Package eu.europa.esig.dss.validation
Class SignatureValidationContext
java.lang.Object
eu.europa.esig.dss.validation.SignatureValidationContext
- All Implemented Interfaces:
ValidationContext
During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP
Response. The SignatureValidationContext is a "cache" for
one validation request that contains every object retrieved so far.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected DateThis is the time at what the validation is carried out. -
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor instantiating object with null or empty values and current time -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertificateTokenForVerification(CertificateToken certificateToken) Adds a new certificate token to the list of tokens to verify.voidaddDocumentCertificateSource(CertificateSource certificateSource) Adds an extracted certificate source to the used list of sourcesvoidaddDocumentCertificateSource(ListCertificateSource listCertificateSource) Adds a list certificate source to the used list of sourcesvoidaddDocumentCRLSource(OfflineRevocationSource<CRL> crlSource) Adds an extracted CRL source to the used list of sourcesvoidaddDocumentCRLSource(ListRevocationSource<CRL> crlSource) Adds a list CRL source to the used list of sourcesvoidaddDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource) Adds an extracted OCSP source to the used list of sourcesvoidaddDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource) Adds a listd OCSP source to the used list of sourcesvoidaddRevocationTokenForVerification(RevocationToken<?> revocationToken) Adds a new revocation token to the list of tokens to verify.voidaddSignatureForVerification(AdvancedSignature signature) Adds a new signature to collect the information to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken) Adds a new timestamp token to the list of tokens to verify.booleanDeprecated.booleanThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed timestamps are valid and intact.booleanThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)booleancheckCertificateNotRevoked(CertificateToken certificateToken) This method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)booleancheckCertificatesNotRevoked(AdvancedSignature signature) This method allows to verify if signature certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)booleancheckSignatureNotExpired(AdvancedSignature signature) This method verifies if the signing certificate has not been expired yet or has a still valid timestamp Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredSignature(eu.europa.esig.dss.alert.StatusAlert)Returns a list of allCertificateSources used during the validation process.Gets the current validation time.Returns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))Returns a list of all CRLOfflineRevocationSources extracted from a validating documentReturns a list of all OCSPOfflineRevocationSources extracted from a validating documentReturns a read only list of all certificates used in the process of the validation of all signatures from the given document.Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Returns a read only list of all timestamps processed during the validation of all signatures from the given document.getValidationData(AdvancedSignature signature) Returns a validation data for the given signature's certificate chaingetValidationData(TimestampToken timestampToken) Returns a validation data for the given timestampToken's certificate chainvoidinitialize(CertificateVerifier certificateVerifier) This method initializes theValidationContextby retrieving the relevant data fromcertificateVerifierprotected booleanisTimestampValid(TimestampToken timestampToken) This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objectsvoidsetCurrentTime(Date currentTime) This function sets the validation time.voidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
Field Details
-
currentTime
This is the time at what the validation is carried out. It is used only for test purpose.
-
-
Constructor Details
-
SignatureValidationContext
public SignatureValidationContext()Default constructor instantiating object with null or empty values and current time
-
-
Method Details
-
initialize
Description copied from interface:ValidationContextThis method initializes theValidationContextby retrieving the relevant data fromcertificateVerifier- Specified by:
initializein interfaceValidationContext- Parameters:
certificateVerifier- The certificate verifier (eg: using the TSL as list of trusted certificates).
