Class DefaultXMLSignatureValidator
java.lang.Object
se.idsec.signservice.security.sign.xml.impl.DefaultXMLSignatureValidator
- All Implemented Interfaces:
SignatureValidator<Document>,XMLSignatureValidator
Default implementation of the
XMLSignatureValidator interface.
Note that this implementation only supports validation of signatures that covers the supplied document.
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected booleanFlag that tells if the validator should handle XAdES signatures. -
Constructor Summary
ConstructorsConstructorDescriptionConstructor setting up the validator so that no required certificates are configured and no certificate path validation is performed.DefaultXMLSignatureValidator(X509Certificate acceptedSignerCertificate) Constructor setting up the validator to require that the signature is signed using the supplied certificate.DefaultXMLSignatureValidator(List<X509Certificate> acceptedSignerCertificates) Constructor setting up the validator to require that the signature is signed using any of the supplied certificates.DefaultXMLSignatureValidator(CertificateValidator certificateValidator) Constructor setting up the validator to perform a certificate validation of the signer certificate using the supplied certificate validator instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected List<X509Certificate> getAdditionalCertificates(org.apache.xml.security.keys.KeyInfo keyInfo, X509Certificate signerCertificate) Extracts all certificates from the supplied KeyInfo except for the actual signer certificate.booleanprotected voidregisterXadesIdNodes(Document document) Looks for anyxades:SignedPropertieselements and registers an ID attribute for the elements that are found.voidsetXadesProcessing(boolean xadesProcessing) Sets flag that tells whether this validator should handle XAdES processing.protected List<SignatureValidationResult> Validates the supplied signatures.validate(Document document, XMLSignatureLocation signatureLocation) Validates the signature(s) of supplied document.protected DefaultXMLSignatureValidationResultvalidateSignature(Element signature, String signatureUriReference) Validates the signature value and checks that the signer certificate is accepted.
-
Field Details
-
xadesProcessing
protected boolean xadesProcessingFlag that tells if the validator should handle XAdES signatures.
-
-
Constructor Details
-
DefaultXMLSignatureValidator
public DefaultXMLSignatureValidator()Constructor setting up the validator so that no required certificates are configured and no certificate path validation is performed. This means that no control of the signer certificate will be performed. -
DefaultXMLSignatureValidator
Constructor setting up the validator to require that the signature is signed using the supplied certificate.- Parameters:
acceptedSignerCertificate- required signer certificate
-
DefaultXMLSignatureValidator
Constructor setting up the validator to require that the signature is signed using any of the supplied certificates.- Parameters:
acceptedSignerCertificates- required signer certificates
-
DefaultXMLSignatureValidator
Constructor setting up the validator to perform a certificate validation of the signer certificate using the supplied certificate validator instance.- Parameters:
certificateValidator- certificate validator instance
-
-
Method Details
-
validate
- Specified by:
validatein interfaceSignatureValidator<Document>- Throws:
SignatureException
-
validate
public List<SignatureValidationResult> validate(Document document, XMLSignatureLocation signatureLocation) throws SignatureException Validates the signature(s) of supplied document.If the
signatureLocationparameter is non null only that signature of the document will be validated, even if there are more signatures.- Specified by:
validatein interfaceXMLSignatureValidator- Parameters:
document- the document to validatesignatureLocation- tells where the signature can be found- Returns:
- a validation result containing the details from a signature validation
- Throws:
SignatureException- for errors during the validation process (pure signature validation errors are reported in the returned result)
-
validate
Validates the supplied signatures.- Parameters:
document- the document containing the signaturessignatures- the signatures- Returns:
- a list of result objects
-
validateSignature
protected DefaultXMLSignatureValidationResult validateSignature(Element signature, String signatureUriReference) Validates the signature value and checks that the signer certificate is accepted.- Parameters:
signature- the signature elementsignatureUriReference- the signature URI reference- Returns:
- a validation result
-
getAdditionalCertificates
protected List<X509Certificate> getAdditionalCertificates(org.apache.xml.security.keys.KeyInfo keyInfo, X509Certificate signerCertificate) Extracts all certificates from the supplied KeyInfo except for the actual signer certificate.- Parameters:
keyInfo- the KeyInfosignerCertificate- the signer certificate- Returns:
- a list of certificates
-
isSigned
- Specified by:
isSignedin interfaceSignatureValidator<Document>- Throws:
IllegalArgumentException
-
getRequiredSignerCertificates
- Specified by:
getRequiredSignerCertificatesin interfaceSignatureValidator<Document>
-
getCertificateValidator
- Specified by:
getCertificateValidatorin interfaceSignatureValidator<Document>
-
setXadesProcessing
public void setXadesProcessing(boolean xadesProcessing) Sets flag that tells whether this validator should handle XAdES processing. The default istrue- Parameters:
xadesProcessing- whether to process XAdES
-
registerXadesIdNodes
Looks for anyxades:SignedPropertieselements and registers an ID attribute for the elements that are found.- Parameters:
document- the document to manipulate
-