Package eu.europa.esig.dss.policy
Class EtsiValidationPolicy
java.lang.Object
eu.europa.esig.dss.policy.EtsiValidationPolicy
- All Implemented Interfaces:
ValidationPolicy
public class EtsiValidationPolicy extends Object implements ValidationPolicy
This class encapsulates the constraint file that controls the policy to be used during the validation process. It
adds the functions to direct access to the
file data. It is the implementation of the ETSI 102853 standard.
-
Constructor Summary
Constructors Constructor Description EtsiValidationPolicy(ConstraintsParameters policy) -
Method Summary
-
Constructor Details
-
Method Details
-
getAlgorithmExpirationDate
Description copied from interface:ValidationPolicyThis function returns the algorithm expiration date extracted from the 'constraint.xml' file. If the TAG AlgoExpirationDate is not present within the constraintsnullis returned.- Specified by:
getAlgorithmExpirationDatein interfaceValidationPolicy- Parameters:
algorithm- algorithm (SHA1, SHA256, RSA2048...) to be checked- Returns:
- expiration date or null
-
getSignaturePolicyConstraint
Description copied from interface:ValidationPolicyIndicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Specified by:
getSignaturePolicyConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getSignaturePolicyIdentifiedConstraint
- Specified by:
getSignaturePolicyIdentifiedConstraintin interfaceValidationPolicy
-
getSignaturePolicyPolicyHashValid
- Specified by:
getSignaturePolicyPolicyHashValidin interfaceValidationPolicy
-
getSignatureFormatConstraint
- Specified by:
getSignatureFormatConstraintin interfaceValidationPolicy
-
getSignerInformationStoreConstraint
Description copied from interface:ValidationPolicyThis constraint checks if only one SignerInfo is present into a SignerInformationStore NOTE: applicable only for PAdES- Specified by:
getSignerInformationStoreConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SignerInformationStore element for a given context element is present in the constraint file, null otherwise.
-
getStructuralValidationConstraint
Description copied from interface:ValidationPolicyIndicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.- Specified by:
getStructuralValidationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif StructuralValidation element is present in the constraint file, null otherwise.
-
getSigningTimeConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.- Specified by:
getSigningTimeConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getContentTypeConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.- Specified by:
getContentTypeConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentType element is present in the constraint file, null otherwise.
-
getCounterSignatureConstraint
- Specified by:
getCounterSignatureConstraintin interfaceValidationPolicy
-
getContentHintsConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.- Specified by:
getContentHintsConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentHints element is present in the constraint file, null otherwise.
-
getContentIdentifierConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.- Specified by:
getContentIdentifierConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentIdentifier element is present in the constraint file, null otherwise.
-
getMessageDigestOrSignedPropertiesConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: message-digest (for CAdES) or SignedProperties (for XAdES) should be checked. If the relative element is absent within the constraint file then null is returned.- Specified by:
getMessageDigestOrSignedPropertiesConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif message-digests/SignedProperties element is present in the constraint file, null otherwise.
-
getCommitmentTypeIndicationConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Specified by:
getCommitmentTypeIndicationConstraintin interfaceValidationPolicy- Returns:
MultiValuesConstraintif CommitmentTypeIndication element is present in the constraint file, null otherwise.
-
getSignerLocationConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.- Specified by:
getSignerLocationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SignerLocation element is present in the constraint file, null otherwise.
-
getClaimedRoleConstraint
Description copied from interface:ValidationPolicyIndicates if the unsigned property: claimed-role should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.- Specified by:
getClaimedRoleConstraintin interfaceValidationPolicy- Returns:
MultiValuesConstraintif ClaimedRoles element is present in the constraint file, null otherwise.
