Package eu.europa.esig.dss.validation
Class SignedDocumentValidator
java.lang.Object
eu.europa.esig.dss.validation.SignedDocumentValidator
- All Implemented Interfaces:
DocumentValidator,ProcessExecutorProvider<DocumentProcessExecutor>
- Direct Known Subclasses:
AbstractASiCContainerValidator,CMSDocumentValidator,DetachedTimestampValidator,PDFDocumentValidator,XMLDocumentValidator
public abstract class SignedDocumentValidator extends Object implements DocumentValidator
Validates a signed document. The content of the document is determined
automatically. It can be: XML, CAdES(p7m), PDF or ASiC(zip).
SignatureScopeFinder can be set using the appropriate setter (ex.
setCadesSignatureScopeFinder). By default, this class will use the default
SignatureScopeFinder as defined by
eu.europa.esig.dss.validation.scope.SignatureScopeFinderFactory
-
Field Summary
Fields Modifier and Type Field Description protected CertificateVerifiercertificateVerifierThe reference to the certificate verifier.protected List<DSSDocument>containerContentsIn case of an ASiC signature thisListof container documents.protected List<DSSDocument>detachedContentsIn case of a detached signature thisListcontains the signed documents.protected DSSDocumentdocumentThe document to be validated (with the signature(s) or timestamp(s))protected List<ManifestFile>manifestFilesList of all foundManifestFilesprotected DocumentProcessExecutorprocessExecutorThis variable can hold a specificDocumentProcessExecutorprotected CertificateTokenprovidedSigningCertificateTokenprotected SignatureScopeFindersignatureScopeFinderprotected booleanskipValidationContextExecution -
Constructor Summary
Constructors Modifier Constructor Description protectedSignedDocumentValidator()protectedSignedDocumentValidator(SignatureScopeFinder signatureScopeFinder) -
Method Summary
Modifier and Type Method Description protected voidassertConfigurationValid()Checks if the Validator configuration is validvoiddefineSigningCertificate(CertificateToken token)This method allows to define the signing certificate.voidfindSignatureScopes(List<AdvancedSignature> allSignatures)Finds and assigns SignatureScopes for a list of signaturesstatic SignedDocumentValidatorfromDocument(DSSDocument dssDocument)This method guesses the document format and returns an appropriate document validator.protected List<AdvancedSignature>getAllSignatures()protected DigestAlgorithmgetDefaultDigestAlgorithm()Returns a default digest algorithm defined for a digest calculationDocumentProcessExecutorgetDefaultProcessExecutor()Returns a default for a validator process executorList<TimestampToken>getDetachedTimestamps()Retrieves the detached timestamps found in the documentprotected DiagnosticDataBuildergetDiagnosticDataBuilderConfiguration(ValidationContext validationContext, List<AdvancedSignature> signatures, ListRevocationSource<CRL> listCRLSource, ListRevocationSource<OCSP> listOCSPSource)protected SignaturePolicyProvidergetSignaturePolicyProvider()Returns a signaturePolicyProvider If not defined, returns a default providerList<AdvancedSignature>getSignatures()Retrieves the signatures found in the documentprotected DategetValidationTime()Returns validation time In case if the validation time is not provided, initialize the current time value from the systemabstract booleanisSupported(DSSDocument dssDocument)protected ListCertificateSourcemergeCertificateSource(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the Certificate sources.protected ListRevocationSource<CRL>mergeCRLSources(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the CRL sources.protected ListRevocationSource<OCSP>mergeOCSPSources(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the OCSP sources.protected voidprepareCertificatesAndTimestamps(ValidationContext validationContext, List<AdvancedSignature> allSignatureList)protected voidprepareCertificateVerifier(ListRevocationSource<CRL> listCRLSource, ListRevocationSource<OCSP> listOCSPSource, ListCertificateSource listCertificateSource)Sets revocation sources for a following certificate validationvoidprepareDetachedTimestampValidationContext(ValidationContext validationContext, List<TimestampToken> timestamps)Prepares thevalidationContextfor a timestamp validation processprotected DiagnosticDataBuilderprepareDiagnosticDataBuilder(ValidationContext validationContext)Creates a DiagnosticData to pass to the validation processvoidprepareSignatureValidationContext(ValidationContext validationContext, List<AdvancedSignature> allSignatureList)Prepares thevalidationContextfor signature validation process and returns a list of signatures to validatevoidprocessSignaturesValidation(List<AdvancedSignature> allSignatureList)This method process the signature validation on the givenallSignatureListprotected ReportsprocessValidationPolicy(XmlDiagnosticData diagnosticData, ValidationPolicy validationPolicy)Executes the validation regarding to the givenvalidationPolicyprotected DocumentProcessExecutorprovideProcessExecutorInstance()This method returns the process executor.voidsetCertificateVerifier(CertificateVerifier