Package eu.europa.esig.dss.spi.validation

Class CommonCertificateVerifier

java.lang.Object

eu.europa.esig.dss.spi.validation.CommonCertificateVerifier

All Implemented Interfaces:

CertificateVerifier

public class CommonCertificateVerifier
extends Object
implements CertificateVerifier

This class provides the different sources used to verify the status of a certificate using the trust model. There are four different types of sources to be defined:
- Trusted certificates source;
- Adjunct certificates source (not trusted);
- OCSP source;
- CRL source;
- AIA source to give access to the certificates through AIA.

Constructor Summary

Constructors

Constructor	Description
CommonCertificateVerifier()	The default constructor.
CommonCertificateVerifier(boolean simpleCreationOnly)	This constructor allows creating of CommonCertificateVerifier without DataLoader.

Method Summary

Modifier and Type	Method	Description
void	addAdjunctCertSources(CertificateSource... certSources)	Adds adjunct certificate sources to an existing list of adjunct certificate sources
void	addTrustedCertSources(CertificateSource... certSources)	Adds trusted certificate sources to an existing list of trusted certificate sources
ListCertificateSource	getAdjunctCertSources()	Returns the list of adjunct certificate sources assigned to this verifier.
AIASource	getAIASource()	Gets the AIASource used to load a eu.europa.esig.dss.model.x509.CertificateToken's issuer by defined AIA URI(s) within the token
StatusAlert	getAlertOnExpiredCertificate()	This method returns the defined behavior on signature creation or augmentation with an expired signing-certificate (notAfter is before the current time).
StatusAlert	getAlertOnExpiredSignature()	Deprecated.
StatusAlert	getAlertOnInvalidSignature()	This method returns the defined execution behaviour on invalid signature.
StatusAlert	getAlertOnInvalidTimestamp()	This method returns the defined execution behaviour on invalid timestamp.
StatusAlert	getAlertOnMissingRevocationData()	This method returns the defined execution behaviour on missing revocation data.
StatusAlert	getAlertOnNoRevocationAfterBestSignatureTime()	This method returns the defined execution behaviour if no revocation data obtained with an issuance time after the bestSignatureTime
StatusAlert	getAlertOnNotYetValidCertificate()	This method returns the defined behavior on signature creation with a not yet valid signing-certificate
StatusAlert	getAlertOnRevokedCertificate()	This method returns the defined execution behaviour on revoked certificate.
StatusAlert	getAlertOnUncoveredPOE()	This method returns the defined execution behaviour on uncovered POE (timestamp).
StatusAlert	getAugmentationAlertOnHigherSignatureLevel()	This method returns the defined augmentation behaviour for a signature of a higher level or a document containing a such signature.
StatusAlert	getAugmentationAlertOnSelfSignedCertificateChains()	This method returns the defined augmentation behaviour for a signature containing only self-signed certificate chains.
StatusAlert	getAugmentationAlertOnSignatureWithoutCertificates()	This method returns the defined augmentation behaviour for a signature without certificates.
RevocationSource<CRL>	getCrlSource()	Returns the CRL source associated with this verifier.
DigestAlgorithm	getDefaultDigestAlgorithm()	Deprecated.
RevocationSource<OCSP>	getOcspSource()	Returns the OCSP source associated with this verifier.
RevocationDataLoadingStrategyFactory	getRevocationDataLoadingStrategyFactory()	Returns a factory used to create revocation data loading strategy associated with this verifier.
RevocationDataVerifier	getRevocationDataVerifier()	Returns a RevocationDataVerifier associated with this verifier.
TimestampTokenVerifier	getTimestampTokenVerifier()	Returns a TimestampTokenVerifier associated with this verifier.
ListCertificateSource	getTrustedCertSources()	Returns the trusted certificate sources associated with this verifier.
boolean	isCheckRevocationForUntrustedChains()	This method returns true if revocation check is enabled for untrusted certificate chains.
boolean	isExtractPOEFromUntrustedChains()	Deprecated.
boolean	isRevocationFallback()	Returns whether revocation data still shall be returned if validation of requested revocation data failed (i.e. both for OCSP and CRL).
