Class AbstractCertificateValidator<R extends AbstractReports, PE extends ProcessExecutor<R>>

java.lang.Object
eu.europa.esig.dss.validation.AbstractCertificateValidator<R,PE>
Type Parameters:
R - AbstractReports
PE - ProcessExecutor
All Implemented Interfaces:
ProcessExecutorProvider<PE>
Direct Known Subclasses:
CertificateValidator, QWACValidator
public abstract class AbstractCertificateValidator<R extends AbstractReports, PE extends ProcessExecutor<R>> extends Object implements ProcessExecutorProvider<PE>
This class contains common configuration and methods for a eu.europa.esig.dss.model.x509.CertificateToken validation.

  • Field Details

    • validationTime

      protected Date validationTime
      The validation time

    • certificateVerifier

      protected CertificateVerifier certificateVerifier
      The CertificateVerifier to use

    • tokenExtractionStrategy

      protected TokenExtractionStrategy tokenExtractionStrategy
      The TokenExtractionStrategy

    • identifierProvider

      protected TokenIdentifierProvider identifierProvider
      The token identifier provider to use

    • validationContextExecutor

      protected ValidationContextExecutor validationContextExecutor
      Performs validation of ValidationContext Default : DefaultValidationContextExecutor

    • locale

      protected Locale locale
      Locale to use for reports generation By default a Locale from OS is used

    • processExecutor

      protected PE extends ProcessExecutor<R> processExecutor
      The CertificateProcessExecutor

    • defaultDigestAlgorithm

      protected DigestAlgorithm defaultDigestAlgorithm
      This variable set the default Digest Algorithm what will be used for calculation of digests for validation tokens and signed data Default: SHA256

  • Constructor Details

    • AbstractCertificateValidator

      protected AbstractCertificateValidator()
      Default constructor

  • Method Details

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      Sets the CertificateVerifier
      Parameters:
      certificateVerifier - CertificateVerifier

    • setTokenExtractionStrategy

      public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)
      Sets the TokenExtractionStrategy
      Parameters:
      tokenExtractionStrategy - TokenExtractionStrategy

    • setTokenIdentifierProvider

      public void setTokenIdentifierProvider(TokenIdentifierProvider identifierProvider)
      Sets the TokenIdentifierProvider
      Parameters:
      identifierProvider - TokenIdentifierProvider

    • setValidationTime

      public void setValidationTime(Date validationTime)
      Sets the validationTime
      Parameters:
      validationTime - Date

    • setLocale

      public void setLocale(Locale locale)
      Sets the Locale to use for messages in reports
      Parameters:
      locale - Locale

    • getValidationTime

      protected Date getValidationTime()
      Gets the validation time
      Returns:
      Date

    • setValidationContextExecutor

      public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor)
      This method sets ValidationContextExecutor for validation of the prepared ValidationContext Default: eu.europa.esig.dss.validation.executor.context.DefaultValidationContextExecutor (performs basic validation of tokens, including certificate chain building and revocation data extraction, without processing of validity checks)
      Parameters:
      validationContextExecutor - ValidationContextExecutor

    • setDefaultDigestAlgorithm

      public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      This method allows to change the Digest Algorithm that will be used for tokens' digest calculation Default : DigestAlgorithm.SHA256
      Parameters:
      digestAlgorithm - DigestAlgorithm to use

    • validate

      public R validate()
      Validates the certificate with a default validation policy
      Returns:
      CertificateReports

    • validate

      public R validate(URL validationPolicyURL)
      Validates the certificate with the validation policy obtained from validationPolicyURL. If null the default file is used.
      Parameters:
      validationPolicyURL - URL
      Returns:
      CertificateReports

    • validate

      public R validate(String policyResourcePath)
      Validates the certificate with the validation policy obtained from policyResourcePath. If null or empty the default file is used.
      Parameters:
      policyResourcePath - is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      CertificateReports

    • validate

      public R validate(File policyFile)
      Validates the certificate with the validation policy obtained from policyFile. If null or file does not exist the default file is used.
      Parameters:
      policyFile - contains the validation policy (xml) as File
      Returns:
      CertificateReports

    • validate

      public R validate(DSSDocument policyDocument)
      Validates the certificate with the validation policy obtained from policyDocument. If null the default file is used.
      Parameters:
      policyDocument - contains the validation policy (xml) as DSSDocument
      Returns:
      CertificateReports

    • validate

      public R validate(InputStream policyDataStream)
      Validates the document and all its signatures. The policyDataStream contains the constraint file. If null the default file is used.
      Parameters:
      policyDataStream - the InputStream with the validation policy
      Returns:
      CertificateReports

    • validate

      public R validate(URL validationPolicyURL, URL cryptographicSuiteURL)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.

      Parameters:
      validationPolicyURL - URL to the used validation policy file
      cryptographicSuiteURL - URL to the used cryptographic suite file
      Returns:
      CertificateReports

    • validate

      public R validate(String policyResourcePath, String cryptographicSuitePath)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The policyResourcePath and cryptographicSuitePath specify the constraint file. If null or empty the default file is used.

