Search in sources :

Example 1 with TimeStampTokenVerificationException

use of xades4j.providers.TimeStampTokenVerificationException in project xades4j by luisgoncalves.

the class DefaultTimeStampVerificationProvider method verifyToken.

@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
    TimeStampToken tsToken;
    try {
        ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
        ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
        asn1is.close();
        tsToken = new TimeStampToken(tsContentInfo);
    } catch (IOException ex) {
        throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
    } catch (TSPException ex) {
        throw new TimeStampTokenStructureException("Invalid token", ex);
    }
    X509Certificate tsaCert = null;
    try {
        /* Validate the TSA certificate */
        LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
        for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
            certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
        }
        ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
        tsaCert = vData.getCerts().get(0);
    } catch (CertificateException ex) {
        throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
    } catch (XAdES4jException ex) {
        throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
    }
    try {
        tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
    } catch (TSPValidationException ex) {
        throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
    } catch (Exception ex) {
        throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
    }
    org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
    try {
        String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
        MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
        if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
            throw new TimeStampTokenDigestException();
        }
    } catch (UnsupportedAlgorithmException ex) {
        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
    }
    return tsTokenInfo.getGenTime();
}
Also used : CertificateException(java.security.cert.CertificateException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) MessageDigest(java.security.MessageDigest) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPException(org.bouncycastle.tsp.TSPException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ValidationData(xades4j.providers.ValidationData) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TSPException(org.bouncycastle.tsp.TSPException) TimeStampToken(org.bouncycastle.tsp.TimeStampToken)

Example 2 with TimeStampTokenVerificationException

use of xades4j.providers.TimeStampTokenVerificationException in project xades4j by luisgoncalves.

the class TimeStampVerifierBase method verify.

@Override
public final QualifyingProperty verify(TData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    try {
        TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(propData.getCanonicalizationAlgorithm());
        QualifyingProperty prop = addPropSpecificTimeStampInputAndCreateProperty(propData, digestInput, ctx);
        byte[] data = digestInput.getBytes();
        /**
         * Verify the time-stamp tokens on a time-stamp property data object. All
         * the tokens are verified, but the returned time-stamp is from the last token.
         */
        List<byte[]> tokens = propData.getTimeStampTokens();
        Date ts = null;
        for (byte[] tkn : tokens) {
            ts = this.tsVerifier.verifyToken(tkn, data);
        }
        // By convention all timestamp property types have a setTime(Date) method
        Method setTimeMethod = prop.getClass().getMethod("setTime", