCertificateSupportedCriticalExtensionsConstraint(Context context, SubContext subContext)
      Returns certificate supported critical extensions constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if SupportedCriticalExtensions constraint for a given context element is present in the constraint file,null otherwise.

    • getCertificateForbiddenExtensionsConstraint

      MultiValuesConstraint getCertificateForbiddenExtensionsConstraint(Context context, SubContext subContext)
      Returns certificate forbidden extensions constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if ForbiddenExtensions constraint for a given context element is present in the constraint file,null otherwise.

    • getCertificateNotExpiredConstraint

      LevelConstraint getCertificateNotExpiredConstraint(Context context, SubContext subContext)
      Returns certificate's validity range constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if NotExpired constraint for a given certificate context is present in the constraint file, null otherwise.

    • getProspectiveCertificateChainConstraint

      LevelConstraint getProspectiveCertificateChainConstraint(Context context)
      This constraint requests the presence of the trust anchor in the certificate chain.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.

    • getCertificateSignatureConstraint

      LevelConstraint getCertificateSignatureConstraint(Context context, SubContext subContext)
      Returns certificate's signature constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if Signature for a given context element is present in the constraint file, null otherwise.

    • getUnknownStatusConstraint

      LevelConstraint getUnknownStatusConstraint()
      The method returns UnknownStatus constraint
      Returns:
      LevelConstraint

    • getOCSPResponseResponderIdMatchConstraint

      LevelConstraint getOCSPResponseResponderIdMatchConstraint()
      The method returns OCSPResponderIdMatch constraint
      Returns:
      LevelConstraint

    • getOCSPResponseCertHashPresentConstraint

      LevelConstraint getOCSPResponseCertHashPresentConstraint()
      The method returns OCSPCertHashPresent constraint
      Returns:
      LevelConstraint

    • getOCSPResponseCertHashMatchConstraint

      LevelConstraint getOCSPResponseCertHashMatchConstraint()
      The method returns OCSPCertHashMatch constraint
      Returns:
      LevelConstraint

    • getSelfIssuedOCSPConstraint

      LevelConstraint getSelfIssuedOCSPConstraint()
      The method returns SelfIssuedOCSP constraint
      Returns:
      LevelConstraint

    • getRevocationDataAvailableConstraint

      LevelConstraint getRevocationDataAvailableConstraint(Context context, SubContext subContext)
      Returns revocation data available constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.

    • getAcceptableRevocationDataFoundConstraint

      LevelConstraint getAcceptableRevocationDataFoundConstraint(Context context, SubContext subContext)
      Returns acceptable revocation data available constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if AcceptableRevocationDataFound for a given context element is present in the constraint file, null otherwise.

    • getCRLNextUpdatePresentConstraint

      LevelConstraint getCRLNextUpdatePresentConstraint(Context context, SubContext subContext)
      Returns CRL's nextUpdate present constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CRLNextUpdatePresent for a given context element is present in the constraint file, null otherwise.

    • getOCSPNextUpdatePresentConstraint

      LevelConstraint getOCSPNextUpdatePresentConstraint(Context context, SubContext subContext)
      Returns OCSP's nextUpdate present constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if OCSPNextUpdatePresent for a given context element is present in the constraint file, null otherwise.

    • getRevocationFreshnessConstraint

      TimeConstraint getRevocationFreshnessConstraint(Context context, SubContext subContext)
      Returns revocation data's freshness constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      TimeConstraint if RevocationFreshness for a given context element is present in the constraint file, null otherwise.

    • getRevocationFreshnessNextUpdateConstraint

      LevelConstraint getRevocationFreshnessNextUpdateConstraint(Context context, SubContext subContext)
      Returns revocation data's freshness for nextUpdate check constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if RevocationFreshnessNextUpdate for a given context element is present in the constraint file, null otherwise.

    • getCertificateNotRevokedConstraint

      LevelConstraint getCertificateNotRevokedConstraint(Context context, SubContext subContext)
      Returns certificate's not revoked constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if Revoked for a given context element is present in the constraint file, null otherwise.

    • getCertificateNotOnHoldConstraint

      LevelConstraint getCertificateNotOnHoldConstraint(Context context, SubContext subContext)
      Returns certificate's not onHold constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if OnHold for a given context element is present in the constraint file, null otherwise.

    • getRevocationIssuerNotExpiredConstraint

      LevelConstraint getRevocationIssuerNotExpiredConstraint(Context context, SubContext subContext)
      Returns revocation issuer's validity range constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if RevocationIssuerNotExpired constraint for a given certificate context is present in the constraint file, null otherwise.

    • getCertificateNotSelfSignedConstraint

      LevelConstraint getCertificateNotSelfSignedConstraint(Context context, SubContext subContext)
      Returns certificate's not self-signed constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if not self-signed for a given context element is present in the constraint file, null otherwise.

    • getCertificateSelfSignedConstraint

      LevelConstraint getCertificateSelfSignedConstraint(Context context, SubContext subContext)
      Returns certificate's self-signed constraint
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if self-signed for a given context element is present in the constraint file, null otherwise.

    • getTrustedServiceTypeIdentifierConstraint

      MultiValuesConstraint getTrustedServiceTypeIdentifierConstraint(Context context)
      Returns trusted service type identifier constraint
      Parameters:
      context - Context
      Returns:
      LevelConstraint if trusted service type identifier for a given context element is present in the constraint file, null otherwise.

    • getTrustedServiceStatusConstraint

      MultiValuesConstraint getTrustedServiceStatusConstraint(Context context)
      Returns trusted service status constraint
      Parameters:
      context - Context
      Returns:
      LevelConstraint if trusted service status for a given context element is present in the constraint file, null otherwise.

    • getCertificatePolicyIdsConstraint

      MultiValuesConstraint getCertificatePolicyIdsConstraint(Context context, SubContext subContext)
      Returns CertificatePolicyIds constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificatePolicyIds element is present in the constraint file, null otherwise.

    • getCertificatePolicyQualificationIdsConstraint

      LevelConstraint getCertificatePolicyQualificationIdsConstraint(Context context, SubContext subContext)
      Indicates if the CertificatePolicyIds declare the certificate as qualified.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if PolicyQualificationIds for a given context element is present in the constraint file, null otherwise.

    • getCertificatePolicySupportedByQSCDIdsConstraint

      LevelConstraint getCertificatePolicySupportedByQSCDIdsConstraint(Context context, SubContext subContext)
      Indicates if the CertificatePolicyIds mandate the certificate as to be supported by a secure signature creation device (QSCD).
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if PolicySupportedByQSCDIds for a given context element is present in the constraint file, null otherwise.

    • getCertificateQCComplianceConstraint

      LevelConstraint getCertificateQCComplianceConstraint(Context context, SubContext subContext)
      Indicates if the end user certificate used in validating the signature is QC Compliant.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if QcCompliance for a given context element is present in the constraint file, null otherwise.

    • getCertificateQcEuLimitValueCurrencyConstraint

      ValueConstraint getCertificateQcEuLimitValueCurrencyConstraint(Context context, SubContext subContext)
      Indicates the allowed currency used to specify certificate's QCLimitValue statement.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      IntValueConstraint if QcTransactionLimitCurrency for a given context element is present in the constraint file, null otherwise.

    • getCertificateMinQcEuLimitValueConstraint

      IntValueConstraint getCertificateMinQcEuLimitValueConstraint(Context context, SubContext subContext)
      Indicates the minimal allowed QcEuLimitValue transaction limit for which the end user certificate used for the signature can be used.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      IntValueConstraint if MinQcTransactionLimit for a given context element is present in the constraint file, null otherwise.

    • getCertificateMinQcEuRetentionPeriodConstraint

      IntValueConstraint getCertificateMinQcEuRetentionPeriodConstraint(Context context, SubContext subContext)
      Indicates the minimal allowed QC retention period for material information relevant to the use of the end user certificate used for the signature.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      IntValueConstraint if MinQcRetentionPeriod for a given context element is present in the constraint file, null otherwise.

    • getCertificateQcSSCDConstraint

      LevelConstraint getCertificateQcSSCDConstraint(Context context, SubContext subContext)
      Indicates if the end user certificate used in validating the signature is mandated to be supported by a secure signature creation device (QSCD).
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if QcSSCD for a given context element is present in the constraint file, null otherwise.

