Class XadesVerificationProfile
The purpose of this class is to create a XadesVerifier
that will actually
verify signatures using the configured components.
The minimum configuration is a CertificateValidationProvider
because the validation data (trust-anchors, CRLs, etc) has to be properly selected. All the other components
have default implementations that are used if no other actions are taken. However,
all of them can be replaced through the corresponding methods, either by an instance
or a class. When a class is used it may have dependencies on other components,
which will be handled in order to create the XadesVerifier
. The types may
also depend on external components, as long as that dependency is registered
with on of the addBinding
methods. To that end, the constructors and/or
setters should use the Inject
annotation from Guice.
Custom QualifyingPropertyVerifier
s can also be configured. The principles
on their dependencies are the same. In addition, custom verifiers that apply
over the whole on different stages of validation can be configured. Finally,
verifiers for specific XML elements may be added. This can be useful if one
wants to handle an unsigned property that is not known by the library, as the
default unmarshaller will create GenericDOMData
instances for those
properties if acceptUnknownProperties
is set.
Repeated dependency bindings will not cause an immediate error. An exception
will be thrown when an instance of XadesVerifier
is requested.
- Author:
- Luís
-
Constructor Summary
ConstructorsConstructorDescriptionXadesVerificationProfile
(Class<? extends CertificateValidationProvider> certificateValidationProviderClass) XadesVerificationProfile
(CertificateValidationProvider certificateValidationProvider) -
Method Summary
Modifier and TypeMethodDescriptionacceptUnknownProperties
(boolean accept) Indicates whether the resulting verifiers should accept unknown properties.Creates a newXadesVerifier
based on the current state of the profile.withBinding
(Class<T> from, Class<? extends T> to) Adds a type dependency mapping to the profile.withBinding
(Class<T> from, T to) Adds a instance dependency mapping to the profile.withCustomSignatureVerifier
(Class<? extends CustomSignatureVerifier> customVerifierClass) withDigestEngineProvider
(Class<? extends MessageDigestEngineProvider> digestProviderClass) withDigestEngineProvider
(MessageDigestEngineProvider digestProvider) withElementVerifier
(QName elemName, Class<? extends QualifyingPropertyVerifier<PropertyDataObject>> vClass) withGlobalDataObjsStructureVerifier
(Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass) withPolicyDocumentProvider
(Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass) By default no policies are supported.withPolicyDocumentProvider
(SignaturePolicyDocumentProvider policyDocProvider) By default no policies are supported.withPropertiesUnmarshaller
(Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass) withPropertiesUnmarshaller
(QualifyingPropertiesUnmarshaller propsUnmarshaller) <TData extends PropertyDataObject>
XadesVerificationProfilewithQualifyingPropertyVerifier
(Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass) <TData extends PropertyDataObject>
XadesVerificationProfilewithQualifyingPropertyVerifier
(Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier) withRawSignatureVerifier
(Class<? extends RawSignatureVerifier> rawVerifierClass) withSecureValidation
(boolean secureValidation) If true, it will perform the digital enforcing the following restrictions: 1.withTimeStampTokenVerifier
(Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass) withTimeStampTokenVerifier
(TimeStampVerificationProvider tsTokenVerifProv) withX500NameStyleProvider
(Class<? extends X500NameStyleProvider> x500NameStyleProviderClass) withX500NameStyleProvider
(X500NameStyleProvider x500NameStyleProvider)
-
Constructor Details
-
XadesVerificationProfile
-
XadesVerificationProfile
public XadesVerificationProfile(Class<? extends CertificateValidationProvider> certificateValidationProviderClass)
-
-
Method Details
-
withBinding
Adds a type dependency mapping to the profile. This is typically done from an interface to a type that implements that interface. When a dependency tofrom
is found, theto
class is used. Theto
class may in turn have its own dependencies.The other
withNNNNNN
methods are convenient shortcuts for this one.- Parameters:
