Package eu.europa.esig.dss.spi.x509.tsp

Class KeyEntityTSPSource

java.lang.Object

eu.europa.esig.dss.spi.x509.tsp.KeyEntityTSPSource

All Implemented Interfaces:

TSPSource, Serializable

Direct Known Subclasses:

PKITSPSource

public class KeyEntityTSPSource
extends Object
implements TSPSource

TSPSource implementation allowing to configure issuance of a time-stamp using a local KeyStore

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
protected Date	productionTime	The static production date of the timestamp

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	KeyEntityTSPSource()	Default constructor instantiating empty configuration of the KeyEntityTSPSource
	KeyEntityTSPSource(byte[] ksContent, String ksType, char[] ksPassword, String alias, char[] keyEntryPassword)	Constructor instantiating the key store content and key entry data
	KeyEntityTSPSource(File ksFile, String ksType, char[] ksPassword, String alias, char[] keyEntryPassword)	Constructor instantiating the key store File and key entry data
	KeyEntityTSPSource(InputStream ksIs, String ksType, char[] ksPassword, String alias, char[] keyEntryPassword)	Constructor instantiating the key store InputStream and key entry data
	KeyEntityTSPSource(String ksPath, String ksType, char[] ksPassword, String alias, char[] keyEntryPassword)	Constructor instantiating the key store path location and key entry data
	KeyEntityTSPSource(KeyStore keyStore, String alias, char[] keyEntryPassword)	Constructor instantiating the key store and key entry data
	KeyEntityTSPSource(PrivateKey privateKey, CertificateToken certificateToken, List<CertificateToken> certificateChain)	Constructor to instantiate KeyEntityTSPSource with the given PrivateKey and the corresponding certificateToken and certificateChain
	KeyEntityTSPSource(PrivateKey privateKey, X509Certificate certificate, List<X509Certificate> certificateChain)	Constructor to instantiate KeyEntityTSPSource with the given PrivateKey and the corresponding certificate and certificateChain

Method Summary

Modifier and Type	Method	Description
protected org.bouncycastle.tsp.TimeStampResponse	buildResponse(org.bouncycastle.tsp.TimeStampResponseGenerator responseGenerator, org.bouncycastle.tsp.TimeStampRequest request, BigInteger timeStampSerialNumber, Date productionTime)	Generates a time-stamp response
protected org.bouncycastle.tsp.TimeStampRequest	createRequest(DigestAlgorithm digestAlgorithm, byte[] digest)	Creates a request for a time-stamp token generation
protected org.bouncycastle.tsp.TimeStampResponse	generateResponse(org.bouncycastle.tsp.TimeStampRequest request, DigestAlgorithm digestAlgorithm)	This method generates a timestamp response
protected Date	getProductionTime()	Gets the production time of the time-stamp
protected SignatureAlgorithm	getSignatureAlgorithm()	Returns the target signature algorithm to be used to time-stamp generation
protected org.bouncycastle.cms.CMSAttributeTableGenerator	getSignedAttributeGenerator(Date getTime)	Returns generator for signed attributes of a time-stamp
protected TimestampBinary	getTimestampBinary(org.bouncycastle.tsp.TimeStampResponse response)	Returns time-stamp binary from the obtained response
TimestampBinary	getTimeStampResponse(DigestAlgorithm digestAlgorithm, byte[] digest)	Gets a TimeStampResponse relevant to the provided digest
protected BigInteger	getTimeStampSerialNumber()	Generates a serial number of the produced timestamp token
protected org.bouncycastle.tsp.TimeStampResponseGenerator	initResponseGenerator(DigestAlgorithm digestAlgorithm, Date getTime)	This method initializes the TimeStampResponseGenerator
void	setAcceptedDigestAlgorithms(Collection<DigestAlgorithm> digestAlgorithms)	Sets a collection of digest algorithms to be accepted within timestamp request Default: SHA-224, SHA-256, SHA-384, SHA-512
void	setCertificate(X509Certificate certificate)	Sets a time-stamp issuer certificate
void	setCertificateChain(List<X509Certificate> certificateChain)	Sets a certificate chain to be embedded within the time-stamp token
void	setDigestAlgorithm(DigestAlgorithm digestAlgorithm)	Sets the digest algorithm of the signature of the generated time-stamp token Default: DigestAlgorithm.SHA256
void	setEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm)	Sets the encryption algorithm to be used on time-stamp's signature generation.
void	setMaskGenerationFunction(MaskGenerationFunction maskGenerationFunction)	Deprecated. since DSS 6.1.
void	setPrivateKey(PrivateKey privateKey)	Sets the private key used to sign the time-stamp token
void	setProductionTime(Date productionTime)	Sets a production time of the timestamp.
void	setTsaPolicy(String tsaPolicy)	Sets the TSA policy NOTE: The property is mandatory for TimeStampToken generation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

productionTime

protected Date productionTime

The static production date of the timestamp

Constructor Details

KeyEntityTSPSource

protected KeyEntityTSPSource()

