Class SignatureValidationContext
java.lang.Object
eu.europa.esig.dss.spi.validation.SignatureValidationContext
- All Implemented Interfaces:
ValidationContext
During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP
Response. The SignatureValidationContext is a "cache" for
one validation request that contains every object retrieved so far.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected DateThis is the time at what the validation is carried out. -
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor instantiating object with null or empty values and current timeSignatureValidationContext(Date validationTime) Constructor instantiating object with null or empty values and provided time -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertificateTokenForVerification(CertificateToken certificateToken) Adds a new certificate token to the list of tokens to verify.voidaddDocumentCertificateSource(CertificateSource certificateSource) Adds an extracted certificate source to the used list of sourcesvoidaddDocumentCertificateSource(ListCertificateSource listCertificateSource) Adds a list certificate source to the used list of sourcesvoidaddDocumentCRLSource(ListRevocationSource<CRL> crlSource) Adds a list CRL source to the used list of sourcesvoidaddDocumentCRLSource(OfflineRevocationSource<CRL> crlSource) Adds an extracted CRL source to the used list of sourcesvoidaddDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource) Adds a listd OCSP source to the used list of sourcesvoidaddDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource) Adds an extracted OCSP source to the used list of sourcesvoidaddEvidenceRecordForVerification(EvidenceRecord evidenceRecord) Adds Evidence Record's content to proceed with validationvoidaddRevocationTokenForVerification(RevocationToken<?> revocationToken) Adds a new revocation token to the list of tokens to verify.voidaddSignatureForVerification(AdvancedSignature signature) Adds a new signature to collect the information to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken) Adds a new timestamp token to the list of tokens to verify.protected RevocationFreshnessStatusReturns the status of the POE covered by revocation data checkprotected TokenStatusReturns the status of the required revocation data present checkprotected RevocationFreshnessStatusReturns the status of the all signature certificates have fresh revocation data checkprotected TokenStatusReturns the status of the all signature certificates not revoked checkprotected SignatureStatusReturns the status of the all signatures not expired checkprotected TokenStatusReturns the status of the all timestamps valid checkprotected TokenStatuscertificateNotRevoked(CertificateToken certificateToken) Returns the status of the certificate not revoked checkbooleanThis method returns if all POE (timestamp tokens) are covered by a revocation data.booleanThis method returns if all processed certificates have a revocation data.booleanThis method returns whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production time.booleanThis method returns whether none of the signature's certificate chain certificates are not revoked, validating recursively.booleanThis method returns whether all signatures added to the ValidationContext are not yet expiredbooleanThis method returns if all processed timestamps are valid and intact.booleancheckCertificateNotRevoked(CertificateToken certificateToken) This method returns if the certificate is not revokedReturns a list of allCertificateSources used during the validation process.protected CertificateVerifierGets theCertificateVerifierinstanceGets the current validation time.Returns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))Returns a list of all CRLOfflineRevocationSources extracted from a validating documentReturns a list of all OCSPOfflineRevocationSources extracted from a validating documentReturns a read only list of all certificates used in the process of the validation of all signatures from the given document.Returns evidence records added to the validation contextSet<RevocationToken<?>> Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Returns signatures added to the validation contextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.getValidationData(AdvancedSignature signature) Returns a validation data for the given signature's certificate chaingetValidationData(TimestampToken timestampToken) Returns a validation data for the given timestampToken's certificate chainvoidinitialize(CertificateVerifier certificateVerifier) This method initializes theValidationContextby retrieving the relevant data fromcertificateVerifierprotected booleanisTimestampValid(TimestampToken timestampToken) This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objectsvoidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
Field Details
-
currentTime
This is the time at what the validation is carried out.
-
-
Constructor Details
-
SignatureValidationContext
public SignatureValidationContext()Default constructor instantiating object with null or empty values and current time -
SignatureValidationContext
-
-
Method Details
-
initialize
Description copied from interface:ValidationContextThis method initializes theValidationContextby retrieving the relevant data fromcertificateVerifier- Specified by:
initializein interfaceValidationContext- Parameters:
certificateVerifier- The certificate verifier (eg: using the TSL as list of trusted certificates).
