Examples with TSTInfo com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo used on opensource projects

Example 1 with TSTInfo

use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project gdmatrix by gdmatrix.

the class P7MUtils method recoverTSTInfo.

public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
    SignedData sd = SignedData.getInstance(contentInfo.getContent());
    ASN1Encodable content = sd.getEncapContentInfo().getContent();
    // TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
    // new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
    TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
    return tstInfo;
}

Example 2 with TSTInfo

use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project gdmatrix by gdmatrix.

the class CMSUtils method recoverTSTInfo.

public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
    SignedData sd = SignedData.getInstance(contentInfo.getContent());
    ASN1Encodable content = sd.getEncapContentInfo().getContent();
    // TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
    // new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
    TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
    return tstInfo;
}

Example 3 with TSTInfo

use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project LinLong-Java by zhenwei1108.

the class TSPUtil method getSignatureTimestamps.

/**
 * Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
 * MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
 *
 * @param signerInfo      a SignerInformation to search for time-stamps
 * @param digCalcProvider provider for digest calculators
 * @return a collection of TimeStampToken objects
 * @throws TSPValidationException
 */
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
    List timestamps = new ArrayList();
    AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
    if (unsignedAttrs != null) {
        ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
        for (int i = 0; i < allTSAttrs.size(); ++i) {
            Attribute tsAttr = (Attribute) allTSAttrs.get(i);
            ASN1Set tsAttrValues = tsAttr.getAttrValues();
            for (int j = 0; j < tsAttrValues.size(); ++j) {
                try {
                    ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
                    TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
                    TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
                    DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
                    OutputStream dOut = digCalc.getOutputStream();
                    dOut.write(signerInfo.getSignature());
                    dOut.close();
                    byte[] expectedDigest = digCalc.getDigest();
                    if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
                        throw new TSPValidationException("Incorrect digest in message imprint");
                    }
                    timestamps.add(timeStampToken);
                } catch (OperatorCreationException e) {
                    throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
                } catch (Exception e) {
                    throw new TSPValidationException("Timestamp could not be parsed");
                }
            }
        }
    }
    return timestamps;
}

Example 4 with TSTInfo

use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project LinLong-Java by zhenwei1108.

the class TimeStampResponse method validate.

/**
 * Check this response against to see if it a well formed response for the passed in request.
 * Validation will include checking the time stamp token if the response status is GRANTED or
 * GRANTED_WITH_MODS.
 *
 * @param request the request to be checked against
 * @throws TSPException if the request can not match this response.
 */
public void validate(TimeStampRequest request) throws TSPException {
    TimeStampToken tok = this.getTimeStampToken();
    if (tok != null) {
        TimeStampTokenInfo tstInfo = tok.getTimeStampInfo();
        if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce())) {
            throw new TSPValidationException("response contains wrong nonce value.");
        }
        if (this.getStatus() != PKIStatus.GRANTED && this.getStatus() != PKIStatus.GRANTED_WITH_MODS) {
            throw new TSPValidationException("time stamp token found in failed request.");
        }
        if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest())) {
            throw new TSPValidationException("response for different message imprint digest.");
        }
        if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID())) {
            throw new TSPValidationException("response for different message imprint algorithm.");
        }
        Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
        Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
        if (scV1 == null && scV2 == null) {
            throw new TSPValidationException("no signing certificate attribute present.");
        }
        if (scV1 != null && scV2 != null) {
        /*
         * RFC 5035 5.4. If both attributes exist in a single message,
         * they are independently evaluated.
         */
        }
        if (request.getReqPolicy() != null && !request.getReqPolicy().equals(tstInfo.getPolicy())) {
            throw new TSPValidationException("TSA policy wrong for request.");
        }
    } else if (this.getStatus() == PKIStatus.GRANTED || this.getStatus() == PKIStatus.GRANTED_WITH_MODS) {
        throw new TSPValidationException("no time stamp token found and one expected.");
    }
}

Example 5 with TSTInfo

use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project LinLong-Java by zhenwei1108.

the class ERSArchiveTimeStampGenerator method generateArchiveTimeStamp.

public ERSArchiveTimeStamp generateArchiveTimeStamp(TimeStampResponse tspResponse) throws TSPException, ERSException {
    PartialHashtree[] reducedHashTree = getPartialHashtrees();
    byte[] rootHash = rootNodeCalculator.computeRootHash(digCalc, reducedHashTree);
    TSTInfo tstInfo = tspResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure();
    if (!tstInfo.getMessageImprint().getHashAlgorithm().equals(digCalc.getAlgorithmIdentifier())) {
        throw new ERSException("time stamp imprint for wrong algorithm");
    }
    if (!Arrays.areEqual(tstInfo.getMessageImprint().getHashedMessage(), rootHash)) {
        throw new ERSException("time stamp imprint for wrong root hash");
    }
    ArchiveTimeStamp ats;
    if (reducedHashTree.length == 1) {
        // just include the TimeStamp
        ats = new ArchiveTimeStamp(null, null, tspResponse.getTimeStampToken().toCMSSignedData().toASN1Structure());
    } else {
        ats = new ArchiveTimeStamp(digCalc.getAlgorithmIdentifier(), reducedHashTree, tspResponse.getTimeStampToken().toCMSSignedData().toASN1Structure());
    }
    return new ERSArchiveTimeStamp(ats, digCalc, rootNodeCalculator);
}