com.itextpdf.signatures.validation

Class ValidatorChainBuilder

java.lang.Object

com.itextpdf.signatures.validation.ValidatorChainBuilder

public class ValidatorChainBuilder
extends Object

A builder class to construct all necessary parts of a validation chain. The builder can be reused to create multiple instances of a validator.

Constructor Summary

Constructors

Constructor and Description
ValidatorChainBuilder() Creates a ValidatorChainBuilder using default implementations

Method Summary

Modifier and Type	Method and Description
CertificateChainValidator	buildCertificateChainValidator() Create a new CertificateChainValidator instance.
CRLValidator	buildCRLValidator() Create a new CRLValidator instance.
DocumentRevisionsValidator	buildDocumentRevisionsValidator() Create a bew DocumentRevisionsValidator instance with the current configuration.
OCSPValidator	buildOCSPValidator() Create a new OCSPValidator instance.
RevocationDataValidator	buildRevocationDataValidator() Create a new RevocationDataValidator instance This method can be used to create multiple validators.
SignatureValidator	buildSignatureValidator(PdfDocument document) Create a new SignatureValidator instance with the current configuration.
AdESReportAggregator	getAdESReportAggregator() Retrieves the explicitly added or automatically created AdESReportAggregator instance.
IssuingCertificateRetriever	getCertificateRetriever() Retrieves the explicitly added or automatically created IssuingCertificateRetriever instance.
LotlService	getLotlService() Retrieves explicitly added or automatically created LotlService instance.
LotlTrustedStore	getLotlTrustedStore() Retrieves explicitly added or automatically created LotlTrustedStore instance.
SignatureValidationProperties	getProperties() Retrieves the explicitly added or automatically created SignatureValidationProperties instance.
IResourceRetriever	getResourceRetriever() Retrieves the explicitly added or automatically created IResourceRetriever instance.
boolean	isEuropeanLotlTrusted() Checks if European Union List of Trusted Lists is supposed to be trusted.
ValidatorChainBuilder	trustEuropeanLotl(boolean trustEuropeanLotl) Establishes trust in European Union List of Trusted Lists.
ValidatorChainBuilder	withAdESReportAggregator(AdESReportAggregator adESReportAggregator) Use this AdES report aggregator to enable AdES compliant report generation.
ValidatorChainBuilder	withCertificateChainValidatorFactory(Supplier<CertificateChainValidator> certificateChainValidatorFactory) Use this factory method to create instances of CertificateChainValidator for use in the validation chain.
ValidatorChainBuilder	withCrlClient(Supplier<ICrlClient> crlClientFactory) Use this factory to create instances of ICrlClient for use in the validation chain.
ValidatorChainBuilder	withCRLValidatorFactory(Supplier<CRLValidator> crlValidatorFactory) Use this factory method to create instances of CRLValidator for use in the validation chain.
ValidatorChainBuilder	withDocumentRevisionsValidatorFactory(Supplier<DocumentRevisionsValidator> documentRevisionsValidatorFactory) Use this factory method to create instances of DocumentRevisionsValidator for use in the validation chain.
ValidatorChainBuilder	withIssuingCertificateRetrieverFactory(Supplier<IssuingCertificateRetriever> certificateRetrieverFactory) Use this factory method to create instances of IssuingCertificateRetriever for use in the validation chain.
ValidatorChainBuilder	withKnownCertificates(Collection<Certificate> knownCertificates) Adds known certificates to the IssuingCertificateRetriever.
ValidatorChainBuilder	withLotlService(Supplier<LotlService> lotlServiceFactory) Sets up factory which is responsible for LotlService creation.
ValidatorChainBuilder	withLotlTrustedStoreFactory(Supplier<LotlTrustedStore> lotlTrustedStoreFactory) Sets up factory which is responsible for LotlTrustedStore creation.
ValidatorChainBuilder	withOcspClient(Supplier<IOcspClientBouncyCastle> ocspClientFactory) Use this factory to create instances of IOcspClientBouncyCastle for use in the validation chain.
ValidatorChainBuilder	withOCSPValidatorFactory(Supplier<OCSPValidator> ocspValidatorFactory) Use this factory method to create instances of OCSPValidator for use in the validation chain.
ValidatorChainBuilder	withResourceRetriever(Supplier<IResourceRetriever> resourceRetrieverFactory) Use this factory method to create instances of IResourceRetriever for use in the validation chain.
ValidatorChainBuilder	withRevocationDataValidatorFactory(Supplier<RevocationDataValidator> revocationDataValidatorFactory) Use this factory method to create instances of RevocationDataValidator for use in the validation chain.
ValidatorChainBuilder	withSignatureValidationProperties(SignatureValidationProperties properties) Use this instance of a SignatureValidationProperties in the validation chain.
ValidatorChainBuilder	withTrustedCertificates(Collection<Certificate> trustedCertificates) Sets the trusted certificates to the IssuingCertificateRetriever.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ValidatorChainBuilder

public ValidatorChainBuilder()

Creates a ValidatorChainBuilder using default implementations

Method Detail

trustEuropeanLotl

public ValidatorChainBuilder trustEuropeanLotl(boolean trustEuropeanLotl)

Establishes trust in European Union List of Trusted Lists.