-
getCertificateVerifier
Gets theCertificateVerifierinstance- Returns:
CertificateVerifier
-
addSignatureForVerification
Description copied from interface:ValidationContextAdds a new signature to collect the information to verify.- Specified by:
addSignatureForVerificationin interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract data to be verified
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds an extracted certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
certificateSource-CertificateSource
-
addDocumentCertificateSource
Description copied from interface:ValidationContextAdds a list certificate source to the used list of sources- Specified by:
addDocumentCertificateSourcein interfaceValidationContext- Parameters:
listCertificateSource-ListCertificateSource
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds an extracted CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-OfflineRevocationSourcefor CRL
-
addDocumentCRLSource
Description copied from interface:ValidationContextAdds a list CRL source to the used list of sources- Specified by:
addDocumentCRLSourcein interfaceValidationContext- Parameters:
crlSource-ListRevocationSourcefor CRL
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds an extracted OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-OfflineRevocationSourcefor OCSP
-
addDocumentOCSPSource
Description copied from interface:ValidationContextAdds a listd OCSP source to the used list of sources- Specified by:
addDocumentOCSPSourcein interfaceValidationContext- Parameters:
ocspSource-ListRevocationSourcefor OCSP
-
getCurrentTime
Description copied from interface:ValidationContextGets the current validation time.- Specified by:
getCurrentTimein interfaceValidationContext- Returns:
Date
-
getAllCertificateSources
Description copied from interface:ValidationContextReturns a list of allCertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).- Specified by:
getAllCertificateSourcesin interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCertificateSource
Description copied from interface:ValidationContextReturns a list of allCertificateSources extracted from a validating document (signature(s), timestamp(s))- Specified by:
getDocumentCertificateSourcein interfaceValidationContext- Returns:
ListCertificateSource
-
getDocumentCRLSource
Description copied from interface:ValidationContextReturns a list of all CRLOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentCRLSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
getDocumentOCSPSource
Description copied from interface:ValidationContextReturns a list of all OCSPOfflineRevocationSources extracted from a validating document- Specified by:
getDocumentOCSPSourcein interfaceValidationContext- Returns:
ListRevocationSource
-
addRevocationTokenForVerification
Description copied from interface:ValidationContextAdds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Specified by:
addRevocationTokenForVerificationin interfaceValidationContext- Parameters:
revocationToken- an instance ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
Description copied from interface:ValidationContextAdds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Specified by:
addCertificateTokenForVerificationin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
Description copied from interface:ValidationContextAdds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Specified by:
addTimestampTokenForVerificationin interfaceValidationContext- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
isTimestampValid
This method verifies whether atimestampTokenis valid and can be used as a valid POE for covered objects- Parameters:
timestampToken-TimestampTokento be checked- Returns:
- TRUE if the timestamp is valid, FALSE otherwise
-
addEvidenceRecordForVerification
Description copied from interface:ValidationContextAdds Evidence Record's content to proceed with validation- Specified by:
addEvidenceRecordForVerificationin interfaceValidationContext- Parameters:
evidenceRecord-EvidenceRecordto add content from
-
validate
public void validate()Description copied from interface:ValidationContextCarries out the validation process in recursive manner for not yet checked tokens.- Specified by:
validatein interfaceValidationContext
-
checkAllRequiredRevocationDataPresent
public boolean checkAllRequiredRevocationDataPresent()Description copied from interface:ValidationContextThis method returns if all processed certificates have a revocation data.NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllRequiredRevocationDataPresent()for handling the check with custom alerts.- Specified by:
checkAllRequiredRevocationDataPresentin interfaceValidationContext- Returns:
- true if all needed revocation data are present
-
allRequiredRevocationDataPresent
Returns the status of the required revocation data present check- Returns:
TokenStatus
-
checkAllPOECoveredByRevocationData
public boolean checkAllPOECoveredByRevocationData()Description copied from interface:ValidationContextThis method returns if all POE (timestamp tokens) are covered by a revocation data.NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllPOECoveredByRevocationData()for handling the check with custom alerts.- Specified by:
