ValidationPolicy.java example

Explorer
sd-dss-master
- apps
  - dss
  - sscd-mocca-adapter
    - src
      - main
        java
        eu
        europa
        ec
        markt
        dss
        mocca
        MOCCAPrivateKeyEntry.java
        MOCCASignatureTokenConnection.java
        PINGUIAdapter.java
/*
 * DSS - Digital Signature Services
 *
 * Copyright (C) 2013 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel
 *
 * Developed by: 2013 ARHS Developments S.A. (rue Nicolas Bové 2B, L-1253 Luxembourg) http://www.arhs-developments.com
 *
 * This file is part of the "DSS - Digital Signature Services" project.
 *
 * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of
 * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the
 * License, or (at your option) any later version.
 *
 * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License along with
 * "DSS - Digital Signature Services".  If not, see <http://www.gnu.org/licenses/>.
 */

package eu.europa.ec.markt.dss.validation102853.policy;

import java.util.Date;
import java.util.List;

import org.w3c.dom.Document;

import eu.europa.ec.markt.dss.validation102853.rules.AttributeName;
import eu.europa.ec.markt.dss.validation102853.rules.RuleConstant;
import eu.europa.ec.markt.dss.validation102853.xml.XmlDom;

/**
 * This class encapsulates the constraint file that controls the policy to be used during the validation process. This is the base class used to implement a specific validation
 * policy
 *
 * @author bielecro
 */
public abstract class ValidationPolicy extends XmlDom implements RuleConstant, AttributeName {

	public ValidationPolicy(final Document document) {

		super(document);
	}
	/**
	 * @return
	 */
	public abstract boolean isRevocationFreshnessToBeChecked();

	public abstract String getFormatedMaxRevocationFreshness();

	/**
	 * This function returns the maximum duration in milliseconds for which the revocation data are considered fresh.
	 *
	 * @return
	 */
	public abstract Long getMaxRevocationFreshness();

	/**
	 * This function returns the algorithm expiration date extracted from the 'constraint.xml' file. If the TAG AlgoExpirationDate is not present within the
	 * constraints {@code null} is returned.
	 *
	 * @param algorithm algorithm (SHA1, SHA256, RSA2048...) to be checked
	 * @return expiration date or null
	 */
	public abstract Date getAlgorithmExpirationDate(String algorithm);

	/**
	 * Indicates if the signature policy should be checked. If AcceptablePolicies element is absent within the constraint file then null is returned,
	 * otherwise the list of identifiers is initialised.
	 *
	 * @return {@code Constraint} if SigningTime element is present in the constraint file, null otherwise.
	 */
	public abstract SignaturePolicyConstraint getSignaturePolicyConstraint();

	/**
	 * Indicates if the structural validation should be checked. If StructuralValidation element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if StructuralValidation element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getStructuralValidationConstraint();

	/**
	 * Indicates if the signed property: signing-time should be checked. If SigningTime element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if SigningTime element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningTimeConstraint();

	/**
	 * Indicates if the signed property: content-type should be checked. If ContentType element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if ContentType element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getContentTypeConstraint();

	/**
	 * Indicates if the signed property: content-hints should be checked. If ContentHints element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if ContentHints element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getContentHintsConstraint();

	/**
	 * Indicates if the signed property: content-identifier should be checked. If ContentIdentifier element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if ContentIdentifier element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getContentIdentifierConstraint();

	/**
	 * Indicates if the signed property: commitment-type-indication should be checked. If CommitmentTypeIndication element is absent within the constraint file then null is
	 * returned, otherwise the list of identifiers is initialised.
	 *
	 * @return {@code Constraint} if CommitmentTypeIndication element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getCommitmentTypeIndicationConstraint();

	/**
	 * Indicates if the signed property: signer-location should be checked. If SignerLocation element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if SignerLocation element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSignerLocationConstraint();

	/**
	 * Indicates if the signed property: content-time-stamp should be checked. If ContentTimeStamp element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if ContentTimeStamp element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getContentTimestampPresenceConstraint();