certificateVerifier)To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed.voidsetContainerContents(List<DSSDocument> containerContents)Sets theListofDSSDocumentcontaining the original container content for ASiC signatures.voidsetDetachedContents(List<DSSDocument> detachedContents)Sets theListofDSSDocumentcontaining the original contents to sign, for detached signature scenarios.voidsetEnableEtsiValidationReport(boolean enableEtsiValidationReport)This method allows to specify if the ETSI Validation Report must be generated.voidsetIncludeSemantics(boolean include)This method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by defaultvoidsetLocale(Locale locale)voidsetManifestFiles(List<ManifestFile> manifestFiles)Sets theListofManifestFiles found in the signature file.voidsetProcessExecutor(DocumentProcessExecutor processExecutor)This method provides the possibility to set the specificCustomProcessExecutorvoidsetSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)This method allows to set a provider for Signature policiesprotected voidsetSignedScopeFinderDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)voidsetSkipValidationContextExecution(boolean skipValidationContextExecution)voidsetTokenExtractionStategy(TokenExtractionStategy tokenExtractionStategy)This method allows to set the token extraction strategy to follow in the diagnostic data generation.voidsetValidationLevel(ValidationLevel validationLevel)This method allows to specify the validation level (Basic / Timestamp / Long Term / Archival).voidsetValidationTime(Date validationTime)Allows to define a custom validation timeprotected voidvalidateContext(ValidationContext validationContext)Process the validationReportsvalidateDocument()Validates the document and all its signatures.ReportsvalidateDocument(ConstraintsParameters validationPolicyJaxb)Validates the document and all its signatures.ReportsvalidateDocument(ValidationPolicy validationPolicy)Validates the document and all its signatures.ReportsvalidateDocument(File policyFile)Validates the document and all its signatures.ReportsvalidateDocument(InputStream policyDataStream)Validates the document and all its signatures.ReportsvalidateDocument(String policyResourcePath)Validates the document and all its signatures.ReportsvalidateDocument(URL validationPolicyURL)Validates the document and all its signatures.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface eu.europa.esig.dss.validation.DocumentValidator
getOriginalDocuments, getOriginalDocuments
-
Field Details
-
processExecutor
This variable can hold a specificDocumentProcessExecutor -
document
The document to be validated (with the signature(s) or timestamp(s)) -
detachedContents
In case of a detached signature thisListcontains the signed documents. -
containerContents
In case of an ASiC signature thisListof container documents. -
manifestFiles
List of all foundManifestFiles -
providedSigningCertificateToken
-
certificateVerifier
The reference to the certificate verifier. The current DSS implementation proposesCommonCertificateVerifier. This verifier encapsulates the references to different sources used in the signature validation process. -
signatureScopeFinder
-
skipValidationContextExecution
protected boolean skipValidationContextExecution
-
-
Constructor Details
-
SignedDocumentValidator
protected SignedDocumentValidator() -
SignedDocumentValidator
-
-
Method Details
-
setSignedScopeFinderDefaultDigestAlgorithm
-
fromDocument
This method guesses the document format and returns an appropriate document validator.- Parameters:
dssDocument- The instance ofDSSDocumentto validate- Returns:
- returns the specific instance of SignedDocumentValidator in terms of the document type
-
isSupported
-
defineSigningCertificate
Description copied from interface:DocumentValidatorThis method allows to define the signing certificate. It is useful in the case of non AdES signatures.- Specified by:
defineSigningCertificatein interfaceDocumentValidator
-
setCertificateVerifier
To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed. The certificate verifier is used to pass these values. Note that once this setter is called any change in the content of theCommonTrustedCertificateSourceor in adjunct certificate source is not taken into account.- Specified by:
setCertificateVerifierin interfaceDocumentValidator- Parameters:
certificateVerifier-
-
setTokenExtractionStategy
Description copied from interface:DocumentValidatorThis method allows to set the token extraction strategy to follow in the diagnostic data generation.- Specified by:
setTokenExtractionStategyin interfaceDocumentValidator- Parameters:
tokenExtractionStategy- theTokenExtractionStategy
-
setIncludeSemantics
public void setIncludeSemantics(boolean include)Description copied from interface:DocumentValidatorThis method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by default- Specified by:
setIncludeSemanticsin interfaceDocumentValidator- Parameters:
include- true to enable the inclusion of the semantics
-
setDetachedContents