checkAllPOECoveredByRevocationDatain interfaceValidationContext- Returns:
- true if all timestamps are covered by a usable revocation data
-
allPOECoveredByRevocationData
Returns the status of the POE covered by revocation data check- Returns:
RevocationFreshnessStatus
-
checkAllTimestampsValid
public boolean checkAllTimestampsValid()Description copied from interface:ValidationContextThis method returns if all processed timestamps are valid and intact.NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllTimestampsValid()for handling the check with custom alerts.- Specified by:
checkAllTimestampsValidin interfaceValidationContext- Returns:
- true if all timestamps are valid
-
allTimestampsValid
Returns the status of the all timestamps valid check- Returns:
TokenStatus
-
checkCertificateNotRevoked
Description copied from interface:ValidationContextThis method returns if the certificate is not revokedNOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertCertificateNotRevoked(CertificateToken)for handling the check with custom alerts.- Specified by:
checkCertificateNotRevokedin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate to be checked- Returns:
- true if all certificates are valid
-
certificateNotRevoked
Returns the status of the certificate not revoked check- Parameters:
certificateToken-CertificateTokencertificate to be checked- Returns:
TokenStatus
-
checkAllSignatureCertificatesNotRevoked
public boolean checkAllSignatureCertificatesNotRevoked()Description copied from interface:ValidationContextThis method returns whether none of the signature's certificate chain certificates are not revoked, validating recursively.NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllSignatureCertificatesNotRevoked()for handling the check with custom alerts.- Specified by:
checkAllSignatureCertificatesNotRevokedin interfaceValidationContext- Returns:
- true if all certificates are valid
-
allSignatureCertificatesNotRevoked
Returns the status of the all signature certificates not revoked check- Returns:
TokenStatus
-
checkAllSignatureCertificateHaveFreshRevocationData
public boolean checkAllSignatureCertificateHaveFreshRevocationData()Description copied from interface:ValidationContextThis method returns whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production time.NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllSignatureCertificateHaveFreshRevocationData()for handling the check with custom alerts.- Specified by:
checkAllSignatureCertificateHaveFreshRevocationDatain interfaceValidationContext- Returns:
- true if all signature certificates have an updated revocation data (after signature-time-stamp production time)
-
allSignatureCertificateHaveFreshRevocationData
Returns the status of the all signature certificates have fresh revocation data check- Returns:
RevocationFreshnessStatus
-
checkAllSignaturesNotExpired
public boolean checkAllSignaturesNotExpired()Description copied from interface:ValidationContextThis method returns whether all signatures added to the ValidationContext are not yet expiredNOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see
ValidationAlerter.assertAllSignaturesNotExpired()for handling the check with custom alerts.- Specified by:
checkAllSignaturesNotExpiredin interfaceValidationContext- Returns:
- true if the signing certificate or its POE(s) not yet expired, false otherwise
-
allSignaturesNotExpired
Returns the status of the all signatures not expired check- Returns:
SignatureStatus
-
getProcessedSignatures
Description copied from interface:ValidationContextReturns signatures added to the validation context- Specified by:
getProcessedSignaturesin interfaceValidationContext- Returns:
- a set of
AdvancedSignatures
-
getProcessedCertificates
Description copied from interface:ValidationContextReturns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Specified by:
getProcessedCertificatesin interfaceValidationContext- Returns:
- a set of
CertificateTokens
-
getProcessedRevocations
Description copied from interface:ValidationContextReturns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Specified by:
getProcessedRevocationsin interfaceValidationContext- Returns:
- a set of
RevocationTokens
-
getProcessedTimestamps
Description copied from interface:ValidationContextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.- Specified by:
getProcessedTimestampsin interfaceValidationContext- Returns:
- a set of
TimestampTokens
-
getProcessedEvidenceRecords
Description copied from interface:ValidationContextReturns evidence records added to the validation context- Specified by:
getProcessedEvidenceRecordsin interfaceValidationContext- Returns:
- a set of
EvidenceRecords
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given signature's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
signature-AdvancedSignatureto extract validation data for- Returns:
ValidationData
-
getValidationData
Description copied from interface:ValidationContextReturns a validation data for the given timestampToken's certificate chain- Specified by:
getValidationDatain interfaceValidationContext- Parameters:
timestampToken-TimestampTokento extract validation data for- Returns:
ValidationData
-