Package eu.europa.esig.dss.validation
Class SignatureValidationContext
java.lang.Object
eu.europa.esig.dss.validation.SignatureValidationContext
- All Implemented Interfaces:
ValidationContext
public class SignatureValidationContext extends Object implements ValidationContext
During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP
Response. The SignatureValidationContext is a "cache" for
one validation request that contains every object retrieved so far.
-
Field Summary
Fields Modifier and Type Field Description protected DatecurrentTimeThis is the time at what the validation is carried out. -
Constructor Summary
Constructors Constructor Description SignatureValidationContext()This constructor is used during the signature creation process. -
Method Summary
Modifier and Type Method Description voidaddCertificateTokenForVerification(CertificateToken certificateToken)Adds a new certificate token to the list of tokens to verify.voidaddRevocationTokenForVerification(RevocationToken<Revocation> revocationToken)Adds a new revocation token to the list of tokens to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken)Adds a new timestamp token to the list of tokens to verify.booleancheckAllCertificatesValid()This method allows to verify if all processed certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)booleancheckAllPOECoveredByRevocationData()This method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)booleancheckAllRequiredRevocationDataPresent()This method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)booleancheckAllTimestampsValid()This method allows to verify if all processed timestamps are valid and intact.booleancheckAtLeastOneRevocationDataPresentAfterBestSignatureTime(CertificateToken signingCertificate)This method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)Map<CertificateToken,Set<CertificateSourceType>>getCertificateSourceTypes()Returns a map ofCertificateSourceTypebyCertificateTokenwhich contains the sources where the certificate was found.DategetCurrentTime()Set<CertificateToken>getProcessedCertificates()Returns a read only list of all certificates used in the process of the validation of all signatures from the given document.Set<RevocationToken<Revocation>>getProcessedRevocations()Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Set<TimestampToken>getProcessedTimestamps()Returns a read only list of all timestamps processed during the validation of all signatures from the given document.voidinitialize(CertificateVerifier certificateVerifier)voidsetCurrentTime(Date currentTime)This function sets the validation time.voidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
Field Details
-
currentTime
This is the time at what the validation is carried out. It is used only for test purpose.
-
-
Constructor Details
-
SignatureValidationContext
public SignatureValidationContext()This constructor is used during the signature creation process.
-
-
Method Details
-
initialize
- Specified by:
initializein interfaceValidationContext- Parameters:
certificateVerifier- The certificates verifier (eg: using the TSL as list of trusted certificates).
-
getCurrentTime
- Specified by:
getCurrentTimein interfaceValidationContext
-
setCurrentTime
Description copied from interface:ValidationContextThis function sets the validation time.- Specified by:
setCurrentTimein interfaceValidationContext- Parameters:
currentTime- the currentDate
-
addRevocationTokenForVerification
Description copied from interface:ValidationContextAdds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Specified by:
addRevocationTokenForVerificationin interfaceValidationContext- Parameters:
revocationToken- an instance ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
Description copied from interface:ValidationContextAdds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Specified by:
addCertificateTokenForVerificationin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
Description copied from interface:ValidationContextAdds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Specified by:
addTimestampTokenForVerificationin interfaceValidationContext- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
validate
public void validate()Description copied from interface:ValidationContextCarries out the validation process in recursive manner for not yet checked tokens.- Specified by:
validatein interfaceValidationContext
-
checkAllRequiredRevocationDataPresent
public boolean checkAllRequiredRevocationDataPresent()Description copied from interface:ValidationContextThis method allows to verify if all processed certificates have a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnMissingRevocationData(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllRequiredRevocationDataPresentin interfaceValidationContext- Returns:
- true if all needed revocation data are present
-
checkAllPOECoveredByRevocationData
public boolean checkAllPOECoveredByRevocationData()Description copied from interface:ValidationContextThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data Additionally, an alert can be handledCertificateVerifier.setAlertOnUncoveredPOE(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllPOECoveredByRevocationDatain interfaceValidationContext- Returns:
- true if all timestamps are covered by a usable revocation data
-
checkAllTimestampsValid
public boolean checkAllTimestampsValid()Description copied from interface:ValidationContextThis method allows to verify if all processed timestamps are valid and intact. Additionally, an alert can be handledCertificateVerifier.setAlertOnInvalidTimestamp(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllTimestampsValidin interfaceValidationContext- Returns:
- true if all timestamps are valid
-
checkAllCertificatesValid
public boolean checkAllCertificatesValid()Description copied from interface:ValidationContextThis method allows to verify if all processed certificates are not revoked Additionally, an alert can be handledCertificateVerifier.setAlertOnRevokedCertificate(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAllCertificatesValidin interfaceValidationContext- Returns:
- true if all certificates are valid
-
checkAtLeastOneRevocationDataPresentAfterBestSignatureTime
public boolean checkAtLeastOneRevocationDataPresentAfterBestSignatureTime(CertificateToken signingCertificate)Description copied from interface:ValidationContextThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time Additionally, an alert can be handledCertificateVerifier.setAlertOnNoRevocationAfterBestSignatureTime(eu.europa.esig.dss.alert.StatusAlert)- Specified by:
checkAtLeastOneRevocationDataPresentAfterBestSignatureTimein interfaceValidationContext- Parameters:
signingCertificate-CertificateTokensigning certificate of the signature to be checked- Returns:
- true if the signing certificate is covered with a updated revocation data (after signature-timestamp production time)
-
getProcessedCertificates
Description copied from interface:ValidationContextReturns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Specified by:
getProcessedCertificatesin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
getCertificateSourceTypes
Description copied from interface:ValidationContextReturns a map ofCertificateSourceTypebyCertificateTokenwhich contains the sources where the certificate was found.- Specified by:
getCertificateSourceTypesin interfaceValidationContext- Returns:
- a map of CertificateSourceType by CertificateToken
-
getProcessedRevocations
Description copied from interface:ValidationContextReturns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Specified by:
getProcessedRevocationsin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
getProcessedTimestamps
Description copied from interface:ValidationContextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.- Specified by:
getProcessedTimestampsin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-