Package eu.europa.esig.dss.policy
Class EtsiValidationPolicy
- java.lang.Object
-
- eu.europa.esig.dss.policy.EtsiValidationPolicy
-
- All Implemented Interfaces:
ValidationPolicy
public class EtsiValidationPolicy extends Object implements ValidationPolicy
This class encapsulates the constraint file that controls the policy to be used during the validation process. It adds the functions to direct access to the file data. It is the implementation of the ETSI 102853 standard.
-
-
Constructor Summary
Constructors Constructor Description EtsiValidationPolicy(ConstraintsParameters policy)
-
Method Summary
-
-
-
Constructor Detail
-
EtsiValidationPolicy
public EtsiValidationPolicy(ConstraintsParameters policy)
-
-
Method Detail
-
getAlgorithmExpirationDate
public Date getAlgorithmExpirationDate(String algorithm, Context context, SubContext subContext)
Description copied from interface:ValidationPolicyThis function returns the algorithm expiration date extracted from the 'constraint.xml' file. If the TAG AlgoExpirationDate is not present within the constraintsnullis returned.- Specified by:
getAlgorithmExpirationDatein interfaceValidationPolicy- Parameters:
algorithm- algorithm (SHA1, SHA256, RSA2048...) to be checked- Returns:
- expiration date or null
-
getSignaturePolicyConstraint
public MultiValuesConstraint getSignaturePolicyConstraint(Context context)
Description copied from interface:ValidationPolicyIndicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Specified by:
getSignaturePolicyConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getSignaturePolicyIdentifiedConstraint
public LevelConstraint getSignaturePolicyIdentifiedConstraint(Context context)
- Specified by:
getSignaturePolicyIdentifiedConstraintin interfaceValidationPolicy
-
getSignaturePolicyPolicyHashValid
public LevelConstraint getSignaturePolicyPolicyHashValid(Context context)
- Specified by:
getSignaturePolicyPolicyHashValidin interfaceValidationPolicy
-
getSignatureFormatConstraint
public MultiValuesConstraint getSignatureFormatConstraint(Context context)
- Specified by:
getSignatureFormatConstraintin interfaceValidationPolicy
-
getStructuralValidationConstraint
public LevelConstraint getStructuralValidationConstraint(Context context)
Description copied from interface:ValidationPolicyIndicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.- Specified by:
getStructuralValidationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif StructuralValidation element is present in the constraint file, null otherwise.
-
getSigningTimeConstraint
public LevelConstraint getSigningTimeConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.- Specified by:
getSigningTimeConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningTime element is present in the constraint file, null otherwise.
-
getContentTypeConstraint
public ValueConstraint getContentTypeConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.- Specified by:
getContentTypeConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentType element is present in the constraint file, null otherwise.
-
getCounterSignatureConstraint
public LevelConstraint getCounterSignatureConstraint()
- Specified by:
getCounterSignatureConstraintin interfaceValidationPolicy
-
getContentHintsConstraint
public ValueConstraint getContentHintsConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.- Specified by:
getContentHintsConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentHints element is present in the constraint file, null otherwise.
-
getContentIdentifierConstraint
public ValueConstraint getContentIdentifierConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.- Specified by:
getContentIdentifierConstraintin interfaceValidationPolicy- Returns:
ValueConstraintif ContentIdentifier element is present in the constraint file, null otherwise.
-
getMessageDigestOrSignedPropertiesConstraint
public LevelConstraint getMessageDigestOrSignedPropertiesConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: message-digest (for CAdES) or SignedProperties (for XAdES) should be checked. If the relative element is absent within the constraint file then null is returned.- Specified by:
getMessageDigestOrSignedPropertiesConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif message-digests/SignedProperties element is present in the constraint file, null otherwise.
-
getCommitmentTypeIndicationConstraint
public MultiValuesConstraint getCommitmentTypeIndicationConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.- Specified by:
getCommitmentTypeIndicationConstraintin interfaceValidationPolicy- Returns:
MultiValuesConstraintif CommitmentTypeIndication element is present in the constraint file, null otherwise.
-
getSignerLocationConstraint
public LevelConstraint getSignerLocationConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.- Specified by:
getSignerLocationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SignerLocation element is present in the constraint file, null otherwise.
-
getClaimedRoleConstraint
public MultiValuesConstraint getClaimedRoleConstraint()
Description copied from interface:ValidationPolicyIndicates if the unsigned property: claimed-role should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.- Specified by:
getClaimedRoleConstraintin interfaceValidationPolicy- Returns:
MultiValuesConstraintif ClaimedRoles element is present in the constraint file, null otherwise.
