/** * This constructor allows to initialize the list of {@code BasicOCSPResp} from an {@code OfflineOCSPSource}. * * @param ocspSource * an offline ocsp source */ public ListOCSPSource(final OfflineOCSPSource ocspSource) { basicOCSPRespList = new ArrayList<BasicOCSPResp>(ocspSource.getContainedOCSPResponses()); }
/** * This method allows to add all {@code BasicOCSPResp} from one {@code OfflineOCSPSource} to this one. If the * {@code BasicOCSPResp} exists already within the current source * then it is ignored. * * @param offlineOCSPSource * the source to be added */ public void addAll(final OfflineOCSPSource offlineOCSPSource) { for (BasicOCSPResp basicOCSPResp : offlineOCSPSource.getContainedOCSPResponses()) { if (!basicOCSPRespList.contains(basicOCSPResp)) { basicOCSPRespList.add(basicOCSPResp); } } } }
/** * Constructor of the validator * @param signature Xades signature object */ public OcspNonceValidator(XAdESSignature signature) { this.signature = signature; ocspResponse = getLatestOcspResponse(signature.getOCSPSource().getContainedOCSPResponses()); }
@Override public List<BasicOCSPResp> getOcspResponses() { return getDssSignature().getOCSPSource().getContainedOCSPResponses(); }
private void addSigningTimeErrors() { XAdESSignature signature = this.getDssSignature(); List<TimestampToken> signatureTimestamps = signature.getSignatureTimestamps(); if (signatureTimestamps == null || signatureTimestamps.isEmpty()) { return; } Date timestamp = signatureTimestamps.get(0).getGenerationTime(); if (timestamp == null) { return; } List<BasicOCSPResp> ocspResponses = signature.getOCSPSource().getContainedOCSPResponses(); if (ocspResponses == null || ocspResponses.isEmpty()) { return; } Date ocspTime = ocspResponses.get(0).getProducedAt(); if (ocspTime == null) { return; } int deltaLimit = this.configuration.getRevocationAndTimestampDeltaInMinutes(); long differenceInMinutes = DateUtils.differenceInMinutes(timestamp, ocspTime); this.log.debug("Difference in minutes: <{}>", differenceInMinutes); if (!DateUtils.isInRangeMinutes(timestamp, ocspTime, deltaLimit)) { this.log.error("The difference between the OCSP response production time and the signature timestamp is too large <{} minutes>", differenceInMinutes); this.addValidationError(new TimestampAndOcspResponseTimeDeltaTooLargeException()); } else if (this.configuration.getAllowedTimestampAndOCSPResponseDeltaInMinutes() < differenceInMinutes && differenceInMinutes < deltaLimit) { this.log.warn("The difference (in minutes) between the OCSP response production time and the signature timestamp is in allowable range (<{}>, allowed maximum <{}>)", differenceInMinutes, deltaLimit); this.addValidationWarning(new DigiDoc4JException("The difference between the OCSP response time and the signature timestamp is in allowable range")); } }
@Override public final OCSPToken getRevocationToken(CertificateToken certificateToken, CertificateToken issuerCertificateToken) { final List<BasicOCSPResp> containedOCSPResponses = getContainedOCSPResponses(); if (Utils.isCollectionEmpty(containedOCSPResponses)) { return null;