Class QWACValidator
java.lang.Object
eu.europa.esig.dss.validation.AbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>
eu.europa.esig.dss.validation.qwac.QWACValidator
- All Implemented Interfaces:
ProcessExecutorProvider<CertificateProcessExecutor>
public class QWACValidator
extends AbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>
This class performs a validation of a TLS/SSL certificate as per ETSI TS 119 411-5
"Policy and security requirements for Trust Service Providers issuing certificates;
Part 5: Implementation of qualified certificates for website authentication as in amended Regulation 910/2014"
-
Field Summary
Fields inherited from class AbstractCertificateValidator
certificateVerifier, defaultDigestAlgorithm, identifierProvider, locale, processExecutor, tokenExtractionStrategy, validationContextExecutor, validationTime -
Method Summary
Modifier and TypeMethodDescriptionprotected voidassertResponseValid(ResponseEnvelope response) Verifies whether theresponseis valid and contains the information required to continue the QWAC validation processprotected ResponseEnvelopeConnects to theurlprotected DiagnosticDataBuildercreateDiagnosticDataBuilder(ValidationContext validationContext, SignedDocumentValidator signedDocumentValidator, CertificateToken tlsCertificate, String tlsCertificateBindingUrl, AdvancedSignature signature) Creates and configures a newDiagnosticDataBuilderstatic QWACValidatorInstantiates a new QWAC Validator to verify the TSL/SSL certificate from the specifiedurl.static QWACValidatorfromUrlAndCertificate(String url, CertificateToken certificateToken) Instantiates a new QWAC Validator to verify the provided TSL/SSLcertificateTokenagainst the specifiedurl.protected AdvancedDataLoaderGets the data loader to be used for accessing the information from remote sources.Returns a default for a validator process executorprotected StringReturns the default validation policy pathprotected CertificateVerifierBuilds a complete copy of the CertificateVerifier for the offline validationprotected DiagnosticDataBuilderInstantiates a new DiagnosticDataBuilderprotected DiagnosticDataBuilderCreates aDiagnosticDataBuilderprotected ValidationContextprepareValidationContext(CertificateToken tlsCertificate, List<CertificateToken> otherTlsCertificates, AdvancedSignature signature) This method is used to prepare aValidationContextusing the configuration and provided data objectsprotected CertificateProcessExecutorGets theProcessExecutorprotected StringreadTLSCertificateBindingUrl(ResponseEnvelope responseEnvelope) This method reads the HTTP response headers and extracts the value of the "Link" header with a "rel" value of "tls-certificate-binding".voidsetDataLoader(AdvancedDataLoader dataLoader) Sets a data loader used to establish TLS/SSL connection and retrieve any related information over.Methods inherited from class AbstractCertificateValidator
assertConfigurationValid, createDiagnosticDataBuilder, createValidationContext, fromDefaultCertificateValidationPolicyLoader, getDiagnosticData, getValidationTime, loadValidationPolicy, prepareValidationContext, setCertificateVerifier, setDefaultDigestAlgorithm, setLocale, setProcessExecutor, setTokenExtractionStrategy, setTokenIdentifierProvider, setValidationContextExecutor, setValidationTime, validate, validate, validate, validate, validate, validate, validate, validate, validate, validate, validate, validate, validateContext
-
Method Details
-
getDataLoader
Gets the data loader to be used for accessing the information from remote sources. If not defined with a setter, the method instantiates aNativeHTTPDataLoaderby default.- Returns:
AdvancedDataLoader
-
setDataLoader
Sets a data loader used to establish TLS/SSL connection and retrieve any related information over. If not set, a default instance ofNativeHTTPDataLoaderwill be used for remote calls, if any.- Parameters:
dataLoader-AdvancedDataLoader
-
fromUrl
Instantiates a new QWAC Validator to verify the TSL/SSL certificate from the specifiedurl. When loaded with this method, QWACValidator will perform a request to the remoteurlto retrieve the actual TSL/SSL certificate and perform its validation.- Parameters:
url-Stringto validate a used TSL/SSL certificate from- Returns:
QWACValidator
-
fromUrlAndCertificate
Instantiates a new QWAC Validator to verify the provided TSL/SSLcertificateTokenagainst the specifiedurl. When loaded with this method, QWACValidator will validate the providedcertificateTokenwhether it can be used as a QWAC TSL/SSL certificate for theurl.- Parameters:
url-Stringto validate the TSL/SSL certificate againstcertificateToken-CertificateTokenrepresenting a TSL/SSL certificate to be validated- Returns:
QWACValidator
-
prepareDiagnosticDataBuilder
Description copied from class:AbstractCertificateValidatorCreates aDiagnosticDataBuilder- Overrides:
prepareDiagnosticDataBuilderin classAbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>- Returns:
DiagnosticDataBuilder
-
connectToUrl
Connects to theurl- Returns:
ResponseEnvelopecontaining metadata and context received from the server
-
prepareValidationContext
protected ValidationContext prepareValidationContext(CertificateToken tlsCertificate, List<CertificateToken> otherTlsCertificates, AdvancedSignature signature) This method is used to prepare aValidationContextusing the configuration and provided data objects- Parameters:
tlsCertificate-CertificateTokenused to establish the secure TLS/SSL connectionotherTlsCertificates- a list of TLS/SSLCertificateTokens returned by a serversignature-AdvancedSignatureTLS Certificate Binding signature, when present- Returns:
ValidationContext
-
readTLSCertificateBindingUrl
This method reads the HTTP response headers and extracts the value of the "Link" header with a "rel" value of "tls-certificate-binding".- Parameters:
responseEnvelope-ResponseEnvelopeto process- Returns:
SystemTSL Certificate Binding URL, when present
-
assertResponseValid
Verifies whether theresponseis valid and contains the information required to continue the QWAC validation process- Parameters:
response-ResponseEnvelope
-
createDiagnosticDataBuilder
protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext, SignedDocumentValidator signedDocumentValidator, CertificateToken tlsCertificate, String tlsCertificateBindingUrl, AdvancedSignature signature) Creates and configures a newDiagnosticDataBuilder- Parameters:
validationContext-ValidationContextsignedDocumentValidator-SignedDocumentValidatorused to validate a signaturetlsCertificate-CertificateTokenused to establish a TLS/SSL connectiontlsCertificateBindingUrl-StringTLS Certificate Binding URL, when presentsignature-AdvancedSignatureTLS Certificate Binding signature, when present- Returns:
DiagnosticDataBuilder
-
getOfflineCertificateVerifier
Builds a complete copy of the CertificateVerifier for the offline validation- Returns:
CertificateVerifier
-
initDiagnosticDataBuilder
Description copied from class:AbstractCertificateValidatorInstantiates a new DiagnosticDataBuilder- Overrides:
initDiagnosticDataBuilderin classAbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>- Returns:
DiagnosticDataBuilder
-
getDefaultValidationPolicyPath
Description copied from class:AbstractCertificateValidatorReturns the default validation policy path- Specified by:
getDefaultValidationPolicyPathin classAbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>- Returns:
String
-
provideProcessExecutorInstance
Description copied from class:AbstractCertificateValidatorGets theProcessExecutor- Specified by:
provideProcessExecutorInstancein classAbstractCertificateValidator<CertificateReports, CertificateProcessExecutor>- Returns:
ProcessExecutor
-
getDefaultProcessExecutor
Description copied from interface:ProcessExecutorProviderReturns a default for a validator process executor- Returns:
- Process Executor
-