Package eu.europa.esig.dss.policy

Interface ValidationPolicy

  • All Known Implementing Classes:
    EtsiValidationPolicy
    public interface ValidationPolicy
    This class encapsulates the constraint file that controls the policy to be used during the validation process. This is the base class used to implement a specific validation policy

    • Method Detail

      • getAlgorithmExpirationDate

        Date getAlgorithmExpirationDate​(String algorithm,
                                Context context,
                                SubContext subContext)
        This function returns the algorithm expiration date extracted from the 'constraint.xml' file. If the TAG AlgoExpirationDate is not present within the constraints null is returned.
        Parameters:
        algorithm - algorithm (SHA1, SHA256, RSA2048...) to be checked
        Returns:
        expiration date or null

      • getSignaturePolicyConstraint

        MultiValuesConstraint getSignaturePolicyConstraint​(Context context)
        Indicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.
        Returns:
        LevelConstraint if SigningTime element is present in the constraint file, null otherwise.

      • getSignaturePolicyIdentifiedConstraint

        LevelConstraint getSignaturePolicyIdentifiedConstraint​(Context context)

      • getStructuralValidationConstraint

        LevelConstraint getStructuralValidationConstraint​(Context context)
        Indicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.
        Returns:
        LevelConstraint if StructuralValidation element is present in the constraint file, null otherwise.

      • getSigningTimeConstraint

        LevelConstraint getSigningTimeConstraint()
        Indicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.
        Returns:
        LevelConstraint if SigningTime element is present in the constraint file, null otherwise.

      • getContentTypeConstraint

        ValueConstraint getContentTypeConstraint()
        Indicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.
        Returns:
        ValueConstraint if ContentType element is present in the constraint file, null otherwise.

      • getContentHintsConstraint

        ValueConstraint getContentHintsConstraint()
        Indicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.
        Returns:
        ValueConstraint if ContentHints element is present in the constraint file, null otherwise.

      • getContentIdentifierConstraint

        ValueConstraint getContentIdentifierConstraint()
        Indicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.
        Returns:
        ValueConstraint if ContentIdentifier element is present in the constraint file, null otherwise.

      • getMessageDigestOrSignedPropertiesConstraint

        LevelConstraint getMessageDigestOrSignedPropertiesConstraint()
        Indicates if the signed property: message-digest (for CAdES) or SignedProperties (for XAdES) should be checked. If the relative element is absent within the constraint file then null is returned.
        Returns:
        LevelConstraint if message-digests/SignedProperties element is present in the constraint file, null otherwise.

      • getCommitmentTypeIndicationConstraint

        MultiValuesConstraint getCommitmentTypeIndicationConstraint()
        Indicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is returned, otherwise the list of identifiers is initialised.
        Returns:
        MultiValuesConstraint if CommitmentTypeIndication element is present in the constraint file, null otherwise.

      • getSignerLocationConstraint

        LevelConstraint getSignerLocationConstraint()
        Indicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.
        Returns:
        LevelConstraint if SignerLocation element is present in the constraint file, null otherwise.

      • getContentTimestampConstraint

        LevelConstraint getContentTimestampConstraint()
        Indicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.
        Returns:
        LevelConstraint if ContentTimeStamp element is present in the constraint file, null otherwise.

      • getClaimedRoleConstraint

        MultiValuesConstraint getClaimedRoleConstraint()
        Indicates if the unsigned property: claimed-role should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.
        Returns:
        MultiValuesConstraint if ClaimedRoles element is present in the constraint file, null otherwise.

      • getCertifiedRolesConstraint

        MultiValuesConstraint getCertifiedRolesConstraint()
        Return the mandated signer role.
        Returns:

      • getPolicyName

        String getPolicyName()
        Returns the name of the policy.
        Returns:

      • getPolicyDescription

        String getPolicyDescription()
        Returns the policy description.
        Returns:

      • getSignatureCryptographicConstraint

        CryptographicConstraint getSignatureCryptographicConstraint​(Context context)
        This method creates the SignatureCryptographicConstraint corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.
        Parameters:
        context - The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
        Returns:
        SignatureCryptographicConstraint if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.

      • getCertificateCryptographicConstraint

        CryptographicConstraint getCertificateCryptographicConstraint​(Context context,
                                                              SubContext subContext)
        This method creates the SignatureCryptographicConstraint corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file the null is returned.
        Parameters:
        context - The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
        subContext - the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate
        Returns:
        SignatureCryptographicConstraint if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.

      • getCertificateKeyUsageConstraint

        MultiValuesConstraint getCertificateKeyUsageConstraint​(Context context,
                                                       SubContext subContext)
        Parameters:
        context -
        subContext -
        Returns:
        LevelConstraint if key-usage for a given context element is present in the constraint file, null otherwise.

      • getCertificateNotExpiredConstraint

        LevelConstraint getCertificateNotExpiredConstraint​(Context context,
                                                   SubContext subContext)
        Parameters:
        context -
        subContext -
        Returns:
        LevelConstraint if Expiration for a given context element is present in the constraint file, null otherwise.

      • getProspectiveCertificateChainConstraint

        LevelConstraint getProspectiveCertificateChainConstraint​(Context context)
        This constraint requests the presence of the trust anchor in the certificate chain.
        Parameters:
        context -
        Returns:
        LevelConstraint if ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.

