private void incorrectHashTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[16]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
Assert.IsNull(tsToken, "incorrect hash -- token not null");
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("incorrectHash - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.BadDataFormat)
{
Assert.Fail("incorrectHash - wrong failure info returned.");
}
}
/// <summary>
///
/// </summary>
/// <param name="filep7m"></param>
/// <param name="fileTSR"></param>
/// <returns></returns>
public OutputResponseMarca Verify(byte[] filep7m, byte[] fileTSR)
{
TimeStampRequest tsReq = null;
TimeStampResponse tsRes = null;
if (fileTSR.Length > 0)
{
tsRes = getTsRes(fileTSR);
}
else
{
logger.Debug("File TSR mancante oppure corrotto!");
return(null);
}
DerObjectIdentifier algoOid = tsRes.TimeStampToken.TimeStampInfo.HashAlgorithm.ObjectID;
if (filep7m.Length > 0)
{
tsReq = getTsReq(filep7m, algoOid);
}
else
{
logger.Debug("File p7m mancante oppure corrotto!");
return(null);
}
return(checkMarca(tsRes, tsReq));
}
private void badAlgorithmTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(new DerObjectIdentifier("1.2.3.4.5"), new byte[21]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("badAlgorithm - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("badAlgorithm - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.BadAlg)
{
Assert.Fail("badAlgorithm - wrong failure info returned.");
}
}
/// <summary>
/// verifica implicitamente la marca a partire dalle sole informazioni contenute nel file TSR
/// </summary>
/// <param name="fileTSR"></param>
/// <returns></returns>
public OutputResponseMarca Verify(byte[] fileTSR)
{
TimeStampRequest tsReq = null;
TimeStampResponse tsRes = null;
if (fileTSR.Length > 0)
{
tsRes = getTsRes(fileTSR);
}
else
{
logger.Debug("File TSR mancante oppure corrotto!");
return(null);
}
TimeStampRequestGenerator tsqGen = new TimeStampRequestGenerator();
//quando impostato a true significa che nella risposta della TSA deve essere incluso il certificato della firma
tsqGen.SetCertReq(true);
//fra i parametri non metto il Nonce perchè questa è una verifica off-line!!!
byte[] fileHash = tsRes.TimeStampToken.TimeStampInfo.TstInfo.MessageImprint.GetHashedMessage();
tsReq = tsqGen.Generate(TspAlgorithms.Sha256, fileHash);
return(checkMarca(tsRes, tsReq));
}
private TimeStampResponse getTimeStamp(string URL)
{
//RFC3161 compliant Time Stamp Authority (TSA) server
TimeStampResponse response = null;
byte[] sha1Digest = new byte [20];
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
//SecureRandom randomGenerator = SecureRandom.GetInstance("SHA1PRNG");
//long nonce = randomGenerator.NextLong();
Org.BouncyCastle.Asn1.DerObjectIdentifier oDR = new Org.BouncyCastle.Asn1.DerObjectIdentifier("1.3.6.1.4.1.311.3.2.1");
// request with digestAlgorithmOID, byte[] digest, java.math.BigInteger nonc
//byte[] digest = TSToken.TimeStampInfo.GetMessageImprintDigest();
TimeStampRequest request = reqGen.Generate(oDR, sha1Digest, Org.BouncyCastle.Math.BigInteger.ValueOf(100));
byte[] reqData = request.GetEncoded();
WebRequest conn = WebRequest.Create(URL);
Stream st = conn.GetRequestStream();
st.Write(reqData, 0, reqData.Length);
st.Flush();
st.Close();
var resposta = conn.GetResponse();
Stream stReponse = resposta.GetResponseStream();
response = new TimeStampResponse(stReponse);
stReponse.Close();
return(response);
}
private async Task <TimestampResult> BouncyCastleTimeStamp(Uri timestampServer, HashAlgorithmName timestampAlgorithm, TimestampNonceFactory nonce)
{
var oid = HashAlgorithmTranslator.TranslateFromNameToOid(timestampAlgorithm);
var requestGenerator = new TimeStampRequestGenerator();
