Package eu.europa.esig.dss.validation

Interface CertificateVerifier

All Known Implementing Classes:
CommonCertificateVerifier
public interface CertificateVerifier
Provides information on the sources to be used in the validation process in the context of a signature.

  • Method Details

    • getOcspSource

      RevocationSource<OCSPToken> getOcspSource()
      Returns the OCSP source associated with this verifier.
      Returns:
      the used OCSP source for external access (web, filesystem, cached,...)

    • getCrlSource

      RevocationSource<CRLToken> getCrlSource()
      Returns the CRL source associated with this verifier.
      Returns:
      the used CRL source for external access (web, filesystem, cached,...)

    • setCrlSource

      void setCrlSource​(RevocationSource<CRLToken> crlSource)
      Defines the source of CRL used by this class
      Parameters:
      crlSource - the CRL source to set for external access (web, filesystem, cached,...)

    • setOcspSource

      void setOcspSource​(RevocationSource<OCSPToken> ocspSource)
      Defines the source of OCSP used by this class
      Parameters:
      ocspSource - the OCSP source to set for external access (web, filesystem, cached,...)

    • getTrustedCertSources

      List<CertificateSource> getTrustedCertSources()
      Returns the trusted certificate sources associated with this verifier. These sources are used to identify the trusted anchors.
      Returns:
      the certificate sources which contain trusted certificates

    • setTrustedCertSource

      void setTrustedCertSource​(CertificateSource certSource)
      Sets the trusted certificates source.
      Parameters:
      certSource - The certificates source with known trusted certificates

    • setTrustedCertSources

      void setTrustedCertSources​(CertificateSource... certSources)
      Sets multiple trusted certificates source.
      Parameters:
      certSources - The certificate sources with known trusted certificates

    • getAdjunctCertSource

      CertificateSource getAdjunctCertSource()
      Returns the adjunct certificates source associated with this verifier.
      Returns:
      the certificate source which contains additional certificate (missing CA,...)

    • setAdjunctCertSource

      void setAdjunctCertSource​(CertificateSource adjunctCertSource)
      Associates an adjunct certificates source to this verifier.
      Parameters:
      adjunctCertSource - the certificate source with additional and missing certificates

    • getDataLoader

      DataLoader getDataLoader()
      The data loader used to access AIA certificate source.
      Returns:
      the used data loaded to load AIA resources and policy files

    • setDataLoader

      void setDataLoader​(DataLoader dataLoader)
      The data loader used to access AIA certificate source. If this property is not set the default CommonsHttpDataLoader is created.
      Parameters:
      dataLoader - the used data loaded to load AIA resources and policy files

    • getSignatureCRLSource

      ListCRLSource getSignatureCRLSource()
      This method returns the CRL source (information extracted from signatures).
      Returns:
      the CRL sources from the signature

    • setSignatureCRLSource

      void setSignatureCRLSource​(ListCRLSource signatureCRLSource)
      This method allows to set the CRL source (information extracted from signatures).
      Parameters:
      signatureCRLSource - the CRL sources from the signature

    • getSignatureOCSPSource

      ListOCSPSource getSignatureOCSPSource()
      This method returns the OCSP source (information extracted from signatures).
      Returns:
      the OCSP sources from the signature

    • setSignatureOCSPSource

      void setSignatureOCSPSource​(ListOCSPSource signatureOCSPSource)
      This method allows to set the OCSP source (information extracted from signatures).
      Parameters:
      signatureOCSPSource - the OCSP sources from the signature

    • setExceptionOnMissingRevocationData

      void setExceptionOnMissingRevocationData​(boolean throwExceptionOnMissingRevocationData)
      This method allows to change the behavior on missing revocation data (LT/LTA augmentation). (default : true)
      Parameters:
      throwExceptionOnMissingRevocationData - true if an exception is raised on missing revocation data, false will only display a warning message

    • isExceptionOnMissingRevocationData

      boolean isExceptionOnMissingRevocationData()
      This method returns true if an exception needs to be thrown on missing revocation data.
      Returns:
      true if an exception is thrown, false if a warning message is added

    • setDefaultDigestAlgorithm

      void setDefaultDigestAlgorithm​(DigestAlgorithm digestAlgorithm)
      This method allows to change the Digest Algorithm that will be used for tokens' digest calculation
      Parameters:
      digestAlgorithm - DigestAlgorithm to use

    • getDefaultDigestAlgorithm

      DigestAlgorithm getDefaultDigestAlgorithm()
      This method returns a default Digest Algorithm what will be used for digest calculation
      Returns:
      DigestAlgorithm

