Package eu.europa.esig.dss.validation

Interface ValidationContext

All Known Implementing Classes:
SignatureValidationContext
public interface ValidationContext
This interface allows the implementation of the validators for: certificates, timestamps and revocation data.

  • Method Details

    • initialize

      void initialize(CertificateVerifier certificateVerifier)
      This method initializes the ValidationContext by retrieving the relevant data from certificateVerifier
      Parameters:
      certificateVerifier - CertificateVerifier

    • setCurrentTime

      void setCurrentTime(Date currentTime)
      This function sets the validation time.
      Parameters:
      currentTime - the current Date

    • getCurrentTime

      Date getCurrentTime()
      Gets the current validation time.
      Returns:
      Date

    • addSignatureForVerification

      void addSignatureForVerification(AdvancedSignature signature)
      Adds a new signature to collect the information to verify.
      Parameters:
      signature - AdvancedSignature to extract data to be verified

    • addRevocationTokenForVerification

      void addRevocationTokenForVerification(RevocationToken<?> revocationToken)
      Adds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.
      Parameters:
      revocationToken - an instance of RevocationToken revocation tokens to verify

    • addCertificateTokenForVerification

      void addCertificateTokenForVerification(CertificateToken certificateToken)
      Adds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.
      Parameters:
      certificateToken - CertificateToken certificate token to verify

    • addTimestampTokenForVerification

      void addTimestampTokenForVerification(TimestampToken timestampToken)
      Adds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.
      Parameters:
      timestampToken - TimestampToken timestamp token to verify

    • addDocumentCertificateSource

      void addDocumentCertificateSource(CertificateSource certificateSource)
      Adds an extracted certificate source to the used list of sources
      Parameters:
      certificateSource - CertificateSource

    • addDocumentCertificateSource

      void addDocumentCertificateSource(ListCertificateSource listCertificateSource)
      Adds a list certificate source to the used list of sources
      Parameters:
      listCertificateSource - ListCertificateSource

    • addDocumentCRLSource

      void addDocumentCRLSource(OfflineRevocationSource<CRL> crlSource)
      Adds an extracted CRL source to the used list of sources
      Parameters:
      crlSource - OfflineRevocationSource for CRL

    • addDocumentCRLSource

      void addDocumentCRLSource(ListRevocationSource<CRL> crlSource)
      Adds a list CRL source to the used list of sources
      Parameters:
      crlSource - ListRevocationSource for CRL

    • addDocumentOCSPSource

      void addDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource)
      Adds an extracted OCSP source to the used list of sources
      Parameters:
      ocspSource - OfflineRevocationSource for OCSP

    • addDocumentOCSPSource

      void addDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource)
      Adds a listd OCSP source to the used list of sources
      Parameters:
      ocspSource - ListRevocationSource for OCSP

    • validate

      void validate()
      Carries out the validation process in recursive manner for not yet checked tokens.

    • checkAllRequiredRevocationDataPresent

      boolean checkAllRequiredRevocationDataPresent()
      This method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handled CertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)
      Returns:
      true if all needed revocation data are present

    • checkAllPOECoveredByRevocationData

      boolean checkAllPOECoveredByRevocationData()
      This method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handled CertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)
      Returns:
      true if all timestamps are covered by a usable revocation data

    • checkAllTimestampsValid

      boolean checkAllTimestampsValid()
      This method allows to verify if all processed timestamps are valid and intact. Additionally, an alert can be handled CertificateVerifier.setAlertOnInvalidTimestamp(eu.europa.esig.dss.alert.StatusAlert)
      Returns:
      true if all timestamps are valid

    • checkAllCertificatesValid

      @Deprecated boolean checkAllCertificatesValid()
      Deprecated.
      since DSS 5.12. Use #checkCertificateNotRevoked(CertificateToken certificateToken) or #checkCertificatesNotRevoked(AdvancedSignature signature) depending on validation context
      This method allows to verify if all processed certificates are not revoked Additionally, an alert can be handled CertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)
      Returns:
      true if all certificates are valid

    • checkCertificateNotRevoked

      boolean checkCertificateNotRevoked(CertificateToken certificateToken)
      This method allows to verify if the certificate is not revoked Additionally, an alert can be handled CertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)
      Parameters:
      certificateToken - CertificateToken certificate to be checked
      Returns:
      true if all certificates are valid

    • checkCertificatesNotRevoked

      boolean checkCertificatesNotRevoked(AdvancedSignature signature)
      This method allows to verify if signature certificates are not revoked Additionally, an alert can be handled CertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)
      Parameters:
      signature - AdvancedSignature signature to be checked
      Returns:
      true if all certificates are valid

    • checkAtLeastOneRevocationDataPresentAfterBestSignatureTime

      boolean checkAtLeastOneRevocationDataPresentAfterBestSignatureTime(AdvancedSignature signature)
      This method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handled CertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)
      Parameters:
      signature - AdvancedSignature signature to be checked
      Returns:
      true if the signing certificate is covered with a updated revocation data (after signature-timestamp production time)

    • checkSignatureNotExpired

      boolean checkSignatureNotExpired(AdvancedSignature signature)
      This method verifies if the signing certificate has not been expired yet or has a still valid timestamp Additionally, an alert can be handled CertificateVerifier.setAlertOnExpiredSignature(eu.europa.esig.dss.alert.StatusAlert)
      Parameters:
      signature - AdvancedSignature signature to be verified
      Returns:
      true if the signing certificate or its POE(s) not yet expired, false otherwise

    • getProcessedCertificates

      Set<CertificateToken> getProcessedCertificates()
      Returns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...
      Returns:
      The list of CertificateToken(s)

    • getProcessedRevocations

      Set<RevocationToken> getProcessedRevocations()
      Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.
      Returns:
      The list of RevocationToken(s)

    • getProcessedTimestamps

      Set<TimestampToken> getProcessedTimestamps()
      Returns a read only list of all timestamps processed during the validation of all signatures from the given document.
      Returns:
      The list of TimestampTokens(s)

    • getAllCertificateSources

      ListCertificateSource getAllCertificateSources()
      Returns a list of all CertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).
      Returns:
      ListCertificateSource

    • getDocumentCertificateSource

      ListCertificateSource getDocumentCertificateSource()
      Returns a list of all CertificateSources extracted from a validating document (signature(s), timestamp(s))
      Returns:
      ListCertificateSource

    • getDocumentCRLSource

      ListRevocationSource<CRL> getDocumentCRLSource()
      Returns a list of all CRL OfflineRevocationSources extracted from a validating document
      Returns:
      ListRevocationSource

    • getDocumentOCSPSource

      ListRevocationSource<OCSP> getDocumentOCSPSource()
      Returns a list of all OCSP OfflineRevocationSources extracted from a validating document
      Returns:
      ListRevocationSource

    • getValidationData

      ValidationData getValidationData(AdvancedSignature signature)
      Returns a validation data for the given signature's certificate chain
      Parameters:
      signature - AdvancedSignature to extract validation data for
      Returns:
      ValidationData

    • getValidationData

      ValidationData getValidationData(TimestampToken timestampToken)
      Returns a validation data for the given timestampToken's certificate chain
      Parameters:
      timestampToken - TimestampToken to extract validation data for
      Returns:
      ValidationData