Package eu.europa.esig.dss.validation

Class SignedDocumentValidator

java.lang.Object
eu.europa.esig.dss.validation.SignedDocumentValidator
All Implemented Interfaces:
DocumentValidator, ProcessExecutorProvider<DocumentProcessExecutor>
Direct Known Subclasses:
AbstractASiCContainerValidator, AbstractJWSDocumentValidator, CMSDocumentValidator, DetachedTimestampValidator, PDFDocumentValidator, XMLDocumentValidator
public abstract class SignedDocumentValidator extends Object implements DocumentValidator
Validates a signed document. The content of the document is determined automatically. It can be: XML, CAdES(p7m), PDF or ASiC(zip). SignatureScopeFinder can be set using the appropriate setter (ex. setCadesSignatureScopeFinder). By default, this class will use the default SignatureScopeFinder as defined by eu.europa.esig.dss.validation.scope.SignatureScopeFinderFactory

  • Field Details

    • processExecutor

      protected DocumentProcessExecutor processExecutor
      This variable can hold a specific DocumentProcessExecutor

    • document

      protected DSSDocument document
      The document to be validated (with the signature(s) or timestamp(s))

    • detachedContents

      protected List<DSSDocument> detachedContents
      In case of a detached signature this List contains the signed documents.

    • containerContents

      protected List<DSSDocument> containerContents
      In case of an ASiC signature this List of container documents.

    • manifestFile

      protected ManifestFile manifestFile
      A related ManifestFile to the provided document

    • signingCertificateSource

      protected CertificateSource signingCertificateSource
      Certificate source to find signing certificate

    • certificateVerifier

      protected CertificateVerifier certificateVerifier
      The reference to the certificate verifier. The current DSS implementation proposes CommonCertificateVerifier. This verifier encapsulates the references to different sources used in the signature validation process.

    • signatureScopeFinder

      protected final SignatureScopeFinder<?> signatureScopeFinder
      The class to extract a list of SignatureScopes from a signature

    • skipValidationContextExecution

      protected boolean skipValidationContextExecution
      Defines if the validation context processing shall be skipped (Disable certificate chain building, revocation data collection,...) Default: false

  • Constructor Details

    • SignedDocumentValidator

      protected SignedDocumentValidator()
      The constructor with a null signatureScopeFinder

    • SignedDocumentValidator

      protected SignedDocumentValidator(SignatureScopeFinder<?> signatureScopeFinder)
      The default constructor
      Parameters:
      signatureScopeFinder - SignatureScopeFinder

  • Method Details

    • fromDocument

      public static SignedDocumentValidator fromDocument(DSSDocument dssDocument)
      This method guesses the document format and returns an appropriate document validator.
      Parameters:
      dssDocument - The instance of DSSDocument to validate
      Returns:
      returns the specific instance of SignedDocumentValidator in terms of the document type

    • isSupported

      public abstract boolean isSupported(DSSDocument dssDocument)
      Checks if the document is supported by the current validator
      Parameters:
      dssDocument - DSSDocument to check
      Returns:
      TRUE if the document is supported, FALSE otherwise

    • setSigningCertificateSource

      public void setSigningCertificateSource(CertificateSource signingCertificateSource)
      Description copied from interface: DocumentValidator
      Set a certificate source which allows to find the signing certificate by kid or certificate's digest
      Specified by:
      setSigningCertificateSource in interface DocumentValidator
      Parameters:
      signingCertificateSource - the certificate source

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      To carry out the validation process of the signature(s) some external sources of certificates and of revocation data can be needed. The certificate verifier is used to pass these values. Note that once this setter is called any change in the content of the CommonTrustedCertificateSource or in adjunct certificate source is not taken into account.
      Specified by:
      setCertificateVerifier in interface DocumentValidator
      Parameters:
      certificateVerifier - CertificateVerifier