void	setAdjunctCertSources(CertificateSource... certSources)	Sets multiple adjunct certificate sources.
void	setAdjunctCertSources(ListCertificateSource adjunctListCertificateSource)	Sets a list of adjunct certificate sources
void	setAIASource(AIASource aiaSource)	Sets the AIASource used to load a eu.europa.esig.dss.model.x509.CertificateToken's issuer by defined AIA URI(s) within the token
void	setAlertOnExpiredCertificate(StatusAlert alertOnExpiredCertificate)	This method allows to change a behavior on signature creation or augmentation with an expired signing-certificate (notAfter is before the current time).
void	setAlertOnExpiredSignature(StatusAlert alertOnExpiredSignature)	Deprecated.
void	setAlertOnInvalidSignature(StatusAlert alertOnInvalidSignature)	This method allows to change the behavior on invalid signature (T/LT/LTA augmentation).
void	setAlertOnInvalidTimestamp(StatusAlert alertOnInvalidTimestamp)	This method allows to change the behavior on invalid timestamp (LT/LTA augmentation).
void	setAlertOnMissingRevocationData(StatusAlert alertOnMissingRevocationData)	This method allows to change the behavior on missing revocation data (LT/LTA augmentation).
void	setAlertOnNoRevocationAfterBestSignatureTime(StatusAlert alertOnNoRevocationAfterBestSignatureTime)	This method allows to change the behavior on revocation data issued after a control time.
void	setAlertOnNotYetValidCertificate(StatusAlert alertOnNotYetValidCertificate)	This method allows to change a behavior on signature creation with a not yet valid signing-certificate (notBefore is after the current time) Default : ExceptionOnStatusAlert - throw an exception.
void	setAlertOnRevokedCertificate(StatusAlert alertOnRevokedCertificate)	This method allows to change the behavior on revoked certificates (LT/LTA augmentation).
void	setAlertOnUncoveredPOE(StatusAlert alertOnUncoveredPOE)	This method allows to change the behavior on uncovered POE (timestamp).
void	setAugmentationAlertOnHigherSignatureLevel(StatusAlert augmentationAlertOnHigherSignatureLevel)	This method allows to change the augmentation behaviour for a signature of a higher level or a document containing a such signature.
void	setAugmentationAlertOnSelfSignedCertificateChains(StatusAlert augmentationAlertOnSelfSignedCertificateChains)	This method allows to change the augmentation behaviour for a signature containing only self-signed certificate chains.
void	setAugmentationAlertOnSignatureWithoutCertificates(StatusAlert augmentationAlertOnSignatureWithoutCertificates)	This method allows to change the augmentation behaviour for a signature without certificates.
void	setCheckRevocationForUntrustedChains(boolean checkRevocationForUntrustedChains)	This method allows enabling of revocation checking for untrusted certificate chains.
void	setCrlSource(RevocationSource<CRL> crlSource)	Defines the source of CRL used by this class
void	setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)	Deprecated.
void	setExtractPOEFromUntrustedChains(boolean extractPOEFromUntrustedChains)	Deprecated.
void	setOcspSource(RevocationSource<OCSP> ocspSource)	Defines the source of OCSP used by this class
void	setRevocationDataLoadingStrategyFactory(RevocationDataLoadingStrategyFactory revocationDataLoadingStrategyFactory)	Creates a strategy used to fetch OCSP or CRL for certificate validation.
void	setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier)	Sets RevocationDataVerifier used to validate acceptance of the retrieved (from offline or online sources) revocation data.
void	setRevocationFallback(boolean revocationFallback)	Sets whether a revocation data still have to be returned to the validation process, in case validation of obtained revocation data has failed (i.e. both for OCSP and CRL).
void	setTimestampTokenVerifier(TimestampTokenVerifier timestampTokenVerifier)	Sets TimestampTokenVerifier used to validate acceptance of the timestamp tokens encapsulated within the signature.
void	setTrustedCertSources(CertificateSource... certSources)	Sets multiple trusted certificate sources.
void	setTrustedCertSources(ListCertificateSource trustedListCertificateSource)	Sets a list of trusted certificate sources

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CommonCertificateVerifier

public CommonCertificateVerifier()

The default constructor. The DataLoader is created to allow the retrieval of certificates through AIA.

