Package eu.europa.esig.dss.spi.validation

Class TimestampTokenVerifier

java.lang.Object

eu.europa.esig.dss.spi.validation.TimestampTokenVerifier

public class TimestampTokenVerifier
extends Object

This class is used to verify applicability of a timestamp token within the signature validation process

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	TimestampTokenVerifier()	Default constructor

Method Summary

Modifier and Type	Method	Description
static TimestampTokenVerifier	createDefaultTimestampTokenVerifier()	Creates a default instance of TimestampTokenVerifier, with pre-configured constraints.
static TimestampTokenVerifier	createEmptyTimestampTokenVerifier()	Creates an empty instance of TimestampTokenVerifier.
CertificateSource	getTrustedCertificateSource()	Gets trusted certificate source, when present
boolean	isAcceptable(TimestampToken timestampToken)	This method verifies whether the given timestampToken is valid and acceptable, and its POE can be extracted to the validation process.
boolean	isAcceptable(TimestampToken timestampToken, List<CertificateToken> certificateChain)	This method verifies whether the given timestampToken is valid and acceptable, and its POE can be extracted to the validation process
protected boolean	isCryptographicallyValid(TimestampToken timestampToken)	This method verifies whether the timestampToken is cryptographically valid (signature and message imprint match)
protected boolean	isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> certificateChain)	This method verifies whether the timestampToken is trusted to continue the process.
void	setAcceptUntrustedCertificateChains(boolean acceptUntrustedCertificateChains)	Sets whether only timestamp created with trusted certificate chains shall be considered as valid Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)
protected void	setTrustedCertificateSource(CertificateSource trustedCertificateSource)	Sets a trusted certificate source in order to accept trusted timestamp certificate chains.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TimestampTokenVerifier

protected TimestampTokenVerifier()

Default constructor

Method Details

createEmptyTimestampTokenVerifier

public static TimestampTokenVerifier createEmptyTimestampTokenVerifier()

Creates an empty instance of TimestampTokenVerifier. All constraints should be configured manually.

Returns:

TimestampTokenVerifier

createDefaultTimestampTokenVerifier

public static TimestampTokenVerifier createDefaultTimestampTokenVerifier()

Creates a default instance of TimestampTokenVerifier, with pre-configured constraints.

Returns:

TimestampTokenVerifier

getTrustedCertificateSource

public CertificateSource getTrustedCertificateSource()

Gets trusted certificate source, when present

Returns:

CertificateSource

setTrustedCertificateSource

protected void setTrustedCertificateSource(CertificateSource trustedCertificateSource)

Sets a trusted certificate source in order to accept trusted timestamp certificate chains. Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, in order to provide the same trusted source as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.

Parameters:

trustedCertificateSource - CertificateSource

setAcceptUntrustedCertificateChains

public void setAcceptUntrustedCertificateChains(boolean acceptUntrustedCertificateChains)

Sets whether only timestamp created with trusted certificate chains shall be considered as valid Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)

Parameters:

acceptUntrustedCertificateChains - whether only trusted timestamps are considered as valid

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken)

This method verifies whether the given timestampToken is valid and acceptable, and its POE can be extracted to the validation process. NOTE: The method does not accept certificate chain, thus validity of the timestamp's certificate chain is not verified. To successfully, execute this method, the parameter acceptOnlyTrustedCertificateChains shall be set to FALSE. For validation with a certificate chain, please use #isAcceptable(timestampToken, certificateChain) method.

Parameters:

timestampToken - TimestampToken to be validated

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken,
 List<CertificateToken> certificateChain)

This method verifies whether the given timestampToken is valid and acceptable, and its POE can be extracted to the validation process

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isTrustedTimestampToken

protected boolean isTrustedTimestampToken(TimestampToken timestampToken,
 List<CertificateToken> certificateChain)

This method verifies whether the timestampToken is trusted to continue the process. The method expects the certificate chain of the timestamp to reach a trustedCertificateSource or to have acceptOnlyTrustedCertificateChains constraint to accept untrusted certificate chains as well.

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

Returns:

TRUE of the timestamp token is trusted, FALSE otherwise

isCryptographicallyValid

protected boolean isCryptographicallyValid(TimestampToken timestampToken)

This method verifies whether the timestampToken is cryptographically valid (signature and message imprint match)

Parameters:

timestampToken - TimestampToken to be validated

Returns:

TRUE if the timestamp token is cryptographically valid, FALSE otherwise