Default constructor instantiating empty configuration of the KeyEntityTSPSource

KeyEntityTSPSource

public KeyEntityTSPSource(byte[] ksContent,
 String ksType,
 char[] ksPassword,
 String alias,
 char[] keyEntryPassword)

Constructor instantiating the key store content and key entry data

Parameters:

ksContent - byte array representing the key store content

ksType - String representing the type of the key store

ksPassword - char array representing a password from the key store

alias - String alias of the key entry to be used for timestamp signing

keyEntryPassword - char array representing a password from the key entry

KeyEntityTSPSource

public KeyEntityTSPSource(String ksPath,
 String ksType,
 char[] ksPassword,
 String alias,
 char[] keyEntryPassword)
                   throws IOException

Constructor instantiating the key store path location and key entry data

Parameters:

ksPath - String representing the path to the key store

ksType - String representing the type of the key store

ksPassword - char array representing a password from the key store

alias - String alias of the key entry to be used for timestamp signing

keyEntryPassword - char array representing a password from the key entry

Throws:

IOException - if not able to load the key store file

KeyEntityTSPSource

public KeyEntityTSPSource(File ksFile,
 String ksType,
 char[] ksPassword,
 String alias,
 char[] keyEntryPassword)
                   throws IOException

Constructor instantiating the key store File and key entry data

Parameters:

ksFile - File key store file

ksType - String representing the type of the key store

ksPassword - char array representing a password from the key store

alias - String alias of the key entry to be used for timestamp signing

keyEntryPassword - char array representing a password from the key entry

Throws:

IOException - if not able to load the key store file

KeyEntityTSPSource

public KeyEntityTSPSource(InputStream ksIs,
 String ksType,
 char[] ksPassword,
 String alias,
 char[] keyEntryPassword)

Constructor instantiating the key store InputStream and key entry data

Parameters:

ksIs - InputStream representing the key store content

ksType - String representing the type of the key store

ksPassword - char array representing a password from the key store

alias - String alias of the key entry to be used for timestamp signing

keyEntryPassword - char array representing a password from the key entry

KeyEntityTSPSource

public KeyEntityTSPSource(KeyStore keyStore,
 String alias,
 char[] keyEntryPassword)

Constructor instantiating the key store and key entry data

Parameters:

keyStore - KeyStore

alias - String alias of the key entry to be used for timestamp signing

keyEntryPassword - char array representing a password from the key entry

KeyEntityTSPSource

public KeyEntityTSPSource(PrivateKey privateKey,
 CertificateToken certificateToken,
 List<CertificateToken> certificateChain)

Constructor to instantiate KeyEntityTSPSource with the given PrivateKey and the corresponding certificateToken and certificateChain

Parameters:

privateKey - PrivateKey representing a key t be used to sing the time-stamp token

certificateToken - CertificateToken representing a time-stamp issuer certificate associated with the privateKey

certificateChain - a list of CertificateTokens representing a certificate chain for certificateToken to be added within the time-stamp

KeyEntityTSPSource

public KeyEntityTSPSource(PrivateKey privateKey,
 X509Certificate certificate,
 List<X509Certificate> certificateChain)

Constructor to instantiate KeyEntityTSPSource with the given PrivateKey and the corresponding certificate and certificateChain

Parameters:

privateKey - PrivateKey representing a key t be used to sing the time-stamp token

certificate - X509Certificate representing a time-stamp issuer certificate associated with the privateKey

certificateChain - a list of X509Certificates representing a certificate chain for certificateToken to be added within the time-stamp

Method Details

setPrivateKey

public void setPrivateKey(PrivateKey privateKey)

Sets the private key used to sign the time-stamp token

Parameters:

privateKey - PrivateKey

setCertificate

public void setCertificate(X509Certificate certificate)

Sets a time-stamp issuer certificate

Parameters:

certificate - X509Certificate

setCertificateChain

public void setCertificateChain(List<X509Certificate> certificateChain)

Sets a certificate chain to be embedded within the time-stamp token

Parameters:

certificateChain - a list of CertificateTokens

setTsaPolicy

public void setTsaPolicy(String tsaPolicy)

Sets the TSA policy NOTE: The property is mandatory for TimeStampToken generation.

Parameters:

tsaPolicy - String

setAcceptedDigestAlgorithms

public void setAcceptedDigestAlgorithms(Collection<DigestAlgorithm> digestAlgorithms)

Sets a collection of digest algorithms to be accepted within timestamp request Default: SHA-224, SHA-256, SHA-384, SHA-512

Parameters:

digestAlgorithms - a collection of DigestAlgorithms

getProductionTime

protected Date getProductionTime()

Gets the production time of the time-stamp

Returns:

Date

setProductionTime

public void setProductionTime(Date productionTime)

Sets a production time of the timestamp. NOTE: if not defined, the current time will be used.

