Package org.digidoc4j.impl.asic.tsl

Class LazyTslCertificateSource

java.lang.Object
org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource
All Implemented Interfaces:
eu.europa.esig.dss.model.tsl.TrustedCertificateSourceWithTime, eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource, eu.europa.esig.dss.spi.x509.CertificateSource, eu.europa.esig.dss.spi.x509.TrustedCertificateSource, Serializable, TSLCertificateSource
public class LazyTslCertificateSource extends Object implements TSLCertificateSource, eu.europa.esig.dss.spi.x509.TrustedCertificateSource, eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource
Lazily initialized certificate source. It allows to initialize objects and populate parameters where a certificate source is necessary, but is not yet accessed.

The goal is to postpone initialization and downloading of TSL until it is really needed to speed up processes. For example, it is not necessary to download TSL to open container and see signature parameters, but DSS library requires the presence of certificate source. TSL should be downloaded for validation and other functionality where it is really necessary to check the certificates.

To achieve that, a lazily initialized certificate source is used.

See Also:

  • Constructor Details

    • LazyTslCertificateSource

      public LazyTslCertificateSource(TslLoader tslLoader)
      Parameters:
      tslLoader - TSL loader

  • Method Details

    • addCertificate

      public eu.europa.esig.dss.model.x509.CertificateToken addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate)
      Specified by:
      addCertificate in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • addCertificate

      public void addCertificate(eu.europa.esig.dss.model.x509.CertificateToken certificate, List<eu.europa.esig.dss.model.tsl.TrustProperties> trustProperties)
      Description copied from interface: TSLCertificateSource
      This method allows to define (to add) any certificate as trusted. Service information is associated to this certificate.
      Specified by:
      addCertificate in interface TSLCertificateSource
      Parameters:
      certificate - the certificate you have to trust
      trustProperties - list of the service information associated to the service

    • addTSLCertificate

      public void addTSLCertificate(X509Certificate certificate)
      Description copied from interface: TSLCertificateSource
      This method allows to define (to add) any certificate as trusted.

      Use with caution: the default Trust Service Provider settings used in this method may not correspond with the actual properties of this Trust Service, specified in the official European Commission Trust List.

      This method uses a set of default settings to add a CA service issuing Qualified Certificates to the library's trust store.

      ServiceName will be the certificate's CN field value
      ServiceTypeIdentifier will be:
      http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC - if certificate contains "OCSPSigning" extended key usage
      http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST - if certificate contains "timeStamping" extended key usage http://uri.etsi.org/TrstSvc/Svctype/CA/QC - otherwise
      Qualifier will be http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD with nonRepudiation
      ServiceStatus will be:
      Certificate's NotBefore pre Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision
      Certificate's NotBefore post Eidas -> http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
      CountryCode will be EU
      TLInfo for EU will be added automatically when it does not exist

      Specified by:
      addTSLCertificate in interface TSLCertificateSource
      Parameters:
      certificate - X509 certificate to be added to the list, a certificate you have to trust.

    • findTokensFromCertRef

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> findTokensFromCertRef(eu.europa.esig.dss.spi.x509.CertificateRef certificateRef)
      Specified by:
      findTokensFromCertRef in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getAlternativeOCSPUrls

      public List<String> getAlternativeOCSPUrls(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Description copied from interface: TSLCertificateSource
      Returns a list of alternative OCSP access point Urls for certificates issued by the current trust anchor
      Specified by:
      getAlternativeOCSPUrls in interface eu.europa.esig.dss.spi.x509.TrustedCertificateSource
      Specified by:
      getAlternativeOCSPUrls in interface TSLCertificateSource
      Parameters:
      certificateToken - CertificateToken
      Returns:
      a list of Strings

    • getAlternativeCRLUrls

      public List<String> getAlternativeCRLUrls(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Description copied from interface: TSLCertificateSource
      Returns a list of alternative CRL access point Urls for certificates issued by the current trust anchor
      Specified by:
      getAlternativeCRLUrls in interface eu.europa.esig.dss.spi.x509.TrustedCertificateSource
      Specified by:
      getAlternativeCRLUrls in interface TSLCertificateSource
      Parameters:
      certificateToken - CertificateToken
      Returns:
      a list of Strings

    • getByEntityKey

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getByEntityKey(eu.europa.esig.dss.model.identifier.EntityIdentifier entityIdentifier)
      Specified by:
      getByEntityKey in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getByCertificateDigest

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getByCertificateDigest(eu.europa.esig.dss.model.Digest digest)
      Specified by:
      getByCertificateDigest in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getByPublicKey

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getByPublicKey(PublicKey publicKey)
      Specified by:
      getByPublicKey in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getBySignerIdentifier

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySignerIdentifier(eu.europa.esig.dss.spi.x509.SignerIdentifier signerIdentifier)
      Specified by:
      getBySignerIdentifier in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getBySki

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySki(byte[] bytes)
      Specified by:
      getBySki in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getBySubject

      public Set<eu.europa.esig.dss.model.x509.CertificateToken> getBySubject(eu.europa.esig.dss.model.x509.X500PrincipalHelper subject)
      Specified by:
      getBySubject in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getCertificates

      public List<eu.europa.esig.dss.model.x509.CertificateToken> getCertificates()
      Description copied from interface: TSLCertificateSource
      Retrieves the list of all certificate tokens from this source.
      Specified by:
      getCertificates in interface eu.europa.esig.dss.spi.x509.CertificateSource
      Specified by:
      getCertificates in interface TSLCertificateSource
      Returns:
      all the TSL certificates.

