Package org.digidoc4j.impl.asic.tsl

Class LazyTslCertificateSource

java.lang.Object
eu.europa.esig.dss.spi.x509.CommonCertificateSource
eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource
eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource
All Implemented Interfaces:
eu.europa.esig.dss.spi.x509.CertificateSource, Serializable, TSLCertificateSource
public class LazyTslCertificateSource extends eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource implements TSLCertificateSource
Lazily initialized certificate source. It allows to initialize objects and populate parameters where a certificate source is necessary, but is not yet accessed.

The goal is to postpone initialization and downloading of TSL until it is really needed to speed up processes. For example, it is not necessary to download TSL to open container and see signature parameters, but DSS library requires the presence of certificate source. TSL should be downloaded for validation and other functionality where it is really necessary to check the certificates.

To achieve that, a lazily initialized certificate source is used.

See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    LazyTslCertificateSource(TslLoader tslLoader)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    eu.europa.esig.dss.model.x509.CertificateToken
    addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
     
    void
    addTSLCertificate(X509Certificate certificate)
    This method allows to define (to add) any certificate as trusted.
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getByPublicKey(PublicKey publicKey)
     
    Set<eu.europa.esig.dss.model.x509.CertificateToken>
    getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
     
    Long
    getCacheExpirationTime()
     
    List<eu.europa.esig.dss.model.x509.CertificateToken>
    getCertificates()
    Retrieves the list of all certificate tokens from this source.
    eu.europa.esig.dss.enumerations.CertificateSourceType
    getCertificateSourceType()
     
    Long
    getLastCacheReloadingTime()
     
    int
    getNumberOfCertificates()
    This method returns the number of stored certificates in this source
    eu.europa.esig.dss.spi.tsl.TLValidationJobSummary
    getSummary()
     
    List<eu.europa.esig.dss.spi.tsl.TrustProperties>
    getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token)
    Retrieves the list of trust properties for the gifen certificate token.
    TslLoader
    getTslLoader()
     
    void
    invalidateCache()
    Invalidates cache Only applicable when cache is used.
    boolean
    isKnown(eu.europa.esig.dss.model.x509.CertificateToken token)
     
    boolean
    isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
     
    void
    refresh()
     
    void
    setCacheExpirationTime(Long cacheExpirationTime)
     

    Methods inherited from class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

    addCertificate, getAlternativeCRLUrls, getAlternativeOCSPUrls, getNumberOfTrustedPublicKeys, setSummary, setTrustPropertiesByCertificates

    Methods inherited from class eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource

    importAsTrusted

    Methods inherited from class eu.europa.esig.dss.spi.x509.CommonCertificateSource

    findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, getNumberOfEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface eu.europa.esig.dss.spi.x509.CertificateSource

    findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent

    Methods inherited from interface org.digidoc4j.TSLCertificateSource

    addCertificate, getNumberOfTrustedPublicKeys

  • Constructor Details

    • LazyTslCertificateSource

      public LazyTslCertificateSource(TslLoader tslLoader)
      Parameters:
      tslLoader - TSL loader

  • Method Details

    • getSummary

      public eu.europa.esig.dss.spi.tsl.TLValidationJobSummary getSummary()
      Specified by:
      getSummary in interface TSLCertificateSource
      Overrides:
      getSummary in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

    • getNumberOfCertificates

      public int getNumberOfCertificates()
      Description copied from interface: TSLCertificateSource
      This method returns the number of stored certificates in this source
      Specified by:
      getNumberOfCertificates in interface TSLCertificateSource
      Overrides:
      getNumberOfCertificates in class eu.europa.esig.dss.spi.x509.CommonCertificateSource
      Returns:
      number of certificates in this instance

    • addCertificate

      public eu.europa.esig.dss.model.x509.CertificateToken addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      Specified by:
      addCertificate in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      addCertificate in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

    • isKnown

      public boolean isKnown(eu.europa.esig.dss.model.x509.CertificateToken token)
      Specified by:
      isKnown in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      isKnown in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

    • getTrustServices

      public List<eu.europa.esig.dss.spi.tsl.TrustProperties> getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token)
      Description copied from interface: TSLCertificateSource
      Retrieves the list of trust properties for the gifen certificate token.
      Specified by:
      getTrustServices in interface TSLCertificateSource
      Overrides:
      getTrustServices in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
      Parameters:
      token -
      Returns:
      all the Trust Properties associated with the certificate token.

    • getCertificateSourceType

      public eu.europa.esig.dss.enumerations.CertificateSourceType getCertificateSourceType()
      Specified by:
      getCertificateSourceType in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      getCertificateSourceType in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

    • addTSLCertificate

      public void addTSLCertificate(X509Certificate certificate)
      Description copied from interface: TSLCertificateSource
      This method allows to define (to add) any certificate as trusted.

      Use with caution: the default Trust Service Provider settings used in this method may not correspond with the actual properties of this Trust Service, specified in the official European Commission Trust List.

      This method uses a set of default settings to add a CA service issuing Qualified Certificates to the library's trust store.

      ServiceName will be the certificate's CN field value
      ServiceTypeIdentifier will be:
      http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC - if certificate contains "OCSPSigning" extended key usage
      http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST - if certificate contains "timeStamping" extended key usage http://uri.etsi.org/TrstSvc/Svctype/CA/QC - otherwise
      Qualifier will be http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD with nonRepudiation
      ServiceStatus will be:
      Certificate's NotBefore pre Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision
      Certificate's NotBefore post Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
      CountryCode will be EU
      TLInfo for EU will be added automatically when it does not exist

      Specified by:
      addTSLCertificate in interface TSLCertificateSource
      Parameters:
      certificate - X509 certificate to be added to the list, a certificate you have to trust.

    • getBySubject

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
      Specified by:
      getBySubject in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      getBySubject in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

    • getByPublicKey

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getByPublicKey(PublicKey publicKey)
      Specified by:
      getByPublicKey in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      getByPublicKey in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

    • getCertificates

      public List<eu.europa.esig.dss.model.x509.CertificateToken> getCertificates()
      Description copied from interface: TSLCertificateSource
      Retrieves the list of all certificate tokens from this source.
      Specified by:
      getCertificates in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Specified by:
      getCertificates in interface TSLCertificateSource
      Overrides:
      getCertificates in class eu.europa.esig.dss.spi.x509.CommonCertificateSource
      Returns:
      all the TSL certificates.

    • isTrusted

      public boolean isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Specified by:
      isTrusted in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Overrides:
      isTrusted in class eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource

    • invalidateCache

      public void invalidateCache()
      Description copied from interface: TSLCertificateSource
      Invalidates cache Only applicable when cache is used.
      Specified by:
      invalidateCache in interface TSLCertificateSource

    • refresh

      public void refresh()
      Specified by:
      refresh in interface TSLCertificateSource

    • getLastCacheReloadingTime

      public Long getLastCacheReloadingTime()

    • getCacheExpirationTime

      public Long getCacheExpirationTime()

    • setCacheExpirationTime

      public void setCacheExpirationTime(Long cacheExpirationTime)

    • getTslLoader

      public TslLoader getTslLoader()