    • setTokenExtractionStrategy

      public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy)
      Description copied from interface: DocumentValidator
      This method allows to set the token extraction strategy to follow in the diagnostic data generation.
      Specified by:
      setTokenExtractionStrategy in interface DocumentValidator
      Parameters:
      tokenExtractionStrategy - the TokenExtractionStrategy

    • getTokenIdentifierProvider

      protected TokenIdentifierProvider getTokenIdentifierProvider()
      Gets TokenIdentifierProvider
      Returns:
      TokenIdentifierProvider

    • setTokenIdentifierProvider

      public void setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider)
      Description copied from interface: DocumentValidator
      Sets the TokenIdentifierProvider
      Specified by:
      setTokenIdentifierProvider in interface DocumentValidator
      Parameters:
      tokenIdentifierProvider - TokenIdentifierProvider

    • setIncludeSemantics

      public void setIncludeSemantics(boolean include)
      Description copied from interface: DocumentValidator
      This method allows to enable/disable the semantics inclusion in the reports (Indication / SubIndication meanings) Disabled by default
      Specified by:
      setIncludeSemantics in interface DocumentValidator
      Parameters:
      include - true to enable the inclusion of the semantics

    • setDetachedContents

      public void setDetachedContents(List<DSSDocument> detachedContents)
      Description copied from interface: DocumentValidator
      Sets the List of DSSDocument containing the original contents to sign, for detached signature scenarios.
      Specified by:
      setDetachedContents in interface DocumentValidator
      Parameters:
      detachedContents - the List of DSSDocument to set

    • setContainerContents

      public void setContainerContents(List<DSSDocument> containerContents)
      Description copied from interface: DocumentValidator
      Sets the List of DSSDocument containing the original container content for ASiC-S signatures.
      Specified by:
      setContainerContents in interface DocumentValidator
      Parameters:
      containerContents - the List of DSSDocument to set

    • setManifestFile

      public void setManifestFile(ManifestFile manifestFile)
      Description copied from interface: DocumentValidator
      Sets a related ManifestFile to the document to be validated.
      Specified by:
      setManifestFile in interface DocumentValidator
      Parameters:
      manifestFile - a ManifestFile to set

    • getDefaultDigestAlgorithm

      protected DigestAlgorithm getDefaultDigestAlgorithm()
      Returns a default digest algorithm defined for a digest calculation
      Returns:
      DigestAlgorithm

    • setValidationTime

      public void setValidationTime(Date validationTime)
      Allows to define a custom validation time
      Specified by:
      setValidationTime in interface DocumentValidator
      Parameters:
      validationTime - Date

    • getValidationTime

      protected Date getValidationTime()
      Returns validation time In case if the validation time is not provided, initialize the current time value from the system
      Returns:
      Date validation time

    • setValidationLevel

      public void setValidationLevel(ValidationLevel validationLevel)
      Description copied from interface: DocumentValidator
      This method allows to specify the validation level (Basic / Timestamp / Long Term / Archival). By default, the selected validation is ARCHIVAL
      Specified by:
      setValidationLevel in interface DocumentValidator
      Parameters:
      validationLevel - ValidationLevel

    • setEnableEtsiValidationReport

      public void setEnableEtsiValidationReport(boolean enableEtsiValidationReport)
      Description copied from interface: DocumentValidator
      This method allows to specify if the ETSI Validation Report must be generated. By default the value if TRUE (the ETSI Validation report will be generated).
      Specified by:
      setEnableEtsiValidationReport in interface DocumentValidator
      Parameters:
      enableEtsiValidationReport - - TRUE if the report must be generated, FALSE otherwise

    • validateDocument

      public Reports validateDocument()
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The default constraint file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(URL validationPolicyURL)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. If the validation policy URL is set then the policy constraints are retrieved from this location. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicyURL - URL
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(String policyResourcePath)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The policyResourcePath specifies the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyResourcePath - is located against the classpath (getClass().getResourceAsStream), and NOT the filesystem
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(File policyFile)
      Description copied from interface: DocumentValidator
      Validates the document and all its signatures. The File parameter specifies the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyFile - contains the validation policy (xml) as File
      Returns:
      Reports: diagnostic data, detailed report and simple report

