Class SignatureValidationContext
java.lang.Object
eu.europa.esig.dss.spi.validation.SignatureValidationContext
- All Implemented Interfaces:
ValidationContext
During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP
Response. The SignatureValidationContext is a "cache" for
one validation request that contains every object retrieved so far.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected DateThis is the time at what the validation is carried out. -
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor instantiating object with null or empty values and current timeSignatureValidationContext(Date validationTime) Constructor instantiating object with null or empty values and provided time -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertificateTokenForVerification(CertificateToken certificateToken) Adds a new certificate token to the list of tokens to verify.voidaddDocumentCertificateSource(CertificateSource certificateSource) Adds an extracted certificate source to the used list of sourcesvoidaddDocumentCertificateSource(ListCertificateSource listCertificateSource) Adds a list certificate source to the used list of sourcesvoidaddDocumentCRLSource(ListRevocationSource<CRL> crlSource) Adds a list CRL source to the used list of sourcesvoidaddDocumentCRLSource(OfflineRevocationSource<CRL> crlSource) Adds an extracted CRL source to the used list of sourcesvoidaddDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource) Adds a listd OCSP source to the used list of sourcesvoidaddDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource) Adds an extracted OCSP source to the used list of sourcesvoidaddEvidenceRecordForVerification(EvidenceRecord evidenceRecord) Adds Evidence Record's content to proceed with validationvoidaddRevocationTokenForVerification(RevocationToken<?> revocationToken) Adds a new revocation token to the list of tokens to verify.voidaddSignatureForVerification(AdvancedSignature signature) Adds a new signature to collect the information to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken) Adds a new timestamp token to the list of tokens to verify.booleanThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)booleanThis method verifies whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production timebooleanThis method validates recursively whether none of the signature's certificate chain certificates are not revokedbooleanThis method verifies whether all signatures added to the ValidationContext are not yet expired Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed timestamps are valid and intact.booleanDeprecated.booleancheckCertificateNotRevoked(CertificateToken certificateToken) This method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)booleancheckCertificatesNotRevoked(AdvancedSignature signature) Deprecated.booleancheckSignatureNotExpired(AdvancedSignature signature) Deprecated.Returns a list of allCertificateSources used during the validation process.Gets the current validation time.Returns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))Returns a list of all CRLOfflineRevocationSources extracted from a validating documentReturns a list of all OCSPOfflineRevocationSources extracted from a validating documentReturns a read only list of all certificates used in the process of the validation of all signatures from the given document.Returns evidence records added to the validation contextSet<RevocationToken<?>> Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Returns signatures added to the validation contextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.getValidationData(AdvancedSignature signature) Returns a validation data for the given signature's certificate chaingetValidationData(TimestampToken timestampToken) Returns a validation data for the given timestampToken's certificate chainvoidinitialize(CertificateVerifier certificateVerifier) This method initializes theValidationContextby retrieving the relevant data fromcertificateVerifierprotected booleanisTimestampValid(TimestampToken timestampToken) This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objectsvoidsetCurrentTime(Date currentTime) Deprecated.voidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
Field Details
-
currentTime
This is the time at what the validation is carried out.
-
-
Constructor Details
-
SignatureValidationContext
public SignatureValidationContext()Default constructor instantiating object with null or empty values and current time -
SignatureValidationContext
-
-
Method Details
-
initialize
Description copied from interface:ValidationContextThis method initializes theValidationContextby retrieving the relevant data fromcertificateVerifier- Specified by:
initializein interfaceValidationContext- Parameters:
certificateVerifier- The certificate verifier (eg: using the TSL as list of trusted certificates).