CommonCertificateVerifier

public CommonCertificateVerifier(boolean simpleCreationOnly)

This constructor allows creating of CommonCertificateVerifier without DataLoader. It means that only a -B profile signature can be created.

Parameters:

simpleCreationOnly - if true the CommonCertificateVerifier will not contain AIASource.

Method Details

getCrlSource

public RevocationSource<CRL> getCrlSource()

Description copied from interface: CertificateVerifier

Returns the CRL source associated with this verifier.

Specified by:

getCrlSource in interface CertificateVerifier

Returns:

the used CRL source for external access (web, filesystem, cached,...)

setCrlSource

public void setCrlSource(RevocationSource<CRL> crlSource)

Description copied from interface: CertificateVerifier

Defines the source of CRL used by this class

Specified by:

setCrlSource in interface CertificateVerifier

Parameters:

crlSource - the CRL source to set for external access (web, filesystem, cached,...)

getOcspSource

public RevocationSource<OCSP> getOcspSource()

Description copied from interface: CertificateVerifier

Returns the OCSP source associated with this verifier.

Specified by:

getOcspSource in interface CertificateVerifier

Returns:

the used OCSP source for external access (web, filesystem, cached,...)

setOcspSource

public void setOcspSource(RevocationSource<OCSP> ocspSource)

Description copied from interface: CertificateVerifier

Defines the source of OCSP used by this class

Specified by:

setOcspSource in interface CertificateVerifier

Parameters:

ocspSource - the OCSP source to set for external access (web, filesystem, cached,...)

getRevocationDataLoadingStrategyFactory

public RevocationDataLoadingStrategyFactory getRevocationDataLoadingStrategyFactory()

Description copied from interface: CertificateVerifier

Returns a factory used to create revocation data loading strategy associated with this verifier.

Specified by:

getRevocationDataLoadingStrategyFactory in interface CertificateVerifier

Returns:

creates the defined strategy to fetch OCSP or CRL for certificate validation

setRevocationDataLoadingStrategyFactory

public void setRevocationDataLoadingStrategyFactory(RevocationDataLoadingStrategyFactory revocationDataLoadingStrategyFactory)

Description copied from interface: CertificateVerifier

Creates a strategy used to fetch OCSP or CRL for certificate validation. Default: OCSPFirstRevocationDataLoadingStrategyFactory used to create a strategy to extract OCSP token first and CRL after

Specified by:

setRevocationDataLoadingStrategyFactory in interface CertificateVerifier

Parameters:

revocationDataLoadingStrategyFactory - RevocationDataLoadingStrategyFactory

getRevocationDataVerifier

public RevocationDataVerifier getRevocationDataVerifier()

Description copied from interface: CertificateVerifier

Returns a RevocationDataVerifier associated with this verifier.

Specified by:

getRevocationDataVerifier in interface CertificateVerifier

Returns:

RevocationDataVerifier

setRevocationDataVerifier

public void setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier)

Description copied from interface: CertificateVerifier

Sets RevocationDataVerifier used to validate acceptance of the retrieved (from offline or online sources) revocation data. This class is used to verify revocation data extracted from the validating document itself, as well the revocation data retrieved from remote sources during the validation process.

NOTE: It is not recommended to use the same instance of RevocationDataVerifier within different CertificateVerifiers, as it may lead to concurrency issues during the execution in multi-threaded environments. Please use a new RevocationDataVerifier per each CertificateVerifier.

Specified by:

setRevocationDataVerifier in interface CertificateVerifier

Parameters:

revocationDataVerifier - RevocationDataVerifier

isRevocationFallback

public boolean isRevocationFallback()

Description copied from interface: CertificateVerifier

Returns whether revocation data still shall be returned if validation of requested revocation data failed (i.e. both for OCSP and CRL).

