public final class

XadesVerificationProfile

extends Object
java.lang.Object
   ↳ xades4j.verification.XadesVerificationProfile

Class Overview

A profile for signature verification. This class is the entry point for verifying a signature. A profile is a configuration for the signature verification process.

The purpose of this class is to create a XadesVerifier that will actually verify signatures using the configured components.

The minimum configuration is a CertificateValidationProvider because the validation data (trust-anchors, CRLs, etc) has to be properly selected. All the other components have default implementations that are used if no other actions are taken. However, all of them can be replaced through the corresponding methods, either by an instance or a class. When a class is used it may have dependencies on other components, which will be handled in order to create the XadesVerifier. The types may also depend on external components, as long as that dependency is registered with on of the addBinding methods. To that end, the constructors and/or setters should use the Inject annotation from Guice.

Custom QualifyingPropertyVerifiers can also be configured. The principles on their dependencies are the same. In addition, custom verifiers that apply over the whole on different stages of validation can be configured. Finally, verifiers for specific XML elements may be added. This can be useful if one wants to handle an unsigned property that is not known by the library, as the default unmarshaller will create GenericDOMData instances for those properties if acceptUnknownProperties is set.

Repeated dependency bindings will not cause an immediate error. An exception will be thrown when an instance of XadesVerifier is requested.

Summary

Public Constructors
XadesVerificationProfile(CertificateValidationProvider certificateValidationProvider)
XadesVerificationProfile(Class<? extends CertificateValidationProvider> certificateValidationProviderClass)
Public Methods
XadesVerificationProfile acceptUnknownProperties(boolean accept)
Indicates whether the resulting verifiers should accept unknown properties.
final XadesVerifier newVerifier()
Creates a new XadesVerifier based on the current state of the profile.
<T> XadesVerificationProfile withBinding(Class<T> from, T to)
Adds a instance dependency mapping to the profile.
<T> XadesVerificationProfile withBinding(Class<T> from, Class<? extends T> to)
Adds a type dependency mapping to the profile.
XadesVerificationProfile withCustomSignatureVerifier(Class<? extends CustomSignatureVerifier> customVerifierClass)
XadesVerificationProfile withCustomSignatureVerifier(CustomSignatureVerifier v)
XadesVerificationProfile withDigestEngineProvider(Class<? extends MessageDigestEngineProvider> digestProviderClass)
XadesVerificationProfile withDigestEngineProvider(MessageDigestEngineProvider digestProvider)
XadesVerificationProfile withElementVerifier(QName elemName, Class<? extends QualifyingPropertyVerifier> vClass)
XadesVerificationProfile withGlobalDataObjsStructureVerifier(CustomPropertiesDataObjsStructureVerifier v)
XadesVerificationProfile withGlobalDataObjsStructureVerifier(Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass)
XadesVerificationProfile withPolicyDocumentProvider(Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass)
By default no policies are supported.
XadesVerificationProfile withPolicyDocumentProvider(SignaturePolicyDocumentProvider policyDocProvider)
By default no policies are supported.
XadesVerificationProfile withPropertiesUnmarshaller(Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass)
XadesVerificationProfile withPropertiesUnmarshaller(QualifyingPropertiesUnmarshaller propsUnmarshaller)
<TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass)
<TData extends PropertyDataObject> XadesVerificationProfile withQualifyingPropertyVerifier(Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier)
XadesVerificationProfile withRawSignatureVerifier(RawSignatureVerifier v)
XadesVerificationProfile withRawSignatureVerifier(Class<? extends RawSignatureVerifier> rawVerifierClass)
XadesVerificationProfile withSecureValidation(boolean secureValidation)
If true, it will perform the digital enforcing the following restrictions: 1.
XadesVerificationProfile withTimeStampTokenVerifier(Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass)
XadesVerificationProfile withTimeStampTokenVerifier(TimeStampVerificationProvider tsTokenVerifProv)
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public XadesVerificationProfile (CertificateValidationProvider certificateValidationProvider)

public XadesVerificationProfile (Class<? extends CertificateValidationProvider> certificateValidationProviderClass)

Public Methods

public XadesVerificationProfile acceptUnknownProperties (boolean accept)

Indicates whether the resulting verifiers should accept unknown properties. Actually, this is a property of the underlying QualifyingPropertiesUnmarshaller which controls if a GenericDOMData should be used when an unknown property is found.

