Package eu.europa.esig.dss.validation

Class SignedDocumentValidator

java.lang.Object
eu.europa.esig.dss.validation.SignedDocumentValidator
All Implemented Interfaces:
DocumentValidator, ProcessExecutorProvider<DocumentProcessExecutor>
Direct Known Subclasses:
AbstractASiCContainerValidator, AbstractJWSDocumentValidator, CMSDocumentValidator, DefaultEvidenceRecordValidator, DetachedTimestampValidator, PDFDocumentValidator, XMLDocumentValidator
public abstract class SignedDocumentValidator extends Object implements DocumentValidator
Validates a signed document. The content of the document is determined automatically. It can be: XML, CAdES(p7m), PDF or ASiC(zip). SignatureScopeFinder can be set using the appropriate setter (ex. setCadesSignatureScopeFinder). By default, this class will use the default SignatureScopeFinder as defined by eu.europa.esig.dss.validation.scope.SignatureScopeFinderFactory

  • Field Details

    • documentAnalyzer

      protected final DocumentAnalyzer documentAnalyzer
      This class performs analysis of the document, tokens extraction as well as cryptographic validation

    • processExecutor

      protected DocumentProcessExecutor processExecutor
      This variable can hold a specific DocumentProcessExecutor

  • Constructor Details

    • SignedDocumentValidator

      protected SignedDocumentValidator(DocumentAnalyzer documentAnalyzer)
      The constructor with a null signatureScopeFinder
      Parameters:
      documentAnalyzer - DocumentAnalyzer

  • Method Details

    • fromDocument

      public static SignedDocumentValidator fromDocument(DSSDocument dssDocument)
      This method guesses the document format and returns an appropriate document validator.
      Parameters:
      dssDocument - The instance of DSSDocument to validate
      Returns:
      returns the specific instance of SignedDocumentValidator in terms of the document type

    • isSupported

      public boolean isSupported(DSSDocument dssDocument)
      Checks if the document is supported by the current validator
      Parameters:
      dssDocument - DSSDocument to check
      Returns:
      TRUE if the document is supported, FALSE otherwise

    • getDocumentAnalyzer

      public DocumentAnalyzer getDocumentAnalyzer()
      Returns the current instance of DocumentAnalyzer
      Returns:
      DocumentAnalyzer

    • setSigningCertificateSource

      public void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Description copied from interface: DocumentValidator
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Specified by:
      setSigningCertificateSource in interface DocumentValidator
      Parameters:
      signingCertificateSource - the certificate source

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed. The certificate verifier is used to pass these values. Note that once this setter is called any change in the content of the CommonTrustedCertificateSource or in adjunct certificate source is not taken into account.
      Specified by:
      setCertificateVerifier in interface DocumentValidator
      Parameters:
      certificateVerifier - CertificateVerifier

    • setValidationContextExecutor

      public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)
      Description copied from interface: DocumentValidator
      This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)
      Specified by:
      setValidationContextExecutor in interface DocumentValidator
      Parameters:
      validationContextExecutor - ValidationContextExecutor

    • setTokenIdentifierProvider

      public void setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider)
      Description copied from interface: DocumentValidator
      Sets the TokenIdentifierProvider
      Specified by:
      setTokenIdentifierProvider in interface DocumentValidator
      Parameters:
      tokenIdentifierProvider - TokenIdentifierProvider

    • setDetachedContents

      public void setDetachedContents(List<DSSDocument> detachedContents)
      Description copied from interface: DocumentValidator
      Sets the List of DSSDocument containing the original contents to sign, for detached signature scenarios.
      Specified by:
      setDetachedContents in interface DocumentValidator
      Parameters:
      detachedContents - the List of DSSDocument to set

    • setDetachedEvidenceRecordDocuments

      public void setDetachedEvidenceRecordDocuments(List<DSSDocument> detachedEvidenceRecordDocuments)
      Description copied from interface: DocumentValidator
      Sets a List of DSSDocument containing the evidence record documents covering the signature document.
      Specified by:
      setDetachedEvidenceRecordDocuments in interface DocumentValidator
      Parameters:
      detachedEvidenceRecordDocuments - the List of DSSDocument to set

    • setContainerContents

      public void setContainerContents(List<DSSDocument> containerContents)
      Description copied from interface: DocumentValidator
      Sets the List of DSSDocument containing the original container content for ASiC-S signatures.
      Specified by:
      setContainerContents in interface DocumentValidator
      Parameters:
      containerContents - the List of DSSDocument to set

    • setManifestFile

      public void setManifestFile(ManifestFile manifestFile)
      Description copied from interface: DocumentValidator
      Sets a related ManifestFile to the document to be validated.
      Specified by:
      setManifestFile in interface DocumentValidator
      Parameters:
      manifestFile - a ManifestFile to set

