/**
* Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
* API.
*
* @return the X509Certificate
* @throws IOException if an I/O error occured
*/
// TODO Consider returning Asn1.Pkcs.ContentInfo
private ContentInfo ReadPkcs7(PemObject pemObject)
{
try
{
return(ContentInfo.GetInstance(
Asn1Object.FromByteArray(pemObject.Content)));
}
catch (Exception e)
{
throw new PemException("problem parsing PKCS7 object: " + e.ToString());
}
}
/**
* Fetches the signature time-stamp attributes from a SignerInformation object.
* Checks that the MessageImprint for each time-stamp matches the signature field.
* (see RFC 3161 Appendix A).
*
* @param signerInfo a SignerInformation to search for time-stamps
* @return a collection of TimeStampToken objects
* @throws TSPValidationException
*/
public static ICollection GetSignatureTimestamps(
SignerInformation signerInfo)
{
IList timestamps = Platform.CreateArrayList();
AttributeTable unsignedAttrs = signerInfo.UnsignedAttributes;
if (unsignedAttrs != null)
{
foreach (Attribute tsAttr in unsignedAttrs.GetAll(
PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
{
foreach (Asn1Encodable asn1 in tsAttr.AttrValues)
{
try
{
ContentInfo contentInfo = ContentInfo.GetInstance(
asn1.ToAsn1Object());
TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
TimeStampTokenInfo tstInfo = timeStampToken.TimeStampInfo;
byte[] expectedDigest = DigestUtilities.CalculateDigest(
GetDigestAlgName(tstInfo.MessageImprintAlgOid),
signerInfo.GetSignature());
if (!Arrays.ConstantTimeAreEqual(expectedDigest, tstInfo.GetMessageImprintDigest()))
{
throw new TspValidationException("Incorrect digest in message imprint");
}
timestamps.Add(timeStampToken);
}
catch (SecurityUtilityException)
{
throw new TspValidationException("Unknown hash algorithm specified in timestamp");
}
catch (Exception)
{
throw new TspValidationException("Timestamp could not be parsed");
}
}
}
}
return(timestamps);
}