All Downloads are FREE. Search and download functionalities are using the official Maven repository.

se.idsec.signservice.security.sign.SignatureValidator Maven / Gradle / Ivy

/*
 * Copyright 2019-2024 IDsec Solutions AB
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package se.idsec.signservice.security.sign;

import se.idsec.signservice.security.certificate.CertificateValidator;

import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.List;

/**
 * Generic interface representing a signature validator instance that supports validating documents having one more
 * signatures.
 *
 * @param  the type of document that is validated
 * @author Martin Lindström ([email protected])
 * @author Stefan Santesson ([email protected])
 */
public interface SignatureValidator {

  /**
   * Validates the signature(s) of supplied document.
   *
   * @param document the document to validate
   * @return a validation result containing the details from a signature validation
   * @throws SignatureException for errors during the validation process (pure signature validation errors are
   *     reported in the returned result)
   */
  List validate(final T document) throws SignatureException;

  /**
   * Predicate that tells if all the supplied result objects indicate a successful validation.
   *
   * @param results a (non-empty) list of result objects
   * @return true if all result objects indicate success and false otherwise
   */
  static boolean isCompleteSuccess(final List results) {
    return results.stream().allMatch(SignatureValidationResult::isSuccess);
  }

  /**
   * Predicate that tells if the supplied document is signed.
   *
   * @param document the document to check
   * @return true if the document is signed, and false otherwise
   * @throws IllegalArgumentException if the document can not be parsed
   */
  boolean isSigned(final T document) throws IllegalArgumentException;

  /**
   * Gets a list of "required signer certificates", meaning that we require the signature to be signed with a
   * certificate from this list.
   * 

* If an empty list is returned this means that a complete certificate path validation up to a trusted root will be * performed (provided {@link #getCertificateValidator()} is non null). If no certificate validator is installed the * signature will be accepted without checking any certificates (provided that the signature itself is valid). *

* * @return a (possibly empty) list of "accepted" certificates */ List getRequiredSignerCertificates(); /** * Gets the certificate validator instance that is to be used to validate the signer certificate up until a trusted * path. *

* If {@link #getRequiredSignerCertificates()} returns a non-empty list, no certificate path validation will be * performed. *

*

* If no certificate validator is configured the signature will be accepted without checking any certificates * (provided that the signature itself is valid). *

* * @return the certificate validator or null */ CertificateValidator getCertificateValidator(); }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy