示例#1
0
 public TimeStampResponse Generate(
     TimeStampRequest request,
     BigInteger serialNumber,
     DateTime genTime)
 {
     return(Generate(request, serialNumber, new DateTimeObject(genTime)));
 }
示例#2
0
        /**
         * Return an appropriate TimeStampResponse.
         * <p>
         * If genTime is null a timeNotAvailable error response will be returned.
         *
         * @param request the request this response is for.
         * @param serialNumber serial number for the response token.
         * @param genTime generation time for the response token.
         * @param provider provider to use for signature calculation.
         * @return
         * @throws NoSuchAlgorithmException
         * @throws NoSuchProviderException
         * @throws TSPException
         * </p>
         */
        public TimeStampResponse Generate(
            TimeStampRequest request,
            BigInteger serialNumber,
            DateTimeObject genTime)
        {
            TimeStampResp resp;

            try
            {
                if (genTime == null)
                {
                    throw new TspValidationException("The time source is not available.",
                                                     PkiFailureInfo.TimeNotAvailable);
                }

                request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);

                this.status = PkiStatus.Granted;
                this.AddStatusString("Operation Okay");

                PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo();

                ContentInfo tstTokenContentInfo;
                try
                {
                    TimeStampToken token   = tokenGenerator.Generate(request, serialNumber, genTime.Value);
                    byte[]         encoded = token.ToCmsSignedData().GetEncoded();

                    tstTokenContentInfo = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded));
                }
                catch (IOException e)
                {
                    throw new TspException("Timestamp token received cannot be converted to ContentInfo", e);
                }

                resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo);
            }
            catch (TspValidationException e)
            {
                status = PkiStatus.Rejection;

                this.SetFailInfoField(e.FailureCode);
                this.AddStatusString(e.Message);

                PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo();

                resp = new TimeStampResp(pkiStatusInfo, null);
            }

            try
            {
                return(new TimeStampResponse(resp));
            }
            catch (IOException e)
            {
                throw new TspException("created badly formatted response!", e);
            }
        }
示例#3
0
        /**
         * Check this response against to see if it a well formed response for
         * the passed in request. Validation will include checking the time stamp
         * token if the response status is GRANTED or GRANTED_WITH_MODS.
         *
         * @param request the request to be checked against
         * @throws TspException if the request can not match this response.
         */
        public void Validate(
            TimeStampRequest request)
        {
            TimeStampToken tok = this.TimeStampToken;

            if (tok != null)
            {
                TimeStampTokenInfo tstInfo = tok.TimeStampInfo;

                if (request.Nonce != null && !request.Nonce.Equals(tstInfo.Nonce))
                {
                    throw new TspValidationException("response contains wrong nonce value.");
                }

                if (this.Status != (int)PkiStatus.Granted && this.Status != (int)PkiStatus.GrantedWithMods)
                {
                    throw new TspValidationException("time stamp token found in failed request.");
                }

                if (!Arrays.ConstantTimeAreEqual(request.GetMessageImprintDigest(), tstInfo.GetMessageImprintDigest()))
                {
                    throw new TspValidationException("response for different message imprint digest.");
                }

                if (!tstInfo.MessageImprintAlgOid.Equals(request.MessageImprintAlgOid))
                {
                    throw new TspValidationException("response for different message imprint algorithm.");
                }

                Asn1.Cms.Attribute scV1 = tok.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
                Asn1.Cms.Attribute scV2 = tok.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];

                if (scV1 == null && scV2 == null)
                {
                    throw new TspValidationException("no signing certificate attribute present.");
                }

                if (scV1 != null && scV2 != null)
                {
                    /*
                     * RFC 5035 5.4. If both attributes exist in a single message,
                     * they are independently evaluated.
                     */
                }

                if (request.ReqPolicy != null && !request.ReqPolicy.Equals(tstInfo.Policy))
                {
                    throw new TspValidationException("TSA policy wrong for request.");
                }
            }
            else if (this.Status == (int)PkiStatus.Granted || this.Status == (int)PkiStatus.GrantedWithMods)
            {
                throw new TspValidationException("no time stamp token found and one expected.");
            }
        }
示例#4
0
        //------------------------------------------------------------------------------

        public TimeStampToken Generate(
            TimeStampRequest request,
            BigInteger serialNumber,
            DateTime genTime)
        {
            DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid);

            AlgorithmIdentifier algID          = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance);
            MessageImprint      messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest());

            Accuracy accuracy = null;

            if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
            {
                DerInteger seconds = null;
                if (accuracySeconds > 0)
                {
                    seconds = new DerInteger(accuracySeconds);
                }

                DerInteger millis = null;
                if (accuracyMillis > 0)
                {
                    millis = new DerInteger(accuracyMillis);
                }

                DerInteger micros = null;
                if (accuracyMicros > 0)
                {
                    micros = new DerInteger(accuracyMicros);
                }

                accuracy = new Accuracy(seconds, millis, micros);
            }

            DerBoolean derOrdering = null;

            if (ordering)
            {
                derOrdering = DerBoolean.GetInstance(ordering);
            }

            DerInteger nonce = null;

            if (request.Nonce != null)
            {
                nonce = new DerInteger(request.Nonce);
            }

            DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID);

            if (request.ReqPolicy != null)
            {
                tsaPolicy = new DerObjectIdentifier(request.ReqPolicy);
            }

            TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint,
                                          new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy,
                                          derOrdering, nonce, tsa, request.Extensions);

            try
            {
                CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();

                byte[] derEncodedTstInfo = tstInfo.GetDerEncoded();

                if (request.CertReq)
                {
                    signedDataGenerator.AddCertificates(x509Certs);
                }

                signedDataGenerator.AddCrls(x509Crls);
                signedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr);

                CmsSignedData signedData = signedDataGenerator.Generate(
                    PkcsObjectIdentifiers.IdCTTstInfo.Id,
                    new CmsProcessableByteArray(derEncodedTstInfo),
                    true);

                return(new TimeStampToken(signedData));
            }
            catch (CmsException cmsEx)
            {
                throw new TspException("Error generating time-stamp token", cmsEx);
            }
            catch (IOException e)
            {
                throw new TspException("Exception encoding info", e);
            }
            catch (X509StoreException e)
            {
                throw new TspException("Exception handling CertStore", e);
            }
//			catch (InvalidAlgorithmParameterException e)
//			{
//				throw new TspException("Exception handling CertStore CRLs", e);
//			}
        }