org.digidoc4j.impl.asic.tsl

Class LazyTslCertificateSource

java.lang.Object

eu.europa.esig.dss.spi.x509.CommonCertificateSource

eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource

eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource

All Implemented Interfaces:

eu.europa.esig.dss.spi.x509.CertificateSource, Serializable, TSLCertificateSource

public class LazyTslCertificateSource
extends eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
implements TSLCertificateSource

Lazily initialized certificate source. It allows to initialize objects and populate parameters where a certificate source is necessary, but is not yet accessed.

The goal is to postpone initialization and downloading of TSL until it is really needed to speed up processes. For example, it is not necessary to download TSL to open container and see signature parameters, but DSS library requires the presence of certificate source. TSL should be downloaded for validation and other functionality where it is really necessary to check the certificates.

To achieve that, a lazily initialized certificate source is used.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
LazyTslCertificateSource(TslLoader tslLoader)

Method Summary

Modifier and Type	Method and Description
eu.europa.esig.dss.model.x509.CertificateToken	addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
void	addTSLCertificate(X509Certificate certificate) This method allows to define (to add) any certificate as trusted.
Set<eu.europa.esig.dss.model.x509.CertificateToken>	getByPublicKey(PublicKey publicKey)
Set<eu.europa.esig.dss.model.x509.CertificateToken>	getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
Long	getCacheExpirationTime()
List<eu.europa.esig.dss.model.x509.CertificateToken>	getCertificates() Retrieves the list of all certificate tokens from this source.
eu.europa.esig.dss.enumerations.CertificateSourceType	getCertificateSourceType()
Long	getLastCacheReloadingTime()
int	getNumberOfCertificates() This method returns the number of stored certificates in this source
eu.europa.esig.dss.spi.tsl.TLValidationJobSummary	getSummary()
List<eu.europa.esig.dss.spi.tsl.TrustProperties>	getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token) Retrieves the list of trust properties for the gifen certificate token.
TslLoader	getTslLoader()
void	invalidateCache() Invalidates cache Only applicable when cache is used.
boolean	isKnown(eu.europa.esig.dss.model.x509.CertificateToken token)
boolean	isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
void	refresh()
void	setCacheExpirationTime(Long cacheExpirationTime)

Methods inherited from class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

addCertificate, getAlternativeCRLUrls, getAlternativeOCSPUrls, getNumberOfTrustedPublicKeys, setSummary, setTrustPropertiesByCertificates

Methods inherited from class eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource

importAsTrusted

Methods inherited from class eu.europa.esig.dss.spi.x509.CommonCertificateSource

findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, getNumberOfEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.digidoc4j.TSLCertificateSource

addCertificate, getNumberOfTrustedPublicKeys

Methods inherited from interface eu.europa.esig.dss.spi.x509.CertificateSource

findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent

Constructor Detail

LazyTslCertificateSource

public LazyTslCertificateSource(TslLoader tslLoader)

Parameters:

tslLoader - TSL loader

Method Detail

getSummary

public eu.europa.esig.dss.spi.tsl.TLValidationJobSummary getSummary()

Specified by:

getSummary in interface TSLCertificateSource

Overrides:

getSummary in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

getNumberOfCertificates

public int getNumberOfCertificates()

Description copied from interface: TSLCertificateSource

This method returns the number of stored certificates in this source

Specified by:

getNumberOfCertificates in interface TSLCertificateSource

Overrides:

getNumberOfCertificates in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

Returns:

number of certificates in this instance

addCertificate

public eu.europa.esig.dss.model.x509.CertificateToken addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)

Specified by:

addCertificate in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

addCertificate in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

isKnown

public boolean isKnown(eu.europa.esig.dss.model.x509.CertificateToken token)

Specified by:

isKnown in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

isKnown in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

getTrustServices

public List<eu.europa.esig.dss.spi.tsl.TrustProperties> getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token)

Description copied from interface: TSLCertificateSource

Retrieves the list of trust properties for the gifen certificate token.

Specified by:

getTrustServices in interface TSLCertificateSource

Overrides:

getTrustServices in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

Returns:

all the Trust Properties associated with the certificate token.

getCertificateSourceType

public eu.europa.esig.dss.enumerations.CertificateSourceType getCertificateSourceType()

Specified by:

getCertificateSourceType in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

getCertificateSourceType in class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource

addTSLCertificate

public void addTSLCertificate(X509Certificate certificate)

Description copied from interface: TSLCertificateSource

This method allows to define (to add) any certificate as trusted.

Use with caution: the default Trust Service Provider settings used in this method may not correspond with the actual properties of this Trust Service, specified in the official European Commission Trust List.

This method uses a set of default settings to add a CA service issuing Qualified Certificates to the library's trust store.

ServiceName will be the certificate's CN field value
ServiceTypeIdentifier will be:
http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC - if certificate contains "OCSPSigning" extended key usage
http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST - if certificate contains "timeStamping" extended key usage http://uri.etsi.org/TrstSvc/Svctype/CA/QC - otherwise
Qualifier will be http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD with nonRepudiation
ServiceStatus will be:
Certificate's NotBefore pre Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision
Certificate's NotBefore post Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
CountryCode will be EU
TLInfo for EU will be added automatically when it does not exist

Specified by:

addTSLCertificate in interface TSLCertificateSource

Parameters:

certificate - X509 certificate to be added to the list, a certificate you have to trust.

getBySubject

public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)

Specified by:

getBySubject in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

getBySubject in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

getByPublicKey

public Set<eu.europa.esig.dss.model.x509.CertificateToken> getByPublicKey(PublicKey publicKey)

Specified by:

getByPublicKey in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

getByPublicKey in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

getCertificates

public List<eu.europa.esig.dss.model.x509.CertificateToken> getCertificates()

Description copied from interface: TSLCertificateSource

Retrieves the list of all certificate tokens from this source.

Specified by:

getCertificates in interface eu.europa.esig.dss.spi.x509.CertificateSource

Specified by:

getCertificates in interface TSLCertificateSource

Overrides:

getCertificates in class eu.europa.esig.dss.spi.x509.CommonCertificateSource

Returns:

all the TSL certificates.

isTrusted

public boolean isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)

Specified by:

isTrusted in interface eu.europa.esig.dss.spi.x509.CertificateSource

Overrides:

isTrusted in class eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource

invalidateCache

public void invalidateCache()

Description copied from interface: TSLCertificateSource

Invalidates cache Only applicable when cache is used.

Specified by:

invalidateCache in interface TSLCertificateSource

refresh

public void refresh()

Specified by:

refresh in interface TSLCertificateSource

getLastCacheReloadingTime

public Long getLastCacheReloadingTime()

getCacheExpirationTime

public Long getCacheExpirationTime()

setCacheExpirationTime

public void setCacheExpirationTime(Long cacheExpirationTime)

getTslLoader

public TslLoader getTslLoader()