-
getCertifiedRolesConstraint
Description copied from interface:ValidationPolicyReturn the mandated signer role.- Specified by:
getCertifiedRolesConstraintin interfaceValidationPolicy- Returns:
-
getPolicyName
Description copied from interface:ValidationPolicyReturns the name of the policy.- Specified by:
getPolicyNamein interfaceValidationPolicy- Returns:
-
getPolicyDescription
Description copied from interface:ValidationPolicyReturns the policy description.- Specified by:
getPolicyDescriptionin interfaceValidationPolicy- Returns:
-
getSignatureCryptographicConstraint
Description copied from interface:ValidationPolicyThis method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Specified by:
getSignatureCryptographicConstraintin interfaceValidationPolicy- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getCertificateCryptographicConstraint
public CryptographicConstraint getCertificateCryptographicConstraint(Context context, SubContext subContext)Description copied from interface:ValidationPolicyThis method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Specified by:
getCertificateCryptographicConstraintin interfaceValidationPolicy- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, RevocationsubContext- the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getDefaultCryptographicConstraint
-
getCertificateKeyUsageConstraint
public MultiValuesConstraint getCertificateKeyUsageConstraint(Context context, SubContext subContext)- Specified by:
getCertificateKeyUsageConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif key-usage for a given context element is present in the constraint file, null otherwise.
-
getCertificateExtendedKeyUsageConstraint
public MultiValuesConstraint getCertificateExtendedKeyUsageConstraint(Context context, SubContext subContext)- Specified by:
getCertificateExtendedKeyUsageConstraintin interfaceValidationPolicy
-
getCertificateSurnameConstraint
public MultiValuesConstraint getCertificateSurnameConstraint(Context context, SubContext subContext)- Specified by:
getCertificateSurnameConstraintin interfaceValidationPolicy
-
getCertificateGivenNameConstraint
public MultiValuesConstraint getCertificateGivenNameConstraint(Context context, SubContext subContext)- Specified by:
getCertificateGivenNameConstraintin interfaceValidationPolicy
-
getCertificateCommonNameConstraint
public MultiValuesConstraint getCertificateCommonNameConstraint(Context context, SubContext subContext)- Specified by:
getCertificateCommonNameConstraintin interfaceValidationPolicy
-
getCertificatePseudonymConstraint
public MultiValuesConstraint getCertificatePseudonymConstraint(Context context, SubContext subContext)- Specified by:
getCertificatePseudonymConstraintin interfaceValidationPolicy
-
getCertificateCountryConstraint
public MultiValuesConstraint getCertificateCountryConstraint(Context context, SubContext subContext)- Specified by:
getCertificateCountryConstraintin interfaceValidationPolicy
-
getCertificateOrganizationNameConstraint
public MultiValuesConstraint getCertificateOrganizationNameConstraint(Context context, SubContext subContext)- Specified by:
getCertificateOrganizationNameConstraintin interfaceValidationPolicy
-
getCertificateOrganizationUnitConstraint
public MultiValuesConstraint getCertificateOrganizationUnitConstraint(Context context, SubContext subContext)- Specified by:
getCertificateOrganizationUnitConstraintin interfaceValidationPolicy
-
getCertificatePseudoUsageConstraint
- Specified by:
getCertificatePseudoUsageConstraintin interfaceValidationPolicy
-
getCertificateSerialNumberConstraint
public LevelConstraint getCertificateSerialNumberConstraint(Context context, SubContext subContext)- Specified by:
getCertificateSerialNumberConstraintin interfaceValidationPolicy
-
getCertificateNotExpiredConstraint
- Specified by:
getCertificateNotExpiredConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Expiration for a given context element is present in the constraint file, null otherwise.
-
getProspectiveCertificateChainConstraint
Description copied from interface:ValidationPolicyThis constraint requests the presence of the trust anchor in the certificate chain.- Specified by:
getProspectiveCertificateChainConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.
-
getCertificateAuthorityInfoAccessPresentConstraint
public LevelConstraint getCertificateAuthorityInfoAccessPresentConstraint(Context context, SubContext subContext)- Specified by:
getCertificateAuthorityInfoAccessPresentConstraintin interfaceValidationPolicy
-
getCertificateRevocationInfoAccessPresentConstraint
public LevelConstraint getCertificateRevocationInfoAccessPresentConstraint(Context context, SubContext subContext)- Specified by:
getCertificateRevocationInfoAccessPresentConstraintin interfaceValidationPolicy
-
getCertificateSignatureConstraint
- Specified by:
getCertificateSignatureConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Signature for a given context element is present in the constraint file, null otherwise.