    • getCertificateQcEuPDSLocationConstraint

      MultiValuesConstraint getCertificateQcEuPDSLocationConstraint(Context context, SubContext subContext)
      Indicates the location or set of locations of PKI Disclosure Statements.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the the location or set of locations of PKI Disclosure Statements

    • getCertificateQcTypeConstraint

      MultiValuesConstraint getCertificateQcTypeConstraint(Context context, SubContext subContext)
      Indicates the certificate is claimed as a certificate of a particular type.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the types that the certificate is claimed to be of

    • getCertificateQcCCLegislationConstraint

      MultiValuesConstraint getCertificateQcCCLegislationConstraint(Context context, SubContext subContext)
      Indicates the country or set of countries under the legislation of which the certificate is issued as a qualified certificate is present. NOTE: in order to verify the EU compliance, the value shall be empty (no QcCCLegislation is allowed)
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the country or set of countries under the legislation of which the certificate is issued as a qualified certificate

    • getCertificateIssuedToNaturalPersonConstraint

      LevelConstraint getCertificateIssuedToNaturalPersonConstraint(Context context, SubContext subContext)
      Indicates if the end user certificate used in validating the signature is issued to a natural person.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if IssuedToNaturalPerson for a given context element is present in the constraint file, null otherwise.

    • getCertificateIssuedToLegalPersonConstraint

      LevelConstraint getCertificateIssuedToLegalPersonConstraint(Context context, SubContext subContext)
      Indicates if the end user certificate used in validating the signature is issued to a legal person.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.

    • getCertificateSemanticsIdentifierConstraint

      MultiValuesConstraint getCertificateSemanticsIdentifierConstraint(Context context, SubContext subContext)
      Indicates the certificate's QCStatement contains an acceptable semantics identifier.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if SemanticsIdentifier for a given context element is present in the constraint file, null otherwise.

    • getCertificatePS2DQcTypeRolesOfPSPConstraint

      MultiValuesConstraint getCertificatePS2DQcTypeRolesOfPSPConstraint(Context context, SubContext subContext)
      Indicates the acceptable QC PS2D roles for the certificate used for a signature.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the set of acceptable QC PS2D roles

    • getCertificatePS2DQcCompetentAuthorityNameConstraint

      MultiValuesConstraint getCertificatePS2DQcCompetentAuthorityNameConstraint(Context context, SubContext subContext)
      Indicates the acceptable QC PS2D names for the certificate used for a signature.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the set of acceptable QC PS2D names

    • getCertificatePS2DQcCompetentAuthorityIdConstraint

      MultiValuesConstraint getCertificatePS2DQcCompetentAuthorityIdConstraint(Context context, SubContext subContext)
      Indicates the acceptable QC PS2D ids for the certificate used for a signature.
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint the set of acceptable QC PS2D ids

    • getSigningCertificateRecognitionConstraint

      LevelConstraint getSigningCertificateRecognitionConstraint(Context context)
      Indicates if signing-certificate has been identified.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if Recognition for a given context element is present in the constraint file, null otherwise.

    • getSigningCertificateAttributePresentConstraint

      LevelConstraint getSigningCertificateAttributePresentConstraint(Context context)
      Indicates if the signing certificate attribute is present
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.

    • getUnicitySigningCertificateAttributeConstraint

      LevelConstraint getUnicitySigningCertificateAttributeConstraint(Context context)
      Indicates if the signing certificate is not ambiguously determines
      Parameters:
      context - Context
      Returns:
      LevelConstraint if UnicitySigningCertificate for a given context element is present in the constraint file, null otherwise.

    • getSigningCertificateDigestValuePresentConstraint

      LevelConstraint getSigningCertificateDigestValuePresentConstraint(Context context)
      Indicates if the signing certificate reference's digest value is present
      Parameters:
      context - Context
      Returns:
      LevelConstraint if DigestValuePresent for a given context element is present in the constraint file, null otherwise.

    • getSigningCertificateDigestValueMatchConstraint

      LevelConstraint getSigningCertificateDigestValueMatchConstraint(Context context)
      Indicates if the signing certificate reference's digest value matches
      Parameters:
      context - Context
      Returns:
      LevelConstraint if DigestValueMatch for a given context element is present in the constraint file, null otherwise.