-
getCertifiedRolesConstraint
public MultiValuesConstraint getCertifiedRolesConstraint()
Description copied from interface:ValidationPolicyReturn the mandated signer role.- Specified by:
getCertifiedRolesConstraintin interfaceValidationPolicy- Returns:
-
getPolicyName
public String getPolicyName()
Description copied from interface:ValidationPolicyReturns the name of the policy.- Specified by:
getPolicyNamein interfaceValidationPolicy- Returns:
-
getPolicyDescription
public String getPolicyDescription()
Description copied from interface:ValidationPolicyReturns the policy description.- Specified by:
getPolicyDescriptionin interfaceValidationPolicy- Returns:
-
getSignatureCryptographicConstraint
public CryptographicConstraint getSignatureCryptographicConstraint(Context context)
Description copied from interface:ValidationPolicyThis method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Specified by:
getSignatureCryptographicConstraintin interfaceValidationPolicy- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getCertificateCryptographicConstraint
public CryptographicConstraint getCertificateCryptographicConstraint(Context context, SubContext subContext)
Description copied from interface:ValidationPolicyThis method creates theSignatureCryptographicConstraintcorresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.- Specified by:
getCertificateCryptographicConstraintin interfaceValidationPolicy- Parameters:
context- The context of the signature cryptographic constraints: MainSignature, Timestamp, RevocationsubContext- the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate- Returns:
SignatureCryptographicConstraintif AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
-
getDefaultCryptographicConstraint
public CryptographicConstraint getDefaultCryptographicConstraint()
-
getCertificateKeyUsageConstraint
public MultiValuesConstraint getCertificateKeyUsageConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateKeyUsageConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif key-usage for a given context element is present in the constraint file, null otherwise.
-
getCertificateExtendedKeyUsageConstraint
public MultiValuesConstraint getCertificateExtendedKeyUsageConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateExtendedKeyUsageConstraintin interfaceValidationPolicy
-
getCertificateSurnameConstraint
public MultiValuesConstraint getCertificateSurnameConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateSurnameConstraintin interfaceValidationPolicy
-
getCertificateGivenNameConstraint
public MultiValuesConstraint getCertificateGivenNameConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateGivenNameConstraintin interfaceValidationPolicy
-
getCertificateCommonNameConstraint
public MultiValuesConstraint getCertificateCommonNameConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateCommonNameConstraintin interfaceValidationPolicy
-
getCertificatePseudonymConstraint
public MultiValuesConstraint getCertificatePseudonymConstraint(Context context, SubContext subContext)
- Specified by:
getCertificatePseudonymConstraintin interfaceValidationPolicy
-
getCertificateCountryConstraint
public MultiValuesConstraint getCertificateCountryConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateCountryConstraintin interfaceValidationPolicy
-
getCertificateOrganizationNameConstraint
public MultiValuesConstraint getCertificateOrganizationNameConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateOrganizationNameConstraintin interfaceValidationPolicy
-
getCertificateOrganizationUnitConstraint
public MultiValuesConstraint getCertificateOrganizationUnitConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateOrganizationUnitConstraintin interfaceValidationPolicy
-
getCertificatePseudoUsageConstraint
public LevelConstraint getCertificatePseudoUsageConstraint(Context context, SubContext subContext)
- Specified by:
getCertificatePseudoUsageConstraintin interfaceValidationPolicy
-
getCertificateSerialNumberConstraint
public LevelConstraint getCertificateSerialNumberConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateSerialNumberConstraintin interfaceValidationPolicy
-
getCertificateNotExpiredConstraint
public LevelConstraint getCertificateNotExpiredConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateNotExpiredConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Expiration for a given context element is present in the constraint file, null otherwise.
-
getProspectiveCertificateChainConstraint
public LevelConstraint getProspectiveCertificateChainConstraint(Context context)
Description copied from interface:ValidationPolicyThis constraint requests the presence of the trust anchor in the certificate chain.- Specified by:
getProspectiveCertificateChainConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.
-
getCertificateAuthorityInfoAccessPresentConstraint
public LevelConstraint getCertificateAuthorityInfoAccessPresentConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateAuthorityInfoAccessPresentConstraintin interfaceValidationPolicy
-
getCertificateRevocationInfoAccessPresentConstraint
public LevelConstraint getCertificateRevocationInfoAccessPresentConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateRevocationInfoAccessPresentConstraintin interfaceValidationPolicy
-
getCertificateSignatureConstraint
public LevelConstraint getCertificateSignatureConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateSignatureConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Signature for a given context element is present in the constraint file, null otherwise.
-
getRevocationDataAvailableConstraint
public LevelConstraint getRevocationDataAvailableConstraint(Context context, SubContext subContext)
- Specified by:
getRevocationDataAvailableConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.
