Package eu.europa.esig.dss.spi.validation

Class SignatureValidationContext

java.lang.Object

eu.europa.esig.dss.spi.validation.SignatureValidationContext

All Implemented Interfaces:

ValidationContext

public class SignatureValidationContext
extends Object
implements ValidationContext

During the validation of a signature, the software retrieves different X509 artifacts like Certificate, CRL and OCSP Response. The SignatureValidationContext is a "cache" for one validation request that contains every object retrieved so far.

Field Summary

Fields

Modifier and Type	Field	Description
protected Date	currentTime	This is the time at what the validation is carried out.

Constructor Summary

Constructors

Constructor	Description
SignatureValidationContext()	Default constructor instantiating object with null or empty values and current time
SignatureValidationContext(Date validationTime)	Constructor instantiating object with null or empty values and provided time

Method Summary

Modifier and Type	Method	Description
void	addCertificateTokenForVerification(CertificateToken certificateToken)	Adds a new certificate token to the list of tokens to verify.
void	addDocumentCertificateSource(CertificateSource certificateSource)	Adds an extracted certificate source to the used list of sources
void	addDocumentCertificateSource(ListCertificateSource listCertificateSource)	Adds a list certificate source to the used list of sources
void	addDocumentCRLSource(ListRevocationSource<CRL> crlSource)	Adds a list CRL source to the used list of sources
void	addDocumentCRLSource(OfflineRevocationSource<CRL> crlSource)	Adds an extracted CRL source to the used list of sources
void	addDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource)	Adds a listd OCSP source to the used list of sources
void	addDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource)	Adds an extracted OCSP source to the used list of sources
void	addEvidenceRecordForVerification(EvidenceRecord evidenceRecord)	Adds Evidence Record's content to proceed with validation
void	addRevocationTokenForVerification(RevocationToken<?> revocationToken)	Adds a new revocation token to the list of tokens to verify.
void	addSignatureForVerification(AdvancedSignature signature)	Adds a new signature to collect the information to verify.
void	addTimestampTokenForVerification(TimestampToken timestampToken)	Adds a new timestamp token to the list of tokens to verify.
protected RevocationFreshnessStatus	allPOECoveredByRevocationData()	Returns the status of the POE covered by revocation data check
protected TokenStatus	allRequiredRevocationDataPresent()	Returns the status of the required revocation data present check
protected RevocationFreshnessStatus	allSignatureCertificateHaveFreshRevocationData()	Returns the status of the all signature certificates have fresh revocation data check
protected TokenStatus	allSignatureCertificatesNotRevoked()	Returns the status of the all signature certificates not revoked check
protected SignatureStatus	allSignaturesAreYetValid()	Returns the status of the all signatures are yet valid check
protected SignatureStatus	allSignaturesNotExpired()	Returns the status of the all signatures not expired check
protected TokenStatus	allTimestampsValid()	Returns the status of the all timestamps valid check
protected TokenStatus	certificateIsYetValid(CertificateToken certificateToken)	Returns the status of the certificate yet valid check
protected TokenStatus	certificateNotExpired(CertificateToken certificateToken)	Returns the status of certificate not expired check
protected TokenStatus	certificateNotRevoked(CertificateToken certificateToken)	Returns the status of the certificate not revoked check
boolean	checkAllPOECoveredByRevocationData()	This method returns if all POE (timestamp tokens) are covered by a revocation data.
boolean	checkAllRequiredRevocationDataPresent()	This method returns if all processed certificates have a revocation data.
boolean	checkAllSignatureCertificateHaveFreshRevocationData()	This method returns whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production time.
boolean	checkAllSignatureCertificatesNotRevoked()	This method returns whether none of the signature's certificate chain certificates are not revoked, validating recursively.
boolean	checkAllSignaturesAreYetValid()	This method returns whether all signatures added to the ValidationContext have been produced with yet valid certificates at the time of signing
boolean	checkAllSignaturesNotExpired()	This method returns whether all signatures added to the ValidationContext are not yet expired
boolean	checkAllTimestampsValid()	This method returns if all processed timestamps are valid and intact.
boolean	checkCertificateIsYetValid(CertificateToken certificateToken)	This method returns whether the certificate token is yet valid
boolean	checkCertificateNotExpired(CertificateToken certificateToken)	This method returns whether the certificate token is not yet expired
boolean	checkCertificateNotRevoked(CertificateToken certificateToken)	This method returns if the certificate is not revoked
ListCertificateSource	getAllCertificateSources()	Returns a list of all CertificateSources used during the validation process.
protected CertificateVerifier	getCertificateVerifier()	Gets the CertificateVerifier instance
Date	getCurrentTime()	Gets the current validation time.
ListCertificateSource	getDocumentCertificateSource()	Returns a list of all CertificateSources extracted from a validating document (signature(s), timestamp(s))
ListRevocationSource<CRL>	getDocumentCRLSource()	Returns a list of all CRL OfflineRevocationSources extracted from a validating document
ListRevocationSource<OCSP>	getDocumentOCSPSource()	Returns a list of all OCSP OfflineRevocationSources extracted from a validating document
Set<CertificateToken>	getProcessedCertificates()	Returns a read only list of all certificates used in the process of the validation of all signatures from the given document.
Set<EvidenceRecord>	getProcessedEvidenceRecords()	Returns evidence records added to the validation context
Set<RevocationToken<?>>	getProcessedRevocations()	Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.
Set<AdvancedSignature>	getProcessedSignatures()	Returns signatures added to the validation context
Set<TimestampToken>	getProcessedTimestamps()	Returns a read only list of all timestamps processed during the validation of all signatures from the given document.
List<RevocationToken<?>>	getRevocationData(CertificateToken certificateToken)	Returns revocation data for the given certificateToken, whether extracted from a signature file or obtained online.
ValidationData	getValidationData(AdvancedSignature signature)	Returns a validation data for the given signature's certificate chain
ValidationData	getValidationData(TimestampToken timestampToken)	Returns a validation data for the given timestampToken's certificate chain
void	initialize(CertificateVerifier certificateVerifier)	This method initializes the ValidationContext by retrieving the relevant data from certificateVerifier
protected boolean	isTimestampValid(TimestampToken timestampToken)	This method verifies whether a timestampToken is valid and can be used as a valid POE for covered objects
void	validate()	Carries out the validation process in recursive manner for not yet checked tokens.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

