java.lang.Object | |
↳ | xades4j.verification.XadesVerificationProfile |
A profile for signature verification. This class is the entry point for verifying a signature. A profile is a configuration for the signature verification process.
The purpose of this class is to create a XadesVerifier
that will actually
verify signatures using the configured components.
The minimum configuration is a CertificateValidationProvider
because the validation data (trust-anchors, CRLs, etc) has to be properly selected. All the other components
have default implementations that are used if no other actions are taken. However,
all of them can be replaced through the corresponding methods, either by an instance
or a class. When a class is used it may have dependencies on other components,
which will be handled in order to create the XadesVerifier
. The types may
also depend on external components, as long as that dependency is registered
with on of the addBinding
methods. To that end, the constructors and/or
setters should use the Inject
annotation from Guice.
Custom QualifyingPropertyVerifier
s can also be configured. The principles
on their dependencies are the same. In addition, custom verifiers that apply
over the whole on different stages of validation can be configured. Finally,
verifiers for specific XML elements may be added. This can be useful if one
wants to handle an unsigned property that is not known by the library, as the
default unmarshaller will create GenericDOMData
instances for those
properties if acceptUnknownProperties
is set.
Repeated dependency bindings will not cause an immediate error. An exception
will be thrown when an instance of XadesVerifier
is requested.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
|
Indicates whether the resulting verifiers should accept unknown properties.
Actually, this is a property of the underlying QualifyingPropertiesUnmarshaller
which controls if a GenericDOMData
should be used when an unknown
property is found.
The schema for signed signature and data object properties is closed; as such, this only affects the unsigned properties.
Note that it is also possible to implement a custom QualifyingPropertiesUnmarshaller
s.
The withElementVerifier
method can be used to register verifiers for unknown properties.
Creates a new XadesVerifier
based on the current state of the profile.
If any changes are made after this call, the previously returned verifier will
not be affected. Other verifiers can be created, accumulating the profile changes.
XadesVerifier
accordingly to this profile.XadesProfileResolutionException | if the dependencies of the signer (direct and indirect) cannot be resolved |
---|
Adds a instance dependency mapping to the profile. When a dependency to
from
is found, the to
instance is used.
The other withNNNNNN
methods are convenient shortcuts for this one.
from | the dependency |
---|---|
to | the instance that resolves the dependency |
Adds a type dependency mapping to the profile. This is typically done from an
interface to a type that implements that interface. When a dependency to
from
is found, the to
class is used. The to
class
may in turn have its own dependencies.
The other withNNNNNN
methods are convenient shortcuts for this one.
from | the dependency |
---|---|
to | the type that resolves the dependency |
By default no policies are supported.
By default no policies are supported.
If true, it will perform the digital enforcing the following restrictions: 1. Forbids use of the XSLT Transform 2. Restricts the number of SignedInfo or Manifest References to 30 or less 3. Restricts the number of Reference Transforms to 5 or less 4. Forbids the use of MD5 related signature or mac algorithms 5. Ensures that Reference Ids are unique to help prevent signature wrapping attacks 6. Forbids Reference URIs of type http or file 7. Does not allow a RetrievalMethod to reference another RetrievalMethod