Example 6 with TSTInfo
use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project LinLong-Java by zhenwei1108.
the class TimeStampTokenGenerator method generate.
/**
* Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
* in genTime.
*
* @param request the originating request.
* @param serialNumber serial number for the TimeStampToken
* @param genTime token generation time.
* @param additionalExtensions extra extensions to be added to the response token.
* @return a TimeStampToken
* @throws TSPException
*/
public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, Extensions additionalExtensions) throws TSPException {
AlgorithmIdentifier algID = request.getMessageImprintAlgID();
MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
Accuracy accuracy = null;
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
ASN1Integer seconds = null;
if (accuracySeconds > 0) {
seconds = new ASN1Integer(accuracySeconds);
}
ASN1Integer millis = null;
if (accuracyMillis > 0) {
millis = new ASN1Integer(accuracyMillis);
}
ASN1Integer micros = null;
if (accuracyMicros > 0) {
micros = new ASN1Integer(accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
ASN1Boolean derOrdering = null;
if (ordering) {
derOrdering = ASN1Boolean.getInstance(ordering);
}
ASN1Integer nonce = null;
if (request.getNonce() != null) {
nonce = new ASN1Integer(request.getNonce());
}
ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
if (request.getReqPolicy() != null) {
tsaPolicy = request.getReqPolicy();
}
Extensions respExtensions = request.getExtensions();
if (additionalExtensions != null) {
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (respExtensions != null) {
for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
extGen.addExtension(respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
}
}
for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
extGen.addExtension(additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
}
respExtensions = extGen.generate();
}
ASN1GeneralizedTime timeStampTime;
if (resolution == R_SECONDS) {
timeStampTime = (locale == null) ? new ASN1GeneralizedTime(genTime) : new ASN1GeneralizedTime(genTime, locale);
} else {
timeStampTime = createGeneralizedTime(genTime);
}
TSTInfo tstInfo = new TSTInfo(tsaPolicy, messageImprint, new ASN1Integer(serialNumber), timeStampTime, accuracy, derOrdering, nonce, tsa, respExtensions);
try {
CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
if (request.getCertReq()) {
// TODO: do we need to check certs non-empty?
signedDataGenerator.addCertificates(new CollectionStore(certs));
signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
}
signedDataGenerator.addCRLs(new CollectionStore(crls));
if (!otherRevoc.isEmpty()) {
for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();
signedDataGenerator.addOtherRevocationInfo(format, new CollectionStore((Collection) otherRevoc.get(format)));
}
}
signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);
CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true);
return new TimeStampToken(signedData);
} catch (CMSException cmsEx) {
throw new TSPException("Error generating time-stamp token", cmsEx);
} catch (IOException e) {
throw new TSPException("Exception encoding info", e);
}
}
Also used :
CMSSignedDataGenerator(com.github.zhenwei.pkix.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(com.github.zhenwei.pkix.cms.CMSProcessableByteArray)
Enumeration(java.util.Enumeration)
MessageImprint(com.github.zhenwei.pkix.util.asn1.tsp.MessageImprint)
ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(com.github.zhenwei.core.asn1.x509.Extensions)
CMSSignedData(com.github.zhenwei.pkix.cms.CMSSignedData)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
ExtensionsGenerator(com.github.zhenwei.core.asn1.x509.ExtensionsGenerator)
Accuracy(com.github.zhenwei.pkix.util.asn1.tsp.Accuracy)
TSTInfo(com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
ASN1Boolean(com.github.zhenwei.core.asn1.ASN1Boolean)
CollectionStore(com.github.zhenwei.core.util.CollectionStore)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
CMSException(com.github.zhenwei.pkix.cms.CMSException)
Example 7 with TSTInfo
use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project gdmatrix by gdmatrix.
the class P7MDocument method getSignatures.