Specified by:

isRevocationFallback in interface CertificateVerifier

Returns:

revocation fallback

setRevocationFallback

public void setRevocationFallback(boolean revocationFallback)

Description copied from interface: CertificateVerifier

Sets whether a revocation data still have to be returned to the validation process, in case validation of obtained revocation data has failed (i.e. both for OCSP and CRL). Default: FALSE (invalid revocation data not returned)

NOTE: Revocation fallback is enforced to TRUE (return even invalid revocation data, when no valid found) on signature validation

Specified by:

setRevocationFallback in interface CertificateVerifier

Parameters:

revocationFallback - whether invalid revocation data shall be returned, when not valid revocation available

getTimestampTokenVerifier

public TimestampTokenVerifier getTimestampTokenVerifier()

Description copied from interface: CertificateVerifier

Returns a TimestampTokenVerifier associated with this verifier.

Specified by:

getTimestampTokenVerifier in interface CertificateVerifier

Returns:

TimestampTokenVerifier

setTimestampTokenVerifier

public void setTimestampTokenVerifier(TimestampTokenVerifier timestampTokenVerifier)

Description copied from interface: CertificateVerifier

Sets TimestampTokenVerifier used to validate acceptance of the timestamp tokens encapsulated within the signature.

NOTE: This object is not synchronized by default with the used XML Validation Policy. Please configure the object yourself in case a customized behavior is expected for acceptance of timestamp tokens.

Specified by:

setTimestampTokenVerifier in interface CertificateVerifier

Parameters:

timestampTokenVerifier - TimestampTokenVerifier

getTrustedCertSources

public ListCertificateSource getTrustedCertSources()

Description copied from interface: CertificateVerifier

Returns the trusted certificate sources associated with this verifier. These sources are used to identify the trusted anchors.

Specified by:

getTrustedCertSources in interface CertificateVerifier

Returns:

the certificate sources which contain trusted certificates

setTrustedCertSources

public void setTrustedCertSources(CertificateSource... certSources)

Description copied from interface: CertificateVerifier

Sets multiple trusted certificate sources.

Specified by:

setTrustedCertSources in interface CertificateVerifier

Parameters:

certSources - The certificate sources with known trusted certificates

addTrustedCertSources

public void addTrustedCertSources(CertificateSource... certSources)

Description copied from interface: CertificateVerifier

Adds trusted certificate sources to an existing list of trusted certificate sources

Specified by:

addTrustedCertSources in interface CertificateVerifier

Parameters:

certSources - The certificate sources with known trusted certificates

setTrustedCertSources

public void setTrustedCertSources(ListCertificateSource trustedListCertificateSource)

Description copied from interface: CertificateVerifier

Sets a list of trusted certificate sources

Specified by:

setTrustedCertSources in interface CertificateVerifier

Parameters:

trustedListCertificateSource - ListCertificateSource of trusted cert sources

getAdjunctCertSources

public ListCertificateSource getAdjunctCertSources()

Description copied from interface: CertificateVerifier

Returns the list of adjunct certificate sources assigned to this verifier.

Specified by:

getAdjunctCertSources in interface CertificateVerifier

Returns:

the certificate source which contains additional certificate (missing CA,...)

setAdjunctCertSources

public void setAdjunctCertSources(CertificateSource... certSources)

Description copied from interface: CertificateVerifier

Sets multiple adjunct certificate sources.

Specified by:

setAdjunctCertSources in interface CertificateVerifier

Parameters:

certSources - the certificate sources with additional and/or missing certificates

addAdjunctCertSources

public void addAdjunctCertSources(CertificateSource... certSources)

Description copied from interface: CertificateVerifier

Adds adjunct certificate sources to an existing list of adjunct certificate sources

Specified by:

addAdjunctCertSources in interface CertificateVerifier

Parameters:

certSources - The certificate sources with additional certificates

setAdjunctCertSources

public void setAdjunctCertSources(ListCertificateSource adjunctListCertificateSource)

Description copied from interface: CertificateVerifier

Sets a list of adjunct certificate sources

Specified by:

setAdjunctCertSources in interface CertificateVerifier

Parameters:

adjunctListCertificateSource - ListCertificateSource of adjunct cert sources

getAIASource

public AIASource getAIASource()