currentTime

protected Date currentTime

This is the time at what the validation is carried out.

Constructor Details

SignatureValidationContext

public SignatureValidationContext()

Default constructor instantiating object with null or empty values and current time

SignatureValidationContext

public SignatureValidationContext(Date validationTime)

Constructor instantiating object with null or empty values and provided time

Parameters:

validationTime - Date validation time to be used during the execution

Method Details

initialize

public void initialize(CertificateVerifier certificateVerifier)

Description copied from interface: ValidationContext

This method initializes the ValidationContext by retrieving the relevant data from certificateVerifier

Specified by:

initialize in interface ValidationContext

Parameters:

certificateVerifier - The certificate verifier (eg: using the TSL as list of trusted certificates).

getCertificateVerifier

protected CertificateVerifier getCertificateVerifier()

Gets the CertificateVerifier instance

Returns:

CertificateVerifier

addSignatureForVerification

public void addSignatureForVerification(AdvancedSignature signature)

Description copied from interface: ValidationContext

Adds a new signature to collect the information to verify.

Specified by:

addSignatureForVerification in interface ValidationContext

Parameters:

signature - AdvancedSignature to extract data to be verified

addDocumentCertificateSource

public void addDocumentCertificateSource(CertificateSource certificateSource)

Description copied from interface: ValidationContext

Adds an extracted certificate source to the used list of sources

Specified by:

addDocumentCertificateSource in interface ValidationContext

Parameters:

certificateSource - CertificateSource

addDocumentCertificateSource

public void addDocumentCertificateSource(ListCertificateSource listCertificateSource)

Description copied from interface: ValidationContext

Adds a list certificate source to the used list of sources

Specified by:

addDocumentCertificateSource in interface ValidationContext

Parameters:

listCertificateSource - ListCertificateSource

addDocumentCRLSource

public void addDocumentCRLSource(OfflineRevocationSource<CRL> crlSource)