from
- the dependencyto
- the type that resolves the dependency- Returns:
- this profile
-
withBinding
Adds a instance dependency mapping to the profile. When a dependency tofrom
is found, theto
instance is used. The otherwithNNNNNN
methods are convenient shortcuts for this one.- Parameters:
from
- the dependencyto
- the instance that resolves the dependency- Returns:
- this profile
-
newVerifier
Creates a newXadesVerifier
based on the current state of the profile. If any changes are made after this call, the previously returned verifier will not be affected. Other verifiers can be created, accumulating the profile changes.- Returns:
- a
XadesVerifier
accordingly to this profile. - Throws:
XadesProfileResolutionException
- if the dependencies of the signer (direct and indirect) cannot be resolved
-
withDigestEngineProvider
public XadesVerificationProfile withDigestEngineProvider(MessageDigestEngineProvider digestProvider) -
withDigestEngineProvider
public XadesVerificationProfile withDigestEngineProvider(Class<? extends MessageDigestEngineProvider> digestProviderClass) -
withX500NameStyleProvider
public XadesVerificationProfile withX500NameStyleProvider(X500NameStyleProvider x500NameStyleProvider) -
withX500NameStyleProvider
public XadesVerificationProfile withX500NameStyleProvider(Class<? extends X500NameStyleProvider> x500NameStyleProviderClass) -
withPolicyDocumentProvider
public XadesVerificationProfile withPolicyDocumentProvider(SignaturePolicyDocumentProvider policyDocProvider) By default no policies are supported. -
withPolicyDocumentProvider
public XadesVerificationProfile withPolicyDocumentProvider(Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass) By default no policies are supported. -
withTimeStampTokenVerifier
public XadesVerificationProfile withTimeStampTokenVerifier(TimeStampVerificationProvider tsTokenVerifProv) -
withTimeStampTokenVerifier
public XadesVerificationProfile withTimeStampTokenVerifier(Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass) -
withPropertiesUnmarshaller
public XadesVerificationProfile withPropertiesUnmarshaller(QualifyingPropertiesUnmarshaller propsUnmarshaller) -
withPropertiesUnmarshaller
public XadesVerificationProfile withPropertiesUnmarshaller(Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass) -
acceptUnknownProperties
Indicates whether the resulting verifiers should accept unknown properties. Actually, this is a property of the underlyingQualifyingPropertiesUnmarshaller
which controls if aGenericDOMData
should be used when an unknown property is found.The schema for signed signature and data object properties is closed; as such, this only affects the unsigned properties.
Note that it is also possible to implement a custom
QualifyingPropertiesUnmarshaller
s.The
withElementVerifier
method can be used to register verifiers for unknown properties.- See Also:
-
withSecureValidation
If true, it will perform the digital enforcing the following restrictions: 1. Forbids use of the XSLT Transform 2. Restricts the number of SignedInfo or Manifest References to 30 or less 3. Restricts the number of Reference Transforms to 5 or less 4. Forbids the use of MD5 related signature or mac algorithms 5. Ensures that Reference Ids are unique to help prevent signature wrapping attacks 6. Forbids Reference URIs of type http or file 7. Does not allow a RetrievalMethod to reference another RetrievalMethod -
withGlobalDataObjsStructureVerifier
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(CustomPropertiesDataObjsStructureVerifier v) -
withGlobalDataObjsStructureVerifier
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass) -
withRawSignatureVerifier
-
withRawSignatureVerifier
public XadesVerificationProfile withRawSignatureVerifier(Class<? extends RawSignatureVerifier> rawVerifierClass) -
withCustomSignatureVerifier
-
withCustomSignatureVerifier
public XadesVerificationProfile withCustomSignatureVerifier(Class<? extends CustomSignatureVerifier> customVerifierClass) -
withElementVerifier
public XadesVerificationProfile withElementVerifier(QName elemName, Class<? extends QualifyingPropertyVerifier<PropertyDataObject>> vClass) -
withQualifyingPropertyVerifier
public <TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass) -
withQualifyingPropertyVerifier
public <TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier)
-