private void basicTestWithTSA(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs) { TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( privateKey, cert, TspAlgorithms.Sha1, "1.2"); tsTokenGen.SetCertificates(certs); tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test"))); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100)); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); Asn1.Cms.AttributeTable table = tsToken.SignedAttributes; Assert.IsNotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found"); }
/// <summary> /// Gets the <see cref="ContentInfo"/> meaning the time stamp token /// </summary> /// <param name="timeStampRequest"><see cref="TimeStampRequest"/></param> /// <returns><see cref="ContentInfo"/></returns> private async Task <ContentInfo> GetTimeStampToken(TimeStampRequest timeStampRequest) { var tsaCertificate = await BcTimeStampResponderRepository.GetCertificate(); var tokenGenerator = new TimeStampTokenGenerator( await BcTimeStampResponderRepository.GetPrivateKey(), tsaCertificate, NistObjectIdentifiers.IdSha512.Id, BcTimeStampResponderRepository.GetPolicyOid() ); var certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters( new List <X509Certificate> { tsaCertificate })); tokenGenerator.SetCertificates(certs); tokenGenerator.SetTsa(new GeneralName(new X509Name(tsaCertificate.SubjectDN.ToString()))); var timeStampToken = tokenGenerator.Generate( timeStampRequest, BcTimeStampResponderRepository.GetNextSerialNumber(), BcTimeStampResponderRepository.GetTimeToSign()); try { using (var stream = new Asn1InputStream(timeStampToken.ToCmsSignedData().GetEncoded())) { var contentInfo = ContentInfo.GetInstance(stream.ReadObject()); await SaveAuditLog(timeStampRequest, timeStampToken, tsaCertificate); return(contentInfo); } } catch (Exception e) { throw new TspException("Timestamp token cannot be converted to ContentInfo", e); } }
private void additionalExtensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs) { TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( privateKey, cert, TspAlgorithms.Sha1, "1.2"); tsTokenGen.SetCertificates(certs); tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test"))); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100)); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); X509ExtensionsGenerator extensionsGenerator = new X509ExtensionsGenerator(); extensionsGenerator.AddExtension(X509Extensions.AuditIdentity, false, new DerUtf8String("Test")); TimeStampResponse tsResp = tsRespGen.GenerateGrantedResponse(request, new BigInteger("23"), new DateTimeObject(DateTime.UtcNow), "Okay", extensionsGenerator.Generate()); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); Asn1.Cms.AttributeTable table = tsToken.SignedAttributes; Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found"); X509Extensions ext = tsToken.TimeStampInfo.TstInfo.Extensions; Assert.True(1 == ext.GetExtensionOids().Length); X509Extension left = new X509Extension(DerBoolean.False, new DerOctetString(new DerUtf8String("Test").GetEncoded())); Assert.True(left.Equals(ext.GetExtension(X509Extensions.AuditIdentity))); }