Package eu.europa.esig.dss.spi.validation

Class TimestampTokenVerifier

java.lang.Object

eu.europa.esig.dss.spi.validation.TimestampTokenVerifier

public class TimestampTokenVerifier
extends Object

This class is used to verify applicability of a timestamp token within the signature validation process

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	TimestampTokenVerifier()	Default constructor

Method Summary

Modifier and Type	Method	Description
protected boolean	containsTrustAnchor(List<CertificateToken> certChain, Date controlTime)	This method verifies whether the certificate chain is trusted at the given time
static TimestampTokenVerifier	createDefaultTimestampTokenVerifier()	Creates a default instance of TimestampTokenVerifier, with pre-configured constraints.
static TimestampTokenVerifier	createEmptyTimestampTokenVerifier()	Creates an empty instance of TimestampTokenVerifier.
RevocationDataVerifier	getRevocationDataVerifier()	Gets a revocation data verifier.
TrustAnchorVerifier	getTrustAnchorVerifier()	Gets a trust anchor verifier.
CertificateSource	getTrustedCertificateSource()	Deprecated. since DSS 6.2.
boolean	isAcceptable(TimestampToken timestampToken)	This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process.
boolean	isAcceptable(TimestampToken timestampToken, Date controlTime)	This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process.
boolean	isAcceptable(TimestampToken timestampToken, List<CertificateToken> certificateChain)	This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process
boolean	isAcceptable(TimestampToken timestampToken, List<CertificateToken> certificateChain, Date controlTime)	This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process
protected boolean	isCertificateChainValid(List<CertificateToken> certificateChain, Date controlTime)	This method verifies certificate chain and presence of a valid revocation data for certificates
protected boolean	isCryptographicallyValid(TimestampToken timestampToken)	This method verifies whether the timestampToken is cryptographically valid (signature and message imprint match)
protected boolean	isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> certificateChain)	Deprecated. since DSS 6.2.
protected boolean	isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> certificateChain, Date controlTime)	This method verifies whether the timestampToken is trusted to continue the process at the control time.
void	setAcceptUntrustedCertificateChains(boolean acceptUntrustedCertificateChains)	Deprecated. since DSS 6.2.
void	setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier)	Sets a revocation data verifier for validation of timestamp's certificate chain revocation data validity Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.
void	setTrustAnchorVerifier(TrustAnchorVerifier trustAnchorVerifier)	Sets whether a certificate token can be considered as a trust anchor at the given control time Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.
protected void	setTrustedCertificateSource(CertificateSource trustedCertificateSource)	Deprecated. since DSS 6.2.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TimestampTokenVerifier

protected TimestampTokenVerifier()

Default constructor

Method Details

createEmptyTimestampTokenVerifier

public static TimestampTokenVerifier createEmptyTimestampTokenVerifier()

Creates an empty instance of TimestampTokenVerifier. All constraints should be configured manually.

Returns:

TimestampTokenVerifier

createDefaultTimestampTokenVerifier

public static TimestampTokenVerifier createDefaultTimestampTokenVerifier()

Creates a default instance of TimestampTokenVerifier, with pre-configured constraints.

Returns:

TimestampTokenVerifier

getTrustedCertificateSource

@Deprecated
public CertificateSource getTrustedCertificateSource()

Deprecated.

since DSS 6.2. Please use #getTrustAnchorVerifier#getTrustedCertificateSource method instead

Gets trusted certificate source, when present

Returns:

CertificateSource

setTrustedCertificateSource

@Deprecated
protected void setTrustedCertificateSource(CertificateSource trustedCertificateSource)

Deprecated.

since DSS 6.2. Please provide trusted certificate source within TrustAnchorVerifier#setTrustedCertificateSource, which can be set using #setTrustAnchorVerifier method

Sets a trusted certificate source in order to accept trusted timestamp certificate chains. Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, in order to provide the same trusted source as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.

Parameters:

trustedCertificateSource - CertificateSource

setAcceptUntrustedCertificateChains

@Deprecated
public void setAcceptUntrustedCertificateChains(boolean acceptUntrustedCertificateChains)

Deprecated.

since DSS 6.2. Please provide constraint within TrustAnchorVerifier#setTrustedCertificateSource, which can be set using #setAcceptTimestampUntrustedCertificateChains method

Sets whether only timestamp created with trusted certificate chains shall be considered as valid Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)

Parameters:

acceptUntrustedCertificateChains - whether only trusted timestamps are considered as valid

getTrustAnchorVerifier

public TrustAnchorVerifier getTrustAnchorVerifier()

Gets a trust anchor verifier. This method is used internally within eu.europa.esig.dss.validation.SignatureValidationContext to identify whether the configuration is already present and a trustAnchorVerifier should be set.

