Package eu.europa.esig.dss.validation
Class SignatureValidationContext
- java.lang.Object
-
- eu.europa.esig.dss.validation.SignatureValidationContext
-
- All Implemented Interfaces:
ValidationContext
public class SignatureValidationContext extends Object implements ValidationContext
During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP Response. The SignatureValidationContext is a "cache" for one validation request that contains every object retrieved so far.
-
-
Field Summary
Fields Modifier and Type Field Description protected DatecurrentTimeThis is the time at what the validation is carried out.protected CertificatePoolvalidationCertificatePoolThe certificate pool which encapsulates all certificates used during the validation process and extracted from all used sources
-
Constructor Summary
Constructors Constructor Description SignatureValidationContext()This constructor is used during the signature creation process.SignatureValidationContext(CertificatePool validationCertificatePool)This constructor is used when a signature need to be validated.
-
Method Summary
Modifier and Type Method Description voidaddCertificateTokenForVerification(CertificateToken certificateToken)Adds a new certificate token to the list of tokens to verify.voidaddRevocationTokensForVerification(List<RevocationToken> revocationTokens)Adds a list of new revocation tokens to the list of tokens to verify.voidaddTimestampTokenForVerification(TimestampToken timestampToken)Adds a new timestamp token to the list of tokens to verify.Map<CertificateToken,Set<CertificateSourceType>>getCertificateSourceTypes()Returns a map ofCertificateSourceTypebyCertificateTokenwhich contains the sources where the certificate was found.DategetCurrentTime()Set<CertificateToken>getProcessedCertificates()Returns a read only list of all certificates used in the process of the validation of all signatures from the given document.Set<RevocationToken>getProcessedRevocations()Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.Set<TimestampToken>getProcessedTimestamps()Returns a read only list of all timestamps processed during the validation of all signatures from the given document.voidinitialize(CertificateVerifier certificateVerifier)booleanisAllCertificateValid()This method allows to verify if all processed certificates are not revokedbooleanisAllPOECoveredByRevocationData()This method allows to verify if all POE (timestamp tokens) are covered by a revocation databooleanisAllRequiredRevocationDataPresent()This method allows to verify if all processed certificates have a revocation databooleanisAllTimestampValid()This method allows to verify if all processed timestamps are valid and intactbooleanisAtLeastOneRevocationDataPresentAfterBestSignatureTime(CertificateToken signingCertificate)This method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing timevoidsetCurrentTime(Date currentTime)This function sets the validation time.voidvalidate()Carries out the validation process in recursive manner for not yet checked tokens.
-
-
-
Field Detail
-
validationCertificatePool
protected CertificatePool validationCertificatePool
The certificate pool which encapsulates all certificates used during the validation process and extracted from all used sources
-
currentTime
protected Date currentTime
This is the time at what the validation is carried out. It is used only for test purpose.
-
-
Constructor Detail
-
SignatureValidationContext
public SignatureValidationContext()
This constructor is used during the signature creation process. The certificate pool is created within initialize method.
-
SignatureValidationContext
public SignatureValidationContext(CertificatePool validationCertificatePool)
This constructor is used when a signature need to be validated.- Parameters:
validationCertificatePool- The pool of certificates used during the validation process
-
-
Method Detail
-
initialize
public void initialize(CertificateVerifier certificateVerifier)
- Specified by:
initializein interfaceValidationContext- Parameters:
certificateVerifier- The certificates verifier (eg: using the TSL as list of trusted certificates).
