Package xades4j.verification
Class XadesVerificationProfile
java.lang.Object
xades4j.verification.XadesVerificationProfile
A profile for signature verification. This class is the entry point for verifying
a signature. A profile is a configuration for the signature verification process.
The purpose of this class is to create a XadesVerifier that will actually
verify signatures using the configured components.
The minimum configuration is a CertificateValidationProvider
because the validation data (trust-anchors, CRLs, etc) has to be properly selected. All the other components
have default implementations that are used if no other actions are taken. However,
all of them can be replaced through the corresponding methods, either by an instance
or a class. When a class is used it may have dependencies on other components,
which will be handled in order to create the XadesVerifier. The types may
also depend on external components, as long as that dependency is registered
with on of the addBinding methods. To that end, the constructors and/or
setters should use the Inject annotation from Guice.
Custom QualifyingPropertyVerifiers can also be configured. The principles
on their dependencies are the same. In addition, custom verifiers that apply
over the whole on different stages of validation can be configured. Finally,
verifiers for specific XML elements may be added. This can be useful if one
wants to handle an unsigned property that is not known by the library, as the
default unmarshaller will create GenericDOMData instances for those
properties if acceptUnknownProperties is set.
Repeated dependency bindings will not cause an immediate error. An exception
will be thrown when an instance of XadesVerifier is requested.
- Author:
- Luís
-
Constructor Summary
ConstructorsConstructorDescriptionXadesVerificationProfile(Class<? extends CertificateValidationProvider> certificateValidationProviderClass) XadesVerificationProfile(CertificateValidationProvider certificateValidationProvider) -
Method Summary
Modifier and TypeMethodDescriptionacceptUnknownProperties(boolean accept) Indicates whether the resulting verifiers should accept unknown properties.Creates a newXadesVerifierbased on the current state of the profile.withBinding(Class<T> from, Class<? extends T> to) Adds a type dependency mapping to the profile.withBinding(Class<T> from, T to) Adds a instance dependency mapping to the profile.withCustomSignatureVerifier(Class<? extends CustomSignatureVerifier> customVerifierClass) withDigestEngineProvider(Class<? extends MessageDigestEngineProvider> digestProviderClass) withDigestEngineProvider(MessageDigestEngineProvider digestProvider) withElementVerifier(QName elemName, Class<? extends QualifyingPropertyVerifier<PropertyDataObject>> vClass) withGlobalDataObjsStructureVerifier(Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass) withPolicyDocumentProvider(Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass) By default no policies are supported.withPolicyDocumentProvider(SignaturePolicyDocumentProvider policyDocProvider) By default no policies are supported.withPropertiesUnmarshaller(Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass) withPropertiesUnmarshaller(QualifyingPropertiesUnmarshaller propsUnmarshaller) <TData extends PropertyDataObject>
XadesVerificationProfilewithQualifyingPropertyVerifier(Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass) <TData extends PropertyDataObject>
XadesVerificationProfilewithQualifyingPropertyVerifier(Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier) withRawSignatureVerifier(Class<? extends RawSignatureVerifier> rawVerifierClass) withSecureValidation(boolean secureValidation) If true, it will perform the digital enforcing the following restrictions: 1.withTimeStampTokenVerifier(Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass) withTimeStampTokenVerifier(TimeStampVerificationProvider tsTokenVerifProv) withX500NameStyleProvider(Class<? extends X500NameStyleProvider> x500NameStyleProviderClass) withX500NameStyleProvider(X500NameStyleProvider x500NameStyleProvider)
-
Constructor Details
-
XadesVerificationProfile
-
XadesVerificationProfile
public XadesVerificationProfile(Class<? extends CertificateValidationProvider> certificateValidationProviderClass)
-
-
Method Details
-
withBinding
Adds a type dependency mapping to the profile. This is typically done from an interface to a type that implements that interface. When a dependency tofromis found, thetoclass is used. Thetoclass may in turn have its own dependencies.The other
