| xades4j.verification.XadesVerifier |
Interface for a verifier of signatures. The features of the verification process depend on the profile configuration.
The signature must contain a KeyInfo element with one X509Data
element. If more are present, they are ignored, because the data relating to
the signing certificate must be within a single X509Data.
The X509Data element must contain at least one element that identifies
the signing certificate, such as X509IssuerSerial, X509SubjectName
or the X509Certificate itself. The elements are considered in that order.
If X509IssuerSerial and X509SubjectName are not present, the
first X509Certificate is used as signing certificate. Nevertheless,
all the certificates are collected to be used on the certification path.
All the exceptions defined in the current package may be thrown during validation. They are organized as a tree which means that one can go from rough to fine-grained handling by catching exceptions in the different branches/depths of the tree.
With its default configuration the library supports verification of signatures
up to XAdES-C. The format can be extended after verification through the verify
method, even though extended formats cannot be validated afterwards.
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Verifies a signature.
| |||||||||||
Verifies a signature and extends its format if needed.
| |||||||||||
Verifies a signature.
| signatureElem | the element containing the signature; must have an Id |
|---|---|
| verificationOptions | signature verification options. If null,
default options are used |
| XAdES4jException | if an error occurs, including if signature verification fails |
|---|---|
| NullPointerException | if signatureElem is null
|
Verifies a signature and extends its format if needed.
Note that, due to the library's internal design, the properties being added to a signature cannot have dependencies on each other because the XML for a given set of properties is generated at the same time, after gathering all the data needed to the properties. For instance, it's not possible to correctly add properties from XAdES-C and XAdES-X at the same time, as the last need the first's XML structure. This imposes some restrictions on the format extensions. Valid transitions are (actual signature form -> form after extension):
XadesSignatureFormatExtender can also be used separately,
but no checks are made to ensure that the signature has the appropriate
properties (form) to be extended with other properties. This can be used
to created XAdES-A.
The generated XAdES-X is type 1, with one SigAndRefsTimeStamp property.
Limitations: XAdES-C won't include the AttributeCertificateRefs
and AttributeRevocationRefs properties. XAdES-X-L won't include the
AttrAuthoritiesCertValues and AttributeRevocationValues properties.
| signatureElem | the element containing the signature; must have an Id |
|---|---|
| verificationOptions | signature verification options. If null,
default options are used |
| formatExtender | the extender used to add the new unsigned properties |
| minForm | the minimum format that the signature should have; if the original signature has a 'lower' format, the extender is used |
| XAdES4jException | if an error occurs, including if signature verification fails |
|---|---|
| NullPointerException | if any parameter is null
|