Package eu.europa.esig.dss.validation

Class SignedDocumentValidator

java.lang.Object

eu.europa.esig.dss.validation.SignedDocumentValidator

All Implemented Interfaces:

DocumentValidator, ProcessExecutorProvider<DocumentProcessExecutor>

Direct Known Subclasses:

AbstractASiCContainerValidator, AbstractJWSDocumentValidator, CMSDocumentValidator, DefaultEvidenceRecordValidator, DetachedTimestampValidator, PDFDocumentValidator, XMLDocumentValidator

public abstract class SignedDocumentValidator
extends Object
implements DocumentValidator

Validates a signed document. The content of the document is determined automatically. It can be: XML, CAdES(p7m), PDF or ASiC(zip). SignatureScopeFinder can be set using the appropriate setter (ex. setCadesSignatureScopeFinder). By default, this class will use the default SignatureScopeFinder as defined by eu.europa.esig.dss.validation.scope.SignatureScopeFinderFactory

Field Summary

Fields

Modifier and Type	Field	Description
protected final DocumentAnalyzer	documentAnalyzer	This class performs analysis of the document, tokens extraction as well as cryptographic validation
protected DocumentProcessExecutor	processExecutor	This variable can hold a specific DocumentProcessExecutor

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SignedDocumentValidator(DocumentAnalyzer documentAnalyzer)	The constructor with a null signatureScopeFinder

Method Summary

Modifier and Type	Method	Description
protected void	assertConfigurationValid()	This method verifies whether the configuration of the current instance of a document validator is valid
static SignedDocumentValidator	fromDocument(DSSDocument dssDocument)	This method guesses the document format and returns an appropriate document validator.
DocumentProcessExecutor	getDefaultProcessExecutor()	Returns a default for a validator process executor
List<EvidenceRecord>	getDetachedEvidenceRecords()	Retrieves the detached evidence records found in the document
List<TimestampToken>	getDetachedTimestamps()	Retrieves the detached timestamps found in the document
final XmlDiagnosticData	getDiagnosticData()	This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g.
DocumentAnalyzer	getDocumentAnalyzer()	Returns the current instance of DocumentAnalyzer
List<DSSDocument>	getOriginalDocuments(AdvancedSignature advancedSignature)	This method returns the signed document(s) without their signature(s)
List<DSSDocument>	getOriginalDocuments(String signatureId)	This method returns the signed document(s) without their signature(s)
AdvancedSignature	getSignatureById(String signatureId)	Returns the signature with the given id.
SignaturePolicyValidatorLoader	getSignaturePolicyValidatorLoader()	Deprecated. since DSS 6.1.
List<AdvancedSignature>	getSignatures()	Retrieves the signatures found in the document
<T extends AdvancedSignature> ValidationDataContainer	getValidationData(Collection<T> signatures)	Extracts a validation data for provided collection of signatures
<T extends AdvancedSignature> ValidationDataContainer	getValidationData(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps)	Extracts a validation data for provided collection of signatures and/or timestamps
protected SignedDocumentDiagnosticDataBuilder	initializeDiagnosticDataBuilder()	This method creates a format-specific implementation of the SignedDocumentDiagnosticDataBuilder
boolean	isSupported(DSSDocument dssDocument)	Checks if the document is supported by the current validator
protected final Reports	processValidationPolicy(XmlDiagnosticData diagnosticData, ValidationPolicy validationPolicy)	Executes the validation regarding the given validationPolicy
protected DocumentProcessExecutor	provideProcessExecutorInstance()	This method returns the process executor.
void	setCertificateVerifier(CertificateVerifier certificateVerifier)	To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed.
void	setContainerContents(List<DSSDocument> containerContents)	Sets the List of DSSDocument containing the original container content for ASiC-S signatures.
void	setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)	This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256
void	setDetachedContents(List<DSSDocument> detachedContents)	Sets the List of DSSDocument containing the original contents to sign, for detached signature scenarios.
void	setDetachedEvidenceRecordDocuments(List<DSSDocument> detachedEvidenceRecordDocuments)	Sets a List of DSSDocument containing the evidence record documents covering the signature document.
void	setEnableEtsiValidationReport(boolean enableEtsiValidationReport)	This method allows to specify if the ETSI Validation Report must be generated.
void	setIncludeSemantics(boolean include)	This method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by default
void	setLocale(Locale locale)	Sets Locale for report messages generation
void	setManifestFile(ManifestFile manifestFile)	Sets a related ManifestFile to the document to be validated.
void	setProcessExecutor(DocumentProcessExecutor processExecutor)	This method provides the possibility to set the specific CustomProcessExecutor
void	setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)	This method allows to set a provider for Signature policies
void	setSigningCertificateSource(CertificateSource signingCertificateSource)	Set a certificate source which allows to find the signing certificate by kid or certificate's digest
void	setSkipValidationContextExecution(boolean skipValidationContextExecution)	Deprecated. since DSS 6.1.
void	setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)	This method allows to set the token extraction strategy to follow in the diagnostic data generation.
void	setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider)	Sets the TokenIdentifierProvider
void	setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)	This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)
void	setValidationLevel(ValidationLevel validationLevel)	This method allows to specify the validation level (Basic / Timestamp / Long Term / Archival).
void	setValidationTime(Date validationTime)	Allows to define a custom validation time
Reports	validateDocument()	Validates the document and all its signatures.
Reports	validateDocument(DSSDocument policyDocument)	Validates the document and all its signatures.
Reports	validateDocument(ConstraintsParameters validationPolicyJaxb)	Validates the document and all its signatures.
Reports	validateDocument(ValidationPolicy validationPolicy)	Validates the document and all its signatures.
Reports	validateDocument(File policyFile)	Validates the document and all its signatures.
Reports	validateDocument(InputStream policyDataStream)	Validates the document and all its signatures.
Reports	validateDocument(String policyResourcePath)	Validates the document and all its signatures.
Reports	validateDocument(URL validationPolicyURL)	Validates the document and all its signatures.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

