Package com.itextpdf.signatures.validation

Class SignatureValidationProperties

java.lang.Object

com.itextpdf.signatures.validation.SignatureValidationProperties

public class SignatureValidationProperties
extends java.lang.Object

Class which stores properties, which are related to signature validation process.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
(package private) static class	SignatureValidationProperties.ContextProperties
static class	SignatureValidationProperties.OnlineFetching	Enum representing possible online fetching permissions.

Field Summary

Fields

Modifier and Type	Field	Description
private java.util.List<ICrlClient>	crlClients
static boolean	DEFAULT_CONTINUE_AFTER_FAILURE
static java.time.Duration	DEFAULT_FRESHNESS_HISTORICAL
static java.time.Duration	DEFAULT_FRESHNESS_PRESENT_CRL
static java.time.Duration	DEFAULT_FRESHNESS_PRESENT_OCSP
static SignatureValidationProperties.OnlineFetching	DEFAULT_ONLINE_FETCHING
private java.util.List<IOcspClient>	ocspClients
private java.util.HashMap<ValidationContext,SignatureValidationProperties.ContextProperties>	properties

Constructor Summary

Constructors

Constructor	Description
SignatureValidationProperties()	Create SignatureValidationProperties with default values.

Method Summary

Modifier and Type	Method	Description
SignatureValidationProperties	addCrlClient(ICrlClient crlClient)	Adds new ICrlClient instance which will be used to retrieve CRL responses during the validation.
SignatureValidationProperties	addOcspClient(IOcspClient ocspClient)	Adds new IOcspClient instance which will be used to retrieve OCSP response during the validation.
SignatureValidationProperties	addRequiredExtensions(CertificateSources certificateSources, java.util.List<CertificateExtension> requiredExtensions)	Adds list of extensions which are required to be set to a certificate depending on certificate source.
boolean	getContinueAfterFailure(ValidationContext validationContext)	Returns the Continue after failure setting for the provided context or the default context.
java.util.List<ICrlClient>	getCrlClients()	Gets all ICrlClient instances which will be used to retrieve CRL responses during the validation.
java.time.Duration	getFreshness(ValidationContext validationContext)	Returns the freshness setting for the provided validation context or the default context in milliseconds.
java.util.List<IOcspClient>	getOcspClients()	Gets all IOcspClient instances which will be used to retrieve OCSP responses during the validation.
(package private) <T> T	getParametersValueFor(ValidatorContext validatorContext, CertificateSource certSource, TimeBasedContext timeBasedContext, java.util.function.Function<SignatureValidationProperties.ContextProperties,T> getter)	This method executes the getter method to the most granular parameters set down until the getter returns a non-null value
java.util.List<CertificateExtension>	getRequiredExtensions(ValidationContext validationContext)	Returns required extension for the provided validation context.
SignatureValidationProperties.OnlineFetching	getRevocationOnlineFetching(ValidationContext validationContext)	Sets the onlineFetching property representing possible online fetching permissions.
SignatureValidationProperties	setContinueAfterFailure(ValidatorContexts validatorContexts, CertificateSources certificateSources, boolean value)	Sets the Continue after failure setting for the provided context.
SignatureValidationProperties	setFreshness(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, java.time.Duration value)	Sets the freshness setting for the specified validator, time based and certificate source contexts in milliseconds.
(package private) void	setParameterValueFor(java.util.EnumSet<ValidatorContext> validatorContexts, java.util.EnumSet<CertificateSource> certificateSources, java.util.EnumSet<TimeBasedContext> timeBasedContexts, java.util.function.Consumer<SignatureValidationProperties.ContextProperties> setter)	This method executes the setter method for every combination of selected validators and certificateSources
SignatureValidationProperties	setRequiredExtensions(CertificateSources certificateSources, java.util.List<CertificateExtension> requiredExtensions)	Sets list of extensions which are required to be set to a certificate depending on certificate source.
SignatureValidationProperties	setRevocationOnlineFetching(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, SignatureValidationProperties.OnlineFetching onlineFetching)	Sets the onlineFetching property representing possible online fetching permissions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_CONTINUE_AFTER_FAILURE

public static final boolean DEFAULT_CONTINUE_AFTER_FAILURE

See Also:

Constant Field Values

DEFAULT_FRESHNESS_PRESENT_CRL

public static final java.time.Duration DEFAULT_FRESHNESS_PRESENT_CRL

DEFAULT_FRESHNESS_PRESENT_OCSP

public static final java.time.Duration DEFAULT_FRESHNESS_PRESENT_OCSP

DEFAULT_FRESHNESS_HISTORICAL

public static final java.time.Duration DEFAULT_FRESHNESS_HISTORICAL

DEFAULT_ONLINE_FETCHING

public static final SignatureValidationProperties.OnlineFetching DEFAULT_ONLINE_FETCHING

properties

private final java.util.HashMap<ValidationContext,SignatureValidationProperties.ContextProperties> properties

ocspClients

private final java.util.List<IOcspClient> ocspClients

crlClients

private final java.util.List<ICrlClient> crlClients

Constructor Detail

SignatureValidationProperties

public SignatureValidationProperties()

Create SignatureValidationProperties with default values.

Method Detail

getFreshness

public java.time.Duration getFreshness(ValidationContext validationContext)

Returns the freshness setting for the provided validation context or the default context in milliseconds.

Parameters:

validationContext - the validation context for which to retrieve the freshness setting

Returns:

the freshness setting for the provided validation context or the default context in milliseconds

setFreshness

public final SignatureValidationProperties setFreshness(ValidatorContexts validatorContexts,
                                                        CertificateSources certificateSources,
                                                        TimeBasedContexts timeBasedContexts,
                                                        java.time.Duration value)

Sets the freshness setting for the specified validator, time based and certificate source contexts in milliseconds.

