Package eu.europa.esig.dss.spi.validation

Interface ValidationContext

All Known Implementing Classes:
SignatureValidationContext
public interface ValidationContext
This interface allows the implementation of the validators for: certificates, timestamps and revocation data.

  • Method Details

    • initialize

      void initialize(CertificateVerifier certificateVerifier)
      This method initializes the ValidationContext by retrieving the relevant data from certificateVerifier
      Parameters:
      certificateVerifier - CertificateVerifier

    • getCurrentTime

      Date getCurrentTime()
      Gets the current validation time.
      Returns:
      Date

    • addSignatureForVerification

      void addSignatureForVerification(AdvancedSignature signature)
      Adds a new signature to collect the information to verify.
      Parameters:
      signature - AdvancedSignature to extract data to be verified

    • addRevocationTokenForVerification

      void addRevocationTokenForVerification(RevocationToken<?> revocationToken)
      Adds a new revocation token to the list of tokens to verify. If the revocation token has already been added then it is ignored.
      Parameters:
      revocationToken - an instance of RevocationToken revocation tokens to verify

    • addCertificateTokenForVerification

      void addCertificateTokenForVerification(CertificateToken certificateToken)
      Adds a new certificate token to the list of tokens to verify. If the certificate token has already been added then it is ignored.
      Parameters:
      certificateToken - CertificateToken certificate token to verify

    • addTimestampTokenForVerification

      void addTimestampTokenForVerification(TimestampToken timestampToken)
      Adds a new timestamp token to the list of tokens to verify. If the timestamp token has already been added then it is ignored.
      Parameters:
      timestampToken - TimestampToken timestamp token to verify

    • addEvidenceRecordForVerification

      void addEvidenceRecordForVerification(EvidenceRecord evidenceRecord)
      Adds Evidence Record's content to proceed with validation
      Parameters:
      evidenceRecord - EvidenceRecord to add content from

    • addDocumentCertificateSource

      void addDocumentCertificateSource(CertificateSource certificateSource)
      Adds an extracted certificate source to the used list of sources
      Parameters:
      certificateSource - CertificateSource

    • addDocumentCertificateSource

      void addDocumentCertificateSource(ListCertificateSource listCertificateSource)
      Adds a list certificate source to the used list of sources
      Parameters:
      listCertificateSource - ListCertificateSource

    • addDocumentCRLSource

      void addDocumentCRLSource(OfflineRevocationSource<CRL> crlSource)
      Adds an extracted CRL source to the used list of sources
      Parameters:
      crlSource - OfflineRevocationSource for CRL

    • addDocumentCRLSource

      void addDocumentCRLSource(ListRevocationSource<CRL> crlSource)
      Adds a list CRL source to the used list of sources
      Parameters:
      crlSource - ListRevocationSource for CRL

    • addDocumentOCSPSource

      void addDocumentOCSPSource(OfflineRevocationSource<OCSP> ocspSource)
      Adds an extracted OCSP source to the used list of sources
      Parameters:
      ocspSource - OfflineRevocationSource for OCSP

    • addDocumentOCSPSource

      void addDocumentOCSPSource(ListRevocationSource<OCSP> ocspSource)
      Adds a listd OCSP source to the used list of sources
      Parameters:
      ocspSource - ListRevocationSource for OCSP

    • validate

      void validate()
      Carries out the validation process in recursive manner for not yet checked tokens.

    • checkAllRequiredRevocationDataPresent

      boolean checkAllRequiredRevocationDataPresent()
      This method returns if all processed certificates have a revocation data.

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllRequiredRevocationDataPresent() for handling the check with custom alerts.

      Returns:
      true if all needed revocation data are present

    • checkAllPOECoveredByRevocationData

      boolean checkAllPOECoveredByRevocationData()
      This method returns if all POE (timestamp tokens) are covered by a revocation data.

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllPOECoveredByRevocationData() for handling the check with custom alerts.

      Returns:
      true if all timestamps are covered by a usable revocation data

    • checkAllTimestampsValid

      boolean checkAllTimestampsValid()
      This method returns if all processed timestamps are valid and intact.

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllTimestampsValid() for handling the check with custom alerts.

      Returns:
      true if all timestamps are valid

    • checkCertificateNotRevoked

      boolean checkCertificateNotRevoked(CertificateToken certificateToken)
      This method returns if the certificate is not revoked

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertCertificateNotRevoked(CertificateToken) for handling the check with custom alerts.

      Parameters:
      certificateToken - CertificateToken certificate to be checked
      Returns:
      true if all certificates are valid

    • checkAllSignatureCertificatesNotRevoked

      boolean checkAllSignatureCertificatesNotRevoked()
      This method returns whether none of the signature's certificate chain certificates are not revoked, validating recursively.