documentAnalyzer

protected final DocumentAnalyzer documentAnalyzer

This class performs analysis of the document, tokens extraction as well as cryptographic validation

processExecutor

protected DocumentProcessExecutor processExecutor

This variable can hold a specific DocumentProcessExecutor

Constructor Details

SignedDocumentValidator

protected SignedDocumentValidator(DocumentAnalyzer documentAnalyzer)

The constructor with a null signatureScopeFinder

Parameters:

documentAnalyzer - DocumentAnalyzer

Method Details

fromDocument

public static SignedDocumentValidator fromDocument(DSSDocument dssDocument)

This method guesses the document format and returns an appropriate document validator.

Parameters:

dssDocument - The instance of DSSDocument to validate

Returns:

returns the specific instance of SignedDocumentValidator in terms of the document type

isSupported

public boolean isSupported(DSSDocument dssDocument)

Checks if the document is supported by the current validator

Parameters:

dssDocument - DSSDocument to check

Returns:

TRUE if the document is supported, FALSE otherwise

getDocumentAnalyzer

public DocumentAnalyzer getDocumentAnalyzer()

Returns the current instance of DocumentAnalyzer

Returns:

DocumentAnalyzer

setSigningCertificateSource

public void setSigningCertificateSource(CertificateSource signingCertificateSource)

Description copied from interface: DocumentValidator

Set a certificate source which allows to find the signing certificate by kid or certificate's digest

Specified by:

setSigningCertificateSource in interface DocumentValidator

Parameters:

signingCertificateSource - the certificate source

setCertificateVerifier

public void setCertificateVerifier(CertificateVerifier certificateVerifier)

To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed. The certificate verifier is used to pass these values. Note that once this setter is called any change in the content of the CommonTrustedCertificateSource or in adjunct certificate source is not taken into account.