-
addSignatureForVerification
Description copied from interface:ValidationContextAdds a new signature to collect the information to verify.- Specified by:
addSignatureForVerificationin interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract data to be verified
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds an extracted certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
certificateSource-CertificateSource
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds a list certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
listCertificateSource-ListCertificateSource
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds an extracted CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-OfflineRevocationSourcefor CRL
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds a list CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-ListRevocationSourcefor CRL
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds an extracted OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-OfflineRevocationSourcefor OCSP
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds a listd OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-ListRevocationSourcefor OCSP
-
getCurrentTime
Description copied from interface:ValidationContextGets the current validation time.- Specified by:
getCurrentTimein interfaceValidationContext- Returns:
Date
-
setCurrentTime
Deprecated.Description copied from interface:ValidationContextThis function sets the validation time.- Specified by:
setCurrentTimein interfaceValidationContext- Parameters:
currentTime- the currentDate
-
getAllCertificateSources
Description copied from interface:ValidationContextReturns a list of allCertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).- Specified by:
getAllCertificateSourcesin interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCertificateSource
Description copied from interface:ValidationContextReturns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))- Specified by:
getDocumentCertificateSourcein interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCRLSource
Description copied from interface:ValidationContextReturns a list of all CRLOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentCRLSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
getDocumentOCSPSource
Description copied from interface:ValidationContextReturns a list of all OCSPOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentOCSPSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
addRevocationTokenForVerification
Description copied from interface:ValidationContextAdds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Specified by:
addRevocationTokenForVerificationin interfaceValidationContext- Parameters:
revocationToken- an instance ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
Description copied from interface:ValidationContextAdds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Specified by:
addCertificateTokenForVerificationin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
Description copied from interface:ValidationContextAdds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Specified by:
addTimestampTokenForVerificationin interfaceValidationContext- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
isTimestampValid
This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objects- Parameters:
timestampToken-TimestampTokento be checked- Returns:
- TRUE if the timestamp is valid, FALSE otherwise
-
addEvidenceRecordForVerification
Description copied from interface:ValidationContextAdds Evidence Record's content to proceed with validation- Specified by:
addEvidenceRecordForVerificationin interfaceValidationContext- Parameters:
evidenceRecord-EvidenceRecordto add content from
-
validate
public void validate()Description copied from interface:ValidationContextCarries out the validation process in recursive manner for not yet checked tokens.- Specified by:
validatein interfaceValidationContext
-
checkAllRequiredRevocationDataPresent
public boolean checkAllRequiredRevocationDataPresent()Description copied from interface:ValidationContextThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllRequiredRevocationDataPresentin interfaceValidationContext- Returns:
- true if all needed revocation data are present
-
checkAllPOECoveredByRevocationData
public boolean checkAllPOECoveredByRevocationData()Description copied from interface:ValidationContextThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllPOECoveredByRevocationDatain interfaceValidationContext- Returns:
- true if all timestamps are covered by a usable revocation data
-
checkAllTimestampsValid
public boolean checkAllTimestampsValid()Description copied from interface:ValidationContextThis method allows to verify if all processed timestamps are valid and intact. Additionally, an alert can be handledCertificateVerifier.setAlertOnInvalidTimestamp(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllTimestampsValidin interfaceValidationContext- Returns:
- true if all timestamps are valid
-
checkCertificateNotRevoked
Description copied from interface:ValidationContextThis method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkCertificateNotRevokedin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate to be checked- Returns:
- true if all certificates are valid
-
checkCertificatesNotRevoked
Deprecated.Description copied from interface:ValidationContextThis method allows to verify if signature certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkCertificatesNotRevokedin interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if all certificates are valid
-
checkAllSignatureCertificatesNotRevoked
public boolean checkAllSignatureCertificatesNotRevoked()Description copied from interface:ValidationContextThis method validates recursively whether none of the signature's certificate chain certificates are not revokedAdditionally, an alert can be handled
CertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllSignatureCertificatesNotRevokedin interfaceValidationContext- Returns:
- true if all certificates are valid
-
checkAtLeastOneRevocationDataPresentAfterBestSignatureTime
@Deprecated public boolean checkAtLeastOneRevocationDataPresentAfterBestSignatureTime(AdvancedSignature signature) Deprecated.Description copied from interface:ValidationContextThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAtLeastOneRevocationDataPresentAfterBestSignatureTimein interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if the signing certificate is covered with a updated revocation data (after signature-timestamp production time)
-
checkAllSignatureCertificateHaveFreshRevocationData
public boolean checkAllSignatureCertificateHaveFreshRevocationData()Description copied from interface:ValidationContextThis method verifies whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production timeAdditionally, an alert can be handled
CertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllSignatureCertificateHaveFreshRevocationDatain interfaceValidationContext- Returns:
- true if all signature certificates have an updated revocation data (after signature-time-stamp production time)
-
checkSignatureNotExpired
Deprecated.Description copied from interface:ValidationContextThis method verifies if the signing certificate has not been expired yet or has a still valid timestamp Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkSignatureNotExpiredin interfaceValidationContext- Parameters:
signature-AdvancedSignaturesignature to be verified- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
checkAllSignaturesNotExpired
public boolean checkAllSignaturesNotExpired()Description copied from interface:ValidationContextThis method verifies whether all signatures added to the ValidationContext are not yet expired Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllSignaturesNotExpiredin interfaceValidationContext- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
getProcessedSignatures
Description copied from interface:ValidationContextReturns signatures added to the validation context- Specified by:
getProcessedSignaturesin interfaceValidationContext- Returns:
- a set of
AdvancedSignatures
-
getProcessedCertificates
Description copied from interface:ValidationContextReturns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Specified by:
getProcessedCertificatesin interfaceValidationContext- Returns:
- a set of
CertificateTokens
-
getProcessedRevocations
Description copied from interface:ValidationContextReturns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Specified by:
getProcessedRevocationsin interfaceValidationContext- Returns:
- a set of
RevocationTokens
-
getProcessedTimestamps
Description copied from interface:ValidationContextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.- Specified by:
getProcessedTimestampsin interfaceValidationContext- Returns:
- a set of
TimestampTokens
-
getProcessedEvidenceRecords
Description copied from interface:ValidationContextReturns evidence records added to the validation context- Specified by:
getProcessedEvidenceRecordsin interfaceValidationContext- Returns:
- a set of
EvidenceRecords
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given signature's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract validation data for- Returns:
ValidationData
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given timestampToken's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
timestampToken-TimestampTokento extract validation data for- Returns:
ValidationData
-