public TimeStampResponse Generate(TimeStampRequest request, BigInteger serialNumber, DateTimeObject genTime)
{
TimeStampResp resp;
try
{
if (genTime == null)
{
throw new TspValidationException("The time source is not available.", 512);
}
request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
status = PkiStatus.Granted;
AddStatusString("Operation Okay");
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo();
ContentInfo instance;
try
{
TimeStampToken timeStampToken = tokenGenerator.Generate(request, serialNumber, genTime.Value);
byte[] encoded = timeStampToken.ToCmsSignedData().GetEncoded();
instance = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded));
}
catch (IOException e)
{
throw new TspException("Timestamp token received cannot be converted to ContentInfo", e);
}
resp = new TimeStampResp(pkiStatusInfo, instance);
}
catch (TspValidationException ex)
{
status = PkiStatus.Rejection;
SetFailInfoField(ex.FailureCode);
AddStatusString(ex.Message);
PkiStatusInfo pkiStatusInfo2 = GetPkiStatusInfo();
resp = new TimeStampResp(pkiStatusInfo2, null);
}
try
{
return(new TimeStampResponse(resp));
}
catch (IOException e2)
{
throw new TspException("created badly formatted response!", e2);
}
}
/// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/>
/// <exception cref="Org.BouncyCastle.Tsp.TSPException"/>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.Certificates.CertificateEncodingException"/>
public virtual byte[] CreateTimeStampToken(TimeStampRequest request)
{
// just a more or less random oid of timestamp policy
String policy = "1.3.6.1.4.1.45794.1.1";
TimeStampTokenGenerator tsTokGen = new TimeStampTokenGenerator((AsymmetricKeyParameter)tsaPrivateKey, tsaCertificateChain[0], DigestAlgorithms.GetAllowedDigest("SHA1"), policy);
tsTokGen.SetAccuracySeconds(1);
// TODO setting this is somewhat wrong. Acrobat and openssl recognize timestamp tokens generated with this line as corrupted
// openssl error message: 2304:error:2F09506F:time stamp routines:INT_TS_RESP_VERIFY_TOKEN:tsa name mismatch:ts_rsp_verify.c:476:
// tsTokGen.setTSA(new GeneralName(new X500Name(PrincipalUtil.getIssuerX509Principal(tsCertificate).getName())));
tsTokGen.SetCertificates(X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(tsaCertificateChain.ToList())));
// should be unique for every timestamp
BigInteger serialNumber = new BigInteger(SystemUtil.GetTimeBasedSeed().ToString());
DateTime genTime = DateTimeUtil.GetCurrentUtcTime();
TimeStampToken tsToken = tsTokGen.Generate(request, serialNumber, genTime);
return(tsToken.GetEncoded());
}
/// <summary>
/// Gets the <see cref="ContentInfo"/> meaning the time stamp token
/// </summary>
/// <param name="timeStampRequest"><see cref="TimeStampRequest"/></param>
/// <returns><see cref="ContentInfo"/></returns>
private async Task <ContentInfo> GetTimeStampToken(TimeStampRequest timeStampRequest)
{
var tsaCertificate = await BcTimeStampResponderRepository.GetCertificate();
var tokenGenerator = new TimeStampTokenGenerator(
await BcTimeStampResponderRepository.GetPrivateKey(),
tsaCertificate,
NistObjectIdentifiers.IdSha512.Id,
BcTimeStampResponderRepository.GetPolicyOid()
);
var certs = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(
new List <X509Certificate> {
tsaCertificate
}));
tokenGenerator.SetCertificates(certs);
tokenGenerator.SetTsa(new GeneralName(new X509Name(tsaCertificate.SubjectDN.ToString())));
var timeStampToken = tokenGenerator.Generate(
timeStampRequest,
BcTimeStampResponderRepository.GetNextSerialNumber(),
BcTimeStampResponderRepository.GetTimeToSign());
try
{
using (var stream = new Asn1InputStream(timeStampToken.ToCmsSignedData().GetEncoded()))
{
var contentInfo = ContentInfo.GetInstance(stream.ReadObject());
await SaveAuditLog(timeStampRequest, timeStampToken, tsaCertificate);
return(contentInfo);
}
}
catch (Exception e)
{
throw new TspException("Timestamp token cannot be converted to ContentInfo", e);
}
}