    • getCertificateSourceType

      public eu.europa.esig.dss.enumerations.CertificateSourceType getCertificateSourceType()
      Specified by:
      getCertificateSourceType in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getEntities

      public List<eu.europa.esig.dss.spi.x509.CertificateSourceEntity> getEntities()
      Specified by:
      getEntities in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • getNumberOfCertificates

      public int getNumberOfCertificates()
      Description copied from interface: TSLCertificateSource
      This method returns the number of stored certificates in this source
      Specified by:
      getNumberOfCertificates in interface TSLCertificateSource
      Returns:
      number of certificates in this instance

    • getNumberOfTrustedEntityKeys

      public int getNumberOfTrustedEntityKeys()
      Description copied from interface: TSLCertificateSource
      Gets the number of trusted entity keys (public key + subject name)
      Specified by:
      getNumberOfTrustedEntityKeys in interface TSLCertificateSource
      Returns:
      the number of trusted entity keys (public key + subject name)

    • getSummary

      public eu.europa.esig.dss.model.tsl.TLValidationJobSummary getSummary()
      Description copied from interface: TSLCertificateSource
      Gets TL Validation job summary
      Specified by:
      getSummary in interface eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource
      Specified by:
      getSummary in interface TSLCertificateSource
      Returns:
      TLValidationJobSummary

    • getTrustServices

      public List<eu.europa.esig.dss.model.tsl.TrustProperties> getTrustServices(eu.europa.esig.dss.model.x509.CertificateToken token)
      Description copied from interface: TSLCertificateSource
      Retrieves the list of trust properties for the gifen certificate token.
      Specified by:
      getTrustServices in interface eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource
      Specified by:
      getTrustServices in interface TSLCertificateSource
      Parameters:
      token -
      Returns:
      all the Trust Properties associated with the certificate token.

    • getTrustTime

      public eu.europa.esig.dss.model.tsl.CertificateTrustTime getTrustTime(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Description copied from interface: TSLCertificateSource
      Returns trust time period for the given certificate, when the certificate is considered as a trust anchor. For an unbounded period of trust time, returns a CertificateTrustTime with empty values. When the certificate is not trusted at any time, returns not trusted CertificateTrustTime entry.
      Specified by:
      getTrustTime in interface eu.europa.esig.dss.model.tsl.TrustedCertificateSourceWithTime
      Specified by:
      getTrustTime in interface TSLCertificateSource
      Parameters:
      certificateToken - CertificateToken
      Returns:
      CertificateTrustTime

    • isAllSelfSigned

      public boolean isAllSelfSigned()
      Specified by:
      isAllSelfSigned in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • isCertificateSourceEqual

      public boolean isCertificateSourceEqual(eu.europa.esig.dss.spi.x509.CertificateSource certificateSource)
      Specified by:
      isCertificateSourceEqual in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • isCertificateSourceEquivalent

      public boolean isCertificateSourceEquivalent(eu.europa.esig.dss.spi.x509.CertificateSource certificateSource)
      Specified by:
      isCertificateSourceEquivalent in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • isKnown

      public boolean isKnown(eu.europa.esig.dss.model.x509.CertificateToken token)
      Specified by:
      isKnown in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • isTrusted

      public boolean isTrusted(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Specified by:
      isTrusted in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • isTrustedAtTime

      public boolean isTrustedAtTime(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, Date date)
      Specified by:
      isTrustedAtTime in interface eu.europa.esig.dss.spi.x509.CertificateSource

    • invalidateCache

      public void invalidateCache()
      Description copied from interface: TSLCertificateSource
      Invalidates cache Only applicable when cache is used.
      Specified by:
      invalidateCache in interface TSLCertificateSource

    • refresh

      public void refresh()
      Specified by:
      refresh in interface TSLCertificateSource

    • setSummary

      public void setSummary(eu.europa.esig.dss.model.tsl.TLValidationJobSummary tlValidationJobSummary)
      Specified by:
      setSummary in interface eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource

    • setTrustPropertiesByCertificates

      public void setTrustPropertiesByCertificates(Map<eu.europa.esig.dss.model.x509.CertificateToken,List<eu.europa.esig.dss.model.tsl.TrustProperties>> map)
      Specified by:
      setTrustPropertiesByCertificates in interface eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource

    • setTrustTimeByCertificates

      public void setTrustTimeByCertificates(Map<eu.europa.esig.dss.model.x509.CertificateToken,List<eu.europa.esig.dss.model.tsl.CertificateTrustTime>> map)
      Specified by:
      setTrustTimeByCertificates in interface eu.europa.esig.dss.model.tsl.TrustPropertiesCertificateSource

    • getLastCacheReloadingTime

      public Long getLastCacheReloadingTime()

    • getCacheExpirationTime

      public Long getCacheExpirationTime()

    • setCacheExpirationTime

      public void setCacheExpirationTime(Long cacheExpirationTime)

    • getTslLoader

      public TslLoader getTslLoader()