/**
* Check this response against to see if it a well formed response for
* the passed in request. Validation will include checking the time stamp
* token if the response status is GRANTED or GRANTED_WITH_MODS.
*
* @param request the request to be checked against
* @throws TspException if the request can not match this response.
*/
public void Validate(
TimeStampRequest request)
{
TimeStampToken tok = this.TimeStampToken;
if (tok != null)
{
TimeStampTokenInfo tstInfo = tok.TimeStampInfo;
if (request.Nonce != null && !request.Nonce.Equals(tstInfo.Nonce))
{
throw new TspValidationException("response contains wrong nonce value.");
}
if (this.Status != (int)PkiStatus.Granted && this.Status != (int)PkiStatus.GrantedWithMods)
{
throw new TspValidationException("time stamp token found in failed request.");
}
if (!Arrays.ConstantTimeAreEqual(request.GetMessageImprintDigest(), tstInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("response for different message imprint digest.");
}
if (!tstInfo.MessageImprintAlgOid.Equals(request.MessageImprintAlgOid))
{
throw new TspValidationException("response for different message imprint algorithm.");
}
Asn1.Cms.Attribute scV1 = tok.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
Asn1.Cms.Attribute scV2 = tok.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (scV1 == null && scV2 == null)
{
throw new TspValidationException("no signing certificate attribute present.");
}
if (scV1 != null && scV2 != null)
{
/*
* RFC 5035 5.4. If both attributes exist in a single message,
* they are independently evaluated.
*/
}
if (request.ReqPolicy != null && !request.ReqPolicy.Equals(tstInfo.Policy))
{
throw new TspValidationException("TSA policy wrong for request.");
}
}
else if (this.Status == (int)PkiStatus.Granted || this.Status == (int)PkiStatus.GrantedWithMods)
{
throw new TspValidationException("no time stamp token found and one expected.");
}
}
/**
* Fetches the signature time-stamp attributes from a SignerInformation object.
* Checks that the MessageImprint for each time-stamp matches the signature field.
* (see RFC 3161 Appendix A).
*
* @param signerInfo a SignerInformation to search for time-stamps
* @return a collection of TimeStampToken objects
* @throws TSPValidationException
*/
public static ICollection GetSignatureTimestamps(
SignerInformation signerInfo)
{
IList timestamps = Platform.CreateArrayList();
Asn1.Cms.AttributeTable unsignedAttrs = signerInfo.UnsignedAttributes;
if (unsignedAttrs != null)
{
foreach (Asn1.Cms.Attribute tsAttr in unsignedAttrs.GetAll(
PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
{
foreach (Asn1Encodable asn1 in tsAttr.AttrValues)
{
try
{
Asn1.Cms.ContentInfo contentInfo = Asn1.Cms.ContentInfo.GetInstance(
asn1.ToAsn1Object());
TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
TimeStampTokenInfo tstInfo = timeStampToken.TimeStampInfo;
byte[] expectedDigest = DigestUtilities.CalculateDigest(
GetDigestAlgName(tstInfo.MessageImprintAlgOid),
signerInfo.GetSignature());
if (!Arrays.ConstantTimeAreEqual(expectedDigest, tstInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("Incorrect digest in message imprint");
}
timestamps.Add(timeStampToken);
}
catch (SecurityUtilityException)
{
throw new TspValidationException("Unknown hash algorithm specified in timestamp");
}
catch (Exception)
{
throw new TspValidationException("Timestamp could not be parsed");
}
}
}
}
return(timestamps);
}
public void Validate(TimeStampRequest request)
{
TimeStampToken timeStampToken = this.TimeStampToken;
if (timeStampToken != null)
{
TimeStampTokenInfo timeStampInfo = timeStampToken.TimeStampInfo;
if (request.Nonce != null && !request.Nonce.Equals(timeStampInfo.Nonce))
{
throw new TspValidationException("response contains wrong nonce value.");
}
if (this.Status != 0 && this.Status != 1)
{
throw new TspValidationException("time stamp token found in failed request.");
}
if (!Arrays.ConstantTimeAreEqual(request.GetMessageImprintDigest(), timeStampInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("response for different message imprint digest.");
