You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2021/01/24 08:47:01 UTC

svn commit: r1885871 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java

Author: tilman
Date: Sun Jan 24 08:47:01 2021
New Revision: 1885871

URL: http://svn.apache.org/viewvc?rev=1885871&view=rev
Log:
PDFBOX-5070: add method that returns TSA certificate

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java?rev=1885871&r1=1885870&r2=1885871&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java Sun Jan 24 08:47:01 2021
@@ -17,6 +17,9 @@
 package org.apache.pdfbox.examples.signature;
 
 import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
@@ -347,4 +350,38 @@ public class SigUtils
         // https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers
         // ( getRootCertificates() is not helpful because these are SSL certificates)
     }
+
+    /**
+     * Get certificate of a TSA.
+     * 
+     * @param tsaUrl URL
+     * @return the X.509 certificate.
+     *
+     * @throws GeneralSecurityException
+     * @throws IOException 
+     */
+    public static X509Certificate getTsaCertificate(String tsaUrl)
+            throws GeneralSecurityException, IOException
+    {
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        TSAClient tsaClient = new TSAClient(new URL(tsaUrl), null, null, digest);
+        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new byte[0]);
+        return getCertificateFromTimeStampToken(timeStampToken);
+    }
+
+    /**
+     * Extract X.509 certificate from a timestamp
+     * @param timeStampToken
+     * @return the X.509 certificate.
+     * @throws CertificateException 
+     */
+    public static X509Certificate getCertificateFromTimeStampToken(TimeStampToken timeStampToken)
+            throws CertificateException
+    {
+        @SuppressWarnings("unchecked") // TimeStampToken.getSID() is untyped
+        Collection<X509CertificateHolder> tstMatches =
+                timeStampToken.getCertificates().getMatches(timeStampToken.getSID());
+        X509CertificateHolder tstCertHolder = tstMatches.iterator().next();
+        return new JcaX509CertificateConverter().getCertificate(tstCertHolder);
+    }
 }