Filter chains used in Nexus Timestamp Server
This article includes updates for Nexus Timestamp Server 2.3.0.
This article describes how to define filter chains in a timestamp service in Nexus Timestamp Server.
Each filter implements one step of the whole process of building the timestamp response. Filters are grouped into filter chains which are executed in sequence.
The primary advantage of the filter architecture is the flexible configuration it enables.
A filter chain can be configured from existing filters.
Custom functionality can be added by developing new filters.
The list of filters in the filter chain shall be executed in the order they appear in the configuration. If a filter is added to the chain it must be defined in the configuration.
Define filter chain
Open the service.properties configuration file.
Set the applicable parameters, described in this table:
Name of parameter | Description |
---|---|
name | A unique name of the filter chain. |
filters | A comma separated list of filter names defined for this timestamp service. |
Write filter chains in sections using <
N
>, where <N
> is the number of the chain. See an example below.
Example: Filter chain
[chain.0]
name=Timestamp
filters=GeneralizedTime, MessageImprint, Serialnumber,
SetTSAName, TSAPolicy, CertificateVerifier,
CrlValidator, TSTInfo, TimestampToken,
TimestampResponse
Order of filters
The order of the filters is important. To create a correct timestamp response, place the following filters in the end of the filter chain and in this order:
TSTInfo
TimestampToken
TimestampResponse
The only exception is when the timestamps should be stored in an external database, then a StorageFilter must be the very last one (in the examples named StoreTimestampResponse). See the example below.
Example: Order of filters for Timestamp
[chain.0]
name=Timestamp
filters=GeneralizedTime, Accuracy, Extensions, MessageImprint, Nonce, Ordering, Serialnumber, SetTSAName, TSAPolicy,
TSTInfo, TimestampToken, TimestampResponse, StoreTimestampResponse
Example: Order of filters for Authenticode timestamp
[chain.1]
name=Authenticode
filters=GeneralizedTime, Accuracy, SetTSAName, AcTimestampToken, TimestampResponse