• Home
• org.digidoc4j.dss
• dss-tsl-validation
• 4.6.d4j.2
• source code
• TSLValidator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

eu.europa.esig.dss.tsl.service.TSLValidator Maven / Gradle / Ivy

/**
 * DSS - Digital Signature Services
 * Copyright (C) 2015 European Commission, provided under the CEF programme
 *
 * This file is part of the "DSS - Digital Signature Services" project.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
package eu.europa.esig.dss.tsl.service;

import java.io.File;
import java.util.List;
import java.util.concurrent.Callable;

import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.FileDocument;
import eu.europa.esig.dss.XPathQueryHolder;
import eu.europa.esig.dss.tsl.TSLValidationResult;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.report.Reports;
import eu.europa.esig.dss.validation.report.SimpleReport;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.x509.KeyStoreCertificateSource;
import eu.europa.esig.dss.xades.validation.XMLDocumentValidator;

/**
 * This class allows to validate TSL or LOTL. It can be executed as a Callable.
 */
public class TSLValidator implements Callable {

	private static final Logger logger = LoggerFactory.getLogger(TSLValidator.class);

	private File file;
	private String countryCode;
	private KeyStoreCertificateSource dssKeyStore;
	private List potentialSigners;

	/**
	 * Constructor used to instantiate a validator for a LOTL
	 *
	 * @param file
	 *            the file to validate (a LOTL file)
	 * @param countryCode
	 *            the country code
	 * @param dssKeyStore
	 *            the key store which contains trusted certificates (allowed to sign the LOTL)
	 */
	public TSLValidator(File file, String countryCode, KeyStoreCertificateSource dssKeyStore) {
		this.file = file;
		this.countryCode = countryCode;
		this.dssKeyStore = dssKeyStore;
	}

	/**
	 * Constructor used to instantiate a validator for a TSL
	 *
	 * @param file
	 *            the file to validate (a TSL file (not LOTL)
	 * @param countryCode
	 *            the country code
	 * @param dssKeyStore
	 *            the key store which contains trusted certificates (allowed to sign the LOTL)
	 * @param potentialSigners
	 *            the list of certificates allowed to sign this TSL
	 */
	public TSLValidator(File file, String countryCode, KeyStoreCertificateSource dssKeyStore, List potentialSigners) {
		this.file = file;
		this.countryCode = countryCode;
		this.dssKeyStore = dssKeyStore;
		this.potentialSigners = potentialSigners;
	}

	@Override
	public TSLValidationResult call() throws Exception {
		CertificateVerifier certificateVerifier = new CommonCertificateVerifier(true);
		certificateVerifier.setTrustedCertSource(buildTrustedCertificateSource(dssKeyStore, potentialSigners));

		DSSDocument dssDocument = new FileDocument(file);
		XMLDocumentValidator xmlDocumentValidator = new XMLDocumentValidator(dssDocument);
		xmlDocumentValidator.setCertificateVerifier(certificateVerifier);
		// To increase the security: the default {@code XPathQueryHolder} is used.
		List xPathQueryHolders = xmlDocumentValidator.getXPathQueryHolder();
		xPathQueryHolders.clear();
		xPathQueryHolders.add(new XPathQueryHolder());

		Reports reports = xmlDocumentValidator.validateDocument();
		SimpleReport simpleReport = reports.getSimpleReport();
		String indication = simpleReport.getIndication(simpleReport.getFirstSignatureId());
		boolean isValid = Indication.VALID.equals(indication);

		TSLValidationResult result = new TSLValidationResult();
		result.setCountryCode(countryCode);
		result.setIndication(indication);
		result.setSubIndication(simpleReport.getSubIndication(simpleReport.getFirstSignatureId()));

		if (!isValid) {
			logger.info("The TSL signature is not valid : \n" + simpleReport.toString());
		}

		return result;
	}

	private CommonTrustedCertificateSource buildTrustedCertificateSource(KeyStoreCertificateSource dssKeyStore, List potentialSigners) {
		CommonTrustedCertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource();
		if (CollectionUtils.isNotEmpty(potentialSigners)) {
			for (CertificateToken potentialSigner : potentialSigners) {
				commonTrustedCertificateSource.addCertificate(potentialSigner);
			}
		}
		if ((dssKeyStore != null) && CollectionUtils.isNotEmpty(dssKeyStore.getCertificatesFromKeyStore())) {
			List trustedCertificatesFromKeyStore = dssKeyStore.getCertificatesFromKeyStore();
			for (CertificateToken certificateToken : trustedCertificatesFromKeyStore) {
				commonTrustedCertificateSource.addCertificate(certificateToken);
			}
		}
		return commonTrustedCertificateSource;
	}

}