Interface ValidationContext
- All Known Implementing Classes:
SignatureValidationContext
public interface ValidationContext
This interface allows the implementation of the validators for: certificates, timestamps and revocation data.
-
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertificateTokenForVerification(CertificateToken certificateToken) Adds a new certificate token to the list of tokens to verify.voidaddDocumentCertificateSource(CertificateSource certificateSource) Adds an extracted certificate source to the used list of sourcesvoidaddDocumentCertificateSource(ListCertificateSource listCertificateSource) Adds a list certificate source to the used list of sourcesvoidaddDocumentCRLSource(ListRevocationSource<CRL> crlSource) Adds a list CRL source to the used list of sourcesvoidaddDocumentCRLSource(OfflineRevocationSource<CRL> crlSource) Adds an extracted CRL source to the used list of sourcesvoidaddDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource) Adds a listd OCSP source to the used list of sourcesvoidaddDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource) Adds an extracted OCSP source to the used list of sourcesvoidaddEvidenceRecordForVerification(EvidenceRecord evidenceRecord) Adds Evidence Record's content to proceed with validationvoidaddRevocationTokenForVerification(RevocationToken<?> revocationToken) Adds a new revocation token to the list of tokens to verify.voidaddSignatureForVerification(AdvancedSignature signature) Adds a new signature to collect the information to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken) Adds a new timestamp token to the list of tokens to verify.booleanThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)booleanThis method verifies whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production timebooleanThis method validates recursively whether none of the signature's certificate chain certificates are not revokedbooleanThis method verifies whether all signatures added to the ValidationContext are not yet expired Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)booleanThis method allows to verify if all processed timestamps are valid and intact.booleanDeprecated.since DSS 6.1.booleancheckCertificateNotRevoked(CertificateToken certificateToken) This method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)booleancheckCertificatesNotRevoked(AdvancedSignature signature) Deprecated.since DSS 6.1.booleancheckSignatureNotExpired(AdvancedSignature signature) Deprecated.since DSS 6.1.Returns a list of allCertificateSources used during the validation process.Gets the current validation time.Returns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))Returns a list of all CRLOfflineRevocationSources extracted from a validating documentReturns a list of all OCSPOfflineRevocationSources extracted from a validating documentReturns a read only list of all certificates used in the process of the validation of all signatures from the given document.Returns evidence records added to the validation contextSet<RevocationToken<?>> Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Returns signatures added to the validation contextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.getValidationData(AdvancedSignature signature) Returns a validation data for the given signature's certificate chaingetValidationData(TimestampToken timestampToken) Returns a validation data for the given timestampToken's certificate chainvoidinitialize(CertificateVerifier certificateVerifier) This method initializes theValidationContextby retrieving the relevant data fromcertificateVerifiervoidsetCurrentTime(Date currentTime) Deprecated.since DSS 6.1.voidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
Method Details
-
initialize
This method initializes theValidationContextby retrieving the relevant data fromcertificateVerifier- Parameters:
certificateVerifier-CertificateVerifier
-
setCurrentTime
Deprecated.since DSS 6.1. Please use constructornew SignatureValidationContext(validationTime)insteadThis function sets the validation time.- Parameters:
currentTime- the currentDate
-
getCurrentTime
-
addSignatureForVerification
Adds a new signature to collect the information to verify.- Parameters:
signature-AdvancedSignatureto extract data to be verified
-
addRevocationTokenForVerification
Adds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Parameters:
revocationToken- an instance ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
Adds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
Adds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
addEvidenceRecordForVerification
Adds Evidence Record's content to proceed with validation- Parameters:
evidenceRecord-EvidenceRecordto add content from
-
addDocumentCertificateSource
Adds an extracted certificate source to the used list of sources- Parameters:
certificateSource-CertificateSource
-
addDocumentCertificateSource
Adds a list certificate source to the used list of sources- Parameters:
listCertificateSource-ListCertificateSource
-
addDocumentCRLSource
Adds an extracted CRL source to the used list of sources- Parameters:
crlSource-OfflineRevocationSourcefor CRL
-
addDocumentCRLSource
Adds a list CRL source to the used list of sources- Parameters:
crlSource-ListRevocationSourcefor CRL
-
addDocumentOCSPSource
Adds an extracted OCSP source to the used list of sources- Parameters:
ocspSource-OfflineRevocationSourcefor OCSP
-
