Example 1 with TSPValidationException
use of org.bouncycastle.tsp.TSPValidationException in project pdfbox by apache.
the class TestCreateSignature method testDetachedSHA256WithTSA.
/**
* Signs a PDF using the "adbe.pkcs7.detached" SubFilter with the SHA-256 digest and a signed
* timestamp from a Time Stamping Authority (TSA) server.
*
* This is not a complete test because we don't have the ability to return a valid response, so
* we return a cached response which is well-formed, but does not match the timestamp or nonce
* in the request. This allows us to test the basic TSA mechanism and test the nonce, which is a
* good start.
*
* @throws IOException
* @throws GeneralSecurityException
* @throws CMSException
* @throws OperatorCreationException
*/
@Test
public void testDetachedSHA256WithTSA() throws IOException, CMSException, OperatorCreationException, GeneralSecurityException {
byte[] content;
// mock TSA response content
try (InputStream input = new FileInputStream(inDir + "tsa_response.asn1")) {
content = IOUtils.toByteArray(input);
}
// mock TSA server (RFC 3161)
MockHttpServer mockServer = new MockHttpServer(15371);
mockServer.startServer();
String tsaUrl = "http://localhost:" + mockServer.getServerPort() + "/";
MockHttpServer.MockHttpServerResponse response = new MockHttpServer.MockHttpServerResponse();
response.setMockResponseContent(content);
response.setMockResponseContentType("application/timestamp-reply");
response.setMockResponseCode(200);
mockServer.setMockHttpServerResponses(response);
// load the keystore
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(keystorePath), password.toCharArray());
// sign PDF (will fail due to nonce and timestamp differing)
try {
String inPath = inDir + "sign_me_tsa.pdf";
String outPath = outDir + getOutputFileName("signed{0}_tsa.pdf");
CreateSignature signing = new CreateSignature(keystore, password.toCharArray());
signing.setExternalSigning(externallySign);
signing.signDetached(new File(inPath), new File(outPath), tsaUrl);
} catch (IOException e) {
Assert.assertTrue(e.getCause() instanceof TSPValidationException);
}
// TODO verify the signed PDF file
// TODO create a file signed with TSA
}
Also used :
CreateSignature(org.apache.pdfbox.examples.signature.CreateSignature)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
MockHttpServer(org.apache.wink.client.MockHttpServer)
COSString(org.apache.pdfbox.cos.COSString)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
File(java.io.File)
FileInputStream(java.io.FileInputStream)
Test(org.junit.Test)
Example 2 with TSPValidationException
use of org.bouncycastle.tsp.TSPValidationException in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
Also used :
CertificateException(java.security.cert.CertificateException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
MessageDigest(java.security.MessageDigest)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
LinkedList(java.util.LinkedList)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPException(org.bouncycastle.tsp.TSPException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ValidationData(xades4j.providers.ValidationData)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TSPException(org.bouncycastle.tsp.TSPException)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
Aggregations
IOException (java.io.IOException)2
TSPValidationException (org.bouncycastle.tsp.TSPValidationException)2
File (java.io.File)1
FileInputStream (java.io.FileInputStream)1
InputStream (java.io.InputStream)1
KeyStore (java.security.KeyStore)1
MessageDigest (java.security.MessageDigest)1
CertificateException (java.security.cert.CertificateException)1
X509Certificate (java.security.cert.X509Certificate)1
LinkedList (java.util.LinkedList)1
COSString (org.apache.pdfbox.cos.COSString)1
CreateSignature (org.apache.pdfbox.examples.signature.CreateSignature)1
MockHttpServer (org.apache.wink.client.MockHttpServer)1
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)1
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)1
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1
TSPException (org.bouncycastle.tsp.TSPException)1
TimeStampToken (org.bouncycastle.tsp.TimeStampToken)1
Test (org.junit.Test)1
UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)1