	/**
	 * Indicates if the signed property: content-time-stamp should be checked. If ClaimedRoles element is absent within the constraint file then null is returned.
	 *
	 * @return {@code Constraint} if ClaimedRoles element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getClaimedRoleConstraint();

	/**
	 * Return the mandated signer role.
	 *
	 * @return
	 */
	public abstract List<String> getClaimedRoles();

	/**
	 * Indicates if the presence of the Signer Role is mandatory.
	 *
	 * @return
	 */
	public abstract boolean shouldCheckIfCertifiedRoleIsPresent();

	/**
	 * Return the mandated signer role.
	 *
	 * @return
	 */
	public abstract List<String> getCertifiedRoles();

	/**
	 * Returns the name of the policy.
	 *
	 * @return
	 */
	public abstract String getPolicyName();

	/**
	 * Returns the policy description.
	 *
	 * @return
	 */
	public abstract String getPolicyDescription();

	/**
	 * Returns the timestamp delay in milliseconds.
	 *
	 * @return
	 */
	public abstract Long getTimestampDelayTime();

	public abstract String getCertifiedRolesAttendance();

	/**
	 * This method creates the {@code SignatureCryptographicConstraint} corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file
	 * the null is returned.
	 *
	 * @param context The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
	 * @return {@code SignatureCryptographicConstraint} if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract SignatureCryptographicConstraint getSignatureCryptographicConstraint(String context);

	/**
	 * This method creates the {@code SignatureCryptographicConstraint} corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file
	 * the null is returned.
	 *
	 * @param context    The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
	 * @param subContext the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate
	 * @return {@code SignatureCryptographicConstraint} if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract SignatureCryptographicConstraint getSignatureCryptographicConstraint(String context, String subContext);

	/**
	 * This method creates the {@code SignatureCryptographicConstraint} corresponding to the context parameter. If AcceptableEncryptionAlgo is not present in the constraint file
	 * the null is returned.
	 *
	 * @param rootXPathQuery The context of the signature cryptographic constraints is included within the XPath query.
	 * @param context        The context of the signature cryptographic constraints: MainSignature, Timestamp, Revocation
	 * @param subContext     the sub context of the signature cryptographic constraints: EMPTY (signature itself), SigningCertificate, CACertificate
	 * @return {@code SignatureCryptographicConstraint} if AcceptableEncryptionAlgo for a given context element is present in the constraint file, null otherwise.
	 */
	protected abstract SignatureCryptographicConstraint getSignatureCryptographicConstraint_(String rootXPathQuery, String context, String subContext);

	/**
	 * @param context
	 * @return {@code Constraint} if key-usage for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateKeyUsageConstraint(String context);

	/**
	 * @param context
	 * @param subContext
	 * @return {@code Constraint} if Expiration for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract CertificateExpirationConstraint getSigningCertificateExpirationConstraint(String context, String subContext);

	/**
	 * This constraint requests the presence of the trust anchor in the certificate chain.
	 *
	 * @param context
	 * @return {@code Constraint} if ProspectiveCertificateChain element for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getProspectiveCertificateChainConstraint(String context);

	/**
	 * @param context
	 * @param subContext
	 * @return {@code Constraint} if Signature for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getCertificateSignatureConstraint(String context, String subContext);

	/**
	 * @param context
	 * @return {@code Constraint} if RevocationDataAvailable for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getRevocationDataAvailableConstraint(String context, String subContext);

	/**
	 * @param context
	 * @return {@code Constraint} if RevocationDataIsTrusted for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getRevocationDataIsTrustedConstraint(String context, String subContext);

	/**
	 * @param context
	 * @return {@code Constraint} if RevocationDataFreshness for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getRevocationDataFreshnessConstraint(String context, String subContext);

	/**
	 * @return {@code Constraint} if Revoked for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateRevokedConstraint(String context, String subContext);

	/**
	 * @return {@code Constraint} if OnHold for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateOnHoldConstraint(String context, String subContext);