-
getUnknownStatusConstraint
- Specified by:
getUnknownStatusConstraintin interfaceValidationPolicy
-
getOCSPResponseCertHashPresentConstraint
- Specified by:
getOCSPResponseCertHashPresentConstraintin interfaceValidationPolicy
-
getOCSPResponseCertHashMatchConstraint
- Specified by:
getOCSPResponseCertHashMatchConstraintin interfaceValidationPolicy
-
getRevocationDataAvailableConstraint
public LevelConstraint getRevocationDataAvailableConstraint(Context context, SubContext subContext)- Specified by:
getRevocationDataAvailableConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.
-
getRevocationDataNextUpdatePresentConstraint
public LevelConstraint getRevocationDataNextUpdatePresentConstraint(Context context, SubContext subContext)- Specified by:
getRevocationDataNextUpdatePresentConstraintin interfaceValidationPolicy
-
getCertificateRevocationFreshnessConstraint
public LevelConstraint getCertificateRevocationFreshnessConstraint(Context context, SubContext subContext)- Specified by:
getCertificateRevocationFreshnessConstraintin interfaceValidationPolicy
-
getCertificateNotRevokedConstraint
- Specified by:
getCertificateNotRevokedConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Revoked for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotOnHoldConstraint
- Specified by:
getCertificateNotOnHoldConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif OnHold for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotSelfSignedConstraint
public LevelConstraint getCertificateNotSelfSignedConstraint(Context context, SubContext subContext)- Specified by:
getCertificateNotSelfSignedConstraintin interfaceValidationPolicy
-
getCertificateSelfSignedConstraint
- Specified by:
getCertificateSelfSignedConstraintin interfaceValidationPolicy
-
getTrustedServiceStatusConstraint
- Specified by:
getTrustedServiceStatusConstraintin interfaceValidationPolicy
-
getTrustedServiceTypeIdentifierConstraint
- Specified by:
getTrustedServiceTypeIdentifierConstraintin interfaceValidationPolicy
-
getCertificatePolicyIdsConstraint
public MultiValuesConstraint getCertificatePolicyIdsConstraint(Context context, SubContext subContext)- Specified by:
getCertificatePolicyIdsConstraintin interfaceValidationPolicy
-
getCertificateQCStatementIdsConstraint
public MultiValuesConstraint getCertificateQCStatementIdsConstraint(Context context, SubContext subContext)- Specified by:
getCertificateQCStatementIdsConstraintin interfaceValidationPolicy
-
getCertificateIssuedToNaturalPersonConstraint
public LevelConstraint getCertificateIssuedToNaturalPersonConstraint(Context context, SubContext subContext)- Specified by:
getCertificateIssuedToNaturalPersonConstraintin interfaceValidationPolicy
-
getCertificateQualificationConstraint
public LevelConstraint getCertificateQualificationConstraint(Context context, SubContext subContext)- Specified by:
getCertificateQualificationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Qualification for a given context element is present in the constraint file, null otherwise.
-
getCertificateSupportedByQSCDConstraint
public LevelConstraint getCertificateSupportedByQSCDConstraint(Context context, SubContext subContext)Description copied from interface:ValidationPolicyIndicates if the end user certificate used in validating the signature is mandated to be supported by a secure signature creation device (QSCD).- Specified by:
getCertificateSupportedByQSCDConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SupportedByQSCD for a given context element is present in the constraint file, null otherwise.
-
getCertificateIssuedToLegalPersonConstraint
public LevelConstraint getCertificateIssuedToLegalPersonConstraint(Context context, SubContext subContext)- Specified by:
getCertificateIssuedToLegalPersonConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateRecognitionConstraint
- Specified by:
getSigningCertificateRecognitionConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Recognition for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateAttributePresentConstraint
- Specified by:
getSigningCertificateAttributePresentConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.
-
getUnicitySigningCertificateAttributeConstraint
- Specified by:
getUnicitySigningCertificateAttributeConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif UnicitySigningCertificate for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValuePresentConstraint
- Specified by:
getSigningCertificateDigestValuePresentConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif DigestValuePresent for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValueMatchConstraint
- Specified by:
getSigningCertificateDigestValueMatchConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif DigestValueMatch for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateIssuerSerialMatchConstraint
- Specified by:
getSigningCertificateIssuerSerialMatchConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataExistenceConstraint
- Specified by:
getReferenceDataExistenceConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataIntactConstraint
- Specified by:
getReferenceDataIntactConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.
