Package eu.europa.esig.dss.spi.validation

Class TrustAnchorVerifier

java.lang.Object
eu.europa.esig.dss.spi.validation.TrustAnchorVerifier
public class TrustAnchorVerifier extends Object
This class is used to verify whether a given certificate token is trusted at the control time

  • Constructor Details

    • TrustAnchorVerifier

      protected TrustAnchorVerifier()
      Default constructor

  • Method Details

    • createEmptyTrustAnchorVerifier

      public static TrustAnchorVerifier createEmptyTrustAnchorVerifier()
      Creates an empty instance of TrustAnchorVerifier. All constraints should be configured manually.
      Returns:
      TrustAnchorVerifier

    • createDefaultTrustAnchorVerifier

      public static TrustAnchorVerifier createDefaultTrustAnchorVerifier()
      Creates a default instance of TrustAnchorVerifier, with pre-configured constraints.
      Returns:
      TrustAnchorVerifier

    • isAcceptTimestampUntrustedCertificateChains

      public boolean isAcceptTimestampUntrustedCertificateChains()
      Gets whether untrusted certificate chains of timestamps should be accepted
      Returns:
      whether only trusted timestamps are considered as valid

    • setAcceptTimestampUntrustedCertificateChains

      public void setAcceptTimestampUntrustedCertificateChains(boolean acceptTimestampUntrustedCertificateChains)
      Sets whether untrusted certificate chains of timestamps should be accepted Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)
      Parameters:
      acceptTimestampUntrustedCertificateChains - whether only trusted timestamps are considered as valid

    • isAcceptRevocationUntrustedCertificateChains

      public boolean isAcceptRevocationUntrustedCertificateChains()
      Gets whether untrusted certificate chains of revocation data should be accepted
      Returns:
      whether only trusted revocation data are considered as valid

    • setAcceptRevocationUntrustedCertificateChains

      public void setAcceptRevocationUntrustedCertificateChains(boolean acceptRevocationUntrustedCertificateChains)
      Sets whether untrusted certificate chains of revocation data should be accepted Default: TRUE (only revocation data created with trusted CAs are considered as valid, untrusted revocation data is ignored)
      Parameters:
      acceptRevocationUntrustedCertificateChains - whether only trusted timestamps are considered as valid

    • getTrustedCertificateSource

      public CertificateSource getTrustedCertificateSource()
      Gets trusted certificate source, when present
      Returns:
      CertificateSource

    • setTrustedCertificateSource

      public void setTrustedCertificateSource(CertificateSource trustedCertificateSource)
      Sets a trusted certificate source in order to provide information about the available trust anchors. Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, in order to provide the same trusted source as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.
      Parameters:
      trustedCertificateSource - CertificateSource

    • isUseSunsetDate

      public boolean isUseSunsetDate()
      Defines whether sunset date shall be considered during trust anchor validation
      Returns:
      whether a trust anchor's sunset date shall be taken into account

    • setUseSunsetDate

      public void setUseSunsetDate(boolean useSunsetDate)
      Sets whether a trust anchor's sunset date shall be taken into account when checking a trust anchor Default : TRUE (sunset date is used for a trust anchor determination, when applicable)
      Parameters:
      useSunsetDate - whether a trust anchor's sunset date shall be taken into account

    • isTrustedAtTime

      public boolean isTrustedAtTime(CertificateToken certificateToken, Date controlTime)
      This method verifies whether the certificateToken is trusted at controlTime
      Parameters:
      certificateToken - CertificateToken to check
      controlTime - Date the validation time
      Returns:
      TRUE if the certificate is trusted at the given time, FALSE otherwise

    • isTrustedAtTime

      public boolean isTrustedAtTime(CertificateToken certificateToken, Date controlTime, Context context)
      This method verifies whether the certificateToken is trusted at controlTime
      Parameters:
      certificateToken - CertificateToken to check
      controlTime - Date the validation time
      context - Context
      Returns:
      TRUE if the certificate is trusted at the given time, FALSE otherwise

    • isTrustedCertificateChain

      public boolean isTrustedCertificateChain(List<CertificateToken> certChain, Date controlTime)
      Verifies whether the certificate chain contains a trust anchor
      Parameters:
      certChain - a list of CertificateTokens representing a certificate chain to be verified
      controlTime - Date validation time
      Returns:
      TRUE if the certificate chain is trusted, FALSE otherwise

    • isTrustedCertificateChain

      public boolean isTrustedCertificateChain(List<CertificateToken> certChain, Date controlTime, Context context)
      Verifies whether the certificate chain contains a trust anchor
      Parameters:
      certChain - a list of CertificateTokens representing a certificate chain to be verified
      controlTime - Date validation time
      context - Context
      Returns:
      TRUE if the certificate chain is trusted, FALSE otherwise