Package eu.europa.esig.dss.validation

Interface CertificateVerifier

  • All Known Implementing Classes:
    CommonCertificateVerifier
    public interface CertificateVerifier
    Provides information on the sources to be used in the validation process in the context of a signature.

    • Method Detail

      • getOcspSource

        OCSPSource getOcspSource()
        Returns the OCSP source associated with this verifier.
        Returns:
        the used OCSP source for external access (web, filesystem, cached,...)

      • getCrlSource

        CRLSource getCrlSource()
        Returns the CRL source associated with this verifier.
        Returns:
        the used CRL source for external access (web, filesystem, cached,...)

      • setCrlSource

        void setCrlSource​(CRLSource crlSource)
        Defines the source of CRL used by this class
        Parameters:
        crlSource - the CRL source to set for external access (web, filesystem, cached,...)

      • setOcspSource

        void setOcspSource​(OCSPSource ocspSource)
        Defines the source of OCSP used by this class
        Parameters:
        ocspSource - the OCSP source to set for external access (web, filesystem, cached,...)

      • getTrustedCertSource

        CertificateSource getTrustedCertSource()
        Returns the trusted certificates source associated with this verifier. This source is used to identify the trusted anchors.
        Returns:
        the certificate source which contains trusted certificates

      • setTrustedCertSource

        void setTrustedCertSource​(CertificateSource certSource)
        Sets the trusted certificates source.
        Parameters:
        certSource - The certificates source with known trusted certificates

      • getAdjunctCertSource

        CertificateSource getAdjunctCertSource()
        Returns the adjunct certificates source associated with this verifier.
        Returns:
        the certificate source which contains additional certificate (missing CA,...)

      • setAdjunctCertSource

        void setAdjunctCertSource​(CertificateSource adjunctCertSource)
        Associates an adjunct certificates source to this verifier.
        Parameters:
        adjunctCertSource - the certificate source with additional and missing certificates

      • getDataLoader

        DataLoader getDataLoader()
        The data loader used to access AIA certificate source.
        Returns:
        the used data loaded to load AIA resources and policy files

      • setDataLoader

        void setDataLoader​(DataLoader dataLoader)
        The data loader used to access AIA certificate source. If this property is not set the default CommonsHttpDataLoader is created.
        Parameters:
        dataLoader - the used data loaded to load AIA resources and policy files

      • getSignatureCRLSource

        ListCRLSource getSignatureCRLSource()
        This method returns the CRL source (information extracted from signatures).
        Returns:
        the CRL sources from the signature

      • setSignatureCRLSource

        void setSignatureCRLSource​(ListCRLSource signatureCRLSource)
        This method allows to set the CRL source (information extracted from signatures).
        Parameters:
        signatureCRLSource - the CRL sources from the signature

      • getSignatureOCSPSource

        ListOCSPSource getSignatureOCSPSource()
        This method returns the OCSP source (information extracted from signatures).
        Returns:
        the OCSP sources from the signature

      • setSignatureOCSPSource

        void setSignatureOCSPSource​(ListOCSPSource signatureOCSPSource)
        This method allows to set the OCSP source (information extracted from signatures).
        Parameters:
        signatureOCSPSource - the OCSP sources from the signature

      • setExceptionOnMissingRevocationData

        void setExceptionOnMissingRevocationData​(boolean throwExceptionOnMissingRevocationData)
        This method allows to change the behavior on missing revocation data (LT/LTA augmentation). (default : true)
        Parameters:
        throwExceptionOnMissingRevocationData - true if an exception is raised on missing revocation data, false will only display a warning message

      • isExceptionOnMissingRevocationData

        boolean isExceptionOnMissingRevocationData()
        This method returns true if an exception needs to be thrown on missing revocation data.
        Returns:
        true if an exception is thrown, false if a warning message is added

      • setDefaultDigestAlgorithm

        void setDefaultDigestAlgorithm​(DigestAlgorithm digestAlgorithm)
        This method allows to change the Digest Algorithm that will be used for tokens' digest calculation
        Parameters:
        digestAlgorithm - DigestAlgorithm to use

      • getDefaultDigestAlgorithm

        DigestAlgorithm getDefaultDigestAlgorithm()
        This method returns a default Digest Algorithm what will be used for digest calculation
        Returns:
        DigestAlgorithm

      • setIncludeCertificateTokenValues

        void setIncludeCertificateTokenValues​(boolean include)
        This method allows to change the behavior by including raw certificate tokens in the diagnostic data report.
        Parameters:
        include - true if raw certificate tokens should be included (default: false)

