Package eu.europa.esig.dss.validation

Interface CertificateVerifier

All Known Implementing Classes:
CommonCertificateVerifier
public interface CertificateVerifier
Provides information on the sources to be used in the validation process in the context of a signature.

  • Method Details

    • getOcspSource

      RevocationSource<OCSP> getOcspSource()
      Returns the OCSP source associated with this verifier.
      Returns:
      the used OCSP source for external access (web, filesystem, cached,...)

    • getCrlSource

      RevocationSource<CRL> getCrlSource()
      Returns the CRL source associated with this verifier.
      Returns:
      the used CRL source for external access (web, filesystem, cached,...)

    • setCrlSource

      void setCrlSource​(RevocationSource<CRL> crlSource)
      Defines the source of CRL used by this class
      Parameters:
      crlSource - the CRL source to set for external access (web, filesystem, cached,...)

    • setOcspSource

      void setOcspSource​(RevocationSource<OCSP> ocspSource)
      Defines the source of OCSP used by this class
      Parameters:
      ocspSource - the OCSP source to set for external access (web, filesystem, cached,...)

    • getTrustedCertSources

      ListCertificateSource getTrustedCertSources()
      Returns the trusted certificate sources associated with this verifier. These sources are used to identify the trusted anchors.
      Returns:
      the certificate sources which contain trusted certificates

    • setTrustedCertSource

      @Deprecated void setTrustedCertSource​(CertificateSource certSource)
      Deprecated.
      since 5.7. Will be removed in 5.8. Use setTrustedCertSources(CertificateSource... certSources) instead
      Sets the trusted certificate source.
      Parameters:
      certSource - The certificates source with known trusted certificates

    • setTrustedCertSources

      void setTrustedCertSources​(CertificateSource... certSources)
      Sets multiple trusted certificate sources.
      Parameters:
      certSources - The certificate sources with known trusted certificates

    • addTrustedCertSources

      void addTrustedCertSources​(CertificateSource... certSources)
      Adds trusted certificate sources to an existing list of trusted certificate sources
      Parameters:
      certSources - The certificate sources with known trusted certificates

    • setTrustedCertSources

      void setTrustedCertSources​(ListCertificateSource trustedListCertificateSource)
      Sets a list of trusted certificate sources
      Parameters:
      trustedListCertificateSource - ListCertificateSource of trusted cert sources

    • getAdjunctCertSources

      ListCertificateSource getAdjunctCertSources()
      Returns the list of adjunct certificate sources assigned to this verifier.
      Returns:
      the certificate source which contains additional certificate (missing CA,...)

    • setAdjunctCertSource

      @Deprecated void setAdjunctCertSource​(CertificateSource adjunctCertSource)
      Deprecated.
      since 5.7. Will be removed in 5.8. Use setAdjunctCertSource(CertificateSource... certSources) instead
      Sets an adjunct certificate source to this verifier.
      Parameters:
      adjunctCertSource - the certificate source with additional and missing certificates

    • setAdjunctCertSources

      void setAdjunctCertSources​(CertificateSource... certSources)
      Sets multiple adjunct certificate sources.
      Parameters:
      certSources - the certificate sources with additional and/or missing certificates

    • addAdjunctCertSources

      void addAdjunctCertSources​(CertificateSource... certSources)
      Adds adjunct certificate sources to an existing list of adjunct certificate sources
      Parameters:
      certSources - The certificate sources with additional certificates

    • setAdjunctCertSources

      void setAdjunctCertSources​(ListCertificateSource adjunctListCertificateSource)
      Sets a list of adjunct certificate sources
      Parameters:
      adjunctListCertificateSource - ListCertificateSource of adjunct cert sources

    • getDataLoader

      DataLoader getDataLoader()
      The data loader used to access AIA certificate source.
      Returns:
      the used data loaded to load AIA resources and policy files

    • setDataLoader

      void setDataLoader​(DataLoader dataLoader)
      The data loader used to access AIA certificate source. If this property is not set the default CommonsHttpDataLoader is created.
      Parameters:
      dataLoader - the used data loaded to load AIA resources and policy files

    • getSignatureCRLSource

      ListRevocationSource<CRL> getSignatureCRLSource()
      This method returns the CRL source (information extracted from signatures).
      Returns:
      the CRL sources from the signature

    • setSignatureCRLSource

      void setSignatureCRLSource​(ListRevocationSource<CRL> signatureCRLSource)
      This method allows to set the CRL source (information extracted from signatures).
      Parameters:
      signatureCRLSource - the CRL sources from the signature

    • getSignatureOCSPSource

      ListRevocationSource<OCSP> getSignatureOCSPSource()
      This method returns the OCSP source (information extracted from signatures).
      Returns:
      the OCSP sources from the signatures