Returns:

TrustAnchorVerifier

setTrustAnchorVerifier

public void setTrustAnchorVerifier(TrustAnchorVerifier trustAnchorVerifier)

Sets whether a certificate token can be considered as a trust anchor at the given control time Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.

Parameters:

trustAnchorVerifier - TrustAnchorVerifier

getRevocationDataVerifier

public RevocationDataVerifier getRevocationDataVerifier()

Gets a revocation data verifier. This method is used internally within eu.europa.esig.dss.validation.SignatureValidationContext to identify whether the configuration is already present and a trustAnchorVerifier should be set.

Returns:

TrustAnchorVerifier

setRevocationDataVerifier

public void setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier)

Sets a revocation data verifier for validation of timestamp's certificate chain revocation data validity Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.

Parameters:

revocationDataVerifier - RevocationDataVerifier

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken)

This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process. NOTE: The method does not accept certificate chain, thus validity of the timestamp's certificate chain is not verified. To successfully, execute this method, the parameter acceptOnlyTrustedCertificateChains shall be set to FALSE. For validation with a certificate chain, please use #isAcceptable(timestampToken, certificateChain) method.

Parameters:

timestampToken - TimestampToken to be validated

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken,
 Date controlTime)

This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process. NOTE: The method does not accept certificate chain, thus validity of the timestamp's certificate chain is not verified. To successfully, execute this method, the parameter acceptOnlyTrustedCertificateChains shall be set to FALSE. For validation with a certificate chain, please use #isAcceptable(timestampToken, certificateChain) method.

Parameters:

timestampToken - TimestampToken to be validated

controlTime - Date the validation time

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken,
 List<CertificateToken> certificateChain)

This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isAcceptable

public boolean isAcceptable(TimestampToken timestampToken,
 List<CertificateToken> certificateChain,
 Date controlTime)

This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

controlTime - Date the validation time

Returns:

TRUE if the timestampToken is valid and acceptable, FALSE otherwise

isTrustedTimestampToken

@Deprecated
protected boolean isTrustedTimestampToken(TimestampToken timestampToken,
 List<CertificateToken> certificateChain)

Deprecated.

since DSS 6.2. Please use #isTrustedTimestampToken(timestampToken, certificateChain, controlTime) method instead

This method verifies whether the timestampToken is trusted to continue the process. The method expects the certificate chain of the timestamp to reach a trustedCertificateSource or to have acceptOnlyTrustedCertificateChains constraint to accept untrusted certificate chains as well.

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

Returns:

TRUE of the timestamp token is trusted, FALSE otherwise

isTrustedTimestampToken

protected boolean isTrustedTimestampToken(TimestampToken timestampToken,
 List<CertificateToken> certificateChain,
 Date controlTime)

This method verifies whether the timestampToken is trusted to continue the process at the control time. The method expects the certificate chain of the timestamp to reach a trustedCertificateSource or to have acceptOnlyTrustedCertificateChains constraint to accept untrusted certificate chains as well.

Parameters:

timestampToken - TimestampToken to be validated

certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp

controlTime - Date to verify the trust anchor's validity period

Returns:

TRUE of the timestamp token is trusted, FALSE otherwise

containsTrustAnchor

protected boolean containsTrustAnchor(List<CertificateToken> certChain,
 Date controlTime)

This method verifies whether the certificate chain is trusted at the given time

Parameters:

certChain - a list of CertificateTokens representing a certificate chain to validate

controlTime - Date validation time

Returns:

TRUE if the certificate chain is trusted, FALSE otherwise

isCryptographicallyValid

protected boolean isCryptographicallyValid(TimestampToken timestampToken)

This method verifies whether the timestampToken is cryptographically valid (signature and message imprint match)

Parameters:

timestampToken - TimestampToken to be validated

Returns:

TRUE if the timestamp token is cryptographically valid, FALSE otherwise

isCertificateChainValid

protected boolean isCertificateChainValid(List<CertificateToken> certificateChain,
 Date controlTime)

This method verifies certificate chain and presence of a valid revocation data for certificates

Parameters:

certificateChain - a list of CertificateTokens

controlTime - Date validation time

Returns:

TRUE if the certificate chain is valid, FALSE otherwise