public List<P7MSignature> getSignatures() throws Exception {
ArrayList<P7MSignature> signatures = new ArrayList();
// CertStore certStore = cms.getCertificatesAndCRLs("Collection", "BC");
Store certStore = cms.getCertificates();
SignerInformationStore siStore = cms.getSignerInfos();
Collection signers = siStore.getSigners();
for (Object elem : signers) {
SignerInformation signer = (SignerInformation) elem;
P7MSignature signature = new P7MSignature();
signatures.add(signature);
Collection certCollection = certStore.getMatches(signer.getSID());
// Collection certCollection = certStore.getCertificates(certSelector);
X509CertificateHolder certificateHolder = (X509CertificateHolder) certCollection.iterator().next();
X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
signature.setCertificate(certificate);
signature.loadProperties();
signature.setSignature(Base64.getMimeEncoder().encodeToString(signer.getSignature()).toUpperCase());
// **** signed attributes ****
AttributeTable table = signer.getSignedAttributes();
Hashtable attributes = table.toHashtable();
// signingTime
Attribute attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"));
if (attrib != null) {
ASN1UTCTime time = (ASN1UTCTime) attrib.getAttrValues().getObjectAt(0);
String timeString = time.getAdjustedTime();
SimpleDateFormat df = new SimpleDateFormat("yyyyMMddHHmmss'GMT+'00:00");
signature.setSigningDate(df.parse(timeString));
}
// filename
DEROctetString octet;
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.1"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setFilename(new String(octet.getOctets(), "UTF-16LE"));
}
}
// decretNumber
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.2"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setDecretNumber(new String(octet.getOctets(), "UTF-16LE"));
}
}
// **** unsigned attributes ****
table = signer.getUnsignedAttributes();
if (table != null) {
attributes = table.toHashtable();
// timeStampToken
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.14"));
if (attrib != null) {
ASN1Sequence seq = (ASN1Sequence) attrib.getAttrValues().getObjectAt(0);
ContentInfo timeStampToken = ContentInfo.getInstance(seq);
SignedData sd = SignedData.getInstance(timeStampToken.getContent());
ASN1Set certificates = sd.getCertificates();
ASN1Primitive derCert = certificates.getObjectAt(0).toASN1Primitive();
byte[] certBytes = derCert.getEncoded();
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
X509Certificate tsCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
signature.setTimeStampCertificate(tsCertificate);
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((ASN1OctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
signature.setTimeStampDate(tstInfo.getGenTime().getDate());
}
}
// signature validation
signature.setValid(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signature.getCertificate())));
}
Collections.sort(signatures);
return signatures;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
Store(org.bouncycastle.util.Store)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
SignerInformation(org.bouncycastle.cms.SignerInformation)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CertificateFactory(java.security.cert.CertificateFactory)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
Hashtable(java.util.Hashtable)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
X509Certificate(java.security.cert.X509Certificate)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
Collection(java.util.Collection)
SimpleDateFormat(java.text.SimpleDateFormat)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 8 with TSTInfo
use of com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo in project gdmatrix by gdmatrix.
the class CMSData method getSignatures.
public List<CMSSignature> getSignatures() throws Exception {
ArrayList<CMSSignature> signatures = new ArrayList();
Store certStore = cms.getCertificates();
SignerInformationStore siStore = cms.getSignerInfos();
Collection signers = siStore.getSigners();
for (Object elem : signers) {
SignerInformation signer = (SignerInformation) elem;
CMSSignature signature = new CMSSignature();
signatures.add(signature);
org.bouncycastle.cms.SignerId sid = signer.getSID();
Collection certCollection = certStore.getMatches(sid);
X509CertificateHolder certificateHolder = (X509CertificateHolder) certCollection.iterator().next();
X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
signature.setCertificate(certificate);
String signerName = certificate.getSubjectDN().getName();
signature.loadProperties(signerName);
signature.setSignature(Base64.getMimeEncoder().encodeToString(signer.getSignature()).toUpperCase());
// **** signed attributes ****
AttributeTable table = signer.getSignedAttributes();
Hashtable attributes = table.toHashtable();
// signingTime
Attribute attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"));
if (attrib != null) {
ASN1UTCTime time = (ASN1UTCTime) attrib.getAttrValues().getObjectAt(0);
String timeString = time.getAdjustedTime();
SimpleDateFormat df = new SimpleDateFormat("yyyyMMddHHmmss'GMT+'00:00");
signature.setSigningDate(df.parse(timeString));
}
// filename
DEROctetString octet;
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.1"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setFilename(new String(octet.getOctets(), "UTF-16LE"));
}
}
// decretNumber
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.2"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setDecretNumber(new String(octet.getOctets(), "UTF-16LE"));
}
}
// **** unsigned attributes ****
table = signer.getUnsignedAttributes();
if (table != null) {
attributes = table.toHashtable();
// timeStampToken
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.14"));
if (attrib != null) {
DERSequence seq = (DERSequence) attrib.getAttrValues().getObjectAt(0);
ContentInfo timeStampToken = ContentInfo.getInstance(seq);
SignedData sd = SignedData.getInstance(timeStampToken.getContent());
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
signature.setTimeStampDate(tstInfo.getGenTime().getDate());
}
}
// signature validation
// signature.setValid(signer.verify(signature.getCertificate(), "BC"));
signature.setValid(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signature.getCertificate())));
}
Collections.sort(signatures);
return signatures;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
Store(org.bouncycastle.util.Store)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
SignerInformation(org.bouncycastle.cms.SignerInformation)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERSequence(org.bouncycastle.asn1.DERSequence)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
Hashtable(java.util.Hashtable)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
X509Certificate(java.security.cert.X509Certificate)
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
Collection(java.util.Collection)
SimpleDateFormat(java.text.SimpleDateFormat)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4
SignedData (org.bouncycastle.asn1.cms.SignedData)4
TSTInfo (org.bouncycastle.asn1.tsp.TSTInfo)4
CMSSignedData (org.bouncycastle.cms.CMSSignedData)4
ArrayList (java.util.ArrayList)3
Collection (java.util.Collection)3
Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)2
TSTInfo (com.github.zhenwei.pkix.util.asn1.tsp.TSTInfo)2
IOException (java.io.IOException)2
X509Certificate (java.security.cert.X509Certificate)2
SimpleDateFormat (java.text.SimpleDateFormat)2
Hashtable (java.util.Hashtable)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
ASN1UTCTime (org.bouncycastle.asn1.ASN1UTCTime)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
Attribute (org.bouncycastle.asn1.cms.Attribute)2
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)2
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)2
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2