This feature by default relies on remote resource fetching and third-party EU trusted lists posted online. iText has no influence over these resources maintained by third-party authorities.

If this feature is enabled, LotlService is created and used to retrieve, validate and establish trust in EU List of Trusted Lists.

In order to properly work, apart from enabling it, user needs to call LotlService.initializeGlobalCache(LotlFetchingProperties) method, which performs initial initialization.

Additionally, in order to successfully use this feature, a user needs to provide a source for trusted certificates which will be used for LOTL files validation. One can either add an explicit dependency to "eu-trusted-lists-resources" iText module or configure own source of trusted certificates. When iText dependency is used it is required to make sure that the newest version of the dependency is selected, otherwise LOTL validation will fail.

The required certificates for LOTL files validations are published in the Official Journal of the European Union. Your own source of trusted certificates can be configured by using EuropeanTrustedListConfigurationFactory.setFactory(Supplier).

Parameters:

trustEuropeanLotl - true if European Union LOTLs are expected to be trusted, false otherwise

Returns:

current ValidatorChainBuilder.

isEuropeanLotlTrusted

public boolean isEuropeanLotlTrusted()

Checks if European Union List of Trusted Lists is supposed to be trusted.

Returns:

true if European Union LOTLs are expected to be trusted, false otherwise

buildSignatureValidator

public SignatureValidator buildSignatureValidator(PdfDocument document)

Create a new SignatureValidator instance with the current configuration. This method can be used to create multiple validators.

Parameters:

document - PdfDocument instance which will be validated

Returns:

a new instance of a signature validator.

buildDocumentRevisionsValidator

public DocumentRevisionsValidator buildDocumentRevisionsValidator()

Create a bew DocumentRevisionsValidator instance with the current configuration. This method can be used to create multiple validators.

Returns:

a new instance of a document revisions validator.

buildCertificateChainValidator

public CertificateChainValidator buildCertificateChainValidator()

Create a new CertificateChainValidator instance. This method can be used to create multiple validators.

Returns:

a new instance of a CertificateChainValidator.

buildRevocationDataValidator

public RevocationDataValidator buildRevocationDataValidator()

Create a new RevocationDataValidator instance This method can be used to create multiple validators.

Returns:

a new instance of a RevocationDataValidator.

buildOCSPValidator

public OCSPValidator buildOCSPValidator()

Create a new OCSPValidator instance. This method can be used to create multiple validators.

Returns:

a new instance of a OCSPValidator.

buildCRLValidator

public CRLValidator buildCRLValidator()

Create a new CRLValidator instance. This method can be used to create multiple validators.

Returns:

a new instance of a CRLValidator.

withDocumentRevisionsValidatorFactory

public ValidatorChainBuilder withDocumentRevisionsValidatorFactory(Supplier<DocumentRevisionsValidator> documentRevisionsValidatorFactory)

Use this factory method to create instances of DocumentRevisionsValidator for use in the validation chain.

Parameters:

documentRevisionsValidatorFactory - the document revisions validator factory method to use

Returns:

the current ValidatorChainBuilder.

withCRLValidatorFactory

public ValidatorChainBuilder withCRLValidatorFactory(Supplier<CRLValidator> crlValidatorFactory)

Use this factory method to create instances of CRLValidator for use in the validation chain.

Parameters:

crlValidatorFactory - the CRLValidatorFactory method to use

Returns:

the current ValidatorChainBuilder.

withResourceRetriever

public ValidatorChainBuilder withResourceRetriever(Supplier<IResourceRetriever> resourceRetrieverFactory)

Use this factory method to create instances of IResourceRetriever for use in the validation chain.

Parameters:

resourceRetrieverFactory - the ResourceRetrieverFactory method to use.

Returns:

the current ValidatorChainBuilder.

withOCSPValidatorFactory

public ValidatorChainBuilder withOCSPValidatorFactory(Supplier<OCSPValidator> ocspValidatorFactory)

Use this factory method to create instances of OCSPValidator for use in the validation chain.

Parameters:

ocspValidatorFactory - the OCSPValidatorFactory method to use

Returns:

the current ValidatorChainBuilder.

withRevocationDataValidatorFactory

public ValidatorChainBuilder withRevocationDataValidatorFactory(Supplier<RevocationDataValidator> revocationDataValidatorFactory)

Use this factory method to create instances of RevocationDataValidator for use in the validation chain.

