Examples with Time com.github.zhenwei.pkix.util.asn1.cms.Time used on opensource projects

Example 6 with Time

use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.

the class TimeStampTokenGenerator method createGeneralizedTime.

// we need to produce a correct DER encoding GeneralizedTime here as the BC ASN.1 library doesn't handle this properly yet.
private ASN1GeneralizedTime createGeneralizedTime(Date time) throws TSPException {
    String format = "yyyyMMddHHmmss.SSS";
    SimpleDateFormat dateF = (locale == null) ? new SimpleDateFormat(format) : new SimpleDateFormat(format, locale);
    dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
    StringBuilder sBuild = new StringBuilder(dateF.format(time));
    int dotIndex = sBuild.indexOf(".");
    if (dotIndex < 0) {
        // came back in seconds only, just return
        sBuild.append("Z");
        return new ASN1GeneralizedTime(sBuild.toString());
    }
    // trim to resolution
    switch(resolution) {
        case R_TENTHS_OF_SECONDS:
            if (sBuild.length() > dotIndex + 2) {
                sBuild.delete(dotIndex + 2, sBuild.length());
            }
            break;
        case R_HUNDREDTHS_OF_SECONDS:
            if (sBuild.length() > dotIndex + 3) {
                sBuild.delete(dotIndex + 3, sBuild.length());
            }
            break;
        case R_MILLISECONDS:
            // do nothing
            break;
        default:
            throw new TSPException("unknown time-stamp resolution: " + resolution);
    }
    // remove trailing zeros
    while (sBuild.charAt(sBuild.length() - 1) == '0') {
        sBuild.deleteCharAt(sBuild.length() - 1);
    }
    if (sBuild.length() - 1 == dotIndex) {
        sBuild.deleteCharAt(sBuild.length() - 1);
    }
    sBuild.append("Z");
    return new ASN1GeneralizedTime(sBuild.toString());
}

Example 7 with Time

use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.

the class ERSArchiveTimeStampGenerator method generateArchiveTimeStamp.

public ERSArchiveTimeStamp generateArchiveTimeStamp(TimeStampResponse tspResponse) throws TSPException, ERSException {
    PartialHashtree[] reducedHashTree = getPartialHashtrees();
    byte[] rootHash = rootNodeCalculator.computeRootHash(digCalc, reducedHashTree);
    TSTInfo tstInfo = tspResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure();
    if (!tstInfo.getMessageImprint().getHashAlgorithm().equals(digCalc.getAlgorithmIdentifier())) {
        throw new ERSException("time stamp imprint for wrong algorithm");
    }
    if (!Arrays.areEqual(tstInfo.getMessageImprint().getHashedMessage(), rootHash)) {
        throw new ERSException("time stamp imprint for wrong root hash");
    }
    ArchiveTimeStamp ats;
    if (reducedHashTree.length == 1) {
        // just include the TimeStamp
        ats = new ArchiveTimeStamp(null, null, tspResponse.getTimeStampToken().toCMSSignedData().toASN1Structure());
    } else {
        ats = new ArchiveTimeStamp(digCalc.getAlgorithmIdentifier(), reducedHashTree, tspResponse.getTimeStampToken().toCMSSignedData().toASN1Structure());
    }
    return new ERSArchiveTimeStamp(ats, digCalc, rootNodeCalculator);
}

Example 8 with Time

use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.

the class TimeStampToken method validate.