Description copied from interface:DocumentValidatorSets theListofDSSDocumentcontaining the original contents to sign, for detached signature scenarios.- Specified by:
setDetachedContentsin interfaceDocumentValidator- Parameters:
detachedContents- theListofDSSDocumentto set
-
setContainerContents
Description copied from interface:DocumentValidatorSets theListofDSSDocumentcontaining the original container content for ASiC signatures.- Specified by:
setContainerContentsin interfaceDocumentValidator- Parameters:
containerContents- theListofDSSDocumentto set
-
setManifestFiles
Description copied from interface:DocumentValidatorSets theListofManifestFiles found in the signature file.- Specified by:
setManifestFilesin interfaceDocumentValidator- Parameters:
manifestFiles- theListofManifestFileto set
-
getDefaultDigestAlgorithm
Returns a default digest algorithm defined for a digest calculation- Returns:
DigestAlgorithm
-
setValidationTime
Allows to define a custom validation time- Specified by:
setValidationTimein interfaceDocumentValidator- Parameters:
validationTime-Date
-
getValidationTime
Returns validation time In case if the validation time is not provided, initialize the current time value from the system- Returns:
Datevalidation time
-
setValidationLevel
Description copied from interface:DocumentValidatorThis method allows to specify the validation level (Basic / Timestamp / Long Term / Archival). By default, the selected validation is ARCHIVAL- Specified by:
setValidationLevelin interfaceDocumentValidator- Parameters:
validationLevel-ValidationLevel
-
setEnableEtsiValidationReport
public void setEnableEtsiValidationReport(boolean enableEtsiValidationReport)Description copied from interface:DocumentValidatorThis method allows to specify if the ETSI Validation Report must be generated. By default the value if TRUE (the ETSI Validation report will be generated).- Specified by:
setEnableEtsiValidationReportin interfaceDocumentValidator- Parameters:
enableEtsiValidationReport- - TRUE if the report must be generated, FALSE otherwise
-
validateDocument
Description copied from interface:DocumentValidatorValidates the document and all its signatures. The default constraint file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Returns:
Reports: diagnostic data, detailed report and simple report
-
validateDocument
Description copied from interface:DocumentValidatorValidates the document and all its signatures. If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Returns:
Reports: diagnostic data, detailed report and simple report
-
validateDocument
Description copied from interface:DocumentValidatorValidates the document and all its signatures. The policyResourcePath specifies the constraint file. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Parameters:
policyResourcePath- is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem- Returns:
Reports: diagnostic data, detailed report and simple report
-
validateDocument
Description copied from interface:DocumentValidatorValidates the document and all its signatures. TheFileparameter specifies the constraint file. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Parameters:
policyFile- contains the validation policy (xml) asFile- Returns:
Reports: diagnostic data, detailed report and simple report
-
validateDocument
Validates the document and all its signatures. The policyDataStream contains the constraint file. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Parameters:
policyDataStream- theInputStreamwith the validation policy- Returns:
- the validation reports
-
validateDocument
Validates the document and all its signatures. ThevalidationPolicyDomcontains the constraint file. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Parameters:
validationPolicyJaxb- theConstraintsParametersto use in the validation process- Returns:
- the validation reports
-
validateDocument
Validates the document and all its signatures. ThevalidationPolicyDomcontains the constraint file. If null or empty the default file is used.- Specified by:
validateDocumentin interfaceDocumentValidator- Parameters:
validationPolicy- theValidationPolicyto use in the validation process- Returns:
- the validation reports
-
assertConfigurationValid
protected void assertConfigurationValid()Checks if the Validator configuration is valid -
prepareDiagnosticDataBuilder
Creates a DiagnosticData to pass to the validation process- Parameters:
validationContext-ValidationContext- Returns:
DiagnosticData
-
getDiagnosticDataBuilderConfiguration
protected DiagnosticDataBuilder getDiagnosticDataBuilderConfiguration(ValidationContext validationContext, List<AdvancedSignature> signatures, ListRevocationSource<CRL> listCRLSource, ListRevocationSource<OCSP> listOCSPSource) -
prepareCertificateVerifier
protected void prepareCertificateVerifier(ListRevocationSource<CRL> listCRLSource, ListRevocationSource<OCSP> listOCSPSource, ListCertificateSource listCertificateSource)Sets revocation sources for a following certificate validation- Parameters:
listCRLSource-ListRevocationSourcelistOCSPSource-ListRevocationSourcelistCertificateSource-ListCertificateSource
-
mergeCRLSources
