public TimeStampResponse Generate(TimeStampRequest request, BigInteger serialNumber, DateTimeObject genTime) { TimeStampResp resp; try { if (genTime == null) { throw new TspValidationException("The time source is not available.", 512); } request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions); status = PkiStatus.Granted; AddStatusString("Operation Okay"); PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); ContentInfo instance; try { TimeStampToken timeStampToken = tokenGenerator.Generate(request, serialNumber, genTime.Value); byte[] encoded = timeStampToken.ToCmsSignedData().GetEncoded(); instance = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded)); } catch (IOException e) { throw new TspException("Timestamp token received cannot be converted to ContentInfo", e); } resp = new TimeStampResp(pkiStatusInfo, instance); } catch (TspValidationException ex) { status = PkiStatus.Rejection; SetFailInfoField(ex.FailureCode); AddStatusString(ex.Message); PkiStatusInfo pkiStatusInfo2 = GetPkiStatusInfo(); resp = new TimeStampResp(pkiStatusInfo2, null); } try { return(new TimeStampResponse(resp)); } catch (IOException e2) { throw new TspException("created badly formatted response!", e2); } }
/// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/> /// <exception cref="Org.BouncyCastle.Tsp.TSPException"/> /// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.Certificates.CertificateEncodingException"/> public virtual byte[] CreateTimeStampToken(TimeStampRequest request) { // just a more or less random oid of timestamp policy String policy = "1.3.6.1.4.1.45794.1.1"; TimeStampTokenGenerator tsTokGen = new TimeStampTokenGenerator((AsymmetricKeyParameter)tsaPrivateKey, tsaCertificateChain[0], DigestAlgorithms.GetAllowedDigest("SHA1"), policy); tsTokGen.SetAccuracySeconds(1); // TODO setting this is somewhat wrong. Acrobat and openssl recognize timestamp tokens generated with this line as corrupted // openssl error message: 2304:error:2F09506F:time stamp routines:INT_TS_RESP_VERIFY_TOKEN:tsa name mismatch:ts_rsp_verify.c:476: // tsTokGen.setTSA(new GeneralName(new X500Name(PrincipalUtil.getIssuerX509Principal(tsCertificate).getName()))); tsTokGen.SetCertificates(X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(tsaCertificateChain.ToList()))); // should be unique for every timestamp BigInteger serialNumber = new BigInteger(SystemUtil.GetTimeBasedSeed().ToString()); DateTime genTime = DateTimeUtil.GetCurrentUtcTime(); TimeStampToken tsToken = tsTokGen.Generate(request, serialNumber, genTime); return(tsToken.GetEncoded()); }
/// <summary> /// Gets the <see cref="ContentInfo"/> meaning the time stamp token /// </summary> /// <param name="timeStampRequest"><see cref="TimeStampRequest"/></param> /// <returns><see cref="ContentInfo"/></returns> private async Task <ContentInfo> GetTimeStampToken(TimeStampRequest timeStampRequest) { var tsaCertificate = await BcTimeStampResponderRepository.GetCertificate(); var tokenGenerator = new TimeStampTokenGenerator( await BcTimeStampResponderRepository.GetPrivateKey(), tsaCertificate, NistObjectIdentifiers.IdSha512.Id, BcTimeStampResponderRepository.GetPolicyOid() ); var certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters( new List <X509Certificate> { tsaCertificate })); tokenGenerator.SetCertificates(certs); tokenGenerator.SetTsa(new GeneralName(new X509Name(tsaCertificate.SubjectDN.ToString()))); var timeStampToken = tokenGenerator.Generate( timeStampRequest, BcTimeStampResponderRepository.GetNextSerialNumber(), BcTimeStampResponderRepository.GetTimeToSign()); try { using (var stream = new Asn1InputStream(timeStampToken.ToCmsSignedData().GetEncoded())) { var contentInfo = ContentInfo.GetInstance(stream.ReadObject()); await SaveAuditLog(timeStampRequest, timeStampToken, tsaCertificate); return(contentInfo); } } catch (Exception e) { throw new TspException("Timestamp token cannot be converted to ContentInfo", e); } }