Example 1 with Time
use of com.github.zhenwei.pkix.util.asn1.cms.Time in project robovm by robovm.
the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will
* normally include contentType, signingTime, and messageDigest. If the constructor
* using an AttributeTable was used, entries in it for contentType, signingTime, and
* messageDigest will override the generated ones.
*
* @param parameters source parameters for table generation.
*
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = (Hashtable) table.clone();
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.signingTime)) {
Date signingTime = new Date();
Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
return std;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
Hashtable(java.util.Hashtable)
Time(org.bouncycastle.asn1.cms.Time)
DERSet(org.bouncycastle.asn1.DERSet)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 2 with Time
use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.
the class DefaultSignedAttributeTableGenerator method createStandardAttributeTable.
/**
* Create a standard attribute table from the passed in parameters - this will normally include
* contentType, signingTime, messageDigest, and CMS algorithm protection. If the constructor using
* an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will
* override the generated ones.
*
* @param parameters source parameters for table generation.
* @return a filled in Hashtable of attributes.
*/
protected Hashtable createStandardAttributeTable(Map parameters) {
Hashtable std = copyHashTable(table);
if (!std.containsKey(CMSAttributes.contentType)) {
ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance(parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE));
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
Attribute attr = new Attribute(CMSAttributes.contentType, new DERSet(contentType));
std.put(attr.getAttrType(), attr);
}
}
if (!std.containsKey(CMSAttributes.signingTime)) {
Date signingTime = new Date();
Attribute attr = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(signingTime)));
std.put(attr.getAttrType(), attr);
}
if (!std.containsKey(CMSAttributes.messageDigest)) {
byte[] messageDigest = (byte[]) parameters.get(CMSAttributeTableGenerator.DIGEST);
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(messageDigest)));
std.put(attr.getAttrType(), attr);
}
if (!std.contains(CMSAttributes.cmsAlgorithmProtect)) {
Attribute attr = new Attribute(CMSAttributes.cmsAlgorithmProtect, new DERSet(new CMSAlgorithmProtection((AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER), CMSAlgorithmProtection.SIGNATURE, (AlgorithmIdentifier) parameters.get(CMSAttributeTableGenerator.SIGNATURE_ALGORITHM_IDENTIFIER))));
std.put(attr.getAttrType(), attr);
}
return std;
}
Also used :
CMSAlgorithmProtection(com.github.zhenwei.pkix.util.asn1.cms.CMSAlgorithmProtection)
Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute)
Hashtable(java.util.Hashtable)
Time(com.github.zhenwei.pkix.util.asn1.cms.Time)
DERSet(com.github.zhenwei.core.asn1.DERSet)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Date(java.util.Date)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
Example 3 with Time
use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.
the class TSPUtil method getSignatureTimestamps.
/**
* Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
* MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
*
* @param signerInfo a SignerInformation to search for time-stamps
* @param digCalcProvider provider for digest calculators
* @return a collection of TimeStampToken objects
* @throws TSPValidationException
*/
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
List timestamps = new ArrayList();
AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
if (unsignedAttrs != null) {
ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
for (int i = 0; i < allTSAttrs.size(); ++i) {
Attribute tsAttr = (Attribute) allTSAttrs.get(i);
ASN1Set tsAttrValues = tsAttr.getAttrValues();
for (int j = 0; j < tsAttrValues.size(); ++j) {
try {
ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
OutputStream dOut = digCalc.getOutputStream();
dOut.write(signerInfo.getSignature());
dOut.close();
byte[] expectedDigest = digCalc.getDigest();
if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
throw new TSPValidationException("Incorrect digest in message imprint");
}
timestamps.add(timeStampToken);
} catch (OperatorCreationException e) {
throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
} catch (Exception e) {
throw new TSPValidationException("Timestamp could not be parsed");
}
}
}
}
return timestamps;
}
Also used :
Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute)
OutputStream(java.io.OutputStream)
ArrayList(java.util.ArrayList)
AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)
DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
IOException(java.io.IOException)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ArrayList(java.util.ArrayList)
List(java.util.List)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
Example 4 with Time
use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.
the class TimeStampResponse method validate.
/**
* Check this response against to see if it a well formed response for the passed in request.
