Package eu.europa.esig.dss.spi.validation

Class TrustAnchorVerifier

java.lang.Object

eu.europa.esig.dss.spi.validation.TrustAnchorVerifier

public class TrustAnchorVerifier
extends Object

This class is used to verify whether a given certificate token is trusted at the control time

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	TrustAnchorVerifier()	Default constructor

Method Summary

Modifier and Type	Method	Description
static TrustAnchorVerifier	createDefaultTrustAnchorVerifier()	Creates a default instance of TrustAnchorVerifier, with pre-configured constraints.
static TrustAnchorVerifier	createEmptyTrustAnchorVerifier()	Creates an empty instance of TrustAnchorVerifier.
CertificateSource	getTrustedCertificateSource()	Gets trusted certificate source, when present
boolean	isAcceptRevocationUntrustedCertificateChains()	Gets whether untrusted certificate chains of revocation data should be accepted
boolean	isAcceptTimestampUntrustedCertificateChains()	Gets whether untrusted certificate chains of timestamps should be accepted
boolean	isTrustedAtTime(CertificateToken certificateToken, Date controlTime)	This method verifies whether the certificateToken is trusted at controlTime
boolean	isTrustedAtTime(CertificateToken certificateToken, Date controlTime, Context context)	This method verifies whether the certificateToken is trusted at controlTime
boolean	isTrustedCertificateChain(List<CertificateToken> certChain, Date controlTime)	Verifies whether the certificate chain contains a trust anchor
boolean	isTrustedCertificateChain(List<CertificateToken> certChain, Date controlTime, Context context)	Verifies whether the certificate chain contains a trust anchor
boolean	isUseSunsetDate()	Defines whether sunset date shall be considered during trust anchor validation
void	setAcceptRevocationUntrustedCertificateChains(boolean acceptRevocationUntrustedCertificateChains)	Sets whether untrusted certificate chains of revocation data should be accepted Default: TRUE (only revocation data created with trusted CAs are considered as valid, untrusted revocation data is ignored)
void	setAcceptTimestampUntrustedCertificateChains(boolean acceptTimestampUntrustedCertificateChains)	Sets whether untrusted certificate chains of timestamps should be accepted Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)
void	setTrustedCertificateSource(CertificateSource trustedCertificateSource)	Sets a trusted certificate source in order to provide information about the available trust anchors.
void	setUseSunsetDate(boolean useSunsetDate)	Sets whether a trust anchor's sunset date shall be taken into account when checking a trust anchor Default : TRUE (sunset date is used for a trust anchor determination, when applicable)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TrustAnchorVerifier

protected TrustAnchorVerifier()

Default constructor

Method Details

createEmptyTrustAnchorVerifier

public static TrustAnchorVerifier createEmptyTrustAnchorVerifier()

Creates an empty instance of TrustAnchorVerifier. All constraints should be configured manually.

Returns:

TrustAnchorVerifier

createDefaultTrustAnchorVerifier

public static TrustAnchorVerifier createDefaultTrustAnchorVerifier()

Creates a default instance of TrustAnchorVerifier, with pre-configured constraints.

Returns:

TrustAnchorVerifier

isAcceptTimestampUntrustedCertificateChains

public boolean isAcceptTimestampUntrustedCertificateChains()

Gets whether untrusted certificate chains of timestamps should be accepted

Returns:

whether only trusted timestamps are considered as valid

setAcceptTimestampUntrustedCertificateChains

public void setAcceptTimestampUntrustedCertificateChains(boolean acceptTimestampUntrustedCertificateChains)

Sets whether untrusted certificate chains of timestamps should be accepted Default: TRUE (only timestamps created with trusted CAs are considered as valid, untrusted timestamps are ignored)

Parameters:

acceptTimestampUntrustedCertificateChains - whether only trusted timestamps are considered as valid

isAcceptRevocationUntrustedCertificateChains

public boolean isAcceptRevocationUntrustedCertificateChains()

Gets whether untrusted certificate chains of revocation data should be accepted

Returns:

whether only trusted revocation data are considered as valid

setAcceptRevocationUntrustedCertificateChains

public void setAcceptRevocationUntrustedCertificateChains(boolean acceptRevocationUntrustedCertificateChains)

Sets whether untrusted certificate chains of revocation data should be accepted Default: TRUE (only revocation data created with trusted CAs are considered as valid, untrusted revocation data is ignored)

Parameters:

acceptRevocationUntrustedCertificateChains - whether only trusted timestamps are considered as valid

getTrustedCertificateSource

public CertificateSource getTrustedCertificateSource()

Gets trusted certificate source, when present

Returns:

CertificateSource

setTrustedCertificateSource

public void setTrustedCertificateSource(CertificateSource trustedCertificateSource)

Sets a trusted certificate source in order to provide information about the available trust anchors. Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, in order to provide the same trusted source as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.

Parameters:

trustedCertificateSource - CertificateSource

isUseSunsetDate

public boolean isUseSunsetDate()

Defines whether sunset date shall be considered during trust anchor validation

Returns:

whether a trust anchor's sunset date shall be taken into account

setUseSunsetDate

public void setUseSunsetDate(boolean useSunsetDate)

Sets whether a trust anchor's sunset date shall be taken into account when checking a trust anchor Default : TRUE (sunset date is used for a trust anchor determination, when applicable)

Parameters:

useSunsetDate - whether a trust anchor's sunset date shall be taken into account

isTrustedAtTime

public boolean isTrustedAtTime(CertificateToken certificateToken,
 Date controlTime)

This method verifies whether the certificateToken is trusted at controlTime

Parameters:

certificateToken - CertificateToken to check

controlTime - Date the validation time

Returns:

TRUE if the certificate is trusted at the given time, FALSE otherwise

isTrustedAtTime

public boolean isTrustedAtTime(CertificateToken certificateToken,
 Date controlTime,
 Context context)

This method verifies whether the certificateToken is trusted at controlTime

Parameters:

certificateToken - CertificateToken to check

controlTime - Date the validation time

context - Context

Returns:

TRUE if the certificate is trusted at the given time, FALSE otherwise

isTrustedCertificateChain

public boolean isTrustedCertificateChain(List<CertificateToken> certChain,
 Date controlTime)

Verifies whether the certificate chain contains a trust anchor

Parameters:

certChain - a list of CertificateTokens representing a certificate chain to be verified

controlTime - Date validation time

Returns:

TRUE if the certificate chain is trusted, FALSE otherwise

isTrustedCertificateChain

public boolean isTrustedCertificateChain(List<CertificateToken> certChain,
 Date controlTime,
 Context context)

Verifies whether the certificate chain contains a trust anchor

Parameters:

certChain - a list of CertificateTokens representing a certificate chain to be verified

controlTime - Date validation time

context - Context

Returns:

TRUE if the certificate chain is trusted, FALSE otherwise