Package eu.europa.esig.dss.policy
Interface ValidationPolicy
- All Known Implementing Classes:
EtsiValidationPolicy
public interface ValidationPolicy
This class encapsulates the constraint file that controls the policy to be used during the validation process. This
is the base class used to implement a
specific validation policy
-
Method Summary
-
Method Details
-
getAlgorithmExpirationDate
This function returns the algorithm expiration date extracted from the 'constraint.xml' file. If the TAG AlgoExpirationDate is not present within the constraintsnullis returned.- Parameters:
algorithm- algorithm (SHA1, SHA256, RSA2048...) to be checked- Returns:
- expiration date or null
-
getSignaturePolicyConstraint
Indicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getSignaturePolicyIdentifiedConstraint
-
getSignaturePolicyPolicyHashValid
-
getStructuralValidationConstraint
Indicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.- Returns:
LevelConstraintif StructuralValidation element is present in the constraint file, null otherwise.
-
getSigningTimeConstraint
LevelConstraint getSigningTimeConstraint()Indicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getContentTypeConstraint
ValueConstraint getContentTypeConstraint()Indicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.- Returns:
ValueConstraintif ContentType element is present in the constraint file, null otherwise.
-
getContentHintsConstraint
ValueConstraint getContentHintsConstraint()Indicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.- Returns:
ValueConstraintif ContentHints element is present in the constraint file, null otherwise.
-
getContentIdentifierConstraint
ValueConstraint getContentIdentifierConstraint()Indicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.- Returns:
ValueConstraintif ContentIdentifier element is present in the constraint file, null otherwise.
-
getMessageDigestOrSignedPropertiesConstraint
LevelConstraint getMessageDigestOrSignedPropertiesConstraint()Indicates if the signed property: message-digest (for CAdES) or SignedProperties (for XAdES) should be checked. If the relative element is absent within the constraint file then null is returned.- Returns:
LevelConstraintif message-digests/SignedProperties element is present in the constraint file, null otherwise.
-
getCommitmentTypeIndicationConstraint
MultiValuesConstraint getCommitmentTypeIndicationConstraint()Indicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Returns:
MultiValuesConstraintif CommitmentTypeIndication element is present in the constraint file, null otherwise.
-
getSignerLocationConstraint
LevelConstraint getSignerLocationConstraint()Indicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.- Returns:
LevelConstraintif SignerLocation element is present in the constraint file, null otherwise.
-
getContentTimestampConstraint
LevelConstraint getContentTimestampConstraint()Indicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.- Returns:
LevelConstraintif ContentTimeStamp element is present in the constraint file, null otherwise.
-
getClaimedRoleConstraint
MultiValuesConstraint getClaimedRoleConstraint()Indicates if the unsigned property: claimed-role should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.- Returns:
MultiValuesConstraintif ClaimedRoles element is present in the constraint file, null otherwise.
-
getCertifiedRolesConstraint
MultiValuesConstraint getCertifiedRolesConstraint()Return the mandated signer role.- Returns:
-
getPolicyName
String getPolicyName()Returns the name of the policy.- Returns:
-
getPolicyDescription
String getPolicyDescription()Returns the policy description.- Returns:
-
getSignatureCryptographicConstraint
This method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getCertificateCryptographicConstraint
CryptographicConstraint getCertificateCryptographicConstraint(Context context, SubContext subContext)This method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, RevocationsubContext- the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getCertificateKeyUsageConstraint
- Parameters:
context-subContext-- Returns:
LevelConstraintif key-usage for a given context element is present in the constraint file, null otherwise.
-
getCertificateExtendedKeyUsageConstraint
MultiValuesConstraint getCertificateExtendedKeyUsageConstraint(Context context, SubContext subContext) -
getCertificateNotExpiredConstraint
- Parameters:
context-subContext-- Returns:
LevelConstraintif Expiration for a given context element is present in the constraint file, null otherwise.
-
getProspectiveCertificateChainConstraint
This constraint requests the presence of the trust anchor in the certificate chain.- Parameters:
context-- Returns:
LevelConstraintif ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.
-
getCertificateSignatureConstraint
- Parameters:
context-subContext-- Returns:
LevelConstraintif Signature for a given context element is present in the constraint file, null otherwise.
-
getUnknownStatusConstraint
LevelConstraint getUnknownStatusConstraint() -
getOCSPResponseCertHashPresentConstraint
LevelConstraint getOCSPResponseCertHashPresentConstraint() -
getOCSPResponseCertHashMatchConstraint
LevelConstraint getOCSPResponseCertHashMatchConstraint() -
getRevocationDataAvailableConstraint
- Parameters:
context-- Returns:
LevelConstraintif RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.
-
getRevocationDataNextUpdatePresentConstraint
LevelConstraint getRevocationDataNextUpdatePresentConstraint(Context context, SubContext subContext) -
getCertificateRevocationFreshnessConstraint
LevelConstraint getCertificateRevocationFreshnessConstraint(Context context, SubContext subContext) -
getCertificateNotRevokedConstraint
- Returns:
LevelConstraintif Revoked for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotOnHoldConstraint
- Returns:
LevelConstraintif OnHold for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotSelfSignedConstraint
-
getCertificateSelfSignedConstraint
-
getTrustedServiceTypeIdentifierConstraint
-
getTrustedServiceStatusConstraint
-
getCertificateQualificationConstraint
- Returns:
LevelConstraintif Qualification for a given context element is present in the constraint file, null otherwise.
-
getCertificateSupportedByQSCDConstraint
Indicates if the end user certificate used in validating the signature is mandated to be supported by a secure signature creation device (QSCD).- Returns:
LevelConstraintif SupportedByQSCD for a given context element is present in the constraint file, null otherwise.