    • getSigningCertificateIssuerSerialMatchConstraint

      LevelConstraint getSigningCertificateIssuerSerialMatchConstraint(Context context)
      Indicates if the signing certificate reference's issuer serial matches
      Parameters:
      context - Context
      Returns:
      LevelConstraint if IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.

    • getKeyIdentifierPresent

      LevelConstraint getKeyIdentifierPresent(Context context)
      Indicates if the 'kid' (key identifier) header parameter is present within the protected header of the signature
      Parameters:
      context - Context
      Returns:
      LevelConstraint if KeyIdentifierPresent for a given context element is present in the constraint file, null otherwise.

    • getKeyIdentifierMatch

      LevelConstraint getKeyIdentifierMatch(Context context)
      Indicates if the value of 'kid' (key identifier) header parameter matches the signing-certificate used to create the signature
      Parameters:
      context - Context
      Returns:
      LevelConstraint if KeyIdentifierMatch for a given context element is present in the constraint file, null otherwise.

    • getReferenceDataExistenceConstraint

      LevelConstraint getReferenceDataExistenceConstraint(Context context)
      Indicates if the referenced data is found
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.

    • getReferenceDataIntactConstraint

      LevelConstraint getReferenceDataIntactConstraint(Context context)
      Indicates if the referenced data is intact
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.

    • getManifestEntryObjectExistenceConstraint

      LevelConstraint getManifestEntryObjectExistenceConstraint(Context context)
      Indicates if the manifested document is found
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ManifestEntryObjectExistence for a given context element is present in the constraint file, null otherwise.

    • getSignatureIntactConstraint

      LevelConstraint getSignatureIntactConstraint(Context context)
      Indicates if the signature is intact
      Parameters:
      context - Context
      Returns:
      SignatureDataIntact if SignatureIntact for a given context element is present in the constraint file, null otherwise.

    • getSignatureDuplicatedConstraint

      LevelConstraint getSignatureDuplicatedConstraint(Context context)
      Indicates if the signature is not ambiguous
      Parameters:
      context - Context
      Returns:
      SignatureDuplicated if SignatureDuplicated for a given context element is present in the constraint file, null otherwise.

    • getSignerInformationStoreConstraint

      LevelConstraint getSignerInformationStoreConstraint(Context context)
      This constraint checks if only one SignerInfo is present into a SignerInformationStore NOTE: applicable only for PAdES
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SignerInformationStore element for a given context element is present in the constraint file, null otherwise.

    • getByteRangeConstraint

      LevelConstraint getByteRangeConstraint(Context context)
      This constraint checks if ByteRange dictionary is valid NOTE: applicable only for PAdES
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ByteRange element for a given context element is present in the constraint file, null otherwise.

    • getByteRangeCollisionConstraint

      LevelConstraint getByteRangeCollisionConstraint(Context context)
      This constraint checks if ByteRange does not collide with other signature byte ranges NOTE: applicable only for PAdES
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ByteRangeCollision element for a given context element is present in the constraint file, null otherwise.

    • getByteRangeAllDocumentConstraint

      LevelConstraint getByteRangeAllDocumentConstraint(Context context)
      This constraint checks if ByteRange is valid for all signatures and document timestamps within PDF NOTE: applicable only for PAdES
      Parameters:
      context - Context
      Returns:
      LevelConstraint if ByteRangeAllDocument element for a given context element is present in the constraint file, null otherwise.

    • getPdfSignatureDictionaryConstraint

      LevelConstraint getPdfSignatureDictionaryConstraint(Context context)
      This constraint checks if signature dictionary is consistent across PDF revisions. NOTE: applicable only for PAdES
      Parameters:
      context - Context
      Returns:
      LevelConstraint if PdfSignatureDictionary element for a given context element is present in the constraint file, null otherwise.

    • getPdfPageDifferenceConstraint

      LevelConstraint getPdfPageDifferenceConstraint(Context context)
      Indicates if a PDF page difference check should be proceeded. If PdfPageDifference element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if PdfPageDifference element is present in the constraint file, null otherwise.

    • getPdfAnnotationOverlapConstraint

      LevelConstraint getPdfAnnotationOverlapConstraint(Context context)
      Indicates if a PDF annotation overlapping check should be proceeded. If PdfAnnotationOverlap element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if PdfAnnotationOverlap element is present in the constraint file, null otherwise.