    • setValidationTime

      public void setValidationTime(Date validationTime)
      Allows to define a custom validation time
      Specified by:
      setValidationTime in interface DocumentValidator
      Parameters:
      validationTime - Date

    • setSignaturePolicyProvider

      public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)
      Description copied from interface: DocumentValidator
      This method allows to set a provider for Signature policies
      Specified by:
      setSignaturePolicyProvider in interface DocumentValidator
      Parameters:
      signaturePolicyProvider - SignaturePolicyProvider

    • setDefaultDigestAlgorithm

      public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      Description copied from interface: DocumentValidator
      This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256
      Specified by:
      setDefaultDigestAlgorithm in interface DocumentValidator
      Parameters:
      digestAlgorithm - DigestAlgorithm to use

    • setTokenExtractionStrategy

      public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)
      Description copied from interface: DocumentValidator
      This method allows to set the token extraction strategy to follow in the diagnostic data generation.
      Specified by:
      setTokenExtractionStrategy in interface DocumentValidator
      Parameters:
      tokenExtractionStrategy - the TokenExtractionStrategy

    • setIncludeSemantics

      public void setIncludeSemantics(boolean include)
      Description copied from interface: DocumentValidator
      This method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by default
      Specified by:
      setIncludeSemantics in interface DocumentValidator
      Parameters:
      include - true to enable the inclusion of the semantics

    • setValidationLevel

      public void setValidationLevel(ValidationLevel validationLevel)
      Description copied from interface: DocumentValidator
      This method allows to specify the validation level (Basic / Timestamp / Long Term / Archival). By default, the selected validation is ARCHIVAL
      Specified by:
      setValidationLevel in interface DocumentValidator
      Parameters:
      validationLevel - ValidationLevel

    • setEnableEtsiValidationReport

      public void setEnableEtsiValidationReport(boolean enableEtsiValidationReport)
      Description copied from interface: DocumentValidator
      This method allows to specify if the ETSI Validation Report must be generated. Default : TRUE (the ETSI Validation report will be generated).
      Specified by:
      setEnableEtsiValidationReport in interface DocumentValidator
      Parameters:
      enableEtsiValidationReport - - TRUE if the report must be generated, FALSE otherwise

    • setProcessExecutor

      public void setProcessExecutor(DocumentProcessExecutor processExecutor)
      Description copied from interface: ProcessExecutorProvider
      This method provides the possibility to set the specific CustomProcessExecutor
      Specified by:
      setProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>
      Parameters:
      processExecutor - ProcessExecutor

    • provideProcessExecutorInstance

      protected DocumentProcessExecutor provideProcessExecutorInstance()
      This method returns the process executor. If the instance of this class is not yet instantiated then the new instance is created.
      Returns:
      SignatureProcessExecutor

    • getDefaultProcessExecutor

      public DocumentProcessExecutor getDefaultProcessExecutor()
      Description copied from interface: ProcessExecutorProvider
      Returns a default for a validator process executor
      Specified by:
      getDefaultProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>
      Returns:
      Process Executor

    • setLocale

      public void setLocale(Locale locale)
      Sets Locale for report messages generation
      Parameters:
      locale - Locale

    • validateDocument

      public Reports validateDocument()
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The default constraint file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(URL validationPolicyURL)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. If the validation policy URL is set then the policy constraints are retrieved from this location. If null the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicyURL - URL
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(String policyResourcePath)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The policyResourcePath specifies the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyResourcePath - is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(File policyFile)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The File parameter specifies the constraint file. If null or file does not exist the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyFile - contains the validation policy (xml) as File
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(DSSDocument policyDocument)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The policyDataStream contains the constraint file. If null the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyDocument - contains the validation policy (xml) as DSSDocument
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(InputStream policyDataStream)
      Validates the document and all its signatures. The policyDataStream contains the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyDataStream - the InputStream with the validation policy
      Returns:
      the validation reports

    • validateDocument

      public Reports validateDocument(URL validationPolicyURL, URL cryptographicSuiteURL)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures, using the provided validation policy. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.

      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicyURL - URL to the used validation policy file
      cryptographicSuiteURL - URL to the used cryptographic suite file
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(String policyResourcePath, String cryptographicSuitePath)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures, using the provided validation policy. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The policyResourcePath and cryptographicSuitePath specify the constraint file. If null or empty the default file is used.

      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyResourcePath - String path to the validation policy file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      cryptographicSuitePath - String path to the cryptographic suite file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(File policyFile, File cryptographicSuiteFile)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures, using the provided validation policy. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The File parameters specify the constraint file. If null the default file is used.

