private void basicTestWithTSA(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test")));
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
Assert.IsNotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
}
/// <summary>
/// Gets the <see cref="ContentInfo"/> meaning the time stamp token
/// </summary>
/// <param name="timeStampRequest"><see cref="TimeStampRequest"/></param>
/// <returns><see cref="ContentInfo"/></returns>
private async Task <ContentInfo> GetTimeStampToken(TimeStampRequest timeStampRequest)
{
var tsaCertificate = await BcTimeStampResponderRepository.GetCertificate();
var tokenGenerator = new TimeStampTokenGenerator(
await BcTimeStampResponderRepository.GetPrivateKey(),
tsaCertificate,
NistObjectIdentifiers.IdSha512.Id,
BcTimeStampResponderRepository.GetPolicyOid()
);
var certs = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(
new List <X509Certificate> {
tsaCertificate
}));
tokenGenerator.SetCertificates(certs);
tokenGenerator.SetTsa(new GeneralName(new X509Name(tsaCertificate.SubjectDN.ToString())));
var timeStampToken = tokenGenerator.Generate(
timeStampRequest,
BcTimeStampResponderRepository.GetNextSerialNumber(),
BcTimeStampResponderRepository.GetTimeToSign());
try
{
using (var stream = new Asn1InputStream(timeStampToken.ToCmsSignedData().GetEncoded()))
{
var contentInfo = ContentInfo.GetInstance(stream.ReadObject());
await SaveAuditLog(timeStampRequest, timeStampToken, tsaCertificate);
return(contentInfo);
}
}
catch (Exception e)
{
throw new TspException("Timestamp token cannot be converted to ContentInfo", e);
}
}
private void additionalExtensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test")));
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
X509ExtensionsGenerator extensionsGenerator = new X509ExtensionsGenerator();
extensionsGenerator.AddExtension(X509Extensions.AuditIdentity, false, new DerUtf8String("Test"));
TimeStampResponse tsResp = tsRespGen.GenerateGrantedResponse(request, new BigInteger("23"), new DateTimeObject(DateTime.UtcNow), "Okay", extensionsGenerator.Generate());
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
X509Extensions ext = tsToken.TimeStampInfo.TstInfo.Extensions;
Assert.True(1 == ext.GetExtensionOids().Length);
X509Extension left = new X509Extension(DerBoolean.False, new DerOctetString(new DerUtf8String("Test").GetEncoded()));
Assert.True(left.Equals(ext.GetExtension(X509Extensions.AuditIdentity)));
}