withNNNNNNmethods are convenient shortcuts for this one.- Parameters:
from- the dependencyto- the type that resolves the dependency- Returns:
- this profile
-
withBinding
Adds a instance dependency mapping to the profile. When a dependency tofromis found, thetoinstance is used. The otherwithNNNNNNmethods are convenient shortcuts for this one.- Parameters:
from- the dependencyto- the instance that resolves the dependency- Returns:
- this profile
-
newVerifier
Creates a newXadesVerifierbased on the current state of the profile. If any changes are made after this call, the previously returned verifier will not be affected. Other verifiers can be created, accumulating the profile changes.- Returns:
- a
XadesVerifieraccordingly to this profile. - Throws:
XadesProfileResolutionException- if the dependencies of the signer (direct and indirect) cannot be resolved
-
withDigestEngineProvider
public XadesVerificationProfile withDigestEngineProvider(MessageDigestEngineProvider digestProvider) -
withDigestEngineProvider
public XadesVerificationProfile withDigestEngineProvider(Class<? extends MessageDigestEngineProvider> digestProviderClass) -
withX500NameStyleProvider
public XadesVerificationProfile withX500NameStyleProvider(X500NameStyleProvider x500NameStyleProvider) -
withX500NameStyleProvider
public XadesVerificationProfile withX500NameStyleProvider(Class<? extends X500NameStyleProvider> x500NameStyleProviderClass) -
withPolicyDocumentProvider
public XadesVerificationProfile withPolicyDocumentProvider(SignaturePolicyDocumentProvider policyDocProvider) By default no policies are supported. -
withPolicyDocumentProvider
public XadesVerificationProfile withPolicyDocumentProvider(Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass) By default no policies are supported. -
withTimeStampTokenVerifier
public XadesVerificationProfile withTimeStampTokenVerifier(TimeStampVerificationProvider tsTokenVerifProv) -
withTimeStampTokenVerifier
public XadesVerificationProfile withTimeStampTokenVerifier(Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass) -
withPropertiesUnmarshaller
public XadesVerificationProfile withPropertiesUnmarshaller(QualifyingPropertiesUnmarshaller propsUnmarshaller) -
withPropertiesUnmarshaller
public XadesVerificationProfile withPropertiesUnmarshaller(Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass) -
acceptUnknownProperties
Indicates whether the resulting verifiers should accept unknown properties. Actually, this is a property of the underlyingQualifyingPropertiesUnmarshallerwhich controls if aGenericDOMDatashould be used when an unknown property is found.The schema for signed signature and data object properties is closed; as such, this only affects the unsigned properties.
Note that it is also possible to implement a custom
QualifyingPropertiesUnmarshallers.The
withElementVerifiermethod can be used to register verifiers for unknown properties.- See Also:
-
withSecureValidation
If true, it will perform the digital enforcing the following restrictions: 1. Forbids use of the XSLT Transform 2. Restricts the number of SignedInfo or Manifest References to 30 or less 3. Restricts the number of Reference Transforms to 5 or less 4. Forbids the use of MD5 related signature or mac algorithms 5. Ensures that Reference Ids are unique to help prevent signature wrapping attacks 6. Forbids Reference URIs of type http or file 7. Does not allow a RetrievalMethod to reference another RetrievalMethod -
withGlobalDataObjsStructureVerifier
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(CustomPropertiesDataObjsStructureVerifier v) -
withGlobalDataObjsStructureVerifier
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass) -
withRawSignatureVerifier
-
withRawSignatureVerifier
public XadesVerificationProfile withRawSignatureVerifier(Class<? extends RawSignatureVerifier> rawVerifierClass) -
withCustomSignatureVerifier
-
withCustomSignatureVerifier
public XadesVerificationProfile withCustomSignatureVerifier(Class<? extends CustomSignatureVerifier> customVerifierClass) -
withElementVerifier
public XadesVerificationProfile withElementVerifier(QName elemName, Class<? extends QualifyingPropertyVerifier<PropertyDataObject>> vClass) -
withQualifyingPropertyVerifier
public <TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass) -
withQualifyingPropertyVerifier
public <TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier)
-