Description copied from interface: ValidationContext

Adds an extracted CRL source to the used list of sources

Specified by:

addDocumentCRLSource in interface ValidationContext

Parameters:

crlSource - OfflineRevocationSource for CRL

addDocumentCRLSource

public void addDocumentCRLSource(ListRevocationSource<CRL> crlSource)

Description copied from interface: ValidationContext

Adds a list CRL source to the used list of sources

Specified by:

addDocumentCRLSource in interface ValidationContext

Parameters:

crlSource - ListRevocationSource for CRL

addDocumentOCSPSource

public void addDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource)

Description copied from interface: ValidationContext

Adds an extracted OCSP source to the used list of sources

Specified by:

addDocumentOCSPSource in interface ValidationContext

Parameters:

ocspSource - OfflineRevocationSource for OCSP

addDocumentOCSPSource

public void addDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource)

Description copied from interface: ValidationContext

Adds a listd OCSP source to the used list of sources

Specified by:

addDocumentOCSPSource in interface ValidationContext

Parameters:

ocspSource - ListRevocationSource for OCSP

getCurrentTime

public Date getCurrentTime()

Description copied from interface: ValidationContext

Gets the current validation time.

Specified by:

getCurrentTime in interface ValidationContext

Returns:

Date

getAllCertificateSources

public ListCertificateSource getAllCertificateSources()

Description copied from interface: ValidationContext

Returns a list of all CertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).

Specified by:

getAllCertificateSources in interface ValidationContext

Returns:

ListCertificateSource

getDocumentCertificateSource

public ListCertificateSource getDocumentCertificateSource()

Description copied from interface: ValidationContext

Returns a list of all CertificateSources extracted from a validating document (signature(s), timestamp(s))

Specified by:

getDocumentCertificateSource in interface ValidationContext

Returns:

ListCertificateSource

getDocumentCRLSource

public ListRevocationSource<CRL> getDocumentCRLSource()

Description copied from interface: ValidationContext

Returns a list of all CRL OfflineRevocationSources extracted from a validating document

Specified by:

getDocumentCRLSource in interface ValidationContext

Returns:

ListRevocationSource

getDocumentOCSPSource

public ListRevocationSource<OCSP> getDocumentOCSPSource()

Description copied from interface: ValidationContext

Returns a list of all OCSP OfflineRevocationSources extracted from a validating document

Specified by:

getDocumentOCSPSource in interface ValidationContext

Returns:

ListRevocationSource

addRevocationTokenForVerification

public void addRevocationTokenForVerification(RevocationToken<?> revocationToken)

Description copied from interface: ValidationContext

Adds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.

Specified by:

addRevocationTokenForVerification in interface ValidationContext

Parameters:

revocationToken - an instance of RevocationToken revocation tokens to verify

addCertificateTokenForVerification

public void addCertificateTokenForVerification(CertificateToken certificateToken)

Description copied from interface: ValidationContext

Adds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.

Specified by:

addCertificateTokenForVerification in interface ValidationContext

Parameters:

certificateToken - CertificateToken certificate token to verify

addTimestampTokenForVerification

public void addTimestampTokenForVerification(TimestampToken timestampToken)

Description copied from interface: ValidationContext

Adds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.

Specified by:

addTimestampTokenForVerification in interface ValidationContext

Parameters:

timestampToken - TimestampToken timestamp token to verify

isTimestampValid

protected boolean isTimestampValid(TimestampToken timestampToken)

This method verifies whether a timestampToken is valid and can be used as a valid POE for covered objects

Parameters:

timestampToken - TimestampToken to be checked

Returns:

TRUE if the timestamp is valid, FALSE otherwise

addEvidenceRecordForVerification

public void addEvidenceRecordForVerification(EvidenceRecord evidenceRecord)

Description copied from interface: ValidationContext

Adds Evidence Record's content to proceed with validation

Specified by:

addEvidenceRecordForVerification in interface ValidationContext

Parameters:

evidenceRecord - EvidenceRecord to add content from

validate

public void validate()

Description copied from interface: ValidationContext

Carries out the validation process in recursive manner for not yet checked tokens.

