Package eu.europa.esig.dss.validation

Class CertificateValidator

java.lang.Object
eu.europa.esig.dss.validation.CertificateValidator
All Implemented Interfaces:
ProcessExecutorProvider<CertificateProcessExecutor>
public class CertificateValidator extends Object implements ProcessExecutorProvider<CertificateProcessExecutor>
Validates a CertificateToken

  • Method Details

    • fromCertificate

      public static CertificateValidator fromCertificate(CertificateToken token)
      Creates a CertificateValidator from a certificateToken
      Parameters:
      token - CertificateToken
      Returns:
      CertificateValidator

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      Sets the CertificateVerifier
      Parameters:
      certificateVerifier - CertificateVerifier

    • setTokenExtractionStrategy

      public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)
      Sets the TokenExtractionStrategy
      Parameters:
      tokenExtractionStrategy - TokenExtractionStrategy

    • setTokenIdentifierProvider

      public void setTokenIdentifierProvider(TokenIdentifierProvider identifierProvider)
      Sets the TokenIdentifierProvider
      Parameters:
      identifierProvider - TokenIdentifierProvider

    • setValidationTime

      public void setValidationTime(Date validationTime)
      Sets the validationTime
      Parameters:
      validationTime - Date

    • setLocale

      public void setLocale(Locale locale)
      Sets the Locale to use for messages in reports
      Parameters:
      locale - Locale

    • setValidationContextExecutor

      public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)
      This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)
      Parameters:
      validationContextExecutor - ValidationContextExecutor

    • setDefaultDigestAlgorithm

      public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256
      Parameters:
      digestAlgorithm - DigestAlgorithm to use

    • validate

      public CertificateReports validate()
      Validates the certificate with a default validation policy
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(URL validationPolicyURL)
      Validates the certificate with the validation policy obtained from validationPolicyURL. If null the default file is used.
      Parameters:
      validationPolicyURL - URL
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(String policyResourcePath)
      Validates the certificate with the validation policy obtained from policyResourcePath. If null or empty the default file is used.
      Parameters:
      policyResourcePath - is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(File policyFile)
      Validates the certificate with the validation policy obtained from policyFile. If null or file does not exist the default file is used.
      Parameters:
      policyFile - contains the validation policy (xml) as File
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(DSSDocument policyDocument)
      Validates the certificate with the validation policy obtained from policyDocument. If null the default file is used.
      Parameters:
      policyDocument - contains the validation policy (xml) as DSSDocument
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(InputStream policyDataStream)
      Validates the document and all its signatures. The policyDataStream contains the constraint file. If null the default file is used.
      Parameters:
      policyDataStream - the InputStream with the validation policy
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(URL validationPolicyURL, URL cryptographicSuiteURL)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.

      Parameters:
      validationPolicyURL - URL to the used validation policy file
      cryptographicSuiteURL - URL to the used cryptographic suite file
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(String policyResourcePath, String cryptographicSuitePath)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The policyResourcePath and cryptographicSuitePath specify the constraint file. If null or empty the default file is used.

      Parameters:
      policyResourcePath - String path to the validation policy file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      cryptographicSuitePath - String path to the cryptographic suite file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(File policyFile, File cryptographicSuiteFile)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The File parameters specify the constraint file. If null the default file is used.

      Parameters:
      policyFile - File containing the validation policy
      cryptographicSuiteFile - File containing the cryptographic suite
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The DSSDocument parameters contains the constraint files. If null the default file is used.

      Parameters:
      policyDocument - DSSDocument containing the validation policy
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite
      Returns:
      CertificateReports

    • loadValidationPolicy

      protected ValidationPolicy loadValidationPolicy(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      This method loads a validation policy from the policyDocument and a cryptographicSuiteDocument. When a document is not provided, a default policy or cryptographic suite is used, respectively.
      Parameters:
      policyDocument - DSSDocument containing the validation policy document
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite document
      Returns:
      ValidationPolicy

    • fromDefaultCertificateValidationPolicyLoader

      protected ValidationPolicyLoader fromDefaultCertificateValidationPolicyLoader()
      Gets a default validation policy loader for a certificate validation
      Returns:
      ValidationPolicyLoader

    • validate

      public CertificateReports validate(InputStream policyDataStream, InputStream cryptographicSuiteStream)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The InputStream parameters contains the constraint files. If null the default file is used.

      Parameters:
      policyDataStream - InputStream containing the validation policy
      cryptographicSuiteStream - InputStream containing the cryptographic suite
      Returns:
      CertificateReports

    • validate

      public CertificateReports validate(ValidationPolicy validationPolicy)
      Validated the certificate with a custom validation policy
      Parameters:
      validationPolicy - ValidationPolicy
      Returns:
      CertificateReports

    • assertConfigurationValid

      protected void assertConfigurationValid()
      Checks if the Validator configuration is valid

    • getDiagnosticData

      public final XmlDiagnosticData getDiagnosticData()
      This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g. AIA, CRL, OCSP (when applicable).
      Returns:
      XmlDiagnosticData

    • prepareValidationContext

      protected ValidationContext prepareValidationContext(CertificateVerifier certificateVerifier)
      Initializes and fills ValidationContext for a certificate token validation
      Parameters:
      certificateVerifier - CertificateVerifier to be used
      Returns:
      ValidationContext

    • createValidationContext

      protected ValidationContext createValidationContext()
      This method creates a new instance of ValidationContext performing preparation of validation data, certificate chain building, revocation request, as well as custom validation checks execution.
      Returns:
      ValidationContext

    • prepareDiagnosticDataBuilder

      protected DiagnosticDataBuilder prepareDiagnosticDataBuilder()
      Creates a DiagnosticDataBuilder
      Returns:
      DiagnosticDataBuilder

    • validateContext

      protected void validateContext(ValidationContext validationContext)
      Process the validation
      Parameters:
      validationContext - ValidationContext to process

    • createDiagnosticDataBuilder

      protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext)
      Creates and fills the DiagnosticDataBuilder with a relevant data
      Parameters:
      validationContext - ValidationContext used for the validation
      Returns:
      filled DiagnosticDataBuilder

    • setProcessExecutor

      public void setProcessExecutor(CertificateProcessExecutor processExecutor)
      Description copied from interface: ProcessExecutorProvider
      This method provides the possibility to set the specific CustomProcessExecutor
      Specified by:
      setProcessExecutor in interface ProcessExecutorProvider<CertificateProcessExecutor>
      Parameters:
      processExecutor - ProcessExecutor

    • provideProcessExecutorInstance

      public CertificateProcessExecutor provideProcessExecutorInstance()
      Gets the CertificateProcessExecutor
      Returns:
      CertificateProcessExecutor

    • getDefaultProcessExecutor

      public CertificateProcessExecutor getDefaultProcessExecutor()
      Description copied from interface: ProcessExecutorProvider
      Returns a default for a validator process executor
      Specified by:
      getDefaultProcessExecutor in interface ProcessExecutorProvider<CertificateProcessExecutor>
      Returns:
      Process Executor