Parameters:

revocationDataValidatorFactory - the RevocationDataValidator factory method to use

Returns:

the current ValidatorChainBuilder.

withCertificateChainValidatorFactory

public ValidatorChainBuilder withCertificateChainValidatorFactory(Supplier<CertificateChainValidator> certificateChainValidatorFactory)

Use this factory method to create instances of CertificateChainValidator for use in the validation chain.

Parameters:

certificateChainValidatorFactory - the CertificateChainValidator factory method to use

Returns:

the current ValidatorChainBuilder.

withSignatureValidationProperties

public ValidatorChainBuilder withSignatureValidationProperties(SignatureValidationProperties properties)

Use this instance of a SignatureValidationProperties in the validation chain.

Parameters:

properties - the SignatureValidationProperties instance to use

Returns:

the current ValidatorChainBuilder.

withIssuingCertificateRetrieverFactory

public ValidatorChainBuilder withIssuingCertificateRetrieverFactory(Supplier<IssuingCertificateRetriever> certificateRetrieverFactory)

Use this factory method to create instances of IssuingCertificateRetriever for use in the validation chain.

Parameters:

certificateRetrieverFactory - the IssuingCertificateRetriever factory method to use

Returns:

the current ValidatorChainBuilder.

withOcspClient

public ValidatorChainBuilder withOcspClient(Supplier<IOcspClientBouncyCastle> ocspClientFactory)

Use this factory to create instances of IOcspClientBouncyCastle for use in the validation chain.

Parameters:

ocspClientFactory - the IOcspClient factory method to use

Returns:

the current ValidatorChainBuilder.

withCrlClient

public ValidatorChainBuilder withCrlClient(Supplier<ICrlClient> crlClientFactory)

Use this factory to create instances of ICrlClient for use in the validation chain.

Parameters:

crlClientFactory - the ICrlClient factory method to use

Returns:

the current ValidatorChainBuilder.

withKnownCertificates

public ValidatorChainBuilder withKnownCertificates(Collection<Certificate> knownCertificates)

Adds known certificates to the IssuingCertificateRetriever.

Parameters:

knownCertificates - the list of known certificates to add

Returns:

the current ValidatorChainBuilder.

withTrustedCertificates

public ValidatorChainBuilder withTrustedCertificates(Collection<Certificate> trustedCertificates)

Sets the trusted certificates to the IssuingCertificateRetriever.

Parameters:

trustedCertificates - the list of trusted certificates to set

Returns:

the current ValidatorChainBuilder.

withAdESReportAggregator

public ValidatorChainBuilder withAdESReportAggregator(AdESReportAggregator adESReportAggregator)

Use this AdES report aggregator to enable AdES compliant report generation.

Generated PadesValidationReport report could be provided to XmlReportGenerator.generate(PadesValidationReport, Writer).

Parameters:

adESReportAggregator - the report aggregator to use

Returns:

the current ValidatorChainBuilder

getCertificateRetriever

public IssuingCertificateRetriever getCertificateRetriever()

Retrieves the explicitly added or automatically created IssuingCertificateRetriever instance.

Returns:

the explicitly added or automatically created IssuingCertificateRetriever instance.

getProperties

public SignatureValidationProperties getProperties()

Retrieves the explicitly added or automatically created SignatureValidationProperties instance.

Returns:

the explicitly added or automatically created SignatureValidationProperties instance.

getAdESReportAggregator

public AdESReportAggregator getAdESReportAggregator()

Retrieves the explicitly added or automatically created AdESReportAggregator instance. Default is the NullAdESReportAggregator.

Returns:

the explicitly added or automatically created AdESReportAggregator instance.

getResourceRetriever

public IResourceRetriever getResourceRetriever()

Retrieves the explicitly added or automatically created IResourceRetriever instance.

Returns:

the explicitly added or automatically created IResourceRetriever instance.

withLotlTrustedStoreFactory

public ValidatorChainBuilder withLotlTrustedStoreFactory(Supplier<LotlTrustedStore> lotlTrustedStoreFactory)

Sets up factory which is responsible for LotlTrustedStore creation.

Parameters:

lotlTrustedStoreFactory - factory responsible for LotlTrustedStore creation

Returns:

this same instance of ValidatorChainBuilder

getLotlTrustedStore

public LotlTrustedStore getLotlTrustedStore()

Retrieves explicitly added or automatically created LotlTrustedStore instance.

Returns:

explicitly added or automatically created LotlTrustedStore instance

withLotlService

public ValidatorChainBuilder withLotlService(Supplier<LotlService> lotlServiceFactory)

Sets up factory which is responsible for LotlService creation.

Parameters:

lotlServiceFactory - factory responsible for LotlService creation

Returns:

this same instance of ValidatorChainBuilder

getLotlService

public LotlService getLotlService()

Retrieves explicitly added or automatically created LotlService instance.

Returns:

explicitly added or automatically created LotlService instance