    • setIncludeCertificateTokenValues

      void setIncludeCertificateTokenValues​(boolean include)
      This method allows to change the behavior by including raw certificate tokens in the diagnostic data report.
      Parameters:
      include - true if raw certificate tokens should be included (default: false)

    • isIncludeCertificateTokenValues

      boolean isIncludeCertificateTokenValues()
      This method returns true if the certificate tokens need to be exported in the diagnostic data report.
      Returns:
      true if raw certificate tokens should be included in the diagnotic data report (default: false)

    • setIncludeCertificateRevocationValues

      void setIncludeCertificateRevocationValues​(boolean include)
      This method allows to change the behavior by including raw revocation data in the diagnostic data report.
      Parameters:
      include - true if raw revocation data should be included (default: false)

    • isIncludeCertificateRevocationValues

      boolean isIncludeCertificateRevocationValues()
      This method returns true if the revocation data need to be exported in the diagnostic data report.
      Returns:
      true if raw revocation data should be included in the diagnotic data report (default: false)

    • setIncludeTimestampTokenValues

      void setIncludeTimestampTokenValues​(boolean include)
      This method allows to change the behavior by including raw timestamp tokens in the diagnostic data report.
      Parameters:
      include - true if raw timestamp tokens should be included (default: false)

    • isIncludeTimestampTokenValues

      boolean isIncludeTimestampTokenValues()
      This method returns true if the timestamp tokens need to be exported in the diagnostic data report.
      Returns:
      true if raw timestamp tokens should be included in the diagnotic data report (default: false)

    • setExceptionOnInvalidTimestamp

      void setExceptionOnInvalidTimestamp​(boolean throwExceptionOnInvalidTimestamp)
      This method allows to change the behavior on invalid timestamp (LT/LTA augmentation). (default : true)
      Parameters:
      throwExceptionOnInvalidTimestamp - true if an exception is raised on invalid timestamp, false will only display a warning message

    • isExceptionOnInvalidTimestamp

      boolean isExceptionOnInvalidTimestamp()
      This method returns true if an exception needs to be thrown on invalid timestamp.
      Returns:
      true if an exception is thrown, false if a warning message is added

    • setExceptionOnRevokedCertificate

      void setExceptionOnRevokedCertificate​(boolean throwExceptionOnRevokedCertificate)
      This method allows to change the behavior on revoked certificates (LT/LTA augmentation). (default : true)
      Parameters:
      throwExceptionOnRevokedCertificate - true if an exception is raised on revoked certificate, false will only display a warning message

    • isExceptionOnRevokedCertificate

      boolean isExceptionOnRevokedCertificate()
      This method returns true if an exception needs to be thrown on revoked certificate.
      Returns:
      true if an exception is thrown, false if a warning message is added

    • setExceptionOnNoRevocationAfterBestSignatureTime

      void setExceptionOnNoRevocationAfterBestSignatureTime​(boolean exceptionOnNoRevocationAfterBestSignatureTime)
      This method allows to change the behavior on revocation data issued after a control time. (default : false)
      Parameters:
      exceptionOnNoRevocationAfterBestSignatureTime - true if an exception is raised on no revocation data issued after the bestSignatureTime, false will only display a warning message

    • isExceptionOnNoRevocationAfterBestSignatureTime

      boolean isExceptionOnNoRevocationAfterBestSignatureTime()
      This method returns true if an exception needs to be thrown in case if no revocation data obtained with an issuance time after the bestSignatureTime
      Returns:
      true if an exception is thrown, false if a warning message is added

    • setExceptionOnUncoveredPOE

      void setExceptionOnUncoveredPOE​(boolean throwExceptionOnUncoveredPOE)
      This method allows to change the behavior on uncovered POE (timestamp). (default : false)
      Parameters:
      throwExceptionOnUncoveredPOE - true if an exception is raised on uncovered timestamp, false will only display a warning message

    • isExceptionOnUncoveredPOE

      boolean isExceptionOnUncoveredPOE()
      This method returns true if an exception needs to be thrown on uncovered POE(timestamp).
      Returns:
      true if an exception is thrown, false if a warning message is added

    • setCheckRevocationForUntrustedChains

      void setCheckRevocationForUntrustedChains​(boolean enable)
      This method allows to enable revocation checking for untrusted certificate chains (default : false)
      Parameters:
      enable - true if revocation checking is allowed for untrusted certificate chains

    • isCheckRevocationForUntrustedChains

      boolean isCheckRevocationForUntrustedChains()
      This method returns true if revocation check is enabled for untrusted certificate chains.
      Returns:
      true if external revocation check is done for untrusted certificate chains

    • createValidationPool

      CertificatePool createValidationPool()
      This method creates the validation pool of certificates which is used during the validation process.