      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyFile - File containing the validation policy
      cryptographicSuiteFile - File containing the cryptographic suite
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures, using the provided validation policy. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The DSSDocument parameters contains the constraint files. If null the default file is used.

      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyDocument - DSSDocument containing the validation policy
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • loadValidationPolicy

      protected ValidationPolicy loadValidationPolicy(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      This method loads a validation policy from the policyDocument and a cryptographicSuiteDocument. When a document is not provided, a default policy or cryptographic suite is used, respectively.
      Parameters:
      policyDocument - DSSDocument containing the validation policy document
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite document
      Returns:
      ValidationPolicy

    • validateDocument

      public Reports validateDocument(InputStream policyDataStream, InputStream cryptographicSuiteStream)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures, using the provided validation policy. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The InputStream parameters contains the constraint files. If null the default file is used.

      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyDataStream - InputStream containing the validation policy
      cryptographicSuiteStream - InputStream containing the cryptographic suite
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(ValidationPolicy validationPolicy)
      Validates the document and all its signatures. The validationPolicyDom contains the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicy - the ValidationPolicy to use in the validation process
      Returns:
      the validation reports

    • assertConfigurationValid

      protected void assertConfigurationValid()
      This method verifies whether the configuration of the current instance of a document validator is valid

    • getDiagnosticData

      public final XmlDiagnosticData getDiagnosticData()
      This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g. AIA, CRL, OCSP (when applicable).
      Returns:
      XmlDiagnosticData

    • initializeDiagnosticDataBuilder

      protected SignedDocumentDiagnosticDataBuilder initializeDiagnosticDataBuilder()
      This method creates a format-specific implementation of the SignedDocumentDiagnosticDataBuilder
      Returns:
      SignedDocumentDiagnosticDataBuilder

    • processValidationPolicy

      protected final Reports processValidationPolicy(XmlDiagnosticData diagnosticData, ValidationPolicy validationPolicy)
      Executes the validation regarding the given validationPolicy
      Parameters:
      diagnosticData - DiagnosticData contained a data to be validated
      validationPolicy - ValidationPolicy
      Returns:
      validation Reports

    • getSignatures

      public List<AdvancedSignature> getSignatures()
      Description copied from interface: DocumentValidator
      Retrieves the signatures found in the document
      Specified by:
      getSignatures in interface DocumentValidator
      Returns:
      a list of AdvancedSignatures for validation purposes

    • getSignatureById

      public AdvancedSignature getSignatureById(String signatureId)
      Returns the signature with the given id. Processes custom TokenIdentifierProvider and counter signatures
      Parameters:
      signatureId - String id of a signature to be extracted
      Returns:
      AdvancedSignature with the given id if found, NULL otherwise

    • getDetachedTimestamps

      public List<TimestampToken> getDetachedTimestamps()
      Description copied from interface: DocumentValidator
      Retrieves the detached timestamps found in the document
      Specified by:
      getDetachedTimestamps in interface DocumentValidator
      Returns:
      a list of TimestampToken for validation purposes

    • getDetachedEvidenceRecords

      public List<EvidenceRecord> getDetachedEvidenceRecords()
      Description copied from interface: DocumentValidator
      Retrieves the detached evidence records found in the document
      Specified by:
      getDetachedEvidenceRecords in interface DocumentValidator
      Returns:
      a list of Evidence Records for validation purposes

    • getOriginalDocuments

      public List<DSSDocument> getOriginalDocuments(String signatureId)
      Description copied from interface: DocumentValidator
      This method returns the signed document(s) without their signature(s)
      Specified by:
      getOriginalDocuments in interface DocumentValidator
      Parameters:
      signatureId - the DSS ID of the signature to extract original signer data for
      Returns:
      list of DSSDocuments

    • getOriginalDocuments

      public List<DSSDocument> getOriginalDocuments(AdvancedSignature advancedSignature)
      Description copied from interface: DocumentValidator
      This method returns the signed document(s) without their signature(s)
      Specified by:
      getOriginalDocuments in interface DocumentValidator
      Parameters:
      advancedSignature - AdvancedSignature to find signer documents for
      Returns:
      list of DSSDocuments

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures)
      Description copied from interface: DocumentValidator
      Extracts a validation data for provided collection of signatures
      Specified by:
      getValidationData in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      Returns:
      ValidationDataContainer

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps)
      Description copied from interface: DocumentValidator
      Extracts a validation data for provided collection of signatures and/or timestamps
      Specified by:
      getValidationData in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      detachedTimestamps - a collection of detached TimestampTokens
      Returns:
      ValidationDataContainer