}
if (!timeStampInfo.MessageImprintAlgOid.Equals(request.MessageImprintAlgOid))
{
throw new TspValidationException("response for different message imprint algorithm.");
}
Org.BouncyCastle.Asn1.Cms.Attribute attribute = timeStampToken.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
Org.BouncyCastle.Asn1.Cms.Attribute attribute2 = timeStampToken.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attribute == null && attribute2 == null)
{
throw new TspValidationException("no signing certificate attribute present.");
}
if (attribute != null)
{
}
if (request.ReqPolicy != null && !request.ReqPolicy.Equals(timeStampInfo.Policy))
{
throw new TspValidationException("TSA policy wrong for request.");
}
}
else if (this.Status == 0 || this.Status == 1)
{
throw new TspValidationException("no time stamp token found and one expected.");
}
}
public static ICollection GetSignatureTimestamps(SignerInformation signerInfo)
{
IList list = Platform.CreateArrayList();
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInfo.UnsignedAttributes;
if (unsignedAttributes != null)
{
foreach (Org.BouncyCastle.Asn1.Cms.Attribute attribute in unsignedAttributes.GetAll(PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
{
foreach (Asn1Encodable asn1Encodable in attribute.AttrValues)
{
try
{
Org.BouncyCastle.Asn1.Cms.ContentInfo instance = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(asn1Encodable.ToAsn1Object());
TimeStampToken timeStampToken = new TimeStampToken(instance);
TimeStampTokenInfo timeStampInfo = timeStampToken.TimeStampInfo;
byte[] a = DigestUtilities.CalculateDigest(TspUtil.GetDigestAlgName(timeStampInfo.MessageImprintAlgOid), signerInfo.GetSignature());
if (!Arrays.ConstantTimeAreEqual(a, timeStampInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("Incorrect digest in message imprint");
}
list.Add(timeStampToken);
}
catch (SecurityUtilityException)
{
throw new TspValidationException("Unknown hash algorithm specified in timestamp");
}
catch (Exception)
{
throw new TspValidationException("Timestamp could not be parsed");
}
}
}
}
return(list);
}
public static global::System.Collections.ICollection GetSignatureTimestamps(SignerInformation signerInfo)
{
global::System.Collections.IList list = Platform.CreateArrayList();
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInfo.UnsignedAttributes;
if (unsignedAttributes != null)
{
global::System.Collections.IEnumerator enumerator = unsignedAttributes.GetAll(PkcsObjectIdentifiers.IdAASignatureTimeStampToken).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
Attribute attribute = (Attribute)enumerator.get_Current();
{
global::System.Collections.IEnumerator enumerator2 = attribute.AttrValues.GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
Asn1Encodable asn1Encodable = (Asn1Encodable)enumerator2.get_Current();
try
{
Org.BouncyCastle.Asn1.Cms.ContentInfo instance = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(asn1Encodable.ToAsn1Object());
TimeStampToken timeStampToken = new TimeStampToken(instance);
TimeStampTokenInfo timeStampInfo = timeStampToken.TimeStampInfo;
byte[] a = DigestUtilities.CalculateDigest(GetDigestAlgName(timeStampInfo.MessageImprintAlgOid), signerInfo.GetSignature());
if (!Arrays.ConstantTimeAreEqual(a, timeStampInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("Incorrect digest in message imprint");
}
list.Add((object)timeStampToken);
}
catch (SecurityUtilityException)
{
throw new TspValidationException("Unknown hash algorithm specified in timestamp");
}
catch (global::System.Exception)
{
throw new TspValidationException("Timestamp could not be parsed");
}
}
}
finally
{
global::System.IDisposable disposable2 = enumerator2 as global::System.IDisposable;
if (disposable2 != null)
{
disposable2.Dispose();
}
}
}
}
return((global::System.Collections.ICollection)list);
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
return((global::System.Collections.ICollection)list);
}
