Package eu.europa.esig.dss.spi.validation

Class TimestampTokenVerifier

java.lang.Object
eu.europa.esig.dss.spi.validation.TimestampTokenVerifier
public class TimestampTokenVerifier extends Object
This class is used to verify applicability of a timestamp token within the signature validation process

  • Constructor Details

    • TimestampTokenVerifier

      protected TimestampTokenVerifier()
      Default constructor

  • Method Details

    • createEmptyTimestampTokenVerifier

      public static TimestampTokenVerifier createEmptyTimestampTokenVerifier()
      Creates an empty instance of TimestampTokenVerifier. All constraints should be configured manually.
      Returns:
      TimestampTokenVerifier

    • createDefaultTimestampTokenVerifier

      public static TimestampTokenVerifier createDefaultTimestampTokenVerifier()
      Creates a default instance of TimestampTokenVerifier, with pre-configured constraints.
      Returns:
      TimestampTokenVerifier

    • getTrustAnchorVerifier

      public TrustAnchorVerifier getTrustAnchorVerifier()
      Gets a trust anchor verifier. This method is used internally within eu.europa.esig.dss.validation.SignatureValidationContext to identify whether the configuration is already present and a trustAnchorVerifier should be set.
      Returns:
      TrustAnchorVerifier

    • setTrustAnchorVerifier

      public void setTrustAnchorVerifier(TrustAnchorVerifier trustAnchorVerifier)
      Sets whether a certificate token can be considered as a trust anchor at the given control time Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.
      Parameters:
      trustAnchorVerifier - TrustAnchorVerifier

    • getRevocationDataVerifier

      public RevocationDataVerifier getRevocationDataVerifier()
      Gets a revocation data verifier. This method is used internally within eu.europa.esig.dss.validation.SignatureValidationContext to identify whether the configuration is already present and a trustAnchorVerifier should be set.
      Returns:
      TrustAnchorVerifier

    • setRevocationDataVerifier

      public void setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier)
      Sets a revocation data verifier for validation of timestamp's certificate chain revocation data validity Note : This method is used internally during a eu.europa.esig.dss.validation.SignatureValidationContext initialization, when not defined explicitly, in order to provide the same configuration as the one used within a eu.europa.esig.dss.validation.CertificateVerifier.
      Parameters:
      revocationDataVerifier - RevocationDataVerifier

    • isAcceptable

      public boolean isAcceptable(TimestampToken timestampToken)
      This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process. NOTE: The method does not accept certificate chain, thus validity of the timestamp's certificate chain is not verified. To successfully, execute this method, the parameter acceptOnlyTrustedCertificateChains shall be set to FALSE. For validation with a certificate chain, please use #isAcceptable(timestampToken, certificateChain) method.
      Parameters:
      timestampToken - TimestampToken to be validated
      Returns:
      TRUE if the timestampToken is valid and acceptable, FALSE otherwise

    • isAcceptable

      public boolean isAcceptable(TimestampToken timestampToken, Date controlTime)
      This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process. NOTE: The method does not accept certificate chain, thus validity of the timestamp's certificate chain is not verified. To successfully, execute this method, the parameter acceptOnlyTrustedCertificateChains shall be set to FALSE. For validation with a certificate chain, please use #isAcceptable(timestampToken, certificateChain) method.
      Parameters:
      timestampToken - TimestampToken to be validated
      controlTime - Date the validation time
      Returns:
      TRUE if the timestampToken is valid and acceptable, FALSE otherwise

    • isAcceptable

      public boolean isAcceptable(TimestampToken timestampToken, List<CertificateToken> certificateChain)
      This method verifies whether the given timestampToken is valid and acceptable at the current time, and its POE can be extracted to the validation process
      Parameters:
      timestampToken - TimestampToken to be validated
      certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp
      Returns:
      TRUE if the timestampToken is valid and acceptable, FALSE otherwise

    • isAcceptable

      public boolean isAcceptable(TimestampToken timestampToken, List<CertificateToken> certificateChain, Date controlTime)
      This method verifies whether the given timestampToken is valid and acceptable at the given control time, and its POE can be extracted to the validation process
      Parameters:
      timestampToken - TimestampToken to be validated
      certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp
      controlTime - Date the validation time
      Returns:
      TRUE if the timestampToken is valid and acceptable, FALSE otherwise

    • isTrustedTimestampToken

      protected boolean isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> certificateChain, Date controlTime)
      This method verifies whether the timestampToken is trusted to continue the process at the control time. The method expects the certificate chain of the timestamp to reach a trustedCertificateSource or to have acceptOnlyTrustedCertificateChains constraint to accept untrusted certificate chains as well.
      Parameters:
      timestampToken - TimestampToken to be validated
      certificateChain - a list of CertificateTokens representing the certificate chain of the timestamp
      controlTime - Date to verify the trust anchor's validity period
      Returns:
      TRUE of the timestamp token is trusted, FALSE otherwise

    • containsTrustAnchor

      protected boolean containsTrustAnchor(List<CertificateToken> certChain, Date controlTime)
      This method verifies whether the certificate chain is trusted at the given time
      Parameters:
      certChain - a list of CertificateTokens representing a certificate chain to validate
      controlTime - Date validation time
      Returns:
      TRUE if the certificate chain is trusted, FALSE otherwise

    • isCryptographicallyValid

      protected boolean isCryptographicallyValid(TimestampToken timestampToken)
      This method verifies whether the timestampToken is cryptographically valid (signature and message imprint match)
      Parameters:
      timestampToken - TimestampToken to be validated
      Returns:
      TRUE if the timestamp token is cryptographically valid, FALSE otherwise

    • isCertificateChainValid

      protected boolean isCertificateChainValid(List<CertificateToken> certificateChain, Date controlTime)
      This method verifies certificate chain and presence of a valid revocation data for certificates
      Parameters:
      certificateChain - a list of CertificateTokens
      controlTime - Date validation time
      Returns:
      TRUE if the certificate chain is valid, FALSE otherwise