/// <summary>
/// SignedCms containing a time stamp authority token reponse
/// </summary>
/// <param name="timestampCms">SignedCms from Time Stamp Authority</param>
public Timestamp(SignedCms timestampCms)
{
SignedCms = timestampCms ?? throw new ArgumentNullException(nameof(timestampCms));
if (Rfc3161TimestampVerificationUtility.TryReadTSTInfoFromSignedCms(timestampCms, out var tstInfo))
{
try
{
SignedCms.CheckSignature(verifySignatureOnly: true);
}
catch (Exception ex)
{
throw new TimestampException(NuGetLogCode.NU3021, Strings.VerifyError_TimestampSignatureValidationFailed, ex);
}
TstInfo = tstInfo;
GeneralizedTime = tstInfo.Timestamp;
var accuracyInMilliseconds = Rfc3161TimestampVerificationUtility.GetAccuracyInMilliseconds(tstInfo);
UpperLimit = tstInfo.Timestamp.AddMilliseconds(accuracyInMilliseconds);
LowerLimit = tstInfo.Timestamp.AddMilliseconds(-accuracyInMilliseconds);
}
else
{
throw new TimestampException(NuGetLogCode.NU3021, Strings.VerifyError_TimestampSignatureValidationFailed);
}
}
internal static double GetAccuracyInMilliseconds(IRfc3161TimestampTokenInfo tstInfo)
{
double accuracyInMilliseconds;
if (!tstInfo.AccuracyInMicroseconds.HasValue)
{
if (StringComparer.Ordinal.Equals(tstInfo.PolicyId, Oids.BaselineTimestampPolicy))
{
accuracyInMilliseconds = 1000;
}
else
{
accuracyInMilliseconds = 0;
}
}
else
{
accuracyInMilliseconds = tstInfo.AccuracyInMicroseconds.Value * _millisecondsPerMicrosecond;
}
if (accuracyInMilliseconds < 0)
{
throw new InvalidDataException(Strings.VerifyError_TimestampInvalid);
}
return(accuracyInMilliseconds);
}
public Rfc3161TimestampTokenNetstandard21Wrapper(
System.Security.Cryptography.Pkcs.Rfc3161TimestampToken rfc3161TimestampToken)
{
_rfc3161TimestampToken = rfc3161TimestampToken;
TokenInfo = new Rfc3161TimestampTokenInfoNetstandard21Wrapper(_rfc3161TimestampToken.TokenInfo);
}
public Rfc3161TimestampTokenNet472Wrapper(
IRfc3161TimestampTokenInfo tstInfo,
X509Certificate2 signerCertificate,
X509Certificate2Collection additionalCerts,
byte[] encoded)
{
_rfc3161TimestampToken = new Rfc3161TimestampToken(
tstInfo,
signerCertificate,
additionalCerts,
encoded);
}
internal static bool TryReadTSTInfoFromSignedCms(
SignedCms timestampCms,
out IRfc3161TimestampTokenInfo tstInfo)
{
tstInfo = null;
if (timestampCms.ContentInfo.ContentType.Value.Equals(Oids.TSTInfoContentType, StringComparison.Ordinal))
{
tstInfo = Rfc3161TimestampTokenInfoFactory.Create(timestampCms.ContentInfo.Content);
return(true);
}
// return false if the signedCms object does not contain the right ContentType
return(false);
}
internal Rfc3161TimestampToken(
IRfc3161TimestampTokenInfo tstInfo,
X509Certificate2 signerCertificate,
X509Certificate2Collection additionalCerts,
byte[] encoded)
{
Debug.Assert(tstInfo != null);
Debug.Assert(signerCertificate != null);
Debug.Assert(additionalCerts != null);
TokenInfo = tstInfo;
SignerCertificate = signerCertificate;
AdditionalCerts = additionalCerts;
_encoded = encoded;
}
public static IRfc3161TimestampTokenInfo Create(byte[] bytes)
{
if (bytes == null)
{
throw new ArgumentNullException(nameof(bytes));
}
IRfc3161TimestampTokenInfo iRfc3161TimestampTokenInfo = null;
#if IS_DESKTOP
iRfc3161TimestampTokenInfo = new Rfc3161TimestampTokenInfoNet472Wrapper(bytes);
#else
iRfc3161TimestampTokenInfo = new Rfc3161TimestampTokenInfoNetstandard21Wrapper(bytes);
#endif
return(iRfc3161TimestampTokenInfo);
}
public static IRfc3161TimestampToken Create(
IRfc3161TimestampTokenInfo tstInfo,
X509Certificate2 signerCertificate,
X509Certificate2Collection additionalCerts,
byte[] encoded)
{
if (tstInfo == null)
{
throw new ArgumentNullException(nameof(tstInfo));
}
if (signerCertificate == null)
{
throw new ArgumentNullException(nameof(signerCertificate));
}
if (additionalCerts == null)
{
throw new ArgumentNullException(nameof(additionalCerts));
}
if (encoded == null)
{
throw new ArgumentNullException(nameof(encoded));
}
#if IS_SIGNING_SUPPORTED
IRfc3161TimestampToken iRfc3161TimestampToken = null;
#if IS_DESKTOP
iRfc3161TimestampToken = new Rfc3161TimestampTokenNet472Wrapper(
tstInfo,
signerCertificate,
additionalCerts,
encoded);
#else
iRfc3161TimestampToken = new Rfc3161TimestampTokenNetstandard21Wrapper(
tstInfo,
signerCertificate,
additionalCerts,
encoded);
#endif
return(iRfc3161TimestampToken);
#else
throw new NotSupportedException();
#endif
}
public Rfc3161TimestampTokenNetstandard21Wrapper(
IRfc3161TimestampTokenInfo tstInfo,
X509Certificate2 signerCertificate,
X509Certificate2Collection additionalCerts,
byte[] encoded)
{
bool success = System.Security.Cryptography.Pkcs.Rfc3161TimestampToken.TryDecode(
new ReadOnlyMemory <byte>(encoded),
out _rfc3161TimestampToken,
out var _);
if (!success)
{
throw new CryptographicException(Strings.InvalidAsn1);
}
TokenInfo = new Rfc3161TimestampTokenInfoNetstandard21Wrapper(_rfc3161TimestampToken.TokenInfo);
}