Description copied from interface: CertificateVerifier

Gets the AIASource used to load a eu.europa.esig.dss.model.x509.CertificateToken's issuer by defined AIA URI(s) within the token

Specified by:

getAIASource in interface CertificateVerifier

Returns:

aiaSource AIASource

setAIASource

public void setAIASource(AIASource aiaSource)

Description copied from interface: CertificateVerifier

Sets the AIASource used to load a eu.europa.esig.dss.model.x509.CertificateToken's issuer by defined AIA URI(s) within the token

Specified by:

setAIASource in interface CertificateVerifier

Parameters:

aiaSource - AIASource

getAlertOnInvalidSignature

public StatusAlert getAlertOnInvalidSignature()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on invalid signature.

Specified by:

getAlertOnInvalidSignature in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of an invalid signature

setAlertOnInvalidSignature

public void setAlertOnInvalidSignature(StatusAlert alertOnInvalidSignature)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on invalid signature (T/LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnInvalidSignature in interface CertificateVerifier

Parameters:

alertOnInvalidSignature - defines a behaviour in case of invalid signature

getAlertOnInvalidTimestamp

public StatusAlert getAlertOnInvalidTimestamp()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on invalid timestamp.

Specified by:

getAlertOnInvalidTimestamp in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of an invalid timestamp

setAlertOnInvalidTimestamp

public void setAlertOnInvalidTimestamp(StatusAlert alertOnInvalidTimestamp)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on invalid timestamp (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnInvalidTimestamp in interface CertificateVerifier

Parameters:

alertOnInvalidTimestamp - defines a behaviour in case of invalid timestamp

getAlertOnMissingRevocationData

public StatusAlert getAlertOnMissingRevocationData()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on missing revocation data.

Specified by:

getAlertOnMissingRevocationData in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of missing revocation data

setAlertOnMissingRevocationData

public void setAlertOnMissingRevocationData(StatusAlert alertOnMissingRevocationData)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on missing revocation data (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnMissingRevocationData in interface CertificateVerifier

Parameters:

alertOnMissingRevocationData - defines a behaviour in case of missing revocation data

getAlertOnUncoveredPOE

public StatusAlert getAlertOnUncoveredPOE()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on uncovered POE (timestamp).

Specified by:

getAlertOnUncoveredPOE in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of uncovered POE

setAlertOnUncoveredPOE

public void setAlertOnUncoveredPOE(StatusAlert alertOnUncoveredPOE)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on uncovered POE (timestamp). Default : LogOnStatusAlert - log a warning.

Specified by:

setAlertOnUncoveredPOE in interface CertificateVerifier

Parameters:

alertOnUncoveredPOE - defines a behaviour in case of uncovered POE

getAlertOnRevokedCertificate

public StatusAlert getAlertOnRevokedCertificate()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on revoked certificate.

Specified by:

getAlertOnRevokedCertificate in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of revoked certificate

setAlertOnRevokedCertificate

public void setAlertOnRevokedCertificate(StatusAlert alertOnRevokedCertificate)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on revoked certificates (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnRevokedCertificate in interface CertificateVerifier

Parameters:

alertOnRevokedCertificate - defines a behaviour in case of revoked certificate

getAlertOnNoRevocationAfterBestSignatureTime

public StatusAlert getAlertOnNoRevocationAfterBestSignatureTime()

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour if no revocation data obtained with an issuance time after the bestSignatureTime

Specified by:

getAlertOnNoRevocationAfterBestSignatureTime in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of no revocation data after best signature time

setAlertOnNoRevocationAfterBestSignatureTime

public void setAlertOnNoRevocationAfterBestSignatureTime(StatusAlert alertOnNoRevocationAfterBestSignatureTime)

Description copied from interface: CertificateVerifier

This method allows to change the behavior on revocation data issued after a control time. Default : LogOnStatusAlert - log a warning.