    • getPdfVisualDifferenceConstraint

      LevelConstraint getPdfVisualDifferenceConstraint(Context context)
      Indicates if a PDF visual difference check should be proceeded. If PdfVisualDifference element is absent within the constraint file then null is returned.
      Parameters:
      context - Context
      Returns:
      LevelConstraint if PdfVisualDifference element is present in the constraint file, null otherwise.

    • getDocMDPConstraint

      LevelConstraint getDocMDPConstraint(Context context)
      This constraint checks if a document contains changes after a signature, against permission rules identified within a /DocMDP dictionary
      Parameters:
      context - Context
      Returns:
      LevelConstraint if DocMDP element is present in the constraint file, null otherwise.

    • getFieldMDPConstraint

      LevelConstraint getFieldMDPConstraint(Context context)
      This constraint checks if a document contains changes after a signature, against permission rules identified within a /FieldMDP dictionary
      Parameters:
      context - Context
      Returns:
      LevelConstraint if FieldMDP element is present in the constraint file, null otherwise.

    • getSigFieldLockConstraint

      LevelConstraint getSigFieldLockConstraint(Context context)
      This constraint checks if a document contains changes after a signature, against permission rules identified within a /SigFieldLock dictionary
      Parameters:
      context - Context
      Returns:
      LevelConstraint if SigFieldLock element is present in the constraint file, null otherwise.

    • getUndefinedChangesConstraint

      LevelConstraint getUndefinedChangesConstraint(Context context)
      This constraint checks whether a PDF document contains undefined object modifications after the current signature's revisions
      Parameters:
      context - Context
      Returns:
      LevelConstraint if UndefinedChanges element is present in the constraint file, null otherwise.

    • getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraint

      LevelConstraint getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraint()
      This constraint checks if the certificate is not expired on best-signature-time
      Returns:
      LevelConstraint if BestSignatureTimeBeforeExpirationDateOfSigningCertificate element is present in the constraint file, null otherwise.

    • getTimestampCoherenceConstraint

      LevelConstraint getTimestampCoherenceConstraint()
      This constraint checks if the timestamp order is coherent
      Returns:
      LevelConstraint if TimestampCoherence element is present in the constraint file, null otherwise.

    • getTimestampDelayConstraint

      TimeConstraint getTimestampDelayConstraint()
      Returns TimestampDelay constraint if present in the policy, null otherwise
      Returns:
      TimeConstraint if TimestampDelay element is present in the constraint file, null otherwise.

    • getTimestampTSAGeneralNamePresent

      LevelConstraint getTimestampTSAGeneralNamePresent()
      Indicates if the timestamp's TSTInfo.tsa field is present
      Returns:
      LevelConstraint if TSAGeneralNamePresent for a given context element is present in the constraint file, null otherwise.

    • getTimestampTSAGeneralNameContentMatch

      LevelConstraint getTimestampTSAGeneralNameContentMatch()
      Indicates if the timestamp's TSTInfo.tsa field's value matches the timestamp's issuer distinguishing name when present
      Returns:
      LevelConstraint if TSAGeneralNameContentMatch for a given context element is present in the constraint file, null otherwise.

    • getTimestampTSAGeneralNameOrderMatch

      LevelConstraint getTimestampTSAGeneralNameOrderMatch()
      Indicates if the timestamp's TSTInfo.tsa field's value and order match the timestamp's issuer distinguishing name when present
      Returns:
      LevelConstraint if TSAGeneralNameOrderMatch for a given context element is present in the constraint file, null otherwise.

    • getRevocationTimeAgainstBestSignatureTimeConstraint

      LevelConstraint getRevocationTimeAgainstBestSignatureTimeConstraint()
      Returns RevocationTimeAgainstBestSignatureTime constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if RevocationTimeAgainstBestSignatureTime element is present in the constraint file, null otherwise.

    • getCounterSignatureConstraint

      LevelConstraint getCounterSignatureConstraint(Context context)
      Returns CounterSignature constraint if present in the policy, null otherwise
      Parameters:
      context - ContextDiagnosticDataFacade
      Returns:
      LevelConstraint if CounterSignature element is present in the constraint file, null otherwise.

    • getSignatureFormatConstraint

      MultiValuesConstraint getSignatureFormatConstraint(Context context)
      Returns SignatureFormat constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      Returns:
      MultiValuesConstraint if SignatureFormat element is present in the constraint file, null otherwise.

