You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2021/01/24 08:47:01 UTC
svn commit: r1885871 -
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
Author: tilman
Date: Sun Jan 24 08:47:01 2021
New Revision: 1885871
URL: http://svn.apache.org/viewvc?rev=1885871&view=rev
Log:
PDFBOX-5070: add method that returns TSA certificate
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java?rev=1885871&r1=1885870&r2=1885871&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java Sun Jan 24 08:47:01 2021
@@ -17,6 +17,9 @@
package org.apache.pdfbox.examples.signature;
import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
@@ -347,4 +350,38 @@ public class SigUtils
// https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers
// ( getRootCertificates() is not helpful because these are SSL certificates)
}
+
+ /**
+ * Get certificate of a TSA.
+ *
+ * @param tsaUrl URL
+ * @return the X.509 certificate.
+ *
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static X509Certificate getTsaCertificate(String tsaUrl)
+ throws GeneralSecurityException, IOException
+ {
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ TSAClient tsaClient = new TSAClient(new URL(tsaUrl), null, null, digest);
+ TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new byte[0]);
+ return getCertificateFromTimeStampToken(timeStampToken);
+ }
+
+ /**
+ * Extract X.509 certificate from a timestamp
+ * @param timeStampToken
+ * @return the X.509 certificate.
+ * @throws CertificateException
+ */
+ public static X509Certificate getCertificateFromTimeStampToken(TimeStampToken timeStampToken)
+ throws CertificateException
+ {
+ @SuppressWarnings("unchecked") // TimeStampToken.getSID() is untyped
+ Collection<X509CertificateHolder> tstMatches =
+ timeStampToken.getCertificates().getMatches(timeStampToken.getSID());
+ X509CertificateHolder tstCertHolder = tstMatches.iterator().next();
+ return new JcaX509CertificateConverter().getCertificate(tstCertHolder);
+ }
}