Specified by:

setCertificateVerifier in interface DocumentValidator

Parameters:

certificateVerifier - CertificateVerifier

setValidationContextExecutor

public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)

Description copied from interface: DocumentValidator

This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)

Specified by:

setValidationContextExecutor in interface DocumentValidator

Parameters:

validationContextExecutor - ValidationContextExecutor

setTokenIdentifierProvider

public void setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider)

Description copied from interface: DocumentValidator

Sets the TokenIdentifierProvider

Specified by:

setTokenIdentifierProvider in interface DocumentValidator

Parameters:

tokenIdentifierProvider - TokenIdentifierProvider

setDetachedContents

public void setDetachedContents(List<DSSDocument> detachedContents)

Description copied from interface: DocumentValidator

Sets the List of DSSDocument containing the original contents to sign, for detached signature scenarios.

Specified by:

setDetachedContents in interface DocumentValidator

Parameters:

detachedContents - the List of DSSDocument to set

setDetachedEvidenceRecordDocuments

public void setDetachedEvidenceRecordDocuments(List<DSSDocument> detachedEvidenceRecordDocuments)

Description copied from interface: DocumentValidator

Sets a List of DSSDocument containing the evidence record documents covering the signature document.

Specified by:

setDetachedEvidenceRecordDocuments in interface DocumentValidator

Parameters:

detachedEvidenceRecordDocuments - the List of DSSDocument to set

setContainerContents

public void setContainerContents(List<DSSDocument> containerContents)

Description copied from interface: DocumentValidator

Sets the List of DSSDocument containing the original container content for ASiC-S signatures.

Specified by:

setContainerContents in interface DocumentValidator

Parameters:

containerContents - the List of DSSDocument to set

setManifestFile

public void setManifestFile(ManifestFile manifestFile)

Description copied from interface: DocumentValidator

Sets a related ManifestFile to the document to be validated.

Specified by:

setManifestFile in interface DocumentValidator

Parameters:

manifestFile - a ManifestFile to set

setValidationTime

public void setValidationTime(Date validationTime)

Allows to define a custom validation time

Specified by:

setValidationTime in interface DocumentValidator

Parameters:

validationTime - Date

setSkipValidationContextExecution

@Deprecated
public void setSkipValidationContextExecution(boolean skipValidationContextExecution)

Deprecated.

since DSS 6.1. Please use #setValidationContextExecutor(SkipValidationContextExecutor.INSTANCE) method instead

Sets if the validation context execution shall be skipped (skips certificate chain building, revocation requests, ...)

Parameters:

skipValidationContextExecution - if the context validation shall be skipped

setSignaturePolicyProvider

public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)

Description copied from interface: DocumentValidator

This method allows to set a provider for Signature policies

Specified by:

setSignaturePolicyProvider in interface DocumentValidator

Parameters:

signaturePolicyProvider - SignaturePolicyProvider

setDefaultDigestAlgorithm

public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)

Description copied from interface: DocumentValidator

This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256

Specified by:

setDefaultDigestAlgorithm in interface DocumentValidator

Parameters:

digestAlgorithm - DigestAlgorithm to use

setTokenExtractionStrategy

public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)

Description copied from interface: DocumentValidator

This method allows to set the token extraction strategy to follow in the diagnostic data generation.

Specified by:

setTokenExtractionStrategy in interface DocumentValidator

Parameters:

tokenExtractionStrategy - the TokenExtractionStrategy

setIncludeSemantics

public void setIncludeSemantics(boolean include)

Description copied from interface: DocumentValidator

This method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by default

Specified by:

setIncludeSemantics in interface DocumentValidator

Parameters:

include - true to enable the inclusion of the semantics

setValidationLevel

public void setValidationLevel(ValidationLevel validationLevel)

Description copied from interface: DocumentValidator

This method allows to specify the validation level (Basic / Timestamp / Long Term / Archival). By default, the selected validation is ARCHIVAL

Specified by:

setValidationLevel in interface DocumentValidator

Parameters:

validationLevel - ValidationLevel

setEnableEtsiValidationReport

public void setEnableEtsiValidationReport(boolean enableEtsiValidationReport)

Description copied from interface: DocumentValidator

This method allows to specify if the ETSI Validation Report must be generated. Default : TRUE (the ETSI Validation report will be generated).