var(signatureDocument, timestampSubject) = GetSignatureToTimestamp(_part);
using (var hash = HashAlgorithmTranslator.TranslateFromNameToxmlDSigUri(timestampAlgorithm, out _))
{
var digest = hash.ComputeHash(timestampSubject);
var request = requestGenerator.Generate(oid.Value, digest, new Org.BouncyCastle.Math.BigInteger(nonce.Nonce));
var encodedRequest = request.GetEncoded();
var client = new HttpClient();
var content = new ByteArrayContent(encodedRequest);
content.Headers.Add("Content-Type", "application/timestamp-query");
var post = await client.PostAsync(timestampServer, content);
if (post.StatusCode != HttpStatusCode.OK)
{
return(TimestampResult.Failed);
}
var responseBytes = await post.Content.ReadAsByteArrayAsync();
var responseParser = new Asn1StreamParser(responseBytes);
var timeStampResponse = new TimeStampResponse(responseBytes);
var tokenResponse = timeStampResponse.TimeStampToken.GetEncoded();
ApplyTimestamp(signatureDocument, _part, tokenResponse);
return(TimestampResult.Success);
}
}
public static string getTimestamp(string text)
{
var signedDocument = File.ReadAllText($"{System.Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments)}/signedDocument.xml");
//signedDocument = text;
//convert to Base64
var data = Convert.ToBase64String(Encoding.ASCII.GetBytes(signedDocument));
// call the service
byte[] soapResponse = soapController.CallWebService(data);
TimeStampResponse resp = new TimeStampResponse(soapResponse);
// status 0 means success
if (resp.Status != 0)
{
Console.Write("Err occurred");
}
// token contains the info we need
TimeStampToken token = resp.TimeStampToken;
var encToken = token.GetEncoded();
// convert token to Base64 and return
return(Convert.ToBase64String(encToken));
}
public TimeStampResponse GetTimeStampResponse(string digestAlgorithmOid, byte[] digest)
{
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount);
TimeStampRequest request = tsqGenerator.Generate(digestAlgorithmOid, digest, nonce);
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(keyPair.Private, cert, TspAlgorithms.Sha256, "1.2");
var certs = new ArrayList
{
cert
};
var certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));
tsTokenGen.SetCertificates(certStore);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
//TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
return(tsResp);
}
/// <summary>
/// Computes an attribute containing a time-stamp token of the provided data, from the provided TSA using the
/// provided.
/// </summary>
/// <remarks>
/// Computes an attribute containing a time-stamp token of the provided data, from the provided TSA using the
/// provided. The hashing is performed by the method using the specified algorithm and a BouncyCastle provider.
/// </remarks>
/// <param name="signedData"></param>
/// <exception cref="System.Exception">System.Exception</exception>
protected internal virtual BcCms.Attribute GetTimeStampAttribute(DerObjectIdentifier oid
, ITspSource tsa, AlgorithmIdentifier digestAlgorithm, byte[] messageImprint)
{
try
{
//jbonilla Hack para obtener el digest del TSA
IDigest digest = null;
string algorithmName = null;
digest = DigestUtilities.GetDigest(DigestAlgorithm.SHA1.GetName());
algorithmName = DigestAlgorithm.SHA1.GetName();
digest.BlockUpdate(messageImprint, 0, messageImprint.Length);
byte[] r = new byte[digest.GetDigestSize()];
digest.DoFinal(r, 0);
byte[] toTimeStamp = r;
TimeStampResponse tsresp = tsa.GetTimeStampResponse(DigestAlgorithm.GetByName(algorithmName)
, toTimeStamp);
TimeStampToken tstoken = tsresp.TimeStampToken;
if (tstoken == null)
{
throw new ArgumentNullException("The TimeStampToken returned for the signature time stamp was empty."
