Package com.itextpdf.signatures.validation

Class ValidatorChainBuilder

java.lang.Object
com.itextpdf.signatures.validation.ValidatorChainBuilder
public class ValidatorChainBuilder extends Object
A builder class to construct all necessary parts of a validation chain. The builder can be reused to create multiple instances of a validator.

  • Constructor Details

    • ValidatorChainBuilder

      public ValidatorChainBuilder()
      Creates a ValidatorChainBuilder using default implementations

  • Method Details

    • trustEuropeanLotl

      public ValidatorChainBuilder trustEuropeanLotl (boolean trustEuropeanLotl)
      Establishes trust in European Union List of Trusted Lists.

      This feature by default relies on remote resource fetching and third-party EU trusted lists posted online. iText has no influence over these resources maintained by third-party authorities.

      If this feature is enabled, LotlService is created and used to retrieve, validate and establish trust in EU List of Trusted Lists.

      In order to properly work, apart from enabling it, user needs to call LotlService.initializeGlobalCache(LotlFetchingProperties) method, which performs initial initialization.

      Additionally, in order to successfully use this feature, a user needs to provide a source for trusted certificates which will be used for LOTL files validation. One can either add an explicit dependency to "eu-trusted-lists-resources" iText module or configure own source of trusted certificates. When iText dependency is used it is required to make sure that the newest version of the dependency is selected, otherwise LOTL validation will fail.

      The required certificates for LOTL files validations are published in the Official Journal of the European Union. Your own source of trusted certificates can be configured by using EuropeanTrustedListConfigurationFactory.setFactory(Supplier).

      Parameters:
      trustEuropeanLotl - true if European Union LOTLs are expected to be trusted, false otherwise
      Returns:
      current ValidatorChainBuilder.

    • isEuropeanLotlTrusted

      public boolean isEuropeanLotlTrusted()
      Checks if European Union List of Trusted Lists is supposed to be trusted.
      Returns:
      true if European Union LOTLs are expected to be trusted, false otherwise

    • buildSignatureValidator

      public SignatureValidator buildSignatureValidator (PdfDocument document)
      Create a new SignatureValidator instance with the current configuration. This method can be used to create multiple validators.
      Parameters:
      document - PdfDocument instance which will be validated
      Returns:
      a new instance of a signature validator.

    • buildDocumentRevisionsValidator

      public DocumentRevisionsValidator buildDocumentRevisionsValidator()
      Create a bew DocumentRevisionsValidator instance with the current configuration. This method can be used to create multiple validators.
      Returns:
      a new instance of a document revisions validator.

    • buildCertificateChainValidator

      public CertificateChainValidator buildCertificateChainValidator()
      Create a new CertificateChainValidator instance. This method can be used to create multiple validators.
      Returns:
      a new instance of a CertificateChainValidator.

    • buildRevocationDataValidator

      public RevocationDataValidator buildRevocationDataValidator()
      Create a new RevocationDataValidator instance This method can be used to create multiple validators.
      Returns:
      a new instance of a RevocationDataValidator.

    • buildOCSPValidator

      public OCSPValidator buildOCSPValidator()
      Create a new OCSPValidator instance. This method can be used to create multiple validators.
      Returns:
      a new instance of a OCSPValidator.

    • buildCRLValidator

      public CRLValidator buildCRLValidator()
      Create a new CRLValidator instance. This method can be used to create multiple validators.
      Returns:
      a new instance of a CRLValidator.

    • withDocumentRevisionsValidatorFactory

      public ValidatorChainBuilder withDocumentRevisionsValidatorFactory (Supplier<DocumentRevisionsValidator> documentRevisionsValidatorFactory)
      Use this factory method to create instances of DocumentRevisionsValidator for use in the validation chain.
      Parameters:
      documentRevisionsValidatorFactory - the document revisions validator factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withCRLValidatorFactory

      public ValidatorChainBuilder withCRLValidatorFactory (Supplier<CRLValidator> crlValidatorFactory)
      Use this factory method to create instances of CRLValidator for use in the validation chain.
      Parameters:
      crlValidatorFactory - the CRLValidatorFactory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withResourceRetriever

      public ValidatorChainBuilder withResourceRetriever (Supplier<IResourceRetriever> resourceRetrieverFactory)
      Use this factory method to create instances of IResourceRetriever for use in the validation chain.
      Parameters:
      resourceRetrieverFactory - the ResourceRetrieverFactory method to use.
      Returns:
      the current ValidatorChainBuilder.