      • getCertificateSignatureConstraint

        LevelConstraint getCertificateSignatureConstraint​(Context context,
                                                  SubContext subContext)
        Parameters:
        context -
        subContext -
        Returns:
        LevelConstraint if Signature for a given context element is present in the constraint file, null otherwise.

      • getRevocationDataAvailableConstraint

        LevelConstraint getRevocationDataAvailableConstraint​(Context context,
                                                     SubContext subContext)
        Parameters:
        context -
        Returns:
        LevelConstraint if RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.

      • getCertificateNotRevokedConstraint

        LevelConstraint getCertificateNotRevokedConstraint​(Context context,
                                                   SubContext subContext)
        Returns:
        LevelConstraint if Revoked for a given context element is present in the constraint file, null otherwise.

      • getCertificateNotOnHoldConstraint

        LevelConstraint getCertificateNotOnHoldConstraint​(Context context,
                                                  SubContext subContext)
        Returns:
        LevelConstraint if OnHold for a given context element is present in the constraint file, null otherwise.

      • getCertificateQualificationConstraint

        LevelConstraint getCertificateQualificationConstraint​(Context context,
                                                      SubContext subContext)
        Returns:
        LevelConstraint if Qualification for a given context element is present in the constraint file, null otherwise.

      • getCertificateSupportedByQSCDConstraint

        LevelConstraint getCertificateSupportedByQSCDConstraint​(Context context,
                                                        SubContext subContext)
        Indicates if the end user certificate used in validating the signature is mandated to be supported by a secure signature creation device (QSCD).
        Returns:
        LevelConstraint if SupportedByQSCD for a given context element is present in the constraint file, null otherwise.

      • getCertificateIssuedToLegalPersonConstraint

        LevelConstraint getCertificateIssuedToLegalPersonConstraint​(Context context,
                                                            SubContext subContext)
        Returns:
        LevelConstraint if IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.

      • getSigningCertificateRecognitionConstraint

        LevelConstraint getSigningCertificateRecognitionConstraint​(Context context)
        Returns:
        LevelConstraint if Recognition for a given context element is present in the constraint file, null otherwise.

      • getSigningCertificateAttributePresentConstraint

        LevelConstraint getSigningCertificateAttributePresentConstraint​(Context context)
        Returns:
        LevelConstraint if SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.

      • getSigningCertificateDigestValuePresentConstraint

        LevelConstraint getSigningCertificateDigestValuePresentConstraint​(Context context)
        Returns:
        LevelConstraint if DigestValuePresent for a given context element is present in the constraint file, null otherwise.

      • getSigningCertificateDigestValueMatchConstraint

        LevelConstraint getSigningCertificateDigestValueMatchConstraint​(Context context)
        Returns:
        LevelConstraint if DigestValueMatch for a given context element is present in the constraint file, null otherwise.

      • getSigningCertificateIssuerSerialMatchConstraint

        LevelConstraint getSigningCertificateIssuerSerialMatchConstraint​(Context context)
        Returns:
        LevelConstraint if IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.

      • getReferenceDataExistenceConstraint

        LevelConstraint getReferenceDataExistenceConstraint​(Context context)
        Returns:
        LevelConstraint if ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.

      • getReferenceDataIntactConstraint

        LevelConstraint getReferenceDataIntactConstraint​(Context context)
        Returns:
        LevelConstraint if ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.

      • getManifestEntryObjectExistenceConstraint

        LevelConstraint getManifestEntryObjectExistenceConstraint​(Context context)
        Returns:
        LevelConstraint if ManifestEntryObjectExistence for a given context element is present in the constraint file, null otherwise.

      • getSignatureIntactConstraint

        LevelConstraint getSignatureIntactConstraint​(Context context)
        Returns:
        ReferenceDataIntact if SignatureIntact for a given context element is present in the constraint file, null otherwise.

      • getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint

        LevelConstraint getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint()

      • getTimestampCoherenceConstraint

        LevelConstraint getTimestampCoherenceConstraint()

      • getTimestampDelayConstraint

        TimeConstraint getTimestampDelayConstraint()

      • getRevocationTimeAgainstBestSignatureTime

        LevelConstraint getRevocationTimeAgainstBestSignatureTime()

      • getRevocationFreshnessConstraint

        TimeConstraint getRevocationFreshnessConstraint()

      • getCounterSignatureConstraint

        LevelConstraint getCounterSignatureConstraint()

      • getCertificateAuthorityInfoAccessPresentConstraint

        LevelConstraint getCertificateAuthorityInfoAccessPresentConstraint​(Context context,
                                                                   SubContext subContext)

      • getCertificateRevocationInfoAccessPresentConstraint

        LevelConstraint getCertificateRevocationInfoAccessPresentConstraint​(Context context,
                                                                    SubContext subContext)

      • getZipCommentPresentConstraint

        LevelConstraint getZipCommentPresentConstraint()

      • getMimeTypeFilePresentConstraint

        LevelConstraint getMimeTypeFilePresentConstraint()

      • getAllFilesSignedConstraint

        LevelConstraint getAllFilesSignedConstraint()

      • getManifestFilePresentConstraint

        LevelConstraint getManifestFilePresentConstraint()

      • isEIDASConstraintPresent

        boolean isEIDASConstraintPresent()

      • getValidationModel

        Model getValidationModel()
        Returns the used validation model (default is SHELL). Alternatives are CHAIN and HYBRID
        Returns:
        the validation model to be used