);
}
BcCms.Attribute signatureTimeStamp = new BcCms.Attribute(oid, new DerSet(Asn1Object.FromByteArray
(tstoken.GetEncoded())));
return(signatureTimeStamp);
}
catch (IOException e)
{
throw new RuntimeException(e);
}
catch (NoSuchAlgorithmException e)
{
throw new RuntimeException(e);
}
}
public string MakeStamp(string xades_file)
{
XmlDocument xades = new XmlDocument();
xades.Load("./Data/" + xades_file);
var namespaceId = new XmlNamespaceManager(xades.NameTable);
namespaceId.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
string data = xades.SelectSingleNode("//ds:SignatureValue", namespaceId).InnerXml;
String signatureTimeStamp = getSignatureTimeStamp(data);
TimeStampResponse tokenResponse = new TimeStampResponse(Convert.FromBase64CharArray(signatureTimeStamp.ToCharArray(), 0, signatureTimeStamp.Length));
Console.WriteLine(Convert.ToBase64String(tokenResponse.TimeStampToken.GetEncoded()));
XmlNodeList elemList = xades.GetElementsByTagName("xades:QualifyingProperties");
XmlElement UnsignedElem = xades.CreateElement("xades", "UnsignedProperties", "http://uri.etsi.org/01903/v1.3.2#");
XmlElement UnsignedSignElem = xades.CreateElement("xades", "UnsignedSignatureProperties", "http://uri.etsi.org/01903/v1.3.2#");
XmlElement SigTimeElem = xades.CreateElement("xades", "SignatureTimeStamp", "http://uri.etsi.org/01903/v1.3.2#");
XmlElement EncapsulatedTimestamp = xades.CreateElement("xades", "EncapsulatedTimeStamp", "http://uri.etsi.org/01903/v1.3.2#");
SigTimeElem.SetAttribute("Id", "IdSignatureTimeStamp");
EncapsulatedTimestamp.InnerText = Convert.ToBase64String(tokenResponse.TimeStampToken.GetEncoded());
UnsignedElem.AppendChild(UnsignedSignElem);
UnsignedSignElem.AppendChild(SigTimeElem);
SigTimeElem.AppendChild(EncapsulatedTimestamp);
elemList[0].InsertAfter(UnsignedElem, elemList[0].LastChild);
xades.Save("./Data/xades.xml");
Console.Write("text" + elemList[0]);
return("xades.xml");
}
public void TestBadAlgorithm()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate("1.2.3.4.5", new byte[20]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("badAlgorithm - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("badAlgorithm - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.BadAlg)
{
Assert.Fail("badAlgorithm - wrong failure info returned.");
}
}
private void tokenEncodingTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2.3.4.5.6");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampResponse tsResponse = new TimeStampResponse(tsResp.GetEncoded());
if (!Arrays.AreEqual(tsResponse.GetEncoded(), tsResp.GetEncoded()) ||
!Arrays.AreEqual(tsResponse.TimeStampToken.GetEncoded(),
tsResp.TimeStampToken.GetEncoded()))
{
Assert.Fail();
}
}
private void basicTestWithTSA(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test")));
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
Assert.IsNotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
}
internal string GetSignedHashFromTsa(XmlDocument xmlDxocument)
{
byte[] hash = GetXmlHashByteStream(xmlDxocument);
TimeStampResponse timeStampResponse = GetSignedHashFromTsa(hash);
byte[] signedEncodedByteStream = timeStampResponse.GetEncoded();
return(Convert.ToBase64String(signedEncodedByteStream));
}
public byte[] GetTimeStampToken(byte[] imprint)
{
byte[] respBytes = null;
var tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
tsqGenerator.SetReqPolicy("2.16.76.1.6.6");
var nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount);
var request = tsqGenerator.Generate(DigestAlgorithms.GetAllowedDigest(this.digestAlgorithm), imprint, nonce);
var requestBytes = request.GetEncoded();
respBytes = this.GetTsaResponse(requestBytes);
var response = new TimeStampResponse(respBytes);
response.Validate(request);
var failure = response.GetFailInfo();
var value = (failure == null) ? 0 : failure.IntValue;
if (value != 0)
{
//// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
var mensagem = string.Format(
"invalid.tsa.1.response.code.2 {0} {1}",
this.url, response.GetStatusString());
throw new IOException(mensagem);
}
//// @todo: validate the time stap certificate chain (if we want assure we do not sign using an invalid timestamp).
