Class SignatureValidationProperties
java.lang.Object
com.itextpdf.signatures.validation.SignatureValidationProperties
Class which stores properties, which are related to signature validation process.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
Enum representing possible online fetching permissions. -
Field Summary
Modifier and TypeFieldDescriptionstatic final boolean
static final Duration
static final Duration
static final Duration
static final SignatureValidationProperties.OnlineFetching
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionaddCrlClient
(ICrlClient crlClient) Adds newICrlClient
instance which will be used to retrieve CRL responses during the validation.addOcspClient
(IOcspClient ocspClient) Adds newIOcspClient
instance which will be used to retrieve OCSP response during the validation.boolean
getContinueAfterFailure
(ValidationContext validationContext) Returns the Continue after failure setting for the provided context or the default context.Gets allICrlClient
instances which will be used to retrieve CRL responses during the validation.getFreshness
(ValidationContext validationContext) Returns the freshness setting for the provided validation context or the default context in milliseconds.Gets allIOcspClient
instances which will be used to retrieve OCSP responses during the validation.getRequiredExtensions
(ValidationContext validationContext) Returns required extension for the provided validation context.getRevocationOnlineFetching
(ValidationContext validationContext) Sets the onlineFetching property representing possible online fetching permissions.setContinueAfterFailure
(ValidatorContexts validatorContexts, CertificateSources certificateSources, boolean value) Sets the Continue after failure setting for the provided context.setFreshness
(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, Duration value) Sets the freshness setting for the specified validator, time based and certificate source contexts in milliseconds.setRequiredExtensions
(CertificateSources certificateSources, List<CertificateExtension> requiredExtensions) Set list of extensions which are required to be set to a certificate depending on certificate source.setRevocationOnlineFetching
(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, SignatureValidationProperties.OnlineFetching onlineFetching) Sets the onlineFetching property representing possible online fetching permissions.
-
Field Details
-
DEFAULT_CONTINUE_AFTER_FAILURE
public static final boolean DEFAULT_CONTINUE_AFTER_FAILURE- See Also:
-
DEFAULT_FRESHNESS_PRESENT_CRL
-
DEFAULT_FRESHNESS_PRESENT_OCSP
-
DEFAULT_FRESHNESS_HISTORICAL
-
DEFAULT_ONLINE_FETCHING
-
-
Constructor Details
-
SignatureValidationProperties
public SignatureValidationProperties()CreateSignatureValidationProperties
with default values.
-
-
Method Details
-
getFreshness
Returns the freshness setting for the provided validation context or the default context in milliseconds.- Parameters:
-
validationContext
- the validation context for which to retrieve the freshness setting - Returns:
- the freshness setting for the provided validation context or the default context in milliseconds
-
setFreshness
public final SignatureValidationProperties setFreshness(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, Duration value) Sets the freshness setting for the specified validator, time based and certificate source contexts in milliseconds.This parameter specifies how old revocation data can be, compared to validation time, in order to be trustworthy.
- Parameters:
-
validatorContexts
- the validators for which to apply the setting -
certificateSources
- the certificate sources to -
timeBasedContexts
- the date comparison context for which to apply the setting -
value
- the settings value in milliseconds - Returns:
-
this same
SignatureValidationProperties
instance.
-
getContinueAfterFailure
Returns the Continue after failure setting for the provided context or the default context.- Parameters:
-
validationContext
- the context for which to retrieve the Continue after failure setting - Returns:
- the Continue after failure setting for the provided context or the default context
-
setContinueAfterFailure
public final SignatureValidationProperties setContinueAfterFailure(ValidatorContexts validatorContexts, CertificateSources certificateSources, boolean value) Sets the Continue after failure setting for the provided context.This parameter specifies if validation is expected to continue after first failure is encountered. Only
ValidationReport.ValidationResult.INVALID
is considered to be a failure.- Parameters:
-
validatorContexts
- the validators for which to set the Continue after failure setting -
certificateSources
- the certificateSources for which to set the Continue after failure setting -
value
- the Continue after failure setting - Returns:
-
this same
SignatureValidationProperties
instance.
-
getRevocationOnlineFetching
public SignatureValidationProperties.OnlineFetching getRevocationOnlineFetching(ValidationContext validationContext) Sets the onlineFetching property representing possible online fetching permissions.- Parameters:
-
validationContext
- the context for which to retrieve the online fetching setting - Returns:
- the online fetching setting.
-
setRevocationOnlineFetching
public final SignatureValidationProperties setRevocationOnlineFetching(ValidatorContexts validatorContexts, CertificateSources certificateSources, TimeBasedContexts timeBasedContexts, SignatureValidationProperties.OnlineFetching onlineFetching) Sets the onlineFetching property representing possible online fetching permissions.- Parameters:
-
validatorContexts
- the validators for which to set this value -
certificateSources
- the certificate source for which to set this value -
timeBasedContexts
- time perspective context, at which validation is happening -
onlineFetching
- onlineFetching property value to set - Returns:
-
this same
SignatureValidationProperties
instance.
-
getRequiredExtensions
Returns required extension for the provided validation context.- Parameters:
-
validationContext
- the validation context for which to retrieve required extensions - Returns:
- required extensions for the provided validation context
-
setRequiredExtensions
public final SignatureValidationProperties setRequiredExtensions(CertificateSources certificateSources, List<CertificateExtension> requiredExtensions) Set list of extensions which are required to be set to a certificate depending on certificate source.By default, required extensions are set to be compliant with common validation norms. Changing those can result in falsely positive validation result.
- Parameters:
-
certificateSources
-CertificateSource
for extensions to be present -
requiredExtensions
- list of requiredCertificateExtension
- Returns:
-
this same
SignatureValidationProperties
instance
-
getCrlClients
Gets allICrlClient
instances which will be used to retrieve CRL responses during the validation.- Returns:
-
all
ICrlClient
instances which will be used to retrieve CRL responses during the validation
-
addCrlClient
Adds newICrlClient
instance which will be used to retrieve CRL responses during the validation.- Parameters:
-
crlClient
-ICrlClient
instance which will be used to retrieve CRL responses during the validation - Returns:
-
this same
SignatureValidationProperties
instance
-
getOcspClients
Gets allIOcspClient
instances which will be used to retrieve OCSP responses during the validation.- Returns:
-
all
IOcspClient
instances which will be used to retrieve OCSP responses during the validation
-
addOcspClient
Adds newIOcspClient
instance which will be used to retrieve OCSP response during the validation.- Parameters:
-
ocspClient
-IOcspClient
instance which will be used to retrieve OCSP response during the validation - Returns:
-
this same
SignatureValidationProperties
instance
-