Specified by:

setEnableEtsiValidationReport in interface DocumentValidator

Parameters:

enableEtsiValidationReport - - TRUE if the report must be generated, FALSE otherwise

setProcessExecutor

public void setProcessExecutor(DocumentProcessExecutor processExecutor)

Description copied from interface: ProcessExecutorProvider

This method provides the possibility to set the specific CustomProcessExecutor

Specified by:

setProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>

Parameters:

processExecutor - ProcessExecutor

provideProcessExecutorInstance

protected DocumentProcessExecutor provideProcessExecutorInstance()

This method returns the process executor. If the instance of this class is not yet instantiated then the new instance is created.

Returns:

SignatureProcessExecutor

getDefaultProcessExecutor

public DocumentProcessExecutor getDefaultProcessExecutor()

Description copied from interface: ProcessExecutorProvider

Returns a default for a validator process executor

Specified by:

getDefaultProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>

Returns:

Process Executor

setLocale

public void setLocale(Locale locale)

Sets Locale for report messages generation

Parameters:

locale - Locale

validateDocument

public Reports validateDocument()

Description copied from interface: DocumentValidator

Validates the document and all its signatures. The default constraint file is used.

Specified by:

validateDocument in interface DocumentValidator

Returns:

Reports: diagnostic data, detailed report and simple report

validateDocument

public Reports validateDocument(URL validationPolicyURL)

Description copied from interface: DocumentValidator

Validates the document and all its signatures. If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

validationPolicyURL - URL

Returns:

Reports: diagnostic data, detailed report and simple report

validateDocument

public Reports validateDocument(String policyResourcePath)

Description copied from interface: DocumentValidator

Validates the document and all its signatures. The policyResourcePath specifies the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

policyResourcePath - is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem

Returns:

Reports: diagnostic data, detailed report and simple report

validateDocument

public Reports validateDocument(File policyFile)

Description copied from interface: DocumentValidator

Validates the document and all its signatures. The File parameter specifies the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

policyFile - contains the validation policy (xml) as File

Returns:

Reports: diagnostic data, detailed report and simple report

validateDocument

public Reports validateDocument(DSSDocument policyDocument)

Description copied from interface: DocumentValidator

Validates the document and all its signatures. The policyDataStream contains the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

policyDocument - contains the validation policy (xml) as DSSDocument

Returns:

Reports: diagnostic data, detailed report and simple report

validateDocument

public Reports validateDocument(InputStream policyDataStream)

Validates the document and all its signatures. The policyDataStream contains the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

policyDataStream - the InputStream with the validation policy

Returns:

the validation reports

validateDocument

public Reports validateDocument(ConstraintsParameters validationPolicyJaxb)

Validates the document and all its signatures. The validationPolicyDom contains the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

validationPolicyJaxb - the ConstraintsParameters to use in the validation process

Returns:

the validation reports

validateDocument

public Reports validateDocument(ValidationPolicy validationPolicy)

Validates the document and all its signatures. The validationPolicyDom contains the constraint file. If null or empty the default file is used.

Specified by:

validateDocument in interface DocumentValidator

Parameters:

validationPolicy - the ValidationPolicy to use in the validation process

Returns:

the validation reports

assertConfigurationValid

protected void assertConfigurationValid()

This method verifies whether the configuration of the current instance of a document validator is valid

getDiagnosticData

public final XmlDiagnosticData getDiagnosticData()

This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g. AIA, CRL, OCSP (when applicable).