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignatureCertificatesNotRevoked() for handling the check with custom alerts.

      Returns:
      true if all certificates are valid

    • checkAllSignatureCertificateHaveFreshRevocationData

      boolean checkAllSignatureCertificateHaveFreshRevocationData()
      This method returns whether for all signature's certificate chain certificates there is a fresh revocation data, after the earliest available timestamp token production time.

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignatureCertificateHaveFreshRevocationData() for handling the check with custom alerts.

      Returns:
      true if all signature certificates have an updated revocation data (after signature-time-stamp production time)

    • checkAllSignaturesNotExpired

      boolean checkAllSignaturesNotExpired()
      This method returns whether all signatures added to the ValidationContext are not yet expired

      NOTE: Since DSS 6.2 the behavior of the method has changed, returning only the boolean validation result, without alerts handling. Please see ValidationAlerter.assertAllSignaturesNotExpired() for handling the check with custom alerts.

      Returns:
      true if the signing certificate or its POE(s) not yet expired, false otherwise

    • checkCertificateNotExpired

      boolean checkCertificateNotExpired(CertificateToken certificateToken)
      This method returns whether the certificate token is not yet expired
      Parameters:
      certificateToken - CertificateToken to be validated
      Returns:
      true if the certificate or/and its POE(s) are not yet expired, false otherwise

    • checkAllSignaturesAreYetValid

      boolean checkAllSignaturesAreYetValid()
      This method returns whether all signatures added to the ValidationContext have been produced with yet valid certificates at the time of signing
      Returns:
      true if the signing certificate or its POE(s) is yet valid, false otherwise

    • checkCertificateIsYetValid

      boolean checkCertificateIsYetValid(CertificateToken certificateToken)
      This method returns whether the certificate token is yet valid
      Parameters:
      certificateToken - CertificateToken to be validated
      Returns:
      true if the certificate is yet valid, false otherwise

    • getProcessedSignatures

      Set<AdvancedSignature> getProcessedSignatures()
      Returns signatures added to the validation context
      Returns:
      a set of AdvancedSignatures

    • getProcessedCertificates

      Set<CertificateToken> getProcessedCertificates()
      Returns a read only list of all certificates used in the process of the validation of all signatures from the given document. This list includes the certificate to check, certification chain certificates, OCSP response certificate...
      Returns:
      a set of CertificateTokens

    • getProcessedRevocations

      Set<RevocationToken<?>> getProcessedRevocations()
      Returns a read only list of all revocations used in the process of the validation of all signatures from the given document.
      Returns:
      a set of RevocationTokens

    • getProcessedTimestamps

      Set<TimestampToken> getProcessedTimestamps()
      Returns a read only list of all timestamps processed during the validation of all signatures from the given document.
      Returns:
      a set of TimestampTokens

    • getProcessedEvidenceRecords

      Set<EvidenceRecord> getProcessedEvidenceRecords()
      Returns evidence records added to the validation context
      Returns:
      a set of EvidenceRecords

    • getAllCertificateSources

      ListCertificateSource getAllCertificateSources()
      Returns a list of all CertificateSources used during the validation process. It is represented by sources extracted from the provided document (e.g. signatures, timestamps) as well as the sources obtained during the validation process (e.g. AIA, OCSP).
      Returns:
      ListCertificateSource

    • getDocumentCertificateSource

      ListCertificateSource getDocumentCertificateSource()
      Returns a list of all CertificateSources extracted from a validating document (signature(s), timestamp(s))
      Returns:
      ListCertificateSource

    • getDocumentCRLSource

      ListRevocationSource<CRL> getDocumentCRLSource()
      Returns a list of all CRL OfflineRevocationSources extracted from a validating document
      Returns:
      ListRevocationSource

    • getDocumentOCSPSource

      ListRevocationSource<OCSP> getDocumentOCSPSource()
      Returns a list of all OCSP OfflineRevocationSources extracted from a validating document
      Returns:
      ListRevocationSource

    • getValidationData

      ValidationData getValidationData(AdvancedSignature signature)
      Returns a validation data for the given signature's certificate chain
      Parameters:
      signature - AdvancedSignature to extract validation data for
      Returns:
      ValidationData

    • getValidationData

      ValidationData getValidationData(TimestampToken timestampToken)
      Returns a validation data for the given timestampToken's certificate chain
      Parameters:
      timestampToken - TimestampToken to extract validation data for
      Returns:
      ValidationData

    • getRevocationData

      List<RevocationToken<?>> getRevocationData(CertificateToken certificateToken)
      Returns revocation data for the given certificateToken, whether extracted from a signature file or obtained online.
      Parameters:
      certificateToken - CertificateToken to retrieve revocation data for
      Returns:
      a list of RevocationTokens