    • setSignatureOCSPSource

      void setSignatureOCSPSource​(ListRevocationSource<OCSP> signatureOCSPSource)
      This method allows to set the OCSP source (information extracted from signatures).
      Parameters:
      signatureOCSPSource - the OCSP sources from the signature

    • getSignatureCertificateSource

      ListCertificateSource getSignatureCertificateSource()
      This method returns the Certificate Source (information extracted from signatures)
      Returns:
      the certificate sources from the signatures

    • setSignatureCertificateSource

      void setSignatureCertificateSource​(ListCertificateSource signatureCertificateSource)
      This method allows to set the Certificate source (information extracted from signatures).
      Parameters:
      signatureCertificateSource - the Certificate sources from the signatures

    • setDefaultDigestAlgorithm

      void setDefaultDigestAlgorithm​(DigestAlgorithm digestAlgorithm)
      This method allows to change the Digest Algorithm that will be used for tokens' digest calculation
      Parameters:
      digestAlgorithm - DigestAlgorithm to use

    • getDefaultDigestAlgorithm

      DigestAlgorithm getDefaultDigestAlgorithm()
      This method returns a default Digest Algorithm what will be used for digest calculation
      Returns:
      DigestAlgorithm

    • setAlertOnInvalidTimestamp

      void setAlertOnInvalidTimestamp​(StatusAlert alertOnInvalidTimestamp)
      This method allows to change the behavior on invalid timestamp (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.
      Parameters:
      alertOnInvalidTimestamp - defines a behaviour in case of invalid timestamp

    • getAlertOnInvalidTimestamp

      StatusAlert getAlertOnInvalidTimestamp()
      This method returns true if an exception needs to be thrown on invalid timestamp.
      Returns:
      StatusAlert to be processed in case of an invalid timestamp

    • setAlertOnMissingRevocationData

      void setAlertOnMissingRevocationData​(StatusAlert alertOnMissingRevocationData)
      This method allows to change the behavior on missing revocation data (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.
      Parameters:
      alertOnMissingRevocationData - defines a behaviour in case of missing revocation data

    • getAlertOnMissingRevocationData

      StatusAlert getAlertOnMissingRevocationData()
      This method returns true if an exception needs to be thrown on missing revocation data.
      Returns:
      StatusAlert to be processed in case of missing revocation data

    • setAlertOnRevokedCertificate

      void setAlertOnRevokedCertificate​(StatusAlert alertOnRevokedCertificate)
      This method allows to change the behavior on revoked certificates (LT/LTA augmentation). Default : ExceptionOnStatusAlert - throw an exception.
      Parameters:
      alertOnRevokedCertificate - defines a behaviour in case of revoked certificate

    • getAlertOnRevokedCertificate

      StatusAlert getAlertOnRevokedCertificate()
      This method returns true if an exception needs to be thrown on revoked certificate.
      Returns:
      StatusAlert to be processed in case of revoked certificate

    • setAlertOnNoRevocationAfterBestSignatureTime

      void setAlertOnNoRevocationAfterBestSignatureTime​(StatusAlert alertOnNoRevocationAfterBestSignatureTime)
      This method allows to change the behavior on revocation data issued after a control time. Default : LogOnStatusAlert - log a warning.
      Parameters:
      alertOnNoRevocationAfterBestSignatureTime - defines a behaviour in case of no revocation data issued after the bestSignatureTime

    • getAlertOnNoRevocationAfterBestSignatureTime

      StatusAlert getAlertOnNoRevocationAfterBestSignatureTime()
      This method returns true if an exception needs to be thrown in case if no revocation data obtained with an issuance time after the bestSignatureTime
      Returns:
      StatusAlert to be processed in case of no revocation data after best signature time

    • setAlertOnUncoveredPOE

      void setAlertOnUncoveredPOE​(StatusAlert alertOnUncoveredPOE)
      This method allows to change the behavior on uncovered POE (timestamp). Default : LogOnStatusAlert - log a warning.
      Parameters:
      alertOnUncoveredPOE - defines a behaviour in case of uncovered POE

    • getAlertOnUncoveredPOE

      StatusAlert getAlertOnUncoveredPOE()
      This method returns true if an exception needs to be thrown on uncovered POE(timestamp).
      Returns:
      StatusAlert to be processed in case of uncovered POE

    • setCheckRevocationForUntrustedChains

      void setCheckRevocationForUntrustedChains​(boolean enable)
      This method allows to enable revocation checking for untrusted certificate chains (default : false)
      Parameters:
      enable - true if revocation checking is allowed for untrusted certificate chains

    • isCheckRevocationForUntrustedChains

      boolean isCheckRevocationForUntrustedChains()
      This method returns true if revocation check is enabled for untrusted certificate chains.
      Returns:
      true if external revocation check is done for untrusted certificate chains