-
getCertificateIssuedToLegalPersonConstraint
LevelConstraint getCertificateIssuedToLegalPersonConstraint(Context context, SubContext subContext)- Returns:
LevelConstraintif IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateRecognitionConstraint
- Returns:
LevelConstraintif Recognition for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateAttributePresentConstraint
- Returns:
LevelConstraintif SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.
-
getUnicitySigningCertificateAttributeConstraint
- Returns:
LevelConstraintif UnicitySigningCertificate for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValuePresentConstraint
- Returns:
LevelConstraintif DigestValuePresent for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValueMatchConstraint
- Returns:
LevelConstraintif DigestValueMatch for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateIssuerSerialMatchConstraint
- Returns:
LevelConstraintif IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataExistenceConstraint
- Returns:
LevelConstraintif ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataIntactConstraint
- Returns:
LevelConstraintif ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.
-
getManifestEntryObjectExistenceConstraint
- Returns:
LevelConstraintif ManifestEntryObjectExistence for a given context element is present in the constraint file, null otherwise.
-
getSignatureIntactConstraint
- Returns:
SignatureDataIntactif SignatureIntact for a given context element is present in the constraint file, null otherwise.
-
getSignatureDuplicatedConstraint
- Returns:
SignatureDuplicatedif SignatureDuplicated for a given context element is present in the constraint file, null otherwise.
-
getSignerInformationStoreConstraint
This constraint checks if only one SignerInfo is present into a SignerInformationStore NOTE: applicable only for PAdES- Parameters:
context-- Returns:
LevelConstraintif SignerInformationStore element for a given context element is present in the constraint file, null otherwise.
-
getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraint
LevelConstraint getBestSignatureTimeBeforeExpirationDateOfSigningCertificateConstraint()This constraint checks if the certificate is not expired on best-signature-time -
getTimestampCoherenceConstraint
LevelConstraint getTimestampCoherenceConstraint() -
getTimestampDelayConstraint
TimeConstraint getTimestampDelayConstraint() -
getRevocationTimeAgainstBestSignatureTime
LevelConstraint getRevocationTimeAgainstBestSignatureTime() -
getRevocationFreshnessConstraint
TimeConstraint getRevocationFreshnessConstraint() -
getCounterSignatureConstraint
LevelConstraint getCounterSignatureConstraint() -
getSignatureFormatConstraint
-
getCertificateCountryConstraint
-
getCertificateOrganizationNameConstraint
MultiValuesConstraint getCertificateOrganizationNameConstraint(Context context, SubContext subContext) -
getCertificateOrganizationUnitConstraint
MultiValuesConstraint getCertificateOrganizationUnitConstraint(Context context, SubContext subContext) -
getCertificateSurnameConstraint
-
getCertificateGivenNameConstraint
-
getCertificateCommonNameConstraint
-
getCertificatePseudonymConstraint
-
getCertificatePseudoUsageConstraint
-
getCertificateSerialNumberConstraint
-
getCertificateAuthorityInfoAccessPresentConstraint
LevelConstraint getCertificateAuthorityInfoAccessPresentConstraint(Context context, SubContext subContext) -
getCertificateRevocationInfoAccessPresentConstraint
LevelConstraint getCertificateRevocationInfoAccessPresentConstraint(Context context, SubContext subContext) -
getCertificatePolicyIdsConstraint
-
getCertificateQCStatementIdsConstraint
MultiValuesConstraint getCertificateQCStatementIdsConstraint(Context context, SubContext subContext) -
getCertificateIssuedToNaturalPersonConstraint
LevelConstraint getCertificateIssuedToNaturalPersonConstraint(Context context, SubContext subContext) -
getAcceptedContainerTypesConstraint
MultiValuesConstraint getAcceptedContainerTypesConstraint() -
getZipCommentPresentConstraint
LevelConstraint getZipCommentPresentConstraint() -
getAcceptedZipCommentsConstraint
MultiValuesConstraint getAcceptedZipCommentsConstraint() -
getMimeTypeFilePresentConstraint
LevelConstraint getMimeTypeFilePresentConstraint() -
getAcceptedMimeTypeContentsConstraint
MultiValuesConstraint getAcceptedMimeTypeContentsConstraint() -
getAllFilesSignedConstraint
LevelConstraint getAllFilesSignedConstraint() -
getManifestFilePresentConstraint
LevelConstraint getManifestFilePresentConstraint() -
getSignedFilesPresentConstraint
LevelConstraint getSignedFilesPresentConstraint() -
getFullScopeConstraint
LevelConstraint getFullScopeConstraint() -
isEIDASConstraintPresent
boolean isEIDASConstraintPresent() -
getTLFreshnessConstraint
TimeConstraint getTLFreshnessConstraint() -
getTLWellSignedConstraint
LevelConstraint getTLWellSignedConstraint() -
getTLNotExpiredConstraint
LevelConstraint getTLNotExpiredConstraint() -
getTLVersionConstraint
ValueConstraint getTLVersionConstraint() -
getValidationModel
Model getValidationModel()Returns the used validation model (default is SHELL). Alternatives are CHAIN and HYBRID- Returns:
- the validation model to be used
-
getSignatureConstraints
SignatureConstraints getSignatureConstraints() -
getTimestampConstraints
TimestampConstraints getTimestampConstraints() -
getRevocationConstraints
RevocationConstraints getRevocationConstraints() -
getEIDASConstraints
EIDAS getEIDASConstraints() -
getCryptographic
CryptographicConstraint getCryptographic()
-