The schema for signed signature and data object properties is closed; as such, this only affects the unsigned properties.

Note that it is also possible to implement a custom QualifyingPropertiesUnmarshallers.

The withElementVerifier method can be used to register verifiers for unknown properties.

See Also

public final XadesVerifier newVerifier ()

Creates a new XadesVerifier based on the current state of the profile. If any changes are made after this call, the previously returned verifier will not be affected. Other verifiers can be created, accumulating the profile changes.

Returns
  • a XadesVerifier accordingly to this profile.
Throws
XadesProfileResolutionException if the dependencies of the signer (direct and indirect) cannot be resolved

public XadesVerificationProfile withBinding (Class<T> from, T to)

Adds a instance dependency mapping to the profile. When a dependency to from is found, the to instance is used. The other withNNNNNN methods are convenient shortcuts for this one.

Parameters
from the dependency
to the instance that resolves the dependency
Returns
  • this profile

public XadesVerificationProfile withBinding (Class<T> from, Class<? extends T> to)

Adds a type dependency mapping to the profile. This is typically done from an interface to a type that implements that interface. When a dependency to from is found, the to class is used. The to class may in turn have its own dependencies.

The other withNNNNNN methods are convenient shortcuts for this one.

Parameters
from the dependency
to the type that resolves the dependency
Returns
  • this profile

public XadesVerificationProfile withCustomSignatureVerifier (Class<? extends CustomSignatureVerifier> customVerifierClass)

public XadesVerificationProfile withCustomSignatureVerifier (CustomSignatureVerifier v)

public XadesVerificationProfile withDigestEngineProvider (Class<? extends MessageDigestEngineProvider> digestProviderClass)

public XadesVerificationProfile withDigestEngineProvider (MessageDigestEngineProvider digestProvider)

public XadesVerificationProfile withElementVerifier (QName elemName, Class<? extends QualifyingPropertyVerifier> vClass)

public XadesVerificationProfile withGlobalDataObjsStructureVerifier (CustomPropertiesDataObjsStructureVerifier v)

public XadesVerificationProfile withGlobalDataObjsStructureVerifier (Class<? extends CustomPropertiesDataObjsStructureVerifier> customVerifierClass)

public XadesVerificationProfile withPolicyDocumentProvider (Class<? extends SignaturePolicyDocumentProvider> policyDocProviderClass)

By default no policies are supported.

public XadesVerificationProfile withPolicyDocumentProvider (SignaturePolicyDocumentProvider policyDocProvider)

By default no policies are supported.

public XadesVerificationProfile withPropertiesUnmarshaller (Class<? extends QualifyingPropertiesUnmarshaller> propsUnmarshallerClass)

public XadesVerificationProfile withPropertiesUnmarshaller (QualifyingPropertiesUnmarshaller propsUnmarshaller)

public XadesVerificationProfile withQualifyingPropertyVerifier (Class<TData> propDataClass, Class<? extends QualifyingPropertyVerifier<TData>> verifierClass)

public XadesVerificationProfile withQualifyingPropertyVerifier (Class<TData> propDataClass, QualifyingPropertyVerifier<TData> verifier)

public XadesVerificationProfile withRawSignatureVerifier (RawSignatureVerifier v)

public XadesVerificationProfile withRawSignatureVerifier (Class<? extends RawSignatureVerifier> rawVerifierClass)

public XadesVerificationProfile withSecureValidation (boolean secureValidation)

If true, it will perform the digital enforcing the following restrictions: 1. Forbids use of the XSLT Transform 2. Restricts the number of SignedInfo or Manifest References to 30 or less 3. Restricts the number of Reference Transforms to 5 or less 4. Forbids the use of MD5 related signature or mac algorithms 5. Ensures that Reference Ids are unique to help prevent signature wrapping attacks 6. Forbids Reference URIs of type http or file 7. Does not allow a RetrievalMethod to reference another RetrievalMethod

public XadesVerificationProfile withTimeStampTokenVerifier (Class<? extends TimeStampVerificationProvider> tsTokenVerifProvClass)

public XadesVerificationProfile withTimeStampTokenVerifier (TimeStampVerificationProvider tsTokenVerifProv)