Parameters:

productionTime - Date

setDigestAlgorithm

public void setDigestAlgorithm(DigestAlgorithm digestAlgorithm)

Sets the digest algorithm of the signature of the generated time-stamp token Default: DigestAlgorithm.SHA256

Parameters:

digestAlgorithm - DigestAlgorithm

setEncryptionAlgorithm

public void setEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm)

Sets the encryption algorithm to be used on time-stamp's signature generation. NOTE: the encryptionAlgorithm, when defined, shall be compatible with the encryption algorithm used by the target key!

Parameters:

encryptionAlgorithm - EncryptionAlgorithm

setMaskGenerationFunction

@Deprecated
public void setMaskGenerationFunction(MaskGenerationFunction maskGenerationFunction)

Deprecated.

since DSS 6.1. Please use setEncryptionAlgorithm method to specify RSA (none MGF) or RSASSA-PSS (MGF1) algorithm

Sets the mask generation function to be applied on a time-stamp signing. NOTE: the mask generation function should be compatible with the given encryption algorithm!

Parameters:

maskGenerationFunction - MaskGenerationFunction

getTimeStampResponse

public TimestampBinary getTimeStampResponse(DigestAlgorithm digestAlgorithm,
 byte[] digest)

Description copied from interface: TSPSource

Gets a TimeStampResponse relevant to the provided digest

Specified by:

getTimeStampResponse in interface TSPSource

Parameters:

digestAlgorithm - the used digest algorithm

digest - the computed digest to be timestamped

Returns:

TimestampBinary binary of a signed timestamp token

createRequest

protected org.bouncycastle.tsp.TimeStampRequest createRequest(DigestAlgorithm digestAlgorithm,
 byte[] digest)

Creates a request for a time-stamp token generation

Parameters:

digestAlgorithm - DigestAlgorithm to be used to compute hash to be time-stamped

digest - byte array representing hash to be time-stamped

Returns:

TimeStampRequest

getSignatureAlgorithm

protected SignatureAlgorithm getSignatureAlgorithm()

Returns the target signature algorithm to be used to time-stamp generation

Returns:

String signature algorithm name

generateResponse

protected org.bouncycastle.tsp.TimeStampResponse generateResponse(org.bouncycastle.tsp.TimeStampRequest request,
 DigestAlgorithm digestAlgorithm)
                                                           throws org.bouncycastle.tsp.TSPException

This method generates a timestamp response

Parameters:

request - TimeStampRequest

digestAlgorithm - DigestAlgorithm used to generate the time-stamp

Returns:

TimeStampResponse

Throws:

org.bouncycastle.tsp.TSPException - if an error occurs during the timestamp response generation

initResponseGenerator

protected org.bouncycastle.tsp.TimeStampResponseGenerator initResponseGenerator(DigestAlgorithm digestAlgorithm,
 Date getTime)

This method initializes the TimeStampResponseGenerator

Parameters:

digestAlgorithm - DigestAlgorithm used to generate the message-imprint

getTime - Date production time of the time-stamp

Returns:

TimeStampResponseGenerator

getSignedAttributeGenerator

protected org.bouncycastle.cms.CMSAttributeTableGenerator getSignedAttributeGenerator(Date getTime)

Returns generator for signed attributes of a time-stamp

Parameters:

getTime - Date production time of the time-stamp

Returns:

CMSAttributeTableGenerator

buildResponse

protected org.bouncycastle.tsp.TimeStampResponse buildResponse(org.bouncycastle.tsp.TimeStampResponseGenerator responseGenerator,
 org.bouncycastle.tsp.TimeStampRequest request,
 BigInteger timeStampSerialNumber,
 Date productionTime)
                                                        throws org.bouncycastle.tsp.TSPException

Generates a time-stamp response

Parameters:

responseGenerator - TimeStampResponseGenerator

request - TimeStampRequest

timeStampSerialNumber - BigInteger

productionTime - Date representing a time-stamp's generation time

Returns:

TimeStampResponse

Throws:

org.bouncycastle.tsp.TSPException - if an error occurs on time-stamp generation

getTimeStampSerialNumber

protected BigInteger getTimeStampSerialNumber()

Generates a serial number of the produced timestamp token

Returns:

BigInteger serial number

getTimestampBinary

protected TimestampBinary getTimestampBinary(org.bouncycastle.tsp.TimeStampResponse response)
                                      throws IOException

Returns time-stamp binary from the obtained response

Parameters:

response - TimeStampResponse

Returns:

TimestampBinary

Throws:

IOException - if en error occurs on time-stamp binaries extraction