This parameter specifies how old revocation data can be, compared to validation time, in order to be trustworthy.

Parameters:

validatorContexts - the validators for which to apply the setting

certificateSources - the certificate sources to

timeBasedContexts - the date comparison context for which to apply the setting

value - the settings value in milliseconds

Returns:

this same SignatureValidationProperties instance.

getContinueAfterFailure

public boolean getContinueAfterFailure(ValidationContext validationContext)

Returns the Continue after failure setting for the provided context or the default context.

Parameters:

validationContext - the context for which to retrieve the Continue after failure setting

Returns:

the Continue after failure setting for the provided context or the default context

setContinueAfterFailure

public final SignatureValidationProperties setContinueAfterFailure(ValidatorContexts validatorContexts,
                                                                   CertificateSources certificateSources,
                                                                   boolean value)

Sets the Continue after failure setting for the provided context.

This parameter specifies if validation is expected to continue after first failure is encountered. Only ValidationReport.ValidationResult.INVALID is considered to be a failure.

Parameters:

validatorContexts - the validators for which to set the Continue after failure setting

certificateSources - the certificateSources for which to set the Continue after failure setting

value - the Continue after failure setting

Returns:

this same SignatureValidationProperties instance.

getRevocationOnlineFetching

public SignatureValidationProperties.OnlineFetching getRevocationOnlineFetching(ValidationContext validationContext)

Sets the onlineFetching property representing possible online fetching permissions.

Parameters:

validationContext - the context for which to retrieve the online fetching setting

Returns:

the online fetching setting.

setRevocationOnlineFetching

public final SignatureValidationProperties setRevocationOnlineFetching(ValidatorContexts validatorContexts,
                                                                       CertificateSources certificateSources,
                                                                       TimeBasedContexts timeBasedContexts,
                                                                       SignatureValidationProperties.OnlineFetching onlineFetching)

Sets the onlineFetching property representing possible online fetching permissions.

Parameters:

validatorContexts - the validators for which to set this value

certificateSources - the certificate source for which to set this value

timeBasedContexts - time perspective context, at which validation is happening

onlineFetching - onlineFetching property value to set

Returns:

this same SignatureValidationProperties instance.

getRequiredExtensions

public java.util.List<CertificateExtension> getRequiredExtensions(ValidationContext validationContext)

Returns required extension for the provided validation context.

Parameters:

validationContext - the validation context for which to retrieve required extensions

Returns:

required extensions for the provided validation context

setRequiredExtensions

public final SignatureValidationProperties setRequiredExtensions(CertificateSources certificateSources,
                                                                 java.util.List<CertificateExtension> requiredExtensions)

Sets list of extensions which are required to be set to a certificate depending on certificate source.

By default, required extensions are set to be compliant with common validation norms. Changing those can result in falsely positive validation result.

Parameters:

certificateSources - CertificateSource for extensions to be present

requiredExtensions - list of required CertificateExtension

Returns:

this same SignatureValidationProperties instance

addRequiredExtensions

public final SignatureValidationProperties addRequiredExtensions(CertificateSources certificateSources,
                                                                 java.util.List<CertificateExtension> requiredExtensions)

Adds list of extensions which are required to be set to a certificate depending on certificate source.

By default, required extensions are set to be compliant with common validation norms. Changing those can result in falsely positive validation result.

Parameters:

certificateSources - CertificateSource for extensions to be present

requiredExtensions - list of required CertificateExtension

Returns:

this same SignatureValidationProperties instance

getCrlClients

public java.util.List<ICrlClient> getCrlClients()

Gets all ICrlClient instances which will be used to retrieve CRL responses during the validation.

Returns:

all ICrlClient instances which will be used to retrieve CRL responses during the validation

addCrlClient

public final SignatureValidationProperties addCrlClient(ICrlClient crlClient)

Adds new ICrlClient instance which will be used to retrieve CRL responses during the validation.

Parameters:

crlClient - ICrlClient instance which will be used to retrieve CRL responses during the validation

Returns:

this same SignatureValidationProperties instance

getOcspClients

public java.util.List<IOcspClient> getOcspClients()

Gets all IOcspClient instances which will be used to retrieve OCSP responses during the validation.

Returns:

all IOcspClient instances which will be used to retrieve OCSP responses during the validation

addOcspClient

public final SignatureValidationProperties addOcspClient(IOcspClient ocspClient)

Adds new IOcspClient instance which will be used to retrieve OCSP response during the validation.

Parameters:

ocspClient - IOcspClient instance which will be used to retrieve OCSP response during the validation

Returns:

this same SignatureValidationProperties instance

setParameterValueFor

final void setParameterValueFor(java.util.EnumSet<ValidatorContext> validatorContexts,
                                java.util.EnumSet<CertificateSource> certificateSources,
                                java.util.EnumSet<TimeBasedContext> timeBasedContexts,
                                java.util.function.Consumer<SignatureValidationProperties.ContextProperties> setter)

This method executes the setter method for every combination of selected validators and certificateSources

Parameters:

validatorContexts - the validators to execute the setter on

certificateSources - the certificate sources to execute the setter on

setter - the setter to execute

getParametersValueFor

<T> T getParametersValueFor(ValidatorContext validatorContext,
                            CertificateSource certSource,
                            TimeBasedContext timeBasedContext,
                            java.util.function.Function<SignatureValidationProperties.ContextProperties,T> getter)

This method executes the getter method to the most granular parameters set down until the getter returns a non-null value

Type Parameters:

T - the type of the return value of this method and the getter method

Parameters:

validatorContext - the validator for which the value is to be retrieved

certSource - the certificate source for which the value is to be retrieved

getter - the getter to get the value from the parameters set

Returns:

the first non-null value returned.