      • isIncludeCertificateTokenValues

        boolean isIncludeCertificateTokenValues()
        This method returns true if the certificate tokens need to be exported in the diagnostic data report.
        Returns:
        true if raw certificate tokens should be included in the diagnotic data report (default: false)

      • setIncludeCertificateRevocationValues

        void setIncludeCertificateRevocationValues​(boolean include)
        This method allows to change the behavior by including raw revocation data in the diagnostic data report.
        Parameters:
        include - true if raw revocation data should be included (default: false)

      • isIncludeCertificateRevocationValues

        boolean isIncludeCertificateRevocationValues()
        This method returns true if the revocation data need to be exported in the diagnostic data report.
        Returns:
        true if raw revocation data should be included in the diagnotic data report (default: false)

      • setIncludeTimestampTokenValues

        void setIncludeTimestampTokenValues​(boolean include)
        This method allows to change the behavior by including raw timestamp tokens in the diagnostic data report.
        Parameters:
        include - true if raw timestamp tokens should be included (default: false)

      • isIncludeTimestampTokenValues

        boolean isIncludeTimestampTokenValues()
        This method returns true if the timestamp tokens need to be exported in the diagnostic data report.
        Returns:
        true if raw timestamp tokens should be included in the diagnotic data report (default: false)

      • setExceptionOnInvalidTimestamp

        void setExceptionOnInvalidTimestamp​(boolean throwExceptionOnInvalidTimestamp)
        This method allows to change the behavior on invalid timestamp (LT/LTA augmentation). (default : true)
        Parameters:
        throwExceptionOnInvalidTimestamp - true if an exception is raised on invalid timestamp, false will only display a warning message

      • isExceptionOnInvalidTimestamp

        boolean isExceptionOnInvalidTimestamp()
        This method returns true if an exception needs to be thrown on invalid timestamp.
        Returns:
        true if an exception is thrown, false if a warning message is added

      • setExceptionOnRevokedCertificate

        void setExceptionOnRevokedCertificate​(boolean throwExceptionOnRevokedCertificate)
        This method allows to change the behavior on revoked certificates (LT/LTA augmentation). (default : true)
        Parameters:
        throwExceptionOnRevokedCertificate - true if an exception is raised on revoked certificate, false will only display a warning message

      • isExceptionOnRevokedCertificate

        boolean isExceptionOnRevokedCertificate()
        This method returns true if an exception needs to be thrown on revoked certificate.
        Returns:
        true if an exception is thrown, false if a warning message is added

      • setExceptionOnNoRevocationAfterBestSignatureTime

        void setExceptionOnNoRevocationAfterBestSignatureTime​(boolean exceptionOnNoRevocationAfterBestSignatureTime)
        This method allows to change the behavior on revocation data issued after a control time. (default : false)
        Parameters:
        exceptionOnNoRevocationAfterBestSignatureTime - true if an exception is raised on no revocation data issued after the bestSignatureTime, false will only display a warning message

      • isExceptionOnNoRevocationAfterBestSignatureTime

        boolean isExceptionOnNoRevocationAfterBestSignatureTime()
        This method returns true if an exception needs to be thrown in case if no revocation data obtained with an issuance time after the bestSignatureTime
        Returns:
        true if an exception is thrown, false if a warning message is added

      • setExceptionOnUncoveredPOE

        void setExceptionOnUncoveredPOE​(boolean throwExceptionOnUncoveredPOE)
        This method allows to change the behavior on uncovered POE (timestamp). (default : false)
        Parameters:
        throwExceptionOnUncoveredPOE - true if an exception is raised on uncovered timestamp, false will only display a warning message

      • isExceptionOnUncoveredPOE

        boolean isExceptionOnUncoveredPOE()
        This method returns true if an exception needs to be thrown on uncovered POE(timestamp).
        Returns:
        true if an exception is thrown, false if a warning message is added

      • setCheckRevocationForUntrustedChains

        void setCheckRevocationForUntrustedChains​(boolean enable)
        This method allows to enable revocation checking for untrusted certificate chains (default : false)
        Parameters:
        enable - true if revocation checking is allowed for untrusted certificate chains

      • isCheckRevocationForUntrustedChains

        boolean isCheckRevocationForUntrustedChains()
        This method returns true if revocation check is enabled for untrusted certificate chains.
        Returns:
        true if external revocation check is done for untrusted certificate chains

      • createValidationPool

        CertificatePool createValidationPool()
        This method creates the validation pool of certificates which is used during the validation process.