      Parameters:
      policyResourcePath - String path to the validation policy file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      cryptographicSuitePath - String path to the cryptographic suite file, located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      CertificateReports

    • validate

      public R validate(File policyFile, File cryptographicSuiteFile)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The File parameters specify the constraint file. If null the default file is used.

      Parameters:
      policyFile - File containing the validation policy
      cryptographicSuiteFile - File containing the cryptographic suite
      Returns:
      CertificateReports

    • validate

      public R validate(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The DSSDocument parameters contains the constraint files. If null the default file is used.

      Parameters:
      policyDocument - DSSDocument containing the validation policy
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite
      Returns:
      CertificateReports

    • loadValidationPolicy

      protected ValidationPolicy loadValidationPolicy(DSSDocument policyDocument, DSSDocument cryptographicSuiteDocument)
      This method loads a validation policy from the policyDocument and a cryptographicSuiteDocument. When a document is not provided, a default policy or cryptographic suite is used, respectively.
      Parameters:
      policyDocument - DSSDocument containing the validation policy document
      cryptographicSuiteDocument - DSSDocument containing the cryptographic suite document
      Returns:
      ValidationPolicy

    • fromDefaultCertificateValidationPolicyLoader

      protected ValidationPolicyLoader fromDefaultCertificateValidationPolicyLoader()
      Gets a default validation policy loader for a certificate validation
      Returns:
      ValidationPolicyLoader

    • getDefaultValidationPolicyPath

      protected abstract String getDefaultValidationPolicyPath()
      Returns the default validation policy path
      Returns:
      String

    • validate

      public R validate(InputStream policyDataStream, InputStream cryptographicSuiteStream)
      Validates the certificate using the provided validation policy and a cryptographic suite. If cryptographic suite is set, the constraints from validation policy will be overwritten by the constraints retrieved from the cryptographic suite. When set, the cryptographic suite constraints are applied with the default behavior, using FAIL level. For a customizable cryptographic suite and its applicability context, please use eu.europa.esig.dss.validation.policy.ValidationPolicyLoader.

      The format of validation policy should correspond to the DSS XML Validation policy (please include 'dss-policy-jaxb' module in your classpath), unless a custom validation policy has been implemented. The format of cryptographic suite should correspond to XML or JSON schema as defined in ETSI TS 119 322 (please include 'dss-policy-crypto-xml' or 'dss-policy-crypto-json' to the classpath), unless a custom cryptographic suite has been implemented.

      The InputStream parameters contains the constraint files. If null the default file is used.

      Parameters:
      policyDataStream - InputStream containing the validation policy
      cryptographicSuiteStream - InputStream containing the cryptographic suite
      Returns:
      CertificateReports

    • validate

      public R validate(ValidationPolicy validationPolicy)
      Validated the certificate with a custom validation policy
      Parameters:
      validationPolicy - ValidationPolicy
      Returns:
      CertificateReports

    • assertConfigurationValid

      protected void assertConfigurationValid()
      Checks if the Validator configuration is valid

    • getDiagnosticData

      public final XmlDiagnosticData getDiagnosticData()
      This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g. AIA, CRL, OCSP (when applicable).
      Returns:
      XmlDiagnosticData

    • prepareValidationContext

      protected ValidationContext prepareValidationContext(CertificateVerifier certificateVerifier)
      Initializes and fills ValidationContext for a certificate token validation
      Parameters:
      certificateVerifier - CertificateVerifier to be used
      Returns:
      ValidationContext

    • createValidationContext

      protected ValidationContext createValidationContext()
      This method creates a new instance of ValidationContext performing preparation of validation data, certificate chain building, revocation request, as well as custom validation checks execution.
      Returns:
      ValidationContext

    • prepareDiagnosticDataBuilder

      protected DiagnosticDataBuilder prepareDiagnosticDataBuilder()
      Creates a DiagnosticDataBuilder
      Returns:
      DiagnosticDataBuilder

    • validateContext

      protected void validateContext(ValidationContext validationContext)
      Process the validation
      Parameters:
      validationContext - ValidationContext to process

    • createDiagnosticDataBuilder

      protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext)
      Creates and fills the DiagnosticDataBuilder with a relevant data
      Parameters:
      validationContext - ValidationContext used for the validation
      Returns:
      filled DiagnosticDataBuilder

    • initDiagnosticDataBuilder

      protected DiagnosticDataBuilder initDiagnosticDataBuilder()
      Instantiates a new DiagnosticDataBuilder
      Returns:
      DiagnosticDataBuilder

    • provideProcessExecutorInstance

      protected abstract PE provideProcessExecutorInstance()
      Gets the ProcessExecutor
      Returns:
      ProcessExecutor

    • setProcessExecutor

      public void setProcessExecutor(PE processExecutor)
      Description copied from interface: ProcessExecutorProvider
      This method provides the possibility to set the specific CustomProcessExecutor
      Specified by:
      setProcessExecutor in interface ProcessExecutorProvider<R extends AbstractReports>
      Parameters:
      processExecutor - ProcessExecutor