Specified by:

setAlertOnNoRevocationAfterBestSignatureTime in interface CertificateVerifier

Parameters:

alertOnNoRevocationAfterBestSignatureTime - defines a behaviour in case of no revocation data issued after the bestSignatureTime

getAlertOnExpiredSignature

@Deprecated
public StatusAlert getAlertOnExpiredSignature()

Deprecated.

Description copied from interface: CertificateVerifier

This method returns the defined execution behaviour on expired signature (if the signing certificate or its POE(s) has been expired).

Specified by:

getAlertOnExpiredSignature in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of uncovered POE

setAlertOnExpiredSignature

@Deprecated
public void setAlertOnExpiredSignature(StatusAlert alertOnExpiredSignature)

Deprecated.

Description copied from interface: CertificateVerifier

This method allows to change the behavior on expired signature during the signature augmentation process (if the signing certificate or its POE(s) has been expired). Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnExpiredSignature in interface CertificateVerifier

Parameters:

alertOnExpiredSignature - defines a behaviour in case of an expired signature

getAlertOnExpiredCertificate

public StatusAlert getAlertOnExpiredCertificate()

Description copied from interface: CertificateVerifier

This method returns the defined behavior on signature creation or augmentation with an expired signing-certificate (notAfter is before the current time). Validated the available POEs in case of existing signature augmentation.

Specified by:

getAlertOnExpiredCertificate in interface CertificateVerifier

Returns:

StatusAlert to process in case of a signature with an expired certificate

setAlertOnExpiredCertificate

public void setAlertOnExpiredCertificate(StatusAlert alertOnExpiredCertificate)

Description copied from interface: CertificateVerifier

This method allows to change a behavior on signature creation or augmentation with an expired signing-certificate (notAfter is before the current time). Validated the available POEs in case of existing signature augmentation. Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnExpiredCertificate in interface CertificateVerifier

Parameters:

alertOnExpiredCertificate - defines behavior in case of an expired signing-certificate

getAlertOnNotYetValidCertificate

public StatusAlert getAlertOnNotYetValidCertificate()

Description copied from interface: CertificateVerifier

This method returns the defined behavior on signature creation with a not yet valid signing-certificate

Specified by:

getAlertOnNotYetValidCertificate in interface CertificateVerifier

Returns:

StatusAlert to process in case of a signature with a not yet valid signing-certificate

setAlertOnNotYetValidCertificate

public void setAlertOnNotYetValidCertificate(StatusAlert alertOnNotYetValidCertificate)

Description copied from interface: CertificateVerifier

This method allows to change a behavior on signature creation with a not yet valid signing-certificate (notBefore is after the current time) Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAlertOnNotYetValidCertificate in interface CertificateVerifier

Parameters:

alertOnNotYetValidCertificate - defines behavior in case of a not yet valid signing-certificate

getAugmentationAlertOnHigherSignatureLevel

public StatusAlert getAugmentationAlertOnHigherSignatureLevel()

Description copied from interface: CertificateVerifier

This method returns the defined augmentation behaviour for a signature of a higher level or a document containing a such signature.

Specified by:

getAugmentationAlertOnHigherSignatureLevel in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of a signature of a higher level or a document containing a such signature.

setAugmentationAlertOnHigherSignatureLevel

public void setAugmentationAlertOnHigherSignatureLevel(StatusAlert augmentationAlertOnHigherSignatureLevel)

Description copied from interface: CertificateVerifier

This method allows to change the augmentation behaviour for a signature of a higher level or a document containing a such signature. Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAugmentationAlertOnHigherSignatureLevel in interface CertificateVerifier

Parameters:

augmentationAlertOnHigherSignatureLevel - defines augmentation behaviour for a signature of a higher level or a document containing a such signature.

getAugmentationAlertOnSignatureWithoutCertificates

public StatusAlert getAugmentationAlertOnSignatureWithoutCertificates()

Description copied from interface: CertificateVerifier

This method returns the defined augmentation behaviour for a signature without certificates.