var timeStampToken = response.TimeStampToken;
if (timeStampToken == null)
{
var mensagem = string.Format("tsa.1.failed.to.return.time.stamp.token.2 {0} {1}",
this.url, response.GetStatusString());
throw new IOException(mensagem);
}
var timeStampInfo = timeStampToken.TimeStampInfo;
var encoded = timeStampToken.GetEncoded();
Console.WriteLine("Timestamp generated: " + timeStampInfo.GenTime);
if (this.tsaInfo != null)
{
this.tsaInfo.InspectTimeStampTokenInfo(timeStampInfo);
}
this.tokenSizeEstimate = encoded.Length + 32;
return(encoded);
}
public byte[] GetTimeStampToken(byte[] imprint)
{
byte[] respBytes = null;
//// Setup the time stamp request
var tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
//// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
var nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount);
var request = tsqGenerator.Generate(DigestAlgorithms.GetAllowedDigests(this.digestAlgorithm), imprint, nonce);
var requestBytes = request.GetEncoded();
//// Call the communications layer
respBytes = this.GetTsaResponse(requestBytes);
//// Handle the TSA response
var response = new TimeStampResponse(respBytes);
//// validate communication level attributes (RFC 3161 PKIStatus)
response.Validate(request);
var failure = response.GetFailInfo();
var value = (failure == null) ? 0 : failure.IntValue;
if (value != 0)
{
//// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new IOException(MessageLocalization.GetComposedMessage("invalid.tsa.1.response.code.2", this.url, value));
}
//// @todo: validate the time stap certificate chain (if we want assure we do not sign using an invalid timestamp).
//// extract just the time stamp token (removes communication status info)
var timeStampToken = response.TimeStampToken;
if (timeStampToken == null)
{
throw new IOException(MessageLocalization.GetComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", this.url, response.GetStatusString()));
}
var timeStampInfo = timeStampToken.TimeStampInfo; // to view details
var encoded = timeStampToken.GetEncoded();
Log.Application.Info("Timestamp generated: " + timeStampInfo.GenTime);
if (this.tsaInfo != null)
{
this.tsaInfo.InspectTimeStampTokenInfo(timeStampInfo);
}
//// Update our token size estimate for the next call (padded to be safe)
this.tokenSizeEstimate = encoded.Length + 32;
return(encoded);
}
public bool machTSR(byte[] TSR, byte[] fileToMatch)
{
TimeStampResponse resp = getTsRes(TSR);
string algorithm = resp.TimeStampToken.TimeStampInfo.HashAlgorithm.ObjectID.Id;
byte[] contentHash = Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(algorithm, fileToMatch);
byte[] tsrHash = resp.TimeStampToken.TimeStampInfo.TstInfo.MessageImprint.GetHashedMessage();
return(contentHash.SequenceEqual(tsrHash));
}
public void TestNoNonce()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2.3");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
Assert.IsFalse(request.CertReq);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(24), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
//
// check validation
//
tsResp.Validate(request);
//
// check tstInfo
//
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
//
// check accuracy
//
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.IsNull(accuracy);
Assert.AreEqual(BigInteger.ValueOf(24), tstInfo.SerialNumber);
Assert.AreEqual("1.2.3", tstInfo.Policy);
Assert.IsFalse(tstInfo.IsOrdered);
Assert.IsNull(tstInfo.Nonce);
//
// test certReq
//
IX509Store store = tsToken.GetCertificates("Collection");
ICollection certificates = store.GetMatches(null);
Assert.AreEqual(0, certificates.Count);
}
public void TestAccuracyZeroCerts()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetAccuracySeconds(1);
tsTokenGen.SetAccuracyMillis(2);