    • validateDocument

      public Reports validateDocument(InputStream policyDataStream)
      Validates the document and all its signatures. The policyDataStream contains the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      policyDataStream - the InputStream with the validation policy
      Returns:
      the validation reports

    • validateDocument

      public Reports validateDocument(ConstraintsParameters validationPolicyJaxb)
      Validates the document and all its signatures. The validationPolicyDom contains the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicyJaxb - the ConstraintsParameters to use in the validation process
      Returns:
      the validation reports

    • validateDocument

      public Reports validateDocument(ValidationPolicy validationPolicy)
      Validates the document and all its signatures. The validationPolicyDom contains the constraint file. If null or empty the default file is used.
      Specified by:
      validateDocument in interface DocumentValidator
      Parameters:
      validationPolicy - the ValidationPolicy to use in the validation process
      Returns:
      the validation reports

    • assertConfigurationValid

      protected void assertConfigurationValid()
      Checks if the Validator configuration is valid

    • getDiagnosticData

      public final XmlDiagnosticData getDiagnosticData()
      This method retrieves XmlDiagnosticData containing all information relevant for the validation process, including the certificate and revocation tokens obtained from online resources, e.g. AIA, CRL, OCSP (when applicable).
      Returns:
      XmlDiagnosticData

    • prepareDiagnosticDataBuilder

      protected DiagnosticDataBuilder prepareDiagnosticDataBuilder()
      Creates a DiagnosticDataBuilder
      Returns:
      DiagnosticDataBuilder

    • prepareValidationContext

      protected <T extends AdvancedSignature> ValidationContext prepareValidationContext(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps, CertificateVerifier certificateVerifier)
      Initializes and fills ValidationContext with necessary data sources
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      detachedTimestamps - a collection of detached TimestampTokens
      certificateVerifier - CertificateVerifier to be used for the validation
      Returns:
      ValidationContext

    • initializeDiagnosticDataBuilder

      protected SignedDocumentDiagnosticDataBuilder initializeDiagnosticDataBuilder()
      Initializes a relevant DiagnosticDataBuilder for the given implementation
      Returns:
      SignedDocumentDiagnosticDataBuilder

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures)
      Description copied from interface: DocumentValidator
      Extracts a validation data for provided collection of signatures
      Specified by:
      getValidationData in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      Returns:
      ValidationDataContainer

    • getValidationData

      public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> signatures, Collection<TimestampToken> detachedTimestamps)
      Description copied from interface: DocumentValidator
      Extracts a validation data for provided collection of signatures and/or timestamps
      Specified by:
      getValidationData in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      signatures - a collection of AdvancedSignatures
      detachedTimestamps - a collection of detached TimestampTokens
      Returns:
      ValidationDataContainer

    • instantiateValidationDataContainer

      protected ValidationDataContainer instantiateValidationDataContainer()
      Creates a new instance of ValidationDataContainer
      Returns:
      ValidationDataContainer

    • createDiagnosticDataBuilder

      protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext, List<AdvancedSignature> signatures)
      Creates and fills the DiagnosticDataBuilder with a relevant data
      Parameters:
      validationContext - ValidationContext used for the validation
      signatures - a list of AdvancedSignatures to be validated collection
      Returns:
      filled DiagnosticDataBuilder

    • prepareSignatureValidationContext

      protected <T extends AdvancedSignature> void prepareSignatureValidationContext(ValidationContext validationContext, Collection<T> allSignatures)
      Prepares the validationContext for signature validation process
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      validationContext - ValidationContext
      allSignatures - a collection of all AdvancedSignatures to be validated

    • prepareSignatureForVerification

      protected <T extends AdvancedSignature> void prepareSignatureForVerification(ValidationContext validationContext, Collection<T> allSignatureList)
      This method prepares a SignatureValidationContext for signatures validation
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      allSignatureList - Collection of AdvancedSignatures to validate including the countersignatures
      validationContext - ValidationContext is the implementation of the validators for: certificates, timestamps and revocation data.

