Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

xades4j.verification
Interface XadesVerifier

public interface XadesVerifier

Interface for a verifier of signatures. The features of the verification process depend on the profile configuration.

The signature must contain a KeyInfo element with one X509Data element. If more are present, they are ignored, because the data relating to the signing certificate must be within a single X509Data. The X509Data element must contain at least one element that identifies the signing certificate, such as X509IssuerSerial, X509SubjectName or the X509Certificate itself. The elements are considered in that order. If X509IssuerSerial and X509SubjectName are not present, the first X509Certificate is used as signing certificate. Nevertheless, all the certificates are collected to be used on the certification path.

All the exceptions defined in the current package may be thrown during validation. They are organized as a tree which means that one can go from rough to fine-grained handling by catching exceptions in the different branches/depths of the tree.

With its default configuration the library supports verification of signatures up to XAdES-C. The format can be extended after verification through the verify method, even though extended formats cannot be validated afterwards.

Author:
Luís
See Also:
XadesVerificationProfile

Method Summary
 XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions)
          Verifies a signature.
 XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions, XadesSignatureFormatExtender formatExtender, XAdESForm minForm)
          Verifies a signature and extends its format if needed.
 

Method Detail

verify

XAdESVerificationResult verify(Element signatureElem,
                               SignatureSpecificVerificationOptions verificationOptions)
                               throws XAdES4jException
Verifies a signature.

Parameters:
signatureElem - the element containing the signature; must have an Id
verificationOptions - signature verification options. If null, default options are used
Returns:
the verification result
Throws:
XAdES4jException - if an error eccurs, including if signature verification fails
NullPointerException - if signatureElem is null
See Also:
SignatureSpecificVerificationOptions

verify

XAdESVerificationResult verify(Element signatureElem,
                               SignatureSpecificVerificationOptions verificationOptions,
                               XadesSignatureFormatExtender formatExtender,
                               XAdESForm minForm)
                               throws XAdES4jException
Verifies a signature and extends its format if needed.

Note that, due to the library's internal design, the properties being addedd to a signature cannot have dependencies on each other because the XML for a given set of properties is generated at the same time, after gathering all the data needed to the properties. For instance, it's not possible to correctly add properties from XAdES-C and XAdES-X t the same time, as the last need the first's XML structure. This imposes some restrictions on the format extensions. Valid transitions are (actual signature form -> form after extension):

Note that the XadesSignatureFormatExtender can also be used separately, but no checks are made to ensure that the signature has the appropriate properties (form) to be extended with other properties. This can be used to created XAdES-A.

The generated XAdES-X is type 1, with one SigAndRefsTimeStamp property.

Limitations: XAdES-C won't include the AttributeCertificateRefs and AttributeRevocationRefs properties. XAdES-X-L won't include the AttrAuthoritiesCertValues and AttributeRevocationValues properties.

Parameters:
signatureElem - the element containing the signature; must have an Id
verificationOptions - signature verification options. If null, default options are used
formatExtender - the extender used to add the new unsigned properties
minForm - the minimum format that the signature should have; if the original signature has a 'lower' format, the extender is used
Returns:
the verification result
Throws:
XAdES4jException - if an error eccurs, including if signature verification fails
NullPointerException - if any parameter is null
See Also:
XadesFormatExtenderProfile, XadesSignatureFormatExtender, SignatureSpecificVerificationOptions
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012. All Rights Reserved.