tsTokenGen.SetAccuracyMicros(3);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
//
// check validation
//
tsResp.Validate(request);
//
// check tstInfo
//
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
//
// check accuracy
//
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.AreEqual(1, accuracy.Seconds);
Assert.AreEqual(2, accuracy.Millis);
Assert.AreEqual(3, accuracy.Micros);
Assert.AreEqual(BigInteger.ValueOf(23), tstInfo.SerialNumber);
Assert.AreEqual("1.2", tstInfo.Policy);
//
// test certReq
//
IX509Store store = tsToken.GetCertificates("Collection");
ICollection certificates = store.GetMatches(null);
Assert.AreEqual(0, certificates.Count);
}
private static void generalizedTimeParse(
byte[] response)
{
TimeStampResponse resp = new TimeStampResponse(response);
if (resp.Status != (int)PkiStatus.Granted)
{
Assert.Fail("request not rejected.");
}
}
/// <summary>Get RFC 3161 timeStampToken.</summary>
/// <remarks>
/// Get RFC 3161 timeStampToken.
/// Method may return null indicating that timestamp should be skipped.
/// </remarks>
/// <param name="imprint">data imprint to be time-stamped</param>
/// <returns>encoded, TSA signed data of the timeStampToken</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Tsp.TSPException"/>
public virtual byte[] GetTimeStampToken(byte[] imprint)
{
byte[] respBytes = null;
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
if (tsaReqPolicy != null && tsaReqPolicy.Length > 0)
{
tsqGenerator.SetReqPolicy(tsaReqPolicy);
}
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.ValueOf(SystemUtil.GetTimeBasedSeed());
TimeStampRequest request = tsqGenerator.Generate(new DerObjectIdentifier(DigestAlgorithms.GetAllowedDigest
(digestAlgorithm)), imprint, nonce);
byte[] requestBytes = request.GetEncoded();
// Call the communications layer
respBytes = GetTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.Validate(request);
PkiFailureInfo failure = response.GetFailInfo();
int value = (failure == null) ? 0 : failure.IntValue;
if (value != 0)
{
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new PdfException(PdfException.InvalidTsa1ResponseCode2).SetMessageParams(tsaURL, value.ToString());
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.TimeStampToken;
if (tsToken == null)
{
throw new PdfException(PdfException.Tsa1FailedToReturnTimeStampToken2).SetMessageParams(tsaURL, response.GetStatusString
());
}
TimeStampTokenInfo tsTokenInfo = tsToken.TimeStampInfo;
// to view details
byte[] encoded = tsToken.GetEncoded();
LOGGER.Info("Timestamp generated: " + tsTokenInfo.GenTime);
if (tsaInfo != null)
{
tsaInfo.InspectTimeStampTokenInfo(tsTokenInfo);
}
// Update our token size estimate for the next call (padded to be safe)
this.tokenSizeEstimate = encoded.Length + 32;
return(encoded);
}
private void v2SigningResponseParse(
byte[] encoded)
{
TimeStampResponse response = new TimeStampResponse(encoded);
IX509Store store = response.TimeStampToken.GetCertificates("Collection");
X509Certificate cert = (X509Certificate)
new ArrayList(store.GetMatches(response.TimeStampToken.SignerID))[0];
response.TimeStampToken.Validate(cert);
}
public void TestNullPolicy()
{
// null in request and token generator - should fail
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, null);
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, null);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("badPolicy - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("badPolicy - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.UnacceptedPolicy)
{
Assert.Fail("badPolicy - wrong failure info returned.");
}
// request specifies policy, token generator doesn't - should work
reqGen = new TimeStampRequestGenerator();