    • getCertificateCountryConstraint

      MultiValuesConstraint getCertificateCountryConstraint(Context context, SubContext subContext)
      Returns CertificateCountry constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateCountry element is present in the constraint file, null otherwise.

    • getCertificateOrganizationNameConstraint

      MultiValuesConstraint getCertificateOrganizationNameConstraint(Context context, SubContext subContext)
      Returns CertificateOrganizationName constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateOrganizationName element is present in the constraint file, null otherwise.

    • getCertificateOrganizationUnitConstraint

      MultiValuesConstraint getCertificateOrganizationUnitConstraint(Context context, SubContext subContext)
      Returns CertificateOrganizationUnit constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateOrganizationUnit element is present in the constraint file, null otherwise.

    • getCertificateSurnameConstraint

      MultiValuesConstraint getCertificateSurnameConstraint(Context context, SubContext subContext)
      Returns CertificateSurname constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateSurname element is present in the constraint file, null otherwise.

    • getCertificateGivenNameConstraint

      MultiValuesConstraint getCertificateGivenNameConstraint(Context context, SubContext subContext)
      Returns CertificateGivenName constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateGivenName element is present in the constraint file, null otherwise.

    • getCertificateCommonNameConstraint

      MultiValuesConstraint getCertificateCommonNameConstraint(Context context, SubContext subContext)
      Returns CertificateCommonName constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificateCommonName element is present in the constraint file, null otherwise.

    • getCertificatePseudonymConstraint

      MultiValuesConstraint getCertificatePseudonymConstraint(Context context, SubContext subContext)
      Returns CertificatePseudonym constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      MultiValuesConstraint if CertificatePseudonym element is present in the constraint file, null otherwise.

    • getCertificatePseudoUsageConstraint

      LevelConstraint getCertificatePseudoUsageConstraint(Context context, SubContext subContext)
      Returns CertificatePseudoUsage constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CertificatePseudoUsage element is present in the constraint file, null otherwise.

    • getCertificateSerialNumberConstraint

      LevelConstraint getCertificateSerialNumberConstraint(Context context, SubContext subContext)
      Returns CertificateSerialNumber constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CertificateSerialNumber element is present in the constraint file, null otherwise.

    • getCertificateAuthorityInfoAccessPresentConstraint

      LevelConstraint getCertificateAuthorityInfoAccessPresentConstraint(Context context, SubContext subContext)
      Returns CertificateAuthorityInfoAccessPresent constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CertificateAuthorityInfoAccessPresent element is present in the constraint file, null otherwise.

    • getCertificateRevocationInfoAccessPresentConstraint

      LevelConstraint getCertificateRevocationInfoAccessPresentConstraint(Context context, SubContext subContext)
      Returns CertificateRevocationInfoAccessPresent constraint if present in the policy, null otherwise
      Parameters:
      context - Context
      subContext - SubContext
      Returns:
      LevelConstraint if CertificateRevocationInfoAccessPresent element is present in the constraint file, null otherwise.

    • getAcceptedContainerTypesConstraint

      MultiValuesConstraint getAcceptedContainerTypesConstraint()
      Returns AcceptedContainerTypes constraint if present in the policy, null otherwise
      Returns:
      MultiValuesConstraint if AcceptedContainerTypes element is present in the constraint file, null otherwise.

    • getZipCommentPresentConstraint

      LevelConstraint getZipCommentPresentConstraint()
      Returns ZipCommentPresent constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if ZipCommentPresent element is present in the constraint file, null otherwise.

    • getAcceptedZipCommentsConstraint

      MultiValuesConstraint getAcceptedZipCommentsConstraint()
      Returns AcceptedZipComments constraint if present in the policy, null otherwise
      Returns:
      MultiValuesConstraint if AcceptedZipComments element is present in the constraint file, null otherwise.

    • getMimeTypeFilePresentConstraint

      LevelConstraint getMimeTypeFilePresentConstraint()
      Returns MimeTypeFilePresent constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if MimeTypeFilePresent element is present in the constraint file, null otherwise.