* Validation will include checking the time stamp token if the response status is GRANTED or
* GRANTED_WITH_MODS.
*
* @param request the request to be checked against
* @throws TSPException if the request can not match this response.
*/
public void validate(TimeStampRequest request) throws TSPException {
TimeStampToken tok = this.getTimeStampToken();
if (tok != null) {
TimeStampTokenInfo tstInfo = tok.getTimeStampInfo();
if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce())) {
throw new TSPValidationException("response contains wrong nonce value.");
}
if (this.getStatus() != PKIStatus.GRANTED && this.getStatus() != PKIStatus.GRANTED_WITH_MODS) {
throw new TSPValidationException("time stamp token found in failed request.");
}
if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest())) {
throw new TSPValidationException("response for different message imprint digest.");
}
if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID())) {
throw new TSPValidationException("response for different message imprint algorithm.");
}
Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
if (scV1 == null && scV2 == null) {
throw new TSPValidationException("no signing certificate attribute present.");
}
if (scV1 != null && scV2 != null) {
/*
* RFC 5035 5.4. If both attributes exist in a single message,
* they are independently evaluated.
*/
}
if (request.getReqPolicy() != null && !request.getReqPolicy().equals(tstInfo.getPolicy())) {
throw new TSPValidationException("TSA policy wrong for request.");
}
} else if (this.getStatus() == PKIStatus.GRANTED || this.getStatus() == PKIStatus.GRANTED_WITH_MODS) {
throw new TSPValidationException("no time stamp token found and one expected.");
}
}
Also used :
Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute)
Example 5 with Time
use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.
the class TimeStampResponseGenerator method generateGrantedResponse.
/**
* Return a granted response, if the passed in request passes validation with the passed in status
* string and extra extensions.
* <p>
* If genTime is null a timeNotAvailable or a validation exception occurs a TSPValidationException
* will be thrown. The parent TSPException will only occur on some sort of system failure.
* </p>
*
* @param request the request this response is for.
* @param serialNumber serial number for the response token.
* @param genTime generation time for the response token.
* @param additionalExtensions extra extensions to be added to the response token.
* @return the TimeStampResponse with a status of PKIStatus.GRANTED
* @throws TSPException on validation exception or internal error.
*/
public TimeStampResponse generateGrantedResponse(TimeStampRequest request, BigInteger serialNumber, Date genTime, String statusString, Extensions additionalExtensions) throws TSPException {
if (genTime == null) {
throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable);
}
request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
status = PKIStatus.GRANTED;
statusStrings = new ASN1EncodableVector();
if (statusString != null) {
this.addStatusString(statusString);
}
PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
ContentInfo tstTokenContentInfo;
try {
tstTokenContentInfo = tokenGenerator.generate(request, serialNumber, genTime, additionalExtensions).toCMSSignedData().toASN1Structure();
} catch (TSPException e) {
throw e;
} catch (Exception e) {
throw new TSPException("Timestamp token received cannot be converted to ContentInfo", e);
}
try {
return new TimeStampResponse(new DLSequence(new ASN1Encodable[] { pkiStatusInfo.toASN1Primitive(), tstTokenContentInfo.toASN1Primitive() }));
} catch (IOException e) {
throw new TSPException("created badly formatted response!");
}
}
Also used :
DLSequence(com.github.zhenwei.core.asn1.DLSequence)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
PKIStatusInfo(com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
IOException(java.io.IOException)
IOException(java.io.IOException)
Aggregations
IOException (java.io.IOException)4
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)3
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)2
ASN1GeneralizedTime (com.github.zhenwei.core.asn1.ASN1GeneralizedTime)2
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2
CMSException (com.github.zhenwei.pkix.cms.CMSException)2
DigestCalculator (com.github.zhenwei.pkix.operator.DigestCalculator)2
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)2
ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)2
MessageImprint (com.github.zhenwei.pkix.util.asn1.tsp.MessageImprint)2
TSTInfo (com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo)2
OutputStream (java.io.OutputStream)2
Date (java.util.Date)2
Hashtable (java.util.Hashtable)2
ASN1Boolean (com.github.zhenwei.core.asn1.ASN1Boolean)1
ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)1
ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)1
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1
DERSet (com.github.zhenwei.core.asn1.DERSet)1