reqGen.SetReqPolicy("1.1");
request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, null);
tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(24), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
tsToken = tsResp.TimeStampToken;
Assert.AreEqual(tsToken.TimeStampInfo.Policy, "1.1"); // policy should be picked up off request
}
private void testNoNonse(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2.3");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
ArrayList algorithms = new ArrayList();
algorithms.Add(TspAlgorithms.Sha1);
request.Validate(algorithms, new ArrayList(), new ArrayList());
Assert.False(request.CertReq);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("24"), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
tsResp.Validate(request);
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.IsNull(accuracy);
Assert.IsTrue(new BigInteger("24").Equals(tstInfo.SerialNumber));
Assert.IsTrue("1.2.3" == tstInfo.Policy);
Assert.False(tstInfo.IsOrdered);
Assert.IsNull(tstInfo.Nonce);
//
// test certReq
//
IX509Store store = tsToken.GetCertificates();
ICollection certificates = store.GetMatches(null);
Assert.IsTrue(0 == certificates.Count);
}
public static byte[] GetTimestampForOutput(TimeStampResponse response, OutputFormat outputFormat, TimestampData timestampData)
{
switch (outputFormat)
{
case OutputFormat.TSR:
return(response.GetEncoded());
case OutputFormat.ASICS:
return(Utils.GetAsics(response.GetEncoded(), timestampData.GetRawData(), timestampData.HasMultipleFiles()));
}
return(null);
}
/// <summary>
/// Sets the timestamp by providing byte array.
/// </summary>
/// <param name="data">The data.</param>
/// <returns></returns>
public ITimestampVerifier SetTimestamp(byte[] data)
{
try
{
this.timestampResponse = new TimeStampResponse(data);
return(this);
}
catch (Exception e)
{
throw new TimestampException("Can't load Timestamp", e);
}
}
private void testAccuracyWithCertsAndOrdering(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2.3");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetAccuracySeconds(1);
tsTokenGen.SetAccuracyMillis(2);
tsTokenGen.SetAccuracyMicros(3);
tsTokenGen.SetOrdering(true);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
reqGen.SetCertReq(true);
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
//
// This is different to the Java API.
//
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsResp.Validate(request);
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.IsTrue(1 == accuracy.Seconds);
Assert.IsTrue(2 == accuracy.Millis);
Assert.IsTrue(3 == accuracy.Micros);
Assert.IsTrue(new BigInteger("23").Equals(tstInfo.SerialNumber));
Assert.IsTrue("1.2.3" == tstInfo.Policy);
IX509Store store = tsToken.GetCertificates();
ICollection certificates = store.GetMatches(null);
Assert.IsTrue(2 == certificates.Count);
}
/// <summary>
/// Sets the timestamp by providing stream.
/// </summary>
/// <param name="stream">The stream.</param>
/// <returns></returns>
public ITimestampVerifier SetTimestamp(Stream stream)
{
try
{
this.timestampResponse = new TimeStampResponse(stream);
return(this);
}
catch (Exception e)
{
throw new TimestampException("Can't load Timestamp", e);
}
}
/// <summary>
/// Sets the timestamp by providing path to file.
/// </summary>
/// <param name="pathToFile">The path to file.</param>
/// <returns></returns>
public ITimestampVerifier SetTimestamp(string pathToFile)
{
try
{
this.timestampResponse = new TimeStampResponse(File.OpenRead(pathToFile));
return(this);
}
catch (Exception e)
{
throw new TimestampException("Can't load Timestamp", e);
}
}
/// <summary>
/// Realiza la petición de sellado del hash que se pasa como parametro y devuelve la
/// respuesta del servidor.