Specified by:

getAugmentationAlertOnSignatureWithoutCertificates in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of a signature without certificates

setAugmentationAlertOnSignatureWithoutCertificates

public void setAugmentationAlertOnSignatureWithoutCertificates(StatusAlert augmentationAlertOnSignatureWithoutCertificates)

Description copied from interface: CertificateVerifier

This method allows to change the augmentation behaviour for a signature without certificates. The alert is triggered when no certificate is defined within the signature. Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAugmentationAlertOnSignatureWithoutCertificates in interface CertificateVerifier

Parameters:

augmentationAlertOnSignatureWithoutCertificates - defines augmentation behaviour for a signature without certificates.

getAugmentationAlertOnSelfSignedCertificateChains

public StatusAlert getAugmentationAlertOnSelfSignedCertificateChains()

Description copied from interface: CertificateVerifier

This method returns the defined augmentation behaviour for a signature containing only self-signed certificate chains.

Specified by:

getAugmentationAlertOnSelfSignedCertificateChains in interface CertificateVerifier

Returns:

StatusAlert to be processed in case of a signature containing only self-signed certificate chains

setAugmentationAlertOnSelfSignedCertificateChains

public void setAugmentationAlertOnSelfSignedCertificateChains(StatusAlert augmentationAlertOnSelfSignedCertificateChains)

Description copied from interface: CertificateVerifier

This method allows to change the augmentation behaviour for a signature containing only self-signed certificate chains. The alert is triggered when all used certificates are self-signed. Default : ExceptionOnStatusAlert - throw an exception.

Specified by:

setAugmentationAlertOnSelfSignedCertificateChains in interface CertificateVerifier

Parameters:

augmentationAlertOnSelfSignedCertificateChains - defines augmentation behaviour for a signature containing only self-signed certificate chains.

isCheckRevocationForUntrustedChains

public boolean isCheckRevocationForUntrustedChains()

Description copied from interface: CertificateVerifier

This method returns true if revocation check is enabled for untrusted certificate chains.

Specified by:

isCheckRevocationForUntrustedChains in interface CertificateVerifier

Returns:

true if external revocation check is done for untrusted certificate chains

setCheckRevocationForUntrustedChains

public void setCheckRevocationForUntrustedChains(boolean checkRevocationForUntrustedChains)

Description copied from interface: CertificateVerifier

This method allows enabling of revocation checking for untrusted certificate chains. Default : FALSE (revocation data is not checked for untrusted certificate chains)

Specified by:

setCheckRevocationForUntrustedChains in interface CertificateVerifier

Parameters:

checkRevocationForUntrustedChains - true if revocation checking is allowed for untrusted certificate chains

isExtractPOEFromUntrustedChains

@Deprecated
public boolean isExtractPOEFromUntrustedChains()

Deprecated.

Description copied from interface: CertificateVerifier

This method returns whether POEs should be extracted from timestamps coming from untrusted certificate chains.

Specified by:

isExtractPOEFromUntrustedChains in interface CertificateVerifier

Returns:

true if POEs should be extracted from timestamp with untrusted certificate chains

setExtractPOEFromUntrustedChains

@Deprecated
public void setExtractPOEFromUntrustedChains(boolean extractPOEFromUntrustedChains)

Deprecated.

Description copied from interface: CertificateVerifier

This method allows enabling of POE extraction from timestamps coming from untrusted certificate chains. Default : FALSE (timestamps created with untrusted certificate chains are not considered as POE)

Specified by:

setExtractPOEFromUntrustedChains in interface CertificateVerifier

Parameters:

extractPOEFromUntrustedChains - true if POE extraction is allowed for timestamps from untrusted certificate chains

setDefaultDigestAlgorithm

@Deprecated
public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)

Deprecated.

Description copied from interface: CertificateVerifier

This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256

Specified by:

setDefaultDigestAlgorithm in interface CertificateVerifier

Parameters:

digestAlgorithm - DigestAlgorithm to use

getDefaultDigestAlgorithm

@Deprecated
public DigestAlgorithm getDefaultDigestAlgorithm()

Deprecated.

Description copied from interface: CertificateVerifier

This method returns a default Digest Algorithm what will be used for digest calculation

Specified by:

getDefaultDigestAlgorithm in interface CertificateVerifier

Returns:

DigestAlgorithm