/**
 * Validate the time stamp token.
 * <p>
 * To be valid the token must be signed by the passed in certificate and the certificate must be
 * the one referred to by the SigningCertificate attribute included in the hashed attributes of
 * the token. The certificate must also have the ExtendedKeyUsageExtension with only
 * KeyPurposeId.id_kp_timeStamping and have been valid at the time the timestamp was created.
 * </p>
 * <p>
 * A successful call to validate means all the above are true.
 * </p>
 *
 * @param sigVerifier the content verifier create the objects required to verify the CMS object in
 *                    the timestamp.
 * @throws TSPException             if an exception occurs in processing the token.
 * @throws TSPValidationException   if the certificate or signature fail to be valid.
 * @throws IllegalArgumentException if the sigVerifierProvider has no associated certificate.
 */
public void validate(SignerInformationVerifier sigVerifier) throws TSPException, TSPValidationException {
    if (!sigVerifier.hasAssociatedCertificate()) {
        throw new IllegalArgumentException("verifier provider needs an associated certificate");
    }
    try {
        X509CertificateHolder certHolder = sigVerifier.getAssociatedCertificate();
        DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm());
        OutputStream cOut = calc.getOutputStream();
        cOut.write(certHolder.getEncoded());
        cOut.close();
        if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest())) {
            throw new TSPValidationException("certificate hash does not match certID hash.");
        }
        if (certID.getIssuerSerial() != null) {
            IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(certHolder.toASN1Structure());
            if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber())) {
                throw new TSPValidationException("certificate serial number does not match certID for signature.");
            }
            GeneralName[] names = certID.getIssuerSerial().getIssuer().getNames();
            boolean found = false;
            for (int i = 0; i != names.length; i++) {
                if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName()))) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                throw new TSPValidationException("certificate name does not match certID for signature. ");
            }
        }
        TSPUtil.validateCertificate(certHolder);
        if (!certHolder.isValidOn(tstInfo.getGenTime())) {
            throw new TSPValidationException("certificate not valid when time stamp created.");
        }
        if (!tsaSignerInfo.verify(sigVerifier)) {
            throw new TSPValidationException("signature not created by certificate.");
        }
    } catch (CMSException e) {
        if (e.getUnderlyingException() != null) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        } else {
            throw new TSPException("CMS exception: " + e, e);
        }
    } catch (IOException e) {
        throw new TSPException("problem processing certificate: " + e, e);
    } catch (OperatorCreationException e) {
        throw new TSPException("unable to create digest: " + e.getMessage(), e);
    }
}

Example 9 with Time

use of com.github.zhenwei.pkix.util.asn1.cms.Time in project LinLong-Java by zhenwei1108.

the class TimeStampTokenGenerator method generate.

/**
 * Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
 * in genTime.
 *
 * @param request              the originating request.
 * @param serialNumber         serial number for the TimeStampToken
 * @param genTime              token generation time.
 * @param additionalExtensions extra extensions to be added to the response token.
 * @return a TimeStampToken
 * @throws TSPException
 */
public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, Extensions additionalExtensions) throws TSPException {
    AlgorithmIdentifier algID = request.getMessageImprintAlgID();
    MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
    Accuracy accuracy = null;
    if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
        ASN1Integer seconds = null;
        if (accuracySeconds > 0) {
            seconds = new ASN1Integer(accuracySeconds);
        }
        ASN1Integer millis = null;
        if (accuracyMillis > 0) {
            millis = new ASN1Integer(accuracyMillis);
        }
        ASN1Integer micros = null;
        if (accuracyMicros > 0) {
            micros = new ASN1Integer(accuracyMicros);
        }
        accuracy = new Accuracy(seconds, millis, micros);
    }
    ASN1Boolean derOrdering = null;
    if (ordering) {
        derOrdering = ASN1Boolean.getInstance(ordering);
    }
    ASN1Integer nonce = null;
    if (request.getNonce() != null) {
        nonce = new ASN1Integer(request.getNonce());
    }
    ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
    if (request.getReqPolicy() != null) {
        tsaPolicy = request.getReqPolicy();
    }
    Extensions respExtensions = request.getExtensions();
    if (additionalExtensions != null) {
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (respExtensions != null) {
            for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
                extGen.addExtension(respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
            }
        }
        for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
            extGen.addExtension(additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
        }
        respExtensions = extGen.generate();
    }
    ASN1GeneralizedTime timeStampTime;
    if (resolution == R_SECONDS) {
        timeStampTime = (locale == null) ? new ASN1GeneralizedTime(genTime) : new ASN1GeneralizedTime(genTime, locale);
    } else {
        timeStampTime = createGeneralizedTime(genTime);
    }
    TSTInfo tstInfo = new TSTInfo(tsaPolicy, messageImprint, new ASN1Integer(serialNumber), timeStampTime, accuracy, derOrdering, nonce, tsa, respExtensions);
    try {
        CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
        if (request.getCertReq()) {
            // TODO: do we need to check certs non-empty?
            signedDataGenerator.addCertificates(new CollectionStore(certs));
            signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
        }
        signedDataGenerator.addCRLs(new CollectionStore(crls));
        if (!otherRevoc.isEmpty()) {
            for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
                ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();
                signedDataGenerator.addOtherRevocationInfo(format, new CollectionStore((Collection) otherRevoc.get(format)));
            }
        }
        signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
        byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);
        CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true);
        return new TimeStampToken(signedData);
    } catch (CMSException cmsEx) {
        throw new TSPException("Error generating time-stamp token", cmsEx);
    } catch (IOException e) {
        throw new TSPException("Exception encoding info", e);
    }
}