addDocumentOCSPSource
Adds a listd OCSP source to the used list of sources- Parameters:
ocspSource-ListRevocationSourcefor OCSP
-
validate
void validate()Carries out the validation process in recursive manner for not yet checked tokens. -
checkAllRequiredRevocationDataPresent
boolean checkAllRequiredRevocationDataPresent()This method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if all needed revocation data are present
-
checkAllPOECoveredByRevocationData
boolean checkAllPOECoveredByRevocationData()This method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if all timestamps are covered by a usable revocation data
-
checkAllTimestampsValid
boolean checkAllTimestampsValid()This method allows to verify if all processed timestamps are valid and intact. Additionally, an alert can be handledCertificateVerifier.setAlertOnInvalidTimestamp(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if all timestamps are valid
-
checkCertificateNotRevoked
This method allows to verify if the certificate is not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Parameters:
certificateToken-CertificateTokencertificate to be checked- Returns:
- true if all certificates are valid
-
checkCertificatesNotRevoked
Deprecated.since DSS 6.1. Please use#checkAllSignatureCertificatesNotRevokedinstead.This method allows to verify if signature certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if all certificates are valid
-
checkAllSignatureCertificatesNotRevoked
boolean checkAllSignatureCertificatesNotRevoked()This method validates recursively whether none of the signature's certificate chain certificates are not revokedAdditionally, an alert can be handled
CertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if all certificates are valid
-
checkAtLeastOneRevocationDataPresentAfterBestSignatureTime
@Deprecated boolean checkAtLeastOneRevocationDataPresentAfterBestSignatureTime(AdvancedSignature signature) Deprecated.since DSS 6.1. Please use#checkAllSignatureCertificateHaveFreshRevocationDatamethod insteadThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Parameters:
signature-AdvancedSignaturesignature to be checked- Returns:
- true if the signing certificate is covered with a updated revocation data (after signature-timestamp production time)
-
checkAllSignatureCertificateHaveFreshRevocationData
boolean checkAllSignatureCertificateHaveFreshRevocationData()This method verifies whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production timeAdditionally, an alert can be handled
CertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if all signature certificates have an updated revocation data (after signature-time-stamp production time)
-
checkSignatureNotExpired
Deprecated.since DSS 6.1. Please use#checkAllSignaturesNotExpiredmethod insteadThis method verifies if the signing certificate has not been expired yet or has a still valid timestamp Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)- Parameters:
signature-AdvancedSignaturesignature to be verified- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
checkAllSignaturesNotExpired
boolean checkAllSignaturesNotExpired()This method verifies whether all signatures added to the ValidationContext are not yet expired Additionally, an alert can be handledCertificateVerifier.setAlertOnExpiredCertificate(eu.europa.esig.dss.alert.StatusAlert)- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
getProcessedSignatures
Set<AdvancedSignature> getProcessedSignatures()Returns signatures added to the validation context- Returns:
- a set of
AdvancedSignatures
-
getProcessedCertificates
Set<CertificateToken> getProcessedCertificates()Returns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Returns:
- a set of
CertificateTokens
-
getProcessedRevocations
Set<RevocationToken<?>> getProcessedRevocations()Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Returns:
- a set of
RevocationTokens
-
getProcessedTimestamps
Set<TimestampToken> getProcessedTimestamps()Returns a read only list of all timestamps processed during the validation of all signatures from the given document.- Returns:
- a set of
TimestampTokens
-
getProcessedEvidenceRecords
Set<EvidenceRecord> getProcessedEvidenceRecords()Returns evidence records added to the validation context- Returns:
- a set of
EvidenceRecords
-
getAllCertificateSources
ListCertificateSource getAllCertificateSources()Returns a list of allCertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).- Returns:
ListCertificateSource
-
getDocumentCertificateSource
ListCertificateSource getDocumentCertificateSource()Returns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))- Returns:
ListCertificateSource
-
getDocumentCRLSource
ListRevocationSource<CRL> getDocumentCRLSource()Returns a list of all CRLOfflineRevocationSources extracted from a validating document- Returns:
ListRevocationSource
-
getDocumentOCSPSource
ListRevocationSource<OCSP> getDocumentOCSPSource()Returns a list of all OCSPOfflineRevocationSources extracted from a validating document- Returns:
ListRevocationSource
-
getValidationData
Returns a validation data for the given signature's certificate chain- Parameters:
signature-AdvancedSignatureto extract validation data for- Returns:
ValidationData
-
getValidationData
Returns a validation data for the given timestampToken's certificate chain- Parameters:
timestampToken-TimestampTokento extract validation data for- Returns:
ValidationData
-