    • prepareDetachedTimestampValidationContext

      protected void prepareDetachedTimestampValidationContext(ValidationContext validationContext, Collection<TimestampToken> timestamps)
      Prepares the validationContext for a timestamp validation process
      Parameters:
      validationContext - ValidationContext
      timestamps - a collection of detached timestamps

    • validateContext

      protected void validateContext(ValidationContext validationContext)
      Process the validation
      Parameters:
      validationContext - ValidationContext to process

    • setSignaturePolicyProvider

      public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider)
      Description copied from interface: DocumentValidator
      This method allows to set a provider for Signature policies
      Specified by:
      setSignaturePolicyProvider in interface DocumentValidator
      Parameters:
      signaturePolicyProvider - SignaturePolicyProvider

    • getSignaturePolicyProvider

      protected SignaturePolicyProvider getSignaturePolicyProvider()
      Returns a signaturePolicyProvider If not defined, returns a default provider
      Returns:
      SignaturePolicyProvider

    • getSignaturePolicyValidatorLoader

      public SignaturePolicyValidatorLoader getSignaturePolicyValidatorLoader()
      Returns an instance of a corresponding to the format SignaturePolicyValidatorLoader
      Returns:
      SignaturePolicyValidatorLoader

    • setProcessExecutor

      public void setProcessExecutor(DocumentProcessExecutor processExecutor)
      Description copied from interface: ProcessExecutorProvider
      This method provides the possibility to set the specific CustomProcessExecutor
      Specified by:
      setProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>
      Parameters:
      processExecutor - ProcessExecutor

    • provideProcessExecutorInstance

      protected DocumentProcessExecutor provideProcessExecutorInstance()
      This method returns the process executor. If the instance of this class is not yet instantiated then the new instance is created.
      Returns:
      SignatureProcessExecutor

    • getDefaultProcessExecutor

      public DocumentProcessExecutor getDefaultProcessExecutor()
      Description copied from interface: ProcessExecutorProvider
      Returns a default for a validator process executor
      Specified by:
      getDefaultProcessExecutor in interface ProcessExecutorProvider<DocumentProcessExecutor>
      Returns:
      Process Executor

    • processValidationPolicy

      protected final Reports processValidationPolicy(XmlDiagnosticData diagnosticData, ValidationPolicy validationPolicy)
      Executes the validation regarding the given validationPolicy
      Parameters:
      diagnosticData - DiagnosticData contained a data to be validated
      validationPolicy - ValidationPolicy
      Returns:
      validation Reports

    • getAllSignatures

      protected List<AdvancedSignature> getAllSignatures()
      Returns a list of all signatures from the validating document
      Returns:
      a list of AdvancedSignatures

    • appendCounterSignatures

      protected void appendCounterSignatures(List<AdvancedSignature> allSignatureList, AdvancedSignature signature)
      The util method to link counter signatures with the related master signatures
      Parameters:
      allSignatureList - a list of AdvancedSignatures
      signature - current AdvancedSignature

    • getSignatures

      public List<AdvancedSignature> getSignatures()
      Description copied from interface: DocumentValidator
      Retrieves the signatures found in the document
      Specified by:
      getSignatures in interface DocumentValidator
      Returns:
      a list of AdvancedSignatures for validation purposes

    • buildSignatures

      protected List<AdvancedSignature> buildSignatures()
      This method build a list of signatures to be extracted from a document
      Returns:
      a list of AdvancedSignatures

    • getDetachedTimestamps

      public List<TimestampToken> getDetachedTimestamps()
      Description copied from interface: DocumentValidator
      Retrieves the detached timestamps found in the document
      Specified by:
      getDetachedTimestamps in interface DocumentValidator
      Returns:
      a list of TimestampToken for validation purposes