    • withOCSPValidatorFactory

      public ValidatorChainBuilder withOCSPValidatorFactory (Supplier<OCSPValidator> ocspValidatorFactory)
      Use this factory method to create instances of OCSPValidator for use in the validation chain.
      Parameters:
      ocspValidatorFactory - the OCSPValidatorFactory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withRevocationDataValidatorFactory

      public ValidatorChainBuilder withRevocationDataValidatorFactory (Supplier<RevocationDataValidator> revocationDataValidatorFactory)
      Use this factory method to create instances of RevocationDataValidator for use in the validation chain.
      Parameters:
      revocationDataValidatorFactory - the RevocationDataValidator factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withCertificateChainValidatorFactory

      public ValidatorChainBuilder withCertificateChainValidatorFactory (Supplier<CertificateChainValidator> certificateChainValidatorFactory)
      Use this factory method to create instances of CertificateChainValidator for use in the validation chain.
      Parameters:
      certificateChainValidatorFactory - the CertificateChainValidator factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withSignatureValidationProperties

      public ValidatorChainBuilder withSignatureValidationProperties (SignatureValidationProperties properties)
      Use this instance of a SignatureValidationProperties in the validation chain.
      Parameters:
      properties - the SignatureValidationProperties instance to use
      Returns:
      the current ValidatorChainBuilder.

    • withIssuingCertificateRetrieverFactory

      public ValidatorChainBuilder withIssuingCertificateRetrieverFactory (Supplier<IssuingCertificateRetriever> certificateRetrieverFactory)
      Use this factory method to create instances of IssuingCertificateRetriever for use in the validation chain.
      Parameters:
      certificateRetrieverFactory - the IssuingCertificateRetriever factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withOcspClient

      public ValidatorChainBuilder withOcspClient (Supplier<IOcspClientBouncyCastle> ocspClientFactory)
      Use this factory to create instances of IOcspClientBouncyCastle for use in the validation chain.
      Parameters:
      ocspClientFactory - the IOcspClient factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withCrlClient

      public ValidatorChainBuilder withCrlClient (Supplier<ICrlClient> crlClientFactory)
      Use this factory to create instances of ICrlClient for use in the validation chain.
      Parameters:
      crlClientFactory - the ICrlClient factory method to use
      Returns:
      the current ValidatorChainBuilder.

    • withKnownCertificates

      public ValidatorChainBuilder withKnownCertificates (Collection<Certificate> knownCertificates)
      Adds known certificates to the IssuingCertificateRetriever.
      Parameters:
      knownCertificates - the list of known certificates to add
      Returns:
      the current ValidatorChainBuilder.

    • withTrustedCertificates

      public ValidatorChainBuilder withTrustedCertificates (Collection<Certificate> trustedCertificates)
      Sets the trusted certificates to the IssuingCertificateRetriever.
      Parameters:
      trustedCertificates - the list of trusted certificates to set
      Returns:
      the current ValidatorChainBuilder.

    • withAdESReportAggregator

      public ValidatorChainBuilder withAdESReportAggregator (AdESReportAggregator adESReportAggregator)
      Use this AdES report aggregator to enable AdES compliant report generation.

      Generated PadesValidationReport report could be provided to XmlReportGenerator.generate(PadesValidationReport, Writer).

      Parameters:
      adESReportAggregator - the report aggregator to use
      Returns:
      the current ValidatorChainBuilder

    • getCertificateRetriever

      public IssuingCertificateRetriever getCertificateRetriever()
      Retrieves the explicitly added or automatically created IssuingCertificateRetriever instance.
      Returns:
      the explicitly added or automatically created IssuingCertificateRetriever instance.

    • getProperties

      public SignatureValidationProperties getProperties()
      Retrieves the explicitly added or automatically created SignatureValidationProperties instance.
      Returns:
      the explicitly added or automatically created SignatureValidationProperties instance.

    • getAdESReportAggregator

      public AdESReportAggregator getAdESReportAggregator()
      Retrieves the explicitly added or automatically created AdESReportAggregator instance. Default is the NullAdESReportAggregator.
      Returns:
      the explicitly added or automatically created AdESReportAggregator instance.

    • getResourceRetriever

      public IResourceRetriever getResourceRetriever()
      Retrieves the explicitly added or automatically created IResourceRetriever instance.
      Returns:
      the explicitly added or automatically created IResourceRetriever instance.

    • withLotlTrustedStoreFactory

      public ValidatorChainBuilder withLotlTrustedStoreFactory (Supplier<LotlTrustedStore> lotlTrustedStoreFactory)
      Sets up factory which is responsible for LotlTrustedStore creation.
      Parameters:
      lotlTrustedStoreFactory - factory responsible for LotlTrustedStore creation
      Returns:
      this same instance of ValidatorChainBuilder

    • getLotlTrustedStore

      public LotlTrustedStore getLotlTrustedStore()
      Retrieves explicitly added or automatically created LotlTrustedStore instance.
      Returns:
      explicitly added or automatically created LotlTrustedStore instance

    • withLotlService

      public ValidatorChainBuilder withLotlService (Supplier<LotlService> lotlServiceFactory)
      Sets up factory which is responsible for LotlService creation.
      Parameters:
      lotlServiceFactory - factory responsible for LotlService creation
      Returns:
      this same instance of ValidatorChainBuilder

    • getLotlService

      public LotlService getLotlService()
      Retrieves explicitly added or automatically created LotlService instance.
      Returns:
      explicitly added or automatically created LotlService instance