    • getAcceptedMimeTypeContentsConstraint

      MultiValuesConstraint getAcceptedMimeTypeContentsConstraint()
      Returns AcceptedMimeTypeContents constraint if present in the policy, null otherwise
      Returns:
      MultiValuesConstraint if AcceptedMimeTypeContents element is present in the constraint file, null otherwise.

    • getManifestFilePresentConstraint

      LevelConstraint getManifestFilePresentConstraint()
      Returns ManifestFilePresent constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if ManifestFilePresent element is present in the constraint file, null otherwise.

    • getSignedFilesPresentConstraint

      LevelConstraint getSignedFilesPresentConstraint()
      Returns SignedFilesPresent constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if SignedFilesPresent element is present in the constraint file, null otherwise.

    • getAllFilesSignedConstraint

      LevelConstraint getAllFilesSignedConstraint()
      Returns AllFilesSigned constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if AllFilesSigned element is present in the constraint file, null otherwise.

    • getFullScopeConstraint

      LevelConstraint getFullScopeConstraint()
      Returns FullScope constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if FullScope element is present in the constraint file, null otherwise.

    • getAcceptablePDFAProfilesConstraint

      MultiValuesConstraint getAcceptablePDFAProfilesConstraint()
      Returns AcceptablePDFAProfiles constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if AcceptablePDFAProfiles element is present in the constraint file, null otherwise.

    • getPDFACompliantConstraint

      LevelConstraint getPDFACompliantConstraint()
      Returns PDFACompliant constraint if present in the policy, null otherwise
      Returns:
      LevelConstraint if PDFACompliant element is present in the constraint file, null otherwise.

    • isEIDASConstraintPresent

      boolean isEIDASConstraintPresent()
      Returns if EIDAS constraints present (qualification check shall be performed)
      Returns:
      TRUE if EIDAS constraint present, FALSE otherwise

    • getTLFreshnessConstraint

      TimeConstraint getTLFreshnessConstraint()
      Returns TLFreshness constraint if present in the policy, null otherwise
      Returns:
      TimeConstraint if TLFreshness element is present in the constraint file, null otherwise.

    • getTLWellSignedConstraint

      LevelConstraint getTLWellSignedConstraint()
      Returns TLWellSigned constraint if present in the policy, null otherwise
      Returns:
      TimeConstraint if TLWellSigned element is present in the constraint file, null otherwise.

    • getTLNotExpiredConstraint

      LevelConstraint getTLNotExpiredConstraint()
      Returns TLNotExpired constraint if present in the policy, null otherwise
      Returns:
      TimeConstraint if TLNotExpired element is present in the constraint file, null otherwise.

    • getTLVersionConstraint

      ValueConstraint getTLVersionConstraint()
      Returns TLVersion constraint if present in the policy, null otherwise
      Returns:
      ValueConstraint if TLVersion element is present in the constraint file, null otherwise.

    • getValidationModel

      Model getValidationModel()
      Returns the used validation model (default is SHELL). Alternatives are CHAIN and HYBRID
      Returns:
      the validation model to be used

    • getSignatureConstraints

      SignatureConstraints getSignatureConstraints()
      Returns the constraint used for Signature validation
      Returns:
      SignatureConstraints

    • getCounterSignatureConstraints

      SignatureConstraints getCounterSignatureConstraints()
      Returns the constraint used for Counter Signature validation
      Returns:
      SignatureConstraints

    • getTimestampConstraints

      TimestampConstraints getTimestampConstraints()
      Returns the constraint used for Timestamp validation
      Returns:
      TimestampConstraints

    • getRevocationConstraints

      RevocationConstraints getRevocationConstraints()
      Returns the constraint used for Revocation validation
      Returns:
      RevocationConstraints

    • getContainerConstraints

      ContainerConstraints getContainerConstraints()
      Returns the constraint used for ASiC Container validation
      Returns:
      ContainerConstraints

    • getPDFAConstraints

      PDFAConstraints getPDFAConstraints()
      Returns the constraint used for ASiC Container validation
      Returns:
      ContainerConstraints

    • getEIDASConstraints

      EIDAS getEIDASConstraints()
      Returns the constraint used for qualification validation
      Returns:
      EIDAS

    • getCryptographic

      CryptographicConstraint getCryptographic()
      Returns the common constraint used for cryptographic validation
      Returns:
      CryptographicConstraint