org.apache.poi.poifs.crypt.dsig.services

Class TSPTimeStampService

java.lang.Object

org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService

All Implemented Interfaces:

TimeStampService

public class TSPTimeStampService
extends Object
implements TimeStampService

A TSP time-stamp service implementation.

Constructor Summary

Constructors

Constructor and Description
TSPTimeStampService()

Method Summary

Modifier and Type	Method and Description
protected SignatureConfig.CRLEntry	downloadCRL(SignatureConfig signatureConfig, String url) Convenience method to download a crl in an unsafe way, i.e.
org.bouncycastle.asn1.ASN1ObjectIdentifier	mapDigestAlgoToOID(HashAlgorithm digestAlgo) Maps the digest algorithm to corresponding OID value.
protected boolean	matchCRLbyCN(SignatureConfig.CRLEntry other, X509Certificate holder, String url)
protected boolean	matchCRLbyUrl(SignatureConfig.CRLEntry other, X509Certificate holder, String url)
protected List<byte[]>	retrieveCRL(SignatureConfig signatureConfig, X509Certificate holder) Check if CRL is to be added, check cached CRLs in config and download if necessary.
byte[]	timeStamp(SignatureInfo signatureInfo, byte[] data, RevocationData revocationData) Gives back the encoded time-stamp token for the given array of data bytes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TSPTimeStampService

public TSPTimeStampService()

Method Detail

mapDigestAlgoToOID

public org.bouncycastle.asn1.ASN1ObjectIdentifier mapDigestAlgoToOID(HashAlgorithm digestAlgo)

Maps the digest algorithm to corresponding OID value.

timeStamp

public byte[] timeStamp(SignatureInfo signatureInfo,
                        byte[] data,
                        RevocationData revocationData)
                 throws Exception

Description copied from interface: TimeStampService

Gives back the encoded time-stamp token for the given array of data bytes. We assume that the time-stamp token itself contains its full certificate chain required for proper validation.

Specified by:

timeStamp in interface TimeStampService

data - the data to be time-stamped.

revocationData - the optional container that needs to be filled up with the revocation data used to validate the TSA certificate chain.

Returns:

the DER encoded time-stamp token.

Throws:

Exception - in case something went wrong.

retrieveCRL

protected List<byte[]> retrieveCRL(SignatureConfig signatureConfig,
                                   X509Certificate holder)
                            throws IOException

Check if CRL is to be added, check cached CRLs in config and download if necessary. Can be overridden to suppress the logic

Returns:

empty list, if not found or suppressed, otherwise the list of CRLs as encoded bytes

Throws:

IOException

matchCRLbyUrl

protected boolean matchCRLbyUrl(SignatureConfig.CRLEntry other,
                                X509Certificate holder,
                                String url)

matchCRLbyCN

protected boolean matchCRLbyCN(SignatureConfig.CRLEntry other,
                               X509Certificate holder,
                               String url)

downloadCRL

protected SignatureConfig.CRLEntry downloadCRL(SignatureConfig signatureConfig,
                                               String url)

Convenience method to download a crl in an unsafe way, i.e. without verifying the https certificates. Please provide your own method, if you have imported the TSP server CA certificates in your local keystore

Returns:

the bytes of the CRL or null if unsuccessful / download is suppressed