    • buildDetachedTimestamps

      protected List<TimestampToken> buildDetachedTimestamps()
      Builds a list of detached TimestampTokens extracted from the document
      Returns:
      a list of TimestampTokens

    • processSignaturesValidation

      public <T extends AdvancedSignature> void processSignaturesValidation(Collection<T> allSignatureList)
      Description copied from interface: DocumentValidator
      This method process the signature validation on the given allSignatureList
      Specified by:
      processSignaturesValidation in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      allSignatureList - a collection of AdvancedSignatures to be validated

    • findSignatureScopes

      public <T extends AdvancedSignature> void findSignatureScopes(Collection<T> allSignatures)
      Finds and assigns SignatureScopes for a list of signatures
      Specified by:
      findSignatureScopes in interface DocumentValidator
      Type Parameters:
      T - AdvancedSignature implementation
      Parameters:
      allSignatures - a list of AdvancedSignatures to get a SignatureScope list

    • prepareSignatureScopeFinder

      protected void prepareSignatureScopeFinder(SignatureScopeFinder<?> signatureScopeFinder)
      Sets the provided configuration for a SignatureScopeFinder
      Parameters:
      signatureScopeFinder - SignatureScopeFinder to configure

    • findTimestampScopes

      protected void findTimestampScopes(TimestampToken timestampToken, TimestampScopeFinder timestampScopeFinder)
      Finds timestamp scope for the TimestampToken
      Parameters:
      timestampToken - TimestampToken to find timestamp scope for
      timestampScopeFinder - TimestampScopeFinder to use

    • getTimestampedReferences

      protected List<TimestampedReference> getTimestampedReferences(List<SignatureScope> signatureScopes)
      Returns a list of timestamped references from the given list of SignatureScopes
      Parameters:
      signatureScopes - a list of SignatureScopes
      Returns:
      a list of TimestampedReferences

    • addReference

      protected boolean addReference(SignatureScope signatureScope)
      Checks if the signature scope shall be added as a timestamped reference NOTE: used to avoid duplicates in ASiC with CAdES validator, due to covered signature/timestamp files
      Parameters:
      signatureScope - SignatureScope to check
      Returns:
      TRUE if the timestamped reference shall be created for the given SignatureScope, FALSE otherwise

    • getTimestampScopeFinder

      protected TimestampScopeFinder getTimestampScopeFinder()
      This method returns a timestamp scope finder
      Returns:
      TimestampScopeFinder

    • prepareTimestampScopeFinder

      protected void prepareTimestampScopeFinder(TimestampScopeFinder timestampScopeFinder, AdvancedSignature signature)
      This method is used to prepare a DetachedTimestampScopeFinder for execution
      Parameters:
      timestampScopeFinder - DetachedTimestampScopeFinder
      signature - AdvancedSignature used for encapsulated timestamps

    • setSkipValidationContextExecution

      public void setSkipValidationContextExecution(boolean skipValidationContextExecution)
      Sets if the validation context execution shall be skipped (skips certificate chain building, revocation requests, ...)
      Parameters:
      skipValidationContextExecution - if the context validation shall be skipped

    • setLocale

      public void setLocale(Locale locale)
      Sets Locale for report messages generation
      Parameters:
      locale - Locale

    • getOriginalDocuments

      public List<DSSDocument> getOriginalDocuments(String signatureId)
      Description copied from interface: DocumentValidator
      This method returns the signed document(s) without their signature(s)
      Specified by:
      getOriginalDocuments in interface DocumentValidator
      Parameters:
      signatureId - the DSS ID of the signature to extract original signer data for
      Returns:
      list of DSSDocuments

    • getSignatureById

      public AdvancedSignature getSignatureById(String signatureId)
      Returns the signature with the given id. Processes custom TokenIdentifierProvider and counter signatures
      Parameters:
      signatureId - String id of a signature to be extracted
      Returns:
      AdvancedSignature with the given id if found, NULL otherwise