	/**
	 * @return {@code Constraint} if the TSLValidity for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateTSLValidityConstraint(String context);

	/**
	 * @return {@code Constraint} if TSLStatus for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateTSLStatusConstraint(String context);

	/**
	 * @return {@code Constraint} if the TSLValidity for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateTSLStatusAndValidityConstraint(String context);

	/**
	 * @param context of the certificate: main signature, timestamp, revocation data
	 * @return {@code Constraint} if Revoked for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getIntermediateCertificateRevokedConstraint(String context);

	/**
	 * @return {@code Constraint} if CertificateChain for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getChainConstraint();

	/**
	 * @return {@code Constraint} if Qualification for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateQualificationConstraint();

	/**
	 * Indicates if the end user certificate used in validating the signature is mandated to be supported by a secure
	 * signature creation device (SSCD) as defined in Directive 1999/93/EC [9].
	 *
	 * @return {@code Constraint} if SupportedBySSCD for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateSupportedBySSCDConstraint();

	/**
	 * @return {@code Constraint} if IssuedToLegalPerson for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateIssuedToLegalPersonConstraint();

	/**
	 * @return {@code Constraint} if Recognition for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateRecognitionConstraint(String context);

	/**
	 * @return {@code Constraint} if Signed for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateSignedConstraint(String context);

	/**
	 * @return {@code Constraint} if SigningCertificateAttribute for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateAttributePresentConstraint(String context);

	/**
	 * @return {@code Constraint} if DigestValuePresent for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateDigestValuePresentConstraint(String context);

	/**
	 * @return {@code Constraint} if DigestValueMatch for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateDigestValueMatchConstraint(String context);

	/**
	 * @return {@code Constraint} if IssuerSerialMatch for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSigningCertificateIssuerSerialMatchConstraint(String context);

	/**
	 * @return {@code Constraint} if ReferenceDataExistence for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getReferenceDataExistenceConstraint();

	/**
	 * @return {@code ReferenceDataIntact} if ReferenceDataIntact for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getReferenceDataIntactConstraint();

	/**
	 * @return {@code ReferenceDataIntact} if SignatureIntact for a given context element is present in the constraint file, null otherwise.
	 */
	public abstract Constraint getSignatureIntactConstraint();

	/**
	 * This method returns the "basic" constraint able to handle simple (empty/not empty), boolean value and identifiers list.
	 *
	 * @param XP_ROOT              is the root part of the XPath query use to retrieve the constraint description.
	 * @param defaultExpectedValue true or false
	 * @return
	 */
	protected abstract Constraint getBasicConstraint(String XP_ROOT, boolean defaultExpectedValue);

	public abstract BasicValidationProcessValidConstraint getBasicValidationProcessConclusionConstraint();

	public abstract Constraint getMessageImprintDataFoundConstraint();

	public abstract Constraint getMessageImprintDataIntactConstraint();

	/**
	 * This constraint is always executed!
	 *
	 * @return
	 */
	public abstract TimestampValidationProcessValidConstraint getTimestampValidationProcessConstraint();

	public abstract Constraint getRevocationTimeConstraint();

	public abstract Constraint getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint();

	public abstract Constraint getSigningCertificateValidityAtBestSignatureTimeConstraint();

	public abstract Constraint getAlgorithmReliableAtBestSignatureTimeConstraint();

	public abstract Constraint getTimestampCoherenceConstraint();

	/**
	 * This constraint has only two levels: FAIL, or NOTHING
	 *
	 * @return
	 */
	public abstract Constraint getTimestampDelaySigningTimePropertyConstraint();

	public abstract Constraint getContentTimestampImprintIntactConstraint();

	public abstract Constraint getContentTimestampImprintFoundConstraint();

	public abstract Constraint getCounterSignatureReferenceDataExistenceConstraint();

	public abstract Constraint getCounterSignatureReferenceDataIntactConstraint();

	public abstract Constraint getCounterSignatureIntactConstraint();
}