Returns:

XmlDiagnosticData

initializeDiagnosticDataBuilder

protected SignedDocumentDiagnosticDataBuilder initializeDiagnosticDataBuilder()

This method creates a format-specific implementation of the SignedDocumentDiagnosticDataBuilder

Returns:

SignedDocumentDiagnosticDataBuilder

processValidationPolicy

protected final Reports processValidationPolicy(XmlDiagnosticData diagnosticData,
 ValidationPolicy validationPolicy)

Executes the validation regarding the given validationPolicy

Parameters:

diagnosticData - DiagnosticData contained a data to be validated

validationPolicy - ValidationPolicy

Returns:

validation Reports

getSignatures

public List<AdvancedSignature> getSignatures()

Description copied from interface: DocumentValidator

Retrieves the signatures found in the document

Specified by:

getSignatures in interface DocumentValidator

Returns:

a list of AdvancedSignatures for validation purposes

getSignatureById

public AdvancedSignature getSignatureById(String signatureId)

Returns the signature with the given id. Processes custom TokenIdentifierProvider and counter signatures

Parameters:

signatureId - String id of a signature to be extracted

Returns:

AdvancedSignature with the given id if found, NULL otherwise

getDetachedTimestamps

public List<TimestampToken> getDetachedTimestamps()

Description copied from interface: DocumentValidator

Retrieves the detached timestamps found in the document

Specified by:

getDetachedTimestamps in interface DocumentValidator

Returns:

a list of TimestampToken for validation purposes

getDetachedEvidenceRecords

public List<EvidenceRecord> getDetachedEvidenceRecords()

Description copied from interface: DocumentValidator

Retrieves the detached evidence records found in the document

Specified by:

getDetachedEvidenceRecords in interface DocumentValidator

Returns:

a list of Evidence Records for validation purposes

getOriginalDocuments

public List<DSSDocument> getOriginalDocuments(String signatureId)

Description copied from interface: DocumentValidator

This method returns the signed document(s) without their signature(s)

Specified by:

getOriginalDocuments in interface DocumentValidator

Parameters:

signatureId - the DSS ID of the signature to extract original signer data for

Returns:

list of DSSDocuments

getOriginalDocuments

public List<DSSDocument> getOriginalDocuments(AdvancedSignature advancedSignature)

Description copied from interface: DocumentValidator

This method returns the signed document(s) without their signature(s)

Specified by:

getOriginalDocuments in interface DocumentValidator

Parameters:

advancedSignature - AdvancedSignature to find signer documents for

Returns:

list of DSSDocuments

getValidationData

public <T extends AdvancedSignature>
ValidationDataContainer getValidationData(Collection<T> signatures)

Description copied from interface: DocumentValidator

Extracts a validation data for provided collection of signatures

Specified by:

getValidationData in interface DocumentValidator

Type Parameters:

T - AdvancedSignature implementation

Parameters:

signatures - a collection of AdvancedSignatures

Returns:

ValidationDataContainer

getValidationData

public <T extends AdvancedSignature>
ValidationDataContainer getValidationData(Collection<T> signatures,
 Collection<TimestampToken> detachedTimestamps)

Description copied from interface: DocumentValidator

Extracts a validation data for provided collection of signatures and/or timestamps

Specified by:

getValidationData in interface DocumentValidator

Type Parameters:

T - AdvancedSignature implementation

Parameters:

signatures - a collection of AdvancedSignatures

detachedTimestamps - a collection of detached TimestampTokens

Returns:

ValidationDataContainer

getSignaturePolicyValidatorLoader

@Deprecated
public SignaturePolicyValidatorLoader getSignaturePolicyValidatorLoader()

Deprecated.

since DSS 6.1. Please use #getDocumentAnalyzer#getSignaturePolicyValidatorLoader method instead

Returns an instance of a corresponding to the format SignaturePolicyValidatorLoader

Returns:

SignaturePolicyValidatorLoader