Beispiel #1
0
        /**
         * Fetches the signature time-stamp attributes from a SignerInformation object.
         * Checks that the MessageImprint for each time-stamp matches the signature field.
         * (see RFC 3161 Appendix A).
         *
         * @param signerInfo a SignerInformation to search for time-stamps
         * @return a collection of TimeStampToken objects
         * @throws TSPValidationException
         */
        public static ICollection GetSignatureTimestamps(
            SignerInformation signerInfo)
        {
            IList timestamps = Platform.CreateArrayList();

            Asn1.Cms.AttributeTable unsignedAttrs = signerInfo.UnsignedAttributes;
            if (unsignedAttrs != null)
            {
                foreach (Asn1.Cms.Attribute tsAttr in unsignedAttrs.GetAll(
                             PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
                {
                    foreach (Asn1Encodable asn1 in tsAttr.AttrValues)
                    {
                        try
                        {
                            Asn1.Cms.ContentInfo contentInfo = Asn1.Cms.ContentInfo.GetInstance(
                                asn1.ToAsn1Object());
                            TimeStampToken     timeStampToken = new TimeStampToken(contentInfo);
                            TimeStampTokenInfo tstInfo        = timeStampToken.TimeStampInfo;

                            byte[] expectedDigest = DigestUtilities.CalculateDigest(
                                GetDigestAlgName(tstInfo.MessageImprintAlgOid),
                                signerInfo.GetSignature());

                            if (!Arrays.ConstantTimeAreEqual(expectedDigest, tstInfo.GetMessageImprintDigest()))
                            {
                                throw new TspValidationException("Incorrect digest in message imprint");
                            }

                            timestamps.Add(timeStampToken);
                        }
                        catch (SecurityUtilityException)
                        {
                            throw new TspValidationException("Unknown hash algorithm specified in timestamp");
                        }
                        catch (Exception)
                        {
                            throw new TspValidationException("Timestamp could not be parsed");
                        }
                    }
                }
            }

            return(timestamps);
        }
Beispiel #2
0
        public TimeStampToken(
            CmsSignedData signedData)
        {
            this.tsToken = signedData;

            if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
            {
                throw new TspValidationException("ContentInfo object not for a time stamp.");
            }

            ICollection signers = tsToken.GetSignerInfos().GetSigners();

            if (signers.Count != 1)
            {
                throw new ArgumentException("Time-stamp token signed by "
                                            + signers.Count
                                            + " signers, but it must contain just the TSA signature.");
            }


            IEnumerator signerEnum = signers.GetEnumerator();

            signerEnum.MoveNext();
            tsaSignerInfo = (SignerInformation)signerEnum.Current;

            try
            {
                CmsProcessable content = tsToken.SignedContent;
                MemoryStream   bOut    = new MemoryStream();

                content.Write(bOut);

                this.tstInfo = new TimeStampTokenInfo(
                    TstInfo.GetInstance(
                        Asn1Object.FromByteArray(bOut.ToArray())));

                Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
                    PkcsObjectIdentifiers.IdAASigningCertificate];

//				if (attr == null)
//				{
//					throw new TspValidationException(
//						"no signing certificate attribute found, time stamp invalid.");
//				}
//
//				SigningCertificate signCert = SigningCertificate.GetInstance(
//					attr.AttrValues[0]);
//
//				this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);

                if (attr != null)
                {
                    SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]);

                    this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0]));
                }
                else
                {
                    attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];

                    if (attr == null)
                    {
                        throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
                    }

                    SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);

                    this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0]));
                }
            }
            catch (CmsException e)
            {
                throw new TspException(e.Message, e.InnerException);
            }
        }