protected ListRevocationSource<CRL> mergeCRLSources(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the CRL sources.- Parameters:
allSignatureList-CollectionofAdvancedSignatures to validate including the counter-signaturesdetachedTimestamps-CollectionofTimestampTokens detached to a validating file- Returns:
- merged CRL Source
-
mergeOCSPSources
protected ListRevocationSource<OCSP> mergeOCSPSources(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the OCSP sources.- Parameters:
allSignatureList-CollectionofAdvancedSignatures to validate including the counter-signaturesdetachedTimestamps-CollectionofTimestampTokens detached to a validating file- Returns:
- merged OCSP Source
-
mergeCertificateSource
protected ListCertificateSource mergeCertificateSource(Collection<AdvancedSignature> allSignatureList, Collection<TimestampToken> detachedTimestamps)For all signatures to be validated this method merges the Certificate sources.- Parameters:
allSignatureList-CollectionofAdvancedSignatures to validate including the counter-signaturesdetachedTimestamps-CollectionofTimestampTokens detached to a validating file- Returns:
- merged Certificate Source
-
prepareSignatureValidationContext
public void prepareSignatureValidationContext(ValidationContext validationContext, List<AdvancedSignature> allSignatureList)Description copied from interface:DocumentValidatorPrepares thevalidationContextfor signature validation process and returns a list of signatures to validate- Specified by:
prepareSignatureValidationContextin interfaceDocumentValidator- Parameters:
validationContext-ValidationContextallSignatureList- a list of allAdvancedSignatures to be validated
-
prepareCertificatesAndTimestamps
protected void prepareCertificatesAndTimestamps(ValidationContext validationContext, List<AdvancedSignature> allSignatureList)- Parameters:
allSignatureList-ListofAdvancedSignatures to validate including the countersignaturesvalidationContext-ValidationContextis the implementation of the validators for: certificates, timestamps and revocation data.
-
prepareDetachedTimestampValidationContext
public void prepareDetachedTimestampValidationContext(ValidationContext validationContext, List<TimestampToken> timestamps)Prepares thevalidationContextfor a timestamp validation process- Specified by:
prepareDetachedTimestampValidationContextin interfaceDocumentValidator- Parameters:
validationContext-ValidationContexttimestamps- a list of timestamps
-
validateContext
Process the validation- Parameters:
validationContext-ValidationContextto process
-
setSignaturePolicyProvider
Description copied from interface:DocumentValidatorThis method allows to set a provider for Signature policies- Specified by:
setSignaturePolicyProviderin interfaceDocumentValidator
-
getSignaturePolicyProvider
Returns a signaturePolicyProvider If not defined, returns a default provider- Returns:
SignaturePolicyProvider
-
setProcessExecutor
Description copied from interface:ProcessExecutorProviderThis method provides the possibility to set the specificCustomProcessExecutor- Specified by:
setProcessExecutorin interfaceProcessExecutorProvider<DocumentProcessExecutor>
-
provideProcessExecutorInstance
This method returns the process executor. If the instance of this class is not yet instantiated then the new instance is created.- Returns:
SignatureProcessExecutor
-
getDefaultProcessExecutor
Description copied from interface:ProcessExecutorProviderReturns a default for a validator process executor- Specified by:
getDefaultProcessExecutorin interfaceProcessExecutorProvider<DocumentProcessExecutor>- Returns:
- Process Executor
-
processValidationPolicy
protected final Reports processValidationPolicy(XmlDiagnosticData diagnosticData, ValidationPolicy validationPolicy)Executes the validation regarding to the givenvalidationPolicy- Parameters:
diagnosticData-DiagnosticDatacontained a data to be validatedvalidationPolicy-ValidationPolicy- Returns:
- validation
Reports
-
getAllSignatures
-
getSignatures
Description copied from interface:DocumentValidatorRetrieves the signatures found in the document- Specified by:
getSignaturesin interfaceDocumentValidator- Returns:
- a list of AdvancedSignatures for validation purposes
-
getDetachedTimestamps
Description copied from interface:DocumentValidatorRetrieves the detached timestamps found in the document- Specified by:
getDetachedTimestampsin interfaceDocumentValidator- Returns:
- a list of TimestampToken for validation purposes
-
processSignaturesValidation
Description copied from interface:DocumentValidatorThis method process the signature validation on the givenallSignatureList- Specified by:
processSignaturesValidationin interfaceDocumentValidator- Parameters:
allSignatureList- list ofAdvancedSignatures to be validated
-
findSignatureScopes
Finds and assigns SignatureScopes for a list of signatures- Specified by:
findSignatureScopesin interfaceDocumentValidator- Parameters:
allSignatures- a list ofAdvancedSignatures to get a SignatureScope list
-
setSkipValidationContextExecution
public void setSkipValidationContextExecution(boolean skipValidationContextExecution) -
setLocale
-