Specified by:

validate in interface ValidationContext

getRevocationData

public List<RevocationToken<?>> getRevocationData(CertificateToken certificateToken)

Description copied from interface: ValidationContext

Returns revocation data for the given certificateToken, whether extracted from a signature file or obtained online.

Specified by:

getRevocationData in interface ValidationContext

Parameters:

certificateToken - CertificateToken to retrieve revocation data for

Returns:

a list of RevocationTokens

checkAllRequiredRevocationDataPresent

public boolean checkAllRequiredRevocationDataPresent()

Description copied from interface: ValidationContext

This method returns if all processed certificates have a revocation data.

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllRequiredRevocationDataPresent() for handling the check with custom alerts.

Specified by:

checkAllRequiredRevocationDataPresent in interface ValidationContext

Returns:

true if all needed revocation data are present

allRequiredRevocationDataPresent

protected TokenStatus allRequiredRevocationDataPresent()

Returns the status of the required revocation data present check

Returns:

TokenStatus

checkAllPOECoveredByRevocationData

public boolean checkAllPOECoveredByRevocationData()

Description copied from interface: ValidationContext

This method returns if all POE (timestamp tokens) are covered by a revocation data.

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllPOECoveredByRevocationData() for handling the check with custom alerts.

Specified by:

checkAllPOECoveredByRevocationData in interface ValidationContext

Returns:

true if all timestamps are covered by a usable revocation data

allPOECoveredByRevocationData

protected RevocationFreshnessStatus allPOECoveredByRevocationData()

Returns the status of the POE covered by revocation data check

Returns:

RevocationFreshnessStatus

checkAllTimestampsValid

public boolean checkAllTimestampsValid()

Description copied from interface: ValidationContext

This method returns if all processed timestamps are valid and intact.

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllTimestampsValid() for handling the check with custom alerts.

Specified by:

checkAllTimestampsValid in interface ValidationContext

Returns:

true if all timestamps are valid

allTimestampsValid

protected TokenStatus allTimestampsValid()

Returns the status of the all timestamps valid check

Returns:

TokenStatus

checkCertificateNotRevoked

public boolean checkCertificateNotRevoked(CertificateToken certificateToken)

Description copied from interface: ValidationContext

This method returns if the certificate is not revoked

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertCertificateNotRevoked(CertificateToken) for handling the check with custom alerts.

Specified by:

checkCertificateNotRevoked in interface ValidationContext

Parameters:

certificateToken - CertificateToken certificate to be checked

Returns:

true if all certificates are valid

certificateNotRevoked

protected TokenStatus certificateNotRevoked(CertificateToken certificateToken)

Returns the status of the certificate not revoked check

Parameters:

certificateToken - CertificateToken certificate to be checked

Returns:

TokenStatus

checkAllSignatureCertificatesNotRevoked

public boolean checkAllSignatureCertificatesNotRevoked()

Description copied from interface: ValidationContext

This method returns whether none of the signature's certificate chain certificates are not revoked, validating recursively.

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignatureCertificatesNotRevoked() for handling the check with custom alerts.

Specified by:

checkAllSignatureCertificatesNotRevoked in interface ValidationContext

Returns:

true if all certificates are valid

allSignatureCertificatesNotRevoked

protected TokenStatus allSignatureCertificatesNotRevoked()

Returns the status of the all signature certificates not revoked check

Returns:

TokenStatus

checkAllSignatureCertificateHaveFreshRevocationData

public boolean checkAllSignatureCertificateHaveFreshRevocationData()

Description copied from interface: ValidationContext

This method returns whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production time.

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignatureCertificateHaveFreshRevocationData() for handling the check with custom alerts.

Specified by:

checkAllSignatureCertificateHaveFreshRevocationData in interface ValidationContext

Returns:

true if all signature certificates have an updated revocation data (after signature-time-stamp production time)

allSignatureCertificateHaveFreshRevocationData

protected RevocationFreshnessStatus allSignatureCertificateHaveFreshRevocationData()

Returns the status of the all signature certificates have fresh revocation data check

Returns:

RevocationFreshnessStatus

checkAllSignaturesNotExpired

public boolean checkAllSignaturesNotExpired()

Description copied from interface: ValidationContext

This method returns whether all signatures added to the ValidationContext are not yet expired

NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignaturesNotExpired() for handling the check with custom alerts.