-
getCurrentTime
public Date getCurrentTime()
- Specified by:
getCurrentTimein interfaceValidationContext
-
setCurrentTime
public void setCurrentTime(Date currentTime)
Description copied from interface:ValidationContextThis function sets the validation time.- Specified by:
setCurrentTimein interfaceValidationContext- Parameters:
currentTime- the currentDate
-
addRevocationTokensForVerification
public void addRevocationTokensForVerification(List<RevocationToken> revocationTokens)
Description copied from interface:ValidationContextAdds a list of new revocation tokens to the list of tokens to verify. If the revocation token has already been added then it is ignored.- Specified by:
addRevocationTokensForVerificationin interfaceValidationContext- Parameters:
revocationTokens- a list ofRevocationTokenrevocation tokens to verify
-
addCertificateTokenForVerification
public void addCertificateTokenForVerification(CertificateToken certificateToken)
Description copied from interface:ValidationContextAdds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.- Specified by:
addCertificateTokenForVerificationin interfaceValidationContext- Parameters:
certificateToken-CertificateTokencertificate token to verify
-
addTimestampTokenForVerification
public void addTimestampTokenForVerification(TimestampToken timestampToken)
Description copied from interface:ValidationContextAdds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.- Specified by:
addTimestampTokenForVerificationin interfaceValidationContext- Parameters:
timestampToken-TimestampTokentimestamp token to verify
-
validate
public void validate() throws DSSExceptionDescription copied from interface:ValidationContextCarries out the validation process in recursive manner for not yet checked tokens.- Specified by:
validatein interfaceValidationContext- Throws:
DSSException- if an error occurred
-
isAllRequiredRevocationDataPresent
public boolean isAllRequiredRevocationDataPresent()
Description copied from interface:ValidationContextThis method allows to verify if all processed certificates have a revocation data- Specified by:
isAllRequiredRevocationDataPresentin interfaceValidationContext- Returns:
- true if at least one revocation data is present for each certificate
-
isAllPOECoveredByRevocationData
public boolean isAllPOECoveredByRevocationData()
Description copied from interface:ValidationContextThis method allows to verify if all POE (timestamp tokens) are covered by a revocation data- Specified by:
isAllPOECoveredByRevocationDatain interfaceValidationContext- Returns:
- true if all POE have at least one revocation data issued after the POE creation
-
isAllTimestampValid
public boolean isAllTimestampValid()
Description copied from interface:ValidationContextThis method allows to verify if all processed timestamps are valid and intact- Specified by:
isAllTimestampValidin interfaceValidationContext- Returns:
- true if all processed timestamps are valid
-
isAllCertificateValid
public boolean isAllCertificateValid()
Description copied from interface:ValidationContextThis method allows to verify if all processed certificates are not revoked- Specified by:
isAllCertificateValidin interfaceValidationContext- Returns:
- true if all processed certificates are still valid
-
isAtLeastOneRevocationDataPresentAfterBestSignatureTime
public boolean isAtLeastOneRevocationDataPresentAfterBestSignatureTime(CertificateToken signingCertificate)
Description copied from interface:ValidationContextThis method allows to verify if there is at least one revocation data present after the earliest available timestamp token producing time- Specified by:
isAtLeastOneRevocationDataPresentAfterBestSignatureTimein interfaceValidationContext- Parameters:
signingCertificate-CertificateTokensigning certificate of the signature to be checked- Returns:
- true if there is at least one revocation data issued after the earliest timestamp time
-
getProcessedCertificates
public Set<CertificateToken> getProcessedCertificates()
Description copied from interface:ValidationContextReturns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...- Specified by:
getProcessedCertificatesin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
getCertificateSourceTypes
public Map<CertificateToken,Set<CertificateSourceType>> getCertificateSourceTypes()
Description copied from interface:ValidationContextReturns a map ofCertificateSourceTypebyCertificateTokenwhich contains the sources where the certificate was found.- Specified by:
getCertificateSourceTypesin interfaceValidationContext- Returns:
- a map of CertificateSourceType by CertificateToken
-
getProcessedRevocations
public Set<RevocationToken> getProcessedRevocations()
Description copied from interface:ValidationContextReturns a read only list of all revocations used in the process of the validation of all signatures from the given document.- Specified by:
getProcessedRevocationsin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
getProcessedTimestamps
public Set<TimestampToken> getProcessedTimestamps()
Description copied from interface:ValidationContextReturns a read only list of all timestamps processed during the validation of all signatures from the given document.- Specified by:
getProcessedTimestampsin interfaceValidationContext- Returns:
- The list of CertificateToken(s)
-
-