-
addSignatureForVerification
Description copied from interface:ValidationContextAdds a new signature to collect the information to verify.- Specified by:
addSignatureForVerificationin interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract data to be verified
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds an extracted certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
certificateSource-CertificateSource
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds a list certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
listCertificateSource-ListCertificateSource
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds an extracted CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-OfflineRevocationSourcefor CRL
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds a list CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-ListRevocationSourcefor CRL
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds an extracted OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-OfflineRevocationSourcefor OCSP
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds a listd OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-ListRevocationSourcefor OCSP
-
getCurrentTime
Description copied from interface:ValidationContextGets the current validation time.- Specified by:
getCurrentTimein interfaceValidationContext- Returns:
Date
-
setCurrentTime
Description copied from interface:ValidationContextThis function sets the validation time.- Specified by:
setCurrentTimein interfaceValidationContext- Parameters:
currentTime- the currentDate
-
getAllCertificateSources
Description copied from interface:ValidationContextReturns a list of allCertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).- Specified by:
getAllCertificateSourcesin interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCertificateSource
Description copied from interface:ValidationContextReturns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))- Specified by:
getDocumentCertificateSourcein interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCRLSource
Description copied from interface:ValidationContextReturns a list of all CRLOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentCRLSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
getDocumentOCSPSource
Description copied from interface:ValidationContextReturns a list of all OCSPOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentOCSPSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
addRevocationTokenForVerification
Description copied from interface:ValidationContextAdds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Specified by:
addRevocationTokenForVerificationin interfaceValidationContext- Parameters:
revocationToken- an instance ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
Description copied from interface:ValidationContextAdds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Specified by:
addCertificateTokenForVerificationin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
Description copied from interface:ValidationContextAdds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Specified by:
addTimestampTokenForVerificationin interfaceValidationContext- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
isTimestampValid
This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objects- Parameters:
timestampToken-TimestampTokento be checked- Returns:
- TRUE if the timestamp is valid, FALSE otherwise
-
validate
public void validate()Description copied from interface:ValidationContextCarries out the validation process in recursive manner for not yet checked tokens.- Specified by:
validatein interfaceValidationContext
-
checkAllRequiredRevocationDataPresent
public boolean checkAllRequiredRevocationDataPresent()Description copied from interface:ValidationContextThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllRequiredRevocationDataPresentin interfaceValidationContext- Returns:
- true if all needed revocation data are present
-
checkAllPOECoveredByRevocationData
public boolean checkAllPOECoveredByRevocationData()Description copied from interface:ValidationContextThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllPOECoveredByRevocationDatain interfaceValidationContext- Returns:
- true if all timestamps are covered by a usable revocation data
-
checkAllTimestampsValid
public boolean checkAllTimestampsValid()Description copied from interface:ValidationContextThis method allows to verify if all processed timestamps are valid and intact. Additionally, an alert can be handledCertificateVerifier.setAlertOnInvalidTimestamp(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllTimestampsValidin interfaceValidationContext- Returns:
- true if all timestamps are valid
-
checkAllCertificatesValid
Deprecated.Description copied from interface:ValidationContextThis method allows to verify if all processed certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllCertificatesValidin interfaceValidationContext- Returns:
- true if all certificates are valid
-
checkCertificateNotRevoked
Description copied from interface:ValidationContextThis method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkCertificateNotRevokedin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate to be checked- Returns:
- true if all certificates are valid
-
checkCertificatesNotRevoked
Description copied from interface:ValidationContextThis method allows to verify if signature certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkCertificatesNotRevokedin interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if all certificates are valid
-
checkAtLeastOneRevocationDataPresentAfterBestSignatureTime
public boolean checkAtLeastOneRevocationDataPresentAfterBestSignatureTime(AdvancedSignature signature) Description copied from interface:ValidationContextThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAtLeastOneRevocationDataPresentAfterBestSignatureTimein interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if the signing certificate is covered with a updated revocation data (after signature-timestamp production time)
-
checkSignatureNotExpired
Description copied from interface:ValidationContextThis method verifies if the signing certificate has not been expired yet or has a still valid timestamp Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredSignature(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkSignatureNotExpiredin interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be verified- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
getProcessedCertificates
Description copied from interface:ValidationContextReturns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Specified by:
getProcessedCertificatesin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
getProcessedRevocations
Description copied from interface:ValidationContextReturns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Specified by:
getProcessedRevocationsin interfaceValidationContext- Returns:
- The list of RevocationToken(s)
-
getProcessedTimestamps
Description copied from interface:ValidationContextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.- Specified by:
getProcessedTimestampsin interfaceValidationContext- Returns:
- The list of TimestampTokens(s)
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given signature's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract validation data for- Returns:
ValidationData
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given timestampToken's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
timestampToken-TimestampTokento extract validation data for- Returns:
ValidationData
-