Package se.swedenconnect.sigval.commons.timestamp.impl

Class BasicTimstampPolicyVerifier

java.lang.Object

se.swedenconnect.sigval.commons.timestamp.impl.BasicTimstampPolicyVerifier

All Implemented Interfaces:

TimeStampPolicyVerifier

public class BasicTimstampPolicyVerifier
extends Object
implements TimeStampPolicyVerifier

Validates a timestamp according to a defined policy, determined by the certificate chain validator.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
protected se.idsec.signservice.security.certificate.CertificateValidator	certificateChainVerifier	Verifier for certificate chains used to sign a timestamp

Constructor Summary

Constructors

Constructor	Description
BasicTimstampPolicyVerifier(se.idsec.signservice.security.certificate.CertificateValidator certificateChainVerifier)	Constructor
BasicTimstampPolicyVerifier(se.idsec.signservice.security.certificate.CertificateValidator certificateChainVerifier, String policy)	Constructor

Method Summary

Modifier and Type	Method	Description
TimeStampPolicyVerificationResult	verifyTsPolicy(byte[] pdfSigBytes, org.bouncycastle.asn1.tsp.TSTInfo tstInfo, X509Certificate sigCert, List<X509Certificate> certList)	Verify a timestamp according to a defined policy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

certificateChainVerifier

protected se.idsec.signservice.security.certificate.CertificateValidator certificateChainVerifier

Verifier for certificate chains used to sign a timestamp

Constructor Details

BasicTimstampPolicyVerifier

public BasicTimstampPolicyVerifier(se.idsec.signservice.security.certificate.CertificateValidator certificateChainVerifier)

Constructor

Parameters:

certificateChainVerifier - Certificate chain verifier for this validator. This chain verifier MUST perform PKIX path validation with revocation checking.

BasicTimstampPolicyVerifier

public BasicTimstampPolicyVerifier(se.idsec.signservice.security.certificate.CertificateValidator certificateChainVerifier,
 String policy)

Constructor

Parameters:

certificateChainVerifier - Certificate chain verifier for this validator

policy - policy declared as a result of passing or failing this validator tests

Method Details

verifyTsPolicy

public TimeStampPolicyVerificationResult verifyTsPolicy(byte[] pdfSigBytes,
 org.bouncycastle.asn1.tsp.TSTInfo tstInfo,
 X509Certificate sigCert,
 List<X509Certificate> certList)

Verify a timestamp according to a defined policy

Specified by:

verifyTsPolicy in interface TimeStampPolicyVerifier

Parameters:

pdfSigBytes - the bytes of the PDF signature holding the timestamp

tstInfo - TSTInfo of the timestamp

sigCert - the certificate used to sign the time stamp

certList - a list of certificate supporting validation of the signing certificate

Returns:

TimeStampPolicyVerificationResult verification result