Пример #1
1
        public TimeStampToken(
			CmsSignedData signedData)
        {
            this.tsToken = signedData;

            if (!this.tsToken.SignedContentTypeOid.Equals(PkcsObjectIdentifiers.IdCTTstInfo.Id))
            {
                throw new TspValidationException("ContentInfo object not for a time stamp.");
            }

            ICollection signers = tsToken.GetSignerInfos().GetSigners();

            if (signers.Count != 1)
            {
                throw new ArgumentException("Time-stamp token signed by "
                    + signers.Count
                    + " signers, but it must contain just the TSA signature.");
            }

            IEnumerator signerEnum = signers.GetEnumerator();

            signerEnum.MoveNext();
            tsaSignerInfo = (SignerInformation) signerEnum.Current;

            try
            {
                CmsProcessable content = tsToken.SignedContent;
                MemoryStream bOut = new MemoryStream();

                content.Write(bOut);

                this.tstInfo = new TimeStampTokenInfo(
                    TstInfo.GetInstance(
                        Asn1Object.FromByteArray(bOut.ToArray())));

                Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
                    PkcsObjectIdentifiers.IdAASigningCertificate];

                if (attr == null)
                {
                    throw new TspValidationException(
                        "no signing certificate attribute found, time stamp invalid.");
                }

                SigningCertificate signCert = SigningCertificate.GetInstance(
                    attr.AttrValues[0]);

                this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
            }
            catch (CmsException e)
            {
                throw new TspException(e.Message, e.InnerException);
            }
        }
Пример #2
0
        /**
         * Fetches the signature time-stamp attributes from a SignerInformation object.
         * Checks that the MessageImprint for each time-stamp matches the signature field.
         * (see RFC 3161 Appendix A).
         *
         * @param signerInfo a SignerInformation to search for time-stamps
         * @return a collection of TimeStampToken objects
         * @throws TSPValidationException
         */
        public static ICollection GetSignatureTimestamps(
            SignerInformation signerInfo)
        {
            IList timestamps = Platform.CreateArrayList();

            Asn1.Cms.AttributeTable unsignedAttrs = signerInfo.UnsignedAttributes;
            if (unsignedAttrs != null)
            {
                foreach (Asn1.Cms.Attribute tsAttr in unsignedAttrs.GetAll(
                             PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
                {
                    foreach (Asn1Encodable asn1 in tsAttr.AttrValues)
                    {
                        try
                        {
                            Asn1.Cms.ContentInfo contentInfo = Asn1.Cms.ContentInfo.GetInstance(
                                asn1.ToAsn1Object());
                            TimeStampToken     timeStampToken = new TimeStampToken(contentInfo);
                            TimeStampTokenInfo tstInfo        = timeStampToken.TimeStampInfo;

                            byte[] expectedDigest = DigestUtilities.CalculateDigest(
                                GetDigestAlgName(tstInfo.MessageImprintAlgOid),
                                signerInfo.GetSignature());

                            if (!Arrays.ConstantTimeAreEqual(expectedDigest, tstInfo.GetMessageImprintDigest()))
                            {
                                throw new TspValidationException("Incorrect digest in message imprint");
                            }

                            timestamps.Add(timeStampToken);
                        }
                        catch (SecurityUtilityException)
                        {
                            throw new TspValidationException("Unknown hash algorithm specified in timestamp");
                        }
                        catch (Exception)
                        {
                            throw new TspValidationException("Timestamp could not be parsed");
                        }
                    }
                }
            }

            return(timestamps);
        }
Пример #3
0
        public TimeStampToken(CmsSignedData signedData)
        {
            this.tsToken = signedData;
            if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
            {
                throw new TspValidationException("ContentInfo object not for a time stamp.");
            }
            ICollection signers = this.tsToken.GetSignerInfos().GetSigners();

            if (signers.Count != 1)
            {
                throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature.");
            }
            IEnumerator enumerator = signers.GetEnumerator();

