Interface XadesVerifier
The signature must contain a KeyInfo
element with one X509Data
element. If more are present, they are ignored, because the data relating to
the signing certificate must be within a single X509Data
.
The X509Data
element must contain at least one element that identifies
the signing certificate, such as X509IssuerSerial
, X509SubjectName
or the X509Certificate
itself. The elements are considered in that order.
If X509IssuerSerial
and X509SubjectName
are not present, the
first X509Certificate
is used as signing certificate. Nevertheless,
all the certificates are collected to be used on the certification path.
All the exceptions defined in the current package may be thrown during validation. They are organized as a tree which means that one can go from rough to fine-grained handling by catching exceptions in the different branches/depths of the tree.
With its default configuration the library supports verification of signatures
up to XAdES-C. The format can be extended after verification through the verify
method, even though extended formats cannot be validated afterwards.
- Author:
- Luís
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionverify
(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions) Verifies a signature.verify
(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions, XadesSignatureFormatExtender formatExtender, XAdESForm minForm) Verifies a signature and extends its format if needed.
-
Method Details
-
verify
XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions) throws XAdES4jException Verifies a signature.- Parameters:
signatureElem
- the element containing the signature; must have an IdverificationOptions
- signature verification options. Ifnull
, default options are used- Returns:
- the verification result
- Throws:
XAdES4jException
- if an error occurs, including if signature verification failsNullPointerException
- ifsignatureElem
isnull
- See Also:
-
verify
XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions, XadesSignatureFormatExtender formatExtender, XAdESForm minForm) throws XAdES4jException Verifies a signature and extends its format if needed.Note that, due to the library's internal design, the properties being added to a signature cannot have dependencies on each other because the XML for a given set of properties is generated at the same time, after gathering all the data needed to the properties. For instance, it's not possible to correctly add properties from XAdES-C and XAdES-X at the same time, as the last need the first's XML structure. This imposes some restrictions on the format extensions. Valid transitions are (actual signature form -> form after extension):
- BES/EPES -> T
- BES/EPES -> C
- T -> C
- C -> X
- C -> X-L
- X -> X-L (not supported by default because X cannot be verified)
- X-L -> A (not supported by default because X-L cannot be verified)
XadesSignatureFormatExtender
can also be used separately, but no checks are made to ensure that the signature has the appropriate properties (form) to be extended with other properties. This can be used to created XAdES-A.The generated XAdES-X is type 1, with one
SigAndRefsTimeStamp
property.Limitations: XAdES-C won't include the
AttributeCertificateRefs
andAttributeRevocationRefs
properties. XAdES-X-L won't include theAttrAuthoritiesCertValues
andAttributeRevocationValues
properties.- Parameters:
signatureElem
- the element containing the signature; must have an IdverificationOptions
- signature verification options. Ifnull
, default options are usedformatExtender
- the extender used to add the new unsigned propertiesminForm
- the minimum format that the signature should have; if the original signature has a 'lower' format, the extender is used- Returns:
- the verification result
- Throws:
XAdES4jException
- if an error occurs, including if signature verification failsNullPointerException
- if any parameter isnull
- See Also:
-