-
getRevocationDataNextUpdatePresentConstraint
public LevelConstraint getRevocationDataNextUpdatePresentConstraint(Context context, SubContext subContext)
- Specified by:
getRevocationDataNextUpdatePresentConstraintin interfaceValidationPolicy
-
getCertificateRevocationFreshnessConstraint
public LevelConstraint getCertificateRevocationFreshnessConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateRevocationFreshnessConstraintin interfaceValidationPolicy
-
getRevocationCertHashMatchConstraint
public LevelConstraint getRevocationCertHashMatchConstraint(Context context, SubContext subContext)
- Specified by:
getRevocationCertHashMatchConstraintin interfaceValidationPolicy
-
getCertificateNotRevokedConstraint
public LevelConstraint getCertificateNotRevokedConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateNotRevokedConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Revoked for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotOnHoldConstraint
public LevelConstraint getCertificateNotOnHoldConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateNotOnHoldConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif OnHold for a given context element is present in the constraint file, null otherwise.
-
getCertificateNotSelfSignedConstraint
public LevelConstraint getCertificateNotSelfSignedConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateNotSelfSignedConstraintin interfaceValidationPolicy
-
getCertificateSelfSignedConstraint
public LevelConstraint getCertificateSelfSignedConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateSelfSignedConstraintin interfaceValidationPolicy
-
getTrustedServiceStatusConstraint
public MultiValuesConstraint getTrustedServiceStatusConstraint(Context context)
- Specified by:
getTrustedServiceStatusConstraintin interfaceValidationPolicy
-
getTrustedServiceTypeIdentifierConstraint
public MultiValuesConstraint getTrustedServiceTypeIdentifierConstraint(Context context)
- Specified by:
getTrustedServiceTypeIdentifierConstraintin interfaceValidationPolicy
-
getCertificatePolicyIdsConstraint
public MultiValuesConstraint getCertificatePolicyIdsConstraint(Context context, SubContext subContext)
- Specified by:
getCertificatePolicyIdsConstraintin interfaceValidationPolicy
-
getCertificateQCStatementIdsConstraint
public MultiValuesConstraint getCertificateQCStatementIdsConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateQCStatementIdsConstraintin interfaceValidationPolicy
-
getCertificateIssuedToNaturalPersonConstraint
public LevelConstraint getCertificateIssuedToNaturalPersonConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateIssuedToNaturalPersonConstraintin interfaceValidationPolicy
-
getCertificateQualificationConstraint
public LevelConstraint getCertificateQualificationConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateQualificationConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Qualification for a given context element is present in the constraint file, null otherwise.
-
getCertificateSupportedByQSCDConstraint
public LevelConstraint getCertificateSupportedByQSCDConstraint(Context context, SubContext subContext)
Description copied from interface:ValidationPolicyIndicates if the end user certificate used in validating the signature is mandated to be supported by a secure signature creation device (QSCD).- Specified by:
getCertificateSupportedByQSCDConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SupportedByQSCD for a given context element is present in the constraint file, null otherwise.
-
getCertificateIssuedToLegalPersonConstraint
public LevelConstraint getCertificateIssuedToLegalPersonConstraint(Context context, SubContext subContext)
- Specified by:
getCertificateIssuedToLegalPersonConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateRecognitionConstraint
public LevelConstraint getSigningCertificateRecognitionConstraint(Context context)
- Specified by:
getSigningCertificateRecognitionConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif Recognition for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateAttributePresentConstraint
public LevelConstraint getSigningCertificateAttributePresentConstraint(Context context)
- Specified by:
getSigningCertificateAttributePresentConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValuePresentConstraint
public LevelConstraint getSigningCertificateDigestValuePresentConstraint(Context context)
- Specified by:
getSigningCertificateDigestValuePresentConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif DigestValuePresent for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateDigestValueMatchConstraint
public LevelConstraint getSigningCertificateDigestValueMatchConstraint(Context context)
- Specified by:
getSigningCertificateDigestValueMatchConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif DigestValueMatch for a given context element is present in the constraint file, null otherwise.
-
getSigningCertificateIssuerSerialMatchConstraint
public LevelConstraint getSigningCertificateIssuerSerialMatchConstraint(Context context)
- Specified by:
getSigningCertificateIssuerSerialMatchConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataExistenceConstraint
public LevelConstraint getReferenceDataExistenceConstraint(Context context)
- Specified by:
getReferenceDataExistenceConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.
-
getReferenceDataIntactConstraint
public LevelConstraint getReferenceDataIntactConstraint(Context context)
- Specified by:
getReferenceDataIntactConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.
-
getManifestEntryObjectExistenceConstraint
public LevelConstraint getManifestEntryObjectExistenceConstraint(Context context)
- Specified by:
getManifestEntryObjectExistenceConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ManifestEntryObjectExistence for a given context element is present in the constraint file, null otherwise.