            enumerator.MoveNext();
            this.tsaSignerInfo = (SignerInformation)enumerator.Current;
            try
            {
                CmsProcessable signedContent = this.tsToken.SignedContent;
                MemoryStream   memoryStream  = new MemoryStream();
                signedContent.Write(memoryStream);
                this.tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(memoryStream.ToArray())));
                Org.BouncyCastle.Asn1.Cms.Attribute attribute = this.tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
                if (attribute != null)
                {
                    SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
                    this.certID = new TimeStampToken.CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
                }
                else
                {
                    attribute = this.tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
                    if (attribute == null)
                    {
                        throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
                    }
                    SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
                    this.certID = new TimeStampToken.CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
                }
            }
            catch (CmsException ex)
            {
                throw new TspException(ex.Message, ex.InnerException);
            }
        }
Пример #4
0
 public TimeStampToken(CmsSignedData signedData)
 {
     //IL_0063: Unknown result type (might be due to invalid IL or missing references)
     //IL_0094: Unknown result type (might be due to invalid IL or missing references)
     //IL_009a: Expected O, but got Unknown
     tsToken = signedData;
     if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
     {
         throw new TspValidationException("ContentInfo object not for a time stamp.");
     }
     global::System.Collections.ICollection signers = tsToken.GetSignerInfos().GetSigners();
     if (signers.get_Count() != 1)
     {
         throw new ArgumentException(string.Concat((object)"Time-stamp token signed by ", (object)signers.get_Count(), (object)" signers, but it must contain just the TSA signature."));
     }
     global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signers).GetEnumerator();
     enumerator.MoveNext();
     tsaSignerInfo = (SignerInformation)enumerator.get_Current();
     try
     {
         CmsProcessable signedContent = tsToken.SignedContent;
         MemoryStream   val           = new MemoryStream();
         signedContent.Write((Stream)(object)val);
         tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(val.ToArray())));
         Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
         if (attribute != null)
         {
             SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
             certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
             return;
         }
         attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
         if (attribute == null)
         {
             throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
         }
         SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
         certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
     }
     catch (CmsException ex)
     {
         throw new TspException(((global::System.Exception)ex).get_Message(), ((global::System.Exception)ex).get_InnerException());
     }
 }
Пример #5
0
        /**
         * Check this response against to see if it a well formed response for
         * the passed in request. Validation will include checking the time stamp
         * token if the response status is GRANTED or GRANTED_WITH_MODS.
         *
         * @param request the request to be checked against
         * @throws TspException if the request can not match this response.
         */
        public void Validate(
            TimeStampRequest request)
        {
            TimeStampToken tok = this.TimeStampToken;

            if (tok != null)
            {
                TimeStampTokenInfo tstInfo = tok.TimeStampInfo;

                if (request.Nonce != null && !request.Nonce.Equals(tstInfo.Nonce))
                {
                    throw new TspValidationException("response contains wrong nonce value.");
                }

                if (this.Status != (int)PkiStatus.Granted && this.Status != (int)PkiStatus.GrantedWithMods)
                {
                    throw new TspValidationException("time stamp token found in failed request.");
                }

                if (!Arrays.AreEqual(request.GetMessageImprintDigest(), tstInfo.GetMessageImprintDigest()))
                {
                    throw new TspValidationException("response for different message imprint digest.");
                }

                if (!tstInfo.MessageImprintAlgOid.Equals(request.MessageImprintAlgOid))
                {
                    throw new TspValidationException("response for different message imprint algorithm.");
                }

                if (tok.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate] == null)
                {
                    throw new TspValidationException("no signing certificate attribute present.");
                }

                if (request.ReqPolicy != null && !request.ReqPolicy.Equals(tstInfo.Policy))
                {
                    throw new TspValidationException("TSA policy wrong for request.");
                }
            }
            else if (this.Status == (int)PkiStatus.Granted || this.Status == (int)PkiStatus.GrantedWithMods)
            {
                throw new TspValidationException("no time stamp token found and one expected.");
            }
        }
Пример #6
0
        public void Validate(TimeStampRequest request)
        {
            TimeStampToken timeStampToken = this.TimeStampToken;

            if (timeStampToken != null)
            {
                TimeStampTokenInfo timeStampInfo = timeStampToken.TimeStampInfo;
                if (request.Nonce != null && !request.Nonce.Equals(timeStampInfo.Nonce))
                {
                    throw new TspValidationException("response contains wrong nonce value.");
                }
                if (this.Status != 0 && this.Status != 1)
                {
                    throw new TspValidationException("time stamp token found in failed request.");
                }
                if (!Arrays.ConstantTimeAreEqual(request.GetMessageImprintDigest(), timeStampInfo.GetMessageImprintDigest()))
                {
                    throw new TspValidationException("response for different message imprint digest.");
                }
                if (!timeStampInfo.MessageImprintAlgOid.Equals(request.MessageImprintAlgOid))
                {
                    throw new TspValidationException("response for different message imprint algorithm.");
                }
                Org.BouncyCastle.Asn1.Cms.Attribute attribute  = timeStampToken.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
                Org.BouncyCastle.Asn1.Cms.Attribute attribute2 = timeStampToken.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
                if (attribute == null && attribute2 == null)
                {
                    throw new TspValidationException("no signing certificate attribute present.");
                }
                if (attribute != null)
                {
                }
                if (request.ReqPolicy != null && !request.ReqPolicy.Equals(timeStampInfo.Policy))
                {
                    throw new TspValidationException("TSA policy wrong for request.");
                }
            }
            else if (this.Status == 0 || this.Status == 1)
            {
                throw new TspValidationException("no time stamp token found and one expected.");
            }
        }
Пример #7
0
        public static ICollection GetSignatureTimestamps(SignerInformation signerInfo)
        {
            IList list = Platform.CreateArrayList();

            Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInfo.UnsignedAttributes;
            if (unsignedAttributes != null)
            {
                foreach (Org.BouncyCastle.Asn1.Cms.Attribute attribute in unsignedAttributes.GetAll(PkcsObjectIdentifiers.IdAASignatureTimeStampToken))
                {
                    foreach (Asn1Encodable asn1Encodable in attribute.AttrValues)
                    {
                        try
                        {
                            Org.BouncyCastle.Asn1.Cms.ContentInfo instance = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(asn1Encodable.ToAsn1Object());
                            TimeStampToken     timeStampToken = new TimeStampToken(instance);
                            TimeStampTokenInfo timeStampInfo  = timeStampToken.TimeStampInfo;
                            byte[]             a = DigestUtilities.CalculateDigest(TspUtil.GetDigestAlgName(timeStampInfo.MessageImprintAlgOid), signerInfo.GetSignature());
                            if (!Arrays.ConstantTimeAreEqual(a, timeStampInfo.GetMessageImprintDigest()))
                            {
                                throw new TspValidationException("Incorrect digest in message imprint");
                            }
                            list.Add(timeStampToken);
                        }
                        catch (SecurityUtilityException)
                        {
                            throw new TspValidationException("Unknown hash algorithm specified in timestamp");
                        }
                        catch (Exception)
                        {
                            throw new TspValidationException("Timestamp could not be parsed");
                        }
                    }
                }
            }
            return(list);
        }
        public TimeStampToken(
            CmsSignedData signedData)
        {
            this.tsToken = signedData;

            if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
            {
                throw new TspValidationException("ContentInfo object not for a time stamp.");
            }

            ICollection signers = tsToken.GetSignerInfos().GetSigners();

            if (signers.Count != 1)
            {
                throw new ArgumentException("Time-stamp token signed by "
                                            + signers.Count
                                            + " signers, but it must contain just the TSA signature.");
            }


            IEnumerator signerEnum = signers.GetEnumerator();

            signerEnum.MoveNext();
            tsaSignerInfo = (SignerInformation)signerEnum.Current;

            try
            {
                CmsProcessable content = tsToken.SignedContent;
                MemoryStream   bOut    = new MemoryStream();

                content.Write(bOut);

                this.tstInfo = new TimeStampTokenInfo(
                    TstInfo.GetInstance(
                        Asn1Object.FromByteArray(bOut.ToArray())));

                Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
                    PkcsObjectIdentifiers.IdAASigningCertificate];

//				if (attr == null)
//				{
//					throw new TspValidationException(
//						"no signing certificate attribute found, time stamp invalid.");
//				}
//
//				SigningCertificate signCert = SigningCertificate.GetInstance(
//					attr.AttrValues[0]);
//
//				this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);

                if (attr != null)
                {
                    SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]);

                    this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0]));
                }
                else
                {
                    attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];

                    if (attr == null)
                    {
                        throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
                    }

                    SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);

                    this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0]));
                }
            }
            catch (CmsException e)
            {
                throw new TspException(e.Message, e.InnerException);
            }
        }
Пример #9
0
 public static global::System.Collections.ICollection GetSignatureTimestamps(SignerInformation signerInfo)
 {
     global::System.Collections.IList         list = Platform.CreateArrayList();
     Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInfo.UnsignedAttributes;
     if (unsignedAttributes != null)
     {
         global::System.Collections.IEnumerator enumerator = unsignedAttributes.GetAll(PkcsObjectIdentifiers.IdAASignatureTimeStampToken).GetEnumerator();
         try
         {
             while (enumerator.MoveNext())
             {
                 Attribute attribute = (Attribute)enumerator.get_Current();
                 {
                     global::System.Collections.IEnumerator enumerator2 = attribute.AttrValues.GetEnumerator();
                     try
                     {
                         while (enumerator2.MoveNext())
                         {
                             Asn1Encodable asn1Encodable = (Asn1Encodable)enumerator2.get_Current();
                             try
                             {
                                 Org.BouncyCastle.Asn1.Cms.ContentInfo instance = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(asn1Encodable.ToAsn1Object());
                                 TimeStampToken     timeStampToken = new TimeStampToken(instance);
                                 TimeStampTokenInfo timeStampInfo  = timeStampToken.TimeStampInfo;
                                 byte[]             a = DigestUtilities.CalculateDigest(GetDigestAlgName(timeStampInfo.MessageImprintAlgOid), signerInfo.GetSignature());
                                 if (!Arrays.ConstantTimeAreEqual(a, timeStampInfo.GetMessageImprintDigest()))
                                 {
                                     throw new TspValidationException("Incorrect digest in message imprint");
                                 }
                                 list.Add((object)timeStampToken);
                             }
                             catch (SecurityUtilityException)
                             {
                                 throw new TspValidationException("Unknown hash algorithm specified in timestamp");
                             }
                             catch (global::System.Exception)
                             {
                                 throw new TspValidationException("Timestamp could not be parsed");
                             }
                         }
                     }
                     finally
                     {
                         global::System.IDisposable disposable2 = enumerator2 as global::System.IDisposable;
                         if (disposable2 != null)
                         {
                             disposable2.Dispose();
                         }
                     }
                 }
             }
             return((global::System.Collections.ICollection)list);
         }
         finally
         {
             global::System.IDisposable disposable = enumerator as global::System.IDisposable;
             if (disposable != null)
             {
                 disposable.Dispose();
             }
         }
     }
     return((global::System.Collections.ICollection)list);
 }