/// </summary>
/// <param name="hash"></param>
/// <param name="digestMethod"></param>
/// <param name="certReq"></param>
/// <returns></returns>
public byte[] GetTimeStamp(byte[] hash, DigestMethod digestMethod, bool certReq)
{
TimeStampRequestGenerator tsrq = new TimeStampRequestGenerator();
tsrq.SetCertReq(certReq);
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks);
TimeStampRequest tsr = tsrq.Generate(digestMethod.Oid, hash, nonce);
byte[] data = tsr.GetEncoded();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_url);
req.Method = "POST";
req.ContentType = "application/timestamp-query";
req.ContentLength = data.Length;
if (!string.IsNullOrEmpty(_user) && !string.IsNullOrEmpty(_password))
{
string auth = string.Format("{0}:{1}", _user, _password);
req.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(auth), Base64FormattingOptions.None);
}
Stream reqStream = req.GetRequestStream();
reqStream.Write(data, 0, data.Length);
reqStream.Close();
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
if (res.StatusCode != HttpStatusCode.OK)
{
throw new Exception("El servidor ha devuelto una respuesta no válida");
}
else
{
Stream resStream = new BufferedStream(res.GetResponseStream());
TimeStampResponse tsRes = new TimeStampResponse(resStream);
resStream.Close();
tsRes.Validate(tsr);
if (tsRes.TimeStampToken == null)
{
throw new Exception("El servidor no ha devuelto ningún sello de tiempo");
}
return(tsRes.TimeStampToken.GetEncoded());
}
}
public void TestBasic()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
AttributeTable table = tsToken.SignedAttributes;
Assert.IsNotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
}
private static void responseParse(
byte[] request,
byte[] response,
string algorithm)
{
TimeStampRequest req = new TimeStampRequest(request);
TimeStampResponse resp = new TimeStampResponse(response);
resp.Validate(req);
X509Certificate cert = new X509CertificateParser().ReadCertificate(signingCert);
resp.TimeStampToken.Validate(cert);
}
private static void unacceptableResponseParse(
byte[] response)
{
TimeStampResponse resp = new TimeStampResponse(response);
if (resp.Status != (int) PkiStatus.Rejection)
{
Assert.Fail("request not rejected.");
}
if (resp.GetFailInfo().IntValue != PkiFailureInfo.UnacceptedPolicy)
{
Assert.Fail("request not rejected.");
}
}
private static void generalizedTimeParse(
byte[] response)
{
TimeStampResponse resp = new TimeStampResponse(response);
if (resp.Status != (int) PkiStatus.Granted)
{
Assert.Fail("request not rejected.");
}
}
private void v2SigningResponseParse(
byte[] encoded)
{
TimeStampResponse response = new TimeStampResponse(encoded);
IX509Store store = response.TimeStampToken.GetCertificates("Collection");
X509Certificate cert = (X509Certificate)
new ArrayList(store.GetMatches(response.TimeStampToken.SignerID))[0];
response.TimeStampToken.Validate(cert);
}
public void TestIncorrectHash()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[16]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("incorrectHash - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("incorrectHash - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.BadDataFormat)
{
Assert.Fail("incorrectHash - wrong failure info returned.");
}
}
public void TestTimeNotAvailable()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate("1.2.3.4.5", new byte[20]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(
tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), null);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("timeNotAvailable - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("timeNotAvailable - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.TimeNotAvailable)
{
Assert.Fail("timeNotAvailable - wrong failure info returned.");
}
}
public void TestBadPolicy()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
reqGen.SetReqPolicy("1.1");
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, new ArrayList());
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
if (tsToken != null)
{
Assert.Fail("badPolicy - token not null.");
}
PkiFailureInfo failInfo = tsResp.GetFailInfo();
if (failInfo == null)