-
getSignatureIntactConstraint
public LevelConstraint getSignatureIntactConstraint(Context context)
- Specified by:
getSignatureIntactConstraintin interfaceValidationPolicy- Returns:
ReferenceDataIntactif SignatureIntact for a given context element is present in the constraint file, null otherwise.
-
getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint
public LevelConstraint getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint()
- Specified by:
getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraintin interfaceValidationPolicy
-
getRevocationTimeAgainstBestSignatureTime
public LevelConstraint getRevocationTimeAgainstBestSignatureTime()
- Specified by:
getRevocationTimeAgainstBestSignatureTimein interfaceValidationPolicy
-
getTimestampCoherenceConstraint
public LevelConstraint getTimestampCoherenceConstraint()
- Specified by:
getTimestampCoherenceConstraintin interfaceValidationPolicy
-
getTimestampDelayConstraint
public TimeConstraint getTimestampDelayConstraint()
- Specified by:
getTimestampDelayConstraintin interfaceValidationPolicy
-
getRevocationFreshnessConstraint
public TimeConstraint getRevocationFreshnessConstraint()
- Specified by:
getRevocationFreshnessConstraintin interfaceValidationPolicy
-
getFullScopeConstraint
public LevelConstraint getFullScopeConstraint()
- Specified by:
getFullScopeConstraintin interfaceValidationPolicy
-
getContentTimestampConstraint
public LevelConstraint getContentTimestampConstraint()
Description copied from interface:ValidationPolicyIndicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.- Specified by:
getContentTimestampConstraintin interfaceValidationPolicy- Returns:
LevelConstraintif ContentTimeStamp element is present in the constraint file, null otherwise.
-
getAcceptedContainerTypesConstraint
public MultiValuesConstraint getAcceptedContainerTypesConstraint()
- Specified by:
getAcceptedContainerTypesConstraintin interfaceValidationPolicy
-
getZipCommentPresentConstraint
public LevelConstraint getZipCommentPresentConstraint()
- Specified by:
getZipCommentPresentConstraintin interfaceValidationPolicy
-
getAcceptedZipCommentsConstraint
public MultiValuesConstraint getAcceptedZipCommentsConstraint()
- Specified by:
getAcceptedZipCommentsConstraintin interfaceValidationPolicy
-
getMimeTypeFilePresentConstraint
public LevelConstraint getMimeTypeFilePresentConstraint()
- Specified by:
getMimeTypeFilePresentConstraintin interfaceValidationPolicy
-
getAcceptedMimeTypeContentsConstraint
public MultiValuesConstraint getAcceptedMimeTypeContentsConstraint()
- Specified by:
getAcceptedMimeTypeContentsConstraintin interfaceValidationPolicy
-
getAllFilesSignedConstraint
public LevelConstraint getAllFilesSignedConstraint()
- Specified by:
getAllFilesSignedConstraintin interfaceValidationPolicy
-
getManifestFilePresentConstraint
public LevelConstraint getManifestFilePresentConstraint()
- Specified by:
getManifestFilePresentConstraintin interfaceValidationPolicy
-
isEIDASConstraintPresent
public boolean isEIDASConstraintPresent()
- Specified by:
isEIDASConstraintPresentin interfaceValidationPolicy
-
getTLFreshnessConstraint
public TimeConstraint getTLFreshnessConstraint()
- Specified by:
getTLFreshnessConstraintin interfaceValidationPolicy
-
getTLWellSignedConstraint
public LevelConstraint getTLWellSignedConstraint()
- Specified by:
getTLWellSignedConstraintin interfaceValidationPolicy
-
getTLNotExpiredConstraint
public LevelConstraint getTLNotExpiredConstraint()
- Specified by:
getTLNotExpiredConstraintin interfaceValidationPolicy
-
getTLVersionConstraint
public ValueConstraint getTLVersionConstraint()
- Specified by:
getTLVersionConstraintin interfaceValidationPolicy
-
getTLConsistencyConstraint
public LevelConstraint getTLConsistencyConstraint()
- Specified by:
getTLConsistencyConstraintin interfaceValidationPolicy
-
getValidationModel
public Model getValidationModel()
Description copied from interface:ValidationPolicyReturns the used validation model (default is SHELL). Alternatives are CHAIN and HYBRID- Specified by:
getValidationModelin interfaceValidationPolicy- Returns:
- the validation model to be used
-
getSignatureConstraints
public SignatureConstraints getSignatureConstraints()
- Specified by:
getSignatureConstraintsin interfaceValidationPolicy
-
getCryptographic
public CryptographicConstraint getCryptographic()
- Specified by:
getCryptographicin interfaceValidationPolicy
-
-