Package org.digidoc4j.impl.asic.tsl
Class LazyTslCertificateSource
java.lang.Object
eu.europa.esig.dss.spi.x509.CommonCertificateSource
eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource
eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource
- All Implemented Interfaces:
eu.europa.esig.dss.spi.x509.CertificateSource
,Serializable
,TSLCertificateSource
public class LazyTslCertificateSource
extends eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
implements TSLCertificateSource
Lazily initialized certificate source. It allows to initialize objects and populate parameters
where a certificate source is necessary, but is not yet accessed.
The goal is to postpone initialization and downloading of TSL until it is really needed to speed up processes. For example, it is not necessary to download TSL to open container and see signature parameters, but DSS library requires the presence of certificate source. TSL should be downloaded for validation and other functionality where it is really necessary to check the certificates.
To achieve that, a lazily initialized certificate source is used.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioneu.europa.esig.dss.model.x509.CertificateToken
addCertificate
(eu.europa.esig.dss.model.x509.CertificateToken certificate) void
addTSLCertificate
(X509Certificate certificate) This method allows to define (to add) any certificate as trusted.Set
<eu.europa.esig.dss.model.x509.CertificateToken> getByPublicKey
(PublicKey publicKey) Set
<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject
(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject) List
<eu.europa.esig.dss.model.x509.CertificateToken> Retrieves the list of all certificate tokens from this source.eu.europa.esig.dss.enumerations.CertificateSourceType
int
This method returns the number of stored certificates in this sourceeu.europa.esig.dss.spi.tsl.TLValidationJobSummary
List
<eu.europa.esig.dss.spi.tsl.TrustProperties> getTrustServices
(eu.europa.esig.dss.model.x509.CertificateToken token) Retrieves the list of trust properties for the gifen certificate token.void
Invalidates cache Only applicable when cache is used.boolean
isKnown
(eu.europa.esig.dss.model.x509.CertificateToken token) boolean
isTrusted
(eu.europa.esig.dss.model.x509.CertificateToken certificateToken) void
refresh()
void
setCacheExpirationTime
(Long cacheExpirationTime) Methods inherited from class eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
addCertificate, getAlternativeCRLUrls, getAlternativeOCSPUrls, getNumberOfTrustedPublicKeys, setSummary, setTrustPropertiesByCertificates
Methods inherited from class eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource
importAsTrusted
Methods inherited from class eu.europa.esig.dss.spi.x509.CommonCertificateSource
findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, getNumberOfEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface eu.europa.esig.dss.spi.x509.CertificateSource
findTokensFromCertRef, getByCertificateDigest, getBySignerIdentifier, getBySki, getEntities, isAllSelfSigned, isCertificateSourceEqual, isCertificateSourceEquivalent
Methods inherited from interface org.digidoc4j.TSLCertificateSource
addCertificate, getNumberOfTrustedPublicKeys
-
Constructor Details
-
LazyTslCertificateSource
- Parameters:
tslLoader
- TSL loader
-
-
Method Details
-
getSummary
public eu.europa.esig.dss.spi.tsl.TLValidationJobSummary getSummary()- Specified by:
getSummary
in interfaceTSLCertificateSource
- Overrides:
getSummary
in classeu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
-
getNumberOfCertificates
public int getNumberOfCertificates()Description copied from interface:TSLCertificateSource
This method returns the number of stored certificates in this source- Specified by:
getNumberOfCertificates
in interfaceTSLCertificateSource
- Overrides:
getNumberOfCertificates
in classeu.europa.esig.dss.spi.x509.CommonCertificateSource
- Returns:
- number of certificates in this instance
-
addCertificate
public eu.europa.esig.dss.model.x509.CertificateToken addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate) - Specified by:
addCertificate
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
addCertificate
in classeu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
-
isKnown
public boolean isKnown(eu.europa.esig.dss.model.x509.CertificateToken token) - Specified by:
isKnown
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
isKnown
in classeu.europa.esig.dss.spi.x509.CommonCertificateSource
-
getTrustServices
public List<eu.europa.esig.dss.spi.tsl.TrustProperties> getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token) Description copied from interface:TSLCertificateSource
Retrieves the list of trust properties for the gifen certificate token.- Specified by:
getTrustServices
in interfaceTSLCertificateSource
- Overrides:
getTrustServices
in classeu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
- Parameters:
token
-- Returns:
- all the Trust Properties associated with the certificate token.
-
getCertificateSourceType
public eu.europa.esig.dss.enumerations.CertificateSourceType getCertificateSourceType()- Specified by:
getCertificateSourceType
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
getCertificateSourceType
in classeu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource
-
addTSLCertificate
Description copied from interface:TSLCertificateSource
This method allows to define (to add) any certificate as trusted. Use with caution: the default Trust Service Provider settings used in this method may not correspond with the actual properties of this Trust Service, specified in the official European Commission Trust List. This method uses a set of default settings to add a CA service issuing Qualified Certificates to the library's trust store. ServiceName will be the certificate's CN field value
ServiceTypeIdentifier will be:
http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC - if certificate contains "OCSPSigning" extended key usage
http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST - if certificate contains "timeStamping" extended key usage http://uri.etsi.org/TrstSvc/Svctype/CA/QC - otherwise
Qualifier will be http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD with nonRepudiation
ServiceStatus will be:
Certificate's NotBefore pre Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision
Certificate's NotBefore post Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
CountryCode will be EU
TLInfo for EU will be added automatically when it does not exist- Specified by:
addTSLCertificate
in interfaceTSLCertificateSource
- Parameters:
certificate
- X509 certificate to be added to the list, a certificate you have to trust.
-
getBySubject
public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject) - Specified by:
getBySubject
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
getBySubject
in classeu.europa.esig.dss.spi.x509.CommonCertificateSource
-
getByPublicKey
- Specified by:
getByPublicKey
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
getByPublicKey
in classeu.europa.esig.dss.spi.x509.CommonCertificateSource
-
getCertificates
Description copied from interface:TSLCertificateSource
Retrieves the list of all certificate tokens from this source.- Specified by:
getCertificates
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Specified by:
getCertificates
in interfaceTSLCertificateSource
- Overrides:
getCertificates
in classeu.europa.esig.dss.spi.x509.CommonCertificateSource
- Returns:
- all the TSL certificates.
-
isTrusted
public boolean isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken) - Specified by:
isTrusted
in interfaceeu.europa.esig.dss.spi.x509.CertificateSource
- Overrides:
isTrusted
in classeu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource
-
invalidateCache
public void invalidateCache()Description copied from interface:TSLCertificateSource
Invalidates cache Only applicable when cache is used.- Specified by:
invalidateCache
in interfaceTSLCertificateSource
-
refresh
public void refresh()- Specified by:
refresh
in interfaceTSLCertificateSource
-
getLastCacheReloadingTime
-
getCacheExpirationTime
-
setCacheExpirationTime
-
getTslLoader
-