-
getManifestEntryObjectExistenceConstraint
- Specified by:
getManifestEntryObjectExistenceConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ManifestEntryObjectExistence for a given context element is present in the constraint file, null otherwise.
-
getSignatureIntactConstraint
- Specified by:
getSignatureIntactConstraintin interfaceValidationPolicy- Returns:
SignatureDataIntactif SignatureIntact for a given context element is present in the constraint file, null otherwise.
-
getSignatureDuplicatedConstraint
- Specified by:
getSignatureDuplicatedConstraintin interfaceValidationPolicy- Returns:
SignatureDuplicatedif SignatureDuplicated for a given context element is present in the constraint file, null otherwise.
-
getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraint
Description copied from interface:ValidationPolicyThis constraint checks if the certificate is not expired on best-signature-time- Specified by:
getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraintin interfaceValidationPolicy
-
getRevocationTimeAgainstBestSignatureTime
- Specified by:
getRevocationTimeAgainstBestSignatureTimein interfaceValidationPolicy
-
getTimestampCoherenceConstraint
- Specified by:
getTimestampCoherenceConstraintin interfaceValidationPolicy
-
getTimestampDelayConstraint
- Specified by:
getTimestampDelayConstraintin interfaceValidationPolicy
-
getRevocationFreshnessConstraint
- Specified by:
getRevocationFreshnessConstraintin interfaceValidationPolicy
-
getFullScopeConstraint
- Specified by:
getFullScopeConstraintin interfaceValidationPolicy
-
getContentTimestampConstraint
Description copied from interface:ValidationPolicyIndicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.- Specified by:
getContentTimestampConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ContentTimeStamp element is present in the constraint file, null otherwise.
-
getAcceptedContainerTypesConstraint
- Specified by:
getAcceptedContainerTypesConstraintin interfaceValidationPolicy
-
getZipCommentPresentConstraint
- Specified by:
getZipCommentPresentConstraintin interfaceValidationPolicy
-
getAcceptedZipCommentsConstraint
- Specified by:
getAcceptedZipCommentsConstraintin interfaceValidationPolicy
-
getMimeTypeFilePresentConstraint
- Specified by:
getMimeTypeFilePresentConstraintin interfaceValidationPolicy
-
getAcceptedMimeTypeContentsConstraint
- Specified by:
getAcceptedMimeTypeContentsConstraintin interfaceValidationPolicy
-
getAllFilesSignedConstraint
- Specified by:
getAllFilesSignedConstraintin interfaceValidationPolicy
-
getManifestFilePresentConstraint
- Specified by:
getManifestFilePresentConstraintin interfaceValidationPolicy
-
getSignedFilesPresentConstraint
- Specified by:
getSignedFilesPresentConstraintin interfaceValidationPolicy
-
isEIDASConstraintPresent
public boolean isEIDASConstraintPresent()- Specified by:
isEIDASConstraintPresentin interfaceValidationPolicy
-
getTLFreshnessConstraint
- Specified by:
getTLFreshnessConstraintin interfaceValidationPolicy
-
getTLWellSignedConstraint
- Specified by:
getTLWellSignedConstraintin interfaceValidationPolicy
-
getTLNotExpiredConstraint
- Specified by:
getTLNotExpiredConstraintin interfaceValidationPolicy
-
getTLVersionConstraint
- Specified by:
getTLVersionConstraintin interfaceValidationPolicy
-
getValidationModel
Description copied from interface:ValidationPolicyReturns the used validation model (default is SHELL). Alternatives are CHAIN and HYBRID- Specified by:
getValidationModelin interfaceValidationPolicy- Returns:
- the validation model to be used
-
getSignatureConstraints
- Specified by:
getSignatureConstraintsin interfaceValidationPolicy
-
getTimestampConstraints
- Specified by:
getTimestampConstraintsin interfaceValidationPolicy
-
getRevocationConstraints
- Specified by:
getRevocationConstraintsin interfaceValidationPolicy
-
getEIDASConstraints
- Specified by:
getEIDASConstraintsin interfaceValidationPolicy
-
getCryptographic
- Specified by:
getCryptographicin interfaceValidationPolicy
-