* The purpose of this class is to create a {@link XadesVerifier} that will actually * verify signatures using the configured components. *
* The minimum configuration is a {@link xades4j.providers.CertificateValidationProvider} * because the validation data (trust-anchors, CRLs, etc) has to be properly selected. All the other components * have default implementations that are used if no other actions are taken. However, * all of them can be replaced through the corresponding methods, either by an instance * or a class. When a class is used it may have dependencies on other components, * which will be handled in order to create the {@code XadesVerifier}. The types may * also depend on external components, as long as that dependency is registered * with on of the {@code addBinding} methods. To that end, the constructors and/or * setters should use the {@code Inject} annotation from Guice. *
* Custom {@link QualifyingPropertyVerifier}s can also be configured. The principles * on their dependencies are the same. In addition, custom verifiers that apply * over the whole on different stages of validation can be configured. Finally, * verifiers for specific XML elements may be added. This can be useful if one * wants to handle an unsigned property that is not known by the library, as the * default unmarshaller will create {@code GenericDOMData} instances for those * properties if {@code acceptUnknownProperties} is set. *
* Repeated dependency bindings will not cause an immediate error. An exception * will be thrown when an instance of {@code XadesVerifier} is requested. * @author Luís */ public final class XadesVerificationProfile { private final XadesProfileCore profileCore; /**/ private boolean acceptUnknownProperties; private boolean secureValidation; private XadesVerificationProfile() { this.profileCore = new XadesProfileCore(); this.acceptUnknownProperties = false; this.secureValidation = false; withBinding(XadesVerifier.class, XadesVerifierImpl.class); } public XadesVerificationProfile( CertificateValidationProvider certificateValidationProvider) { this(); withBinding(CertificateValidationProvider.class, certificateValidationProvider); } public XadesVerificationProfile( Class certificateValidationProviderClass) { this(); withBinding(CertificateValidationProvider.class, certificateValidationProviderClass); } /** * Adds a type dependency mapping to the profile. This is typically done from an * interface to a type that implements that interface. When a dependency to * {@code from} is found, the {@code to} class is used. The {@code to} class * may in turn have its own dependencies. *
* The other {@code withNNNNNN} methods are convenient shortcuts for this one.
* @param from the dependency
* @param to the type that resolves the dependency
* @return this profile
*/
public
* The schema for signed signature and data object properties is closed; as
* such, this only affects the unsigned properties.
*
* Note that it is also possible to implement a custom {@code QualifyingPropertiesUnmarshaller}s.
*
* The {@link XadesVerificationProfile#withElementVerifier withElementVerifier}
* method can be used to register verifiers for unknown properties.
* @see xades4j.xml.unmarshalling.QualifyingPropertiesUnmarshaller
*/
public XadesVerificationProfile acceptUnknownProperties(boolean accept)
{
this.acceptUnknownProperties = accept;
return this;
}
/**
* If true, it will perform the digital enforcing the following restrictions:
* 1. Forbids use of the XSLT Transform
* 2. Restricts the number of SignedInfo or Manifest References to 30 or less
* 3. Restricts the number of Reference Transforms to 5 or less
* 4. Forbids the use of MD5 related signature or mac algorithms
* 5. Ensures that Reference Ids are unique to help prevent signature wrapping attacks
* 6. Forbids Reference URIs of type http or file
* 7. Does not allow a RetrievalMethod to reference another RetrievalMethod
*/
public XadesVerificationProfile withSecureValidation(boolean secureValidation)
{
this.secureValidation = secureValidation;
return this;
}
/**********************************************/
/************ Custom verification *************/
/**********************************************/
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(
CustomPropertiesDataObjsStructureVerifier v)
{
if (null == v)
throw new NullPointerException();
this.profileCore.addMultibinding(CustomPropertiesDataObjsStructureVerifier.class, v);
return this;
}
public XadesVerificationProfile withGlobalDataObjsStructureVerifier(
Class customVerifierClass)
{
if (null == customVerifierClass)
throw new NullPointerException();
this.profileCore.addMultibinding(CustomPropertiesDataObjsStructureVerifier.class, customVerifierClass);
return this;
}
public XadesVerificationProfile withRawSignatureVerifier(
RawSignatureVerifier v)
{
if (null == v)
throw new NullPointerException();
this.profileCore.addMultibinding(RawSignatureVerifier.class, v);
return this;
}
public XadesVerificationProfile withRawSignatureVerifier(
Class rawVerifierClass)
{
if (null == rawVerifierClass)
throw new NullPointerException();
this.profileCore.addMultibinding(RawSignatureVerifier.class, rawVerifierClass);
return this;
}
public XadesVerificationProfile withCustomSignatureVerifier(
CustomSignatureVerifier v)
{
if (null == v)
throw new NullPointerException();
this.profileCore.addMultibinding(CustomSignatureVerifier.class, v);
return this;
}
public XadesVerificationProfile withCustomSignatureVerifier(
Class customVerifierClass)
{
if (null == customVerifierClass)
throw new NullPointerException();
this.profileCore.addMultibinding(CustomSignatureVerifier.class, customVerifierClass);
return this;
}
public XadesVerificationProfile withElementVerifier(
QName elemName, Class vClass)
{
if (null == elemName || null == vClass)
throw new NullPointerException();
this.profileCore.addMapBinding(QualifyingPropertyVerifier.class, elemName, vClass);
return this;
}
public