Specified by:

checkAllSignaturesNotExpired in interface ValidationContext

Returns:

true if the signing certificate or its POE(s) not yet expired, false otherwise

allSignaturesNotExpired

protected SignatureStatus allSignaturesNotExpired()

Returns the status of the all signatures not expired check

Returns:

SignatureStatus

checkCertificateNotExpired

public boolean checkCertificateNotExpired(CertificateToken certificateToken)

Description copied from interface: ValidationContext

This method returns whether the certificate token is not yet expired

Specified by:

checkCertificateNotExpired in interface ValidationContext

Parameters:

certificateToken - CertificateToken to be validated

Returns:

true if the certificate or/and its POE(s) are not yet expired, false otherwise

certificateNotExpired

protected TokenStatus certificateNotExpired(CertificateToken certificateToken)

Returns the status of certificate not expired check

Parameters:

certificateToken - CertificateToken to be verified

Returns:

SignatureStatus

checkAllSignaturesAreYetValid

public boolean checkAllSignaturesAreYetValid()

Description copied from interface: ValidationContext

This method returns whether all signatures added to the ValidationContext have been produced with yet valid certificates at the time of signing

Specified by:

checkAllSignaturesAreYetValid in interface ValidationContext

Returns:

true if the signing certificate or its POE(s) is yet valid, false otherwise

allSignaturesAreYetValid

protected SignatureStatus allSignaturesAreYetValid()

Returns the status of the all signatures are yet valid check

Returns:

SignatureStatus

checkCertificateIsYetValid

public boolean checkCertificateIsYetValid(CertificateToken certificateToken)

Description copied from interface: ValidationContext

This method returns whether the certificate token is yet valid

Specified by:

checkCertificateIsYetValid in interface ValidationContext

Parameters:

certificateToken - CertificateToken to be validated

Returns:

true if the certificate is yet valid, false otherwise

certificateIsYetValid

protected TokenStatus certificateIsYetValid(CertificateToken certificateToken)

Returns the status of the certificate yet valid check

Parameters:

certificateToken - CertificateToken to be verified

Returns:

SignatureStatus

getProcessedSignatures

public Set<AdvancedSignature> getProcessedSignatures()

Description copied from interface: ValidationContext

Returns signatures added to the validation context

Specified by:

getProcessedSignatures in interface ValidationContext

Returns:

a set of AdvancedSignatures

getProcessedCertificates

public Set<CertificateToken> getProcessedCertificates()

Description copied from interface: ValidationContext

Returns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...

Specified by:

getProcessedCertificates in interface ValidationContext

Returns:

a set of CertificateTokens

getProcessedRevocations

public Set<RevocationToken<?>> getProcessedRevocations()

Description copied from interface: ValidationContext

Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.

Specified by:

getProcessedRevocations in interface ValidationContext

Returns:

a set of RevocationTokens

getProcessedTimestamps

public Set<TimestampToken> getProcessedTimestamps()

Description copied from interface: ValidationContext

Returns a read only list of all timestamps processed during the validation of all signatures from the given document.

Specified by:

getProcessedTimestamps in interface ValidationContext

Returns:

a set of TimestampTokens

getProcessedEvidenceRecords

public Set<EvidenceRecord> getProcessedEvidenceRecords()

Description copied from interface: ValidationContext

Returns evidence records added to the validation context

Specified by:

getProcessedEvidenceRecords in interface ValidationContext

Returns:

a set of EvidenceRecords

getValidationData

public ValidationData getValidationData(AdvancedSignature signature)

Description copied from interface: ValidationContext

Returns a validation data for the given signature's certificate chain

Specified by:

getValidationData in interface ValidationContext

Parameters:

signature - AdvancedSignature to extract validation data for

Returns:

ValidationData

getValidationData

public ValidationData getValidationData(TimestampToken timestampToken)

Description copied from interface: ValidationContext

Returns a validation data for the given timestampToken's certificate chain

Specified by:

getValidationData in interface ValidationContext

Parameters:

timestampToken - TimestampToken to extract validation data for

Returns:

ValidationData