{
Assert.Fail("badPolicy - failInfo set to null.");
}
if (failInfo.IntValue != PkiFailureInfo.UnacceptedPolicy)
{
Assert.Fail("badPolicy - wrong failure info returned.");
}
}
public void TestCertReq()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
//
// request with certReq false
//
reqGen.SetCertReq(false);
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
Assert.IsNull(tsToken.TimeStampInfo.GenTimeAccuracy); // check for abscence of accuracy
Assert.AreEqual("1.2", tsToken.TimeStampInfo.Policy);
try
{
tsToken.Validate(cert);
}
catch (TspValidationException)
{
Assert.Fail("certReq(false) verification of token failed.");
}
IX509Store respCerts = tsToken.GetCertificates("Collection");
ICollection certsColl = respCerts.GetMatches(null);
if (certsColl.Count != 0)
{
Assert.Fail("certReq(false) found certificates in response.");
}
}
public void TestResponseValidation()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
//
// check validation
//
tsResp.Validate(request);
try
{
request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(101));
tsResp.Validate(request);
Assert.Fail("response validation failed on invalid nonce.");
}
catch (TspValidationException)
{
// ignore
}
try
{
request = reqGen.Generate(TspAlgorithms.Sha1, new byte[22], BigInteger.ValueOf(100));
tsResp.Validate(request);
Assert.Fail("response validation failed on wrong digest.");
}
catch (TspValidationException)
{
// ignore
}
try
{
request = reqGen.Generate(TspAlgorithms.MD5, new byte[20], BigInteger.ValueOf(100));
tsResp.Validate(request);
Assert.Fail("response validation failed on wrong digest.");
}
catch (TspValidationException)
{
// ignore
}
}
public void TestNoNonce()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2.3");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
Assert.IsFalse(request.CertReq);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(24), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
//
// check validation
//
tsResp.Validate(request);
//
// check tstInfo
//
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
//
// check accuracy
//
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.IsNull(accuracy);
Assert.AreEqual(BigInteger.ValueOf(24), tstInfo.SerialNumber);
Assert.AreEqual("1.2.3", tstInfo.Policy);
Assert.IsFalse(tstInfo.IsOrdered);
Assert.IsNull(tstInfo.Nonce);
//
// test certReq
//
IX509Store store = tsToken.GetCertificates("Collection");
ICollection certificates = store.GetMatches(null);
Assert.AreEqual(0, certificates.Count);
}
public void TestAccuracyWithCertsAndOrdering()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.MD5, "1.2.3");
tsTokenGen.SetCertificates(certs);
tsTokenGen.SetAccuracySeconds(3);
tsTokenGen.SetAccuracyMillis(1);
tsTokenGen.SetAccuracyMicros(2);
tsTokenGen.SetOrdering(true);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
reqGen.SetCertReq(true);
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
Assert.IsTrue(request.CertReq);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
//
// check validation
//
tsResp.Validate(request);
//
// check tstInfo
//
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
//
// check accuracy
//
GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
Assert.AreEqual(3, accuracy.Seconds);
Assert.AreEqual(1, accuracy.Millis);
Assert.AreEqual(2, accuracy.Micros);
Assert.AreEqual(BigInteger.ValueOf(23), tstInfo.SerialNumber);
Assert.AreEqual("1.2.3", tstInfo.Policy);
Assert.AreEqual(true, tstInfo.IsOrdered);
Assert.AreEqual(tstInfo.Nonce, BigInteger.ValueOf(100));
//
// test certReq
//
IX509Store store = tsToken.GetCertificates("Collection");
ICollection certificates = store.GetMatches(null);
Assert.AreEqual(2, certificates.Count);
}
public void TestTokenEncoding()
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
privateKey, cert, TspAlgorithms.Sha1, "1.2.3.4.5.6");
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampResponse tsResponse = new TimeStampResponse(tsResp.GetEncoded());
if (!Arrays.AreEqual(tsResponse.GetEncoded(), tsResp.GetEncoded())
|| !Arrays.AreEqual(tsResponse.TimeStampToken.GetEncoded(),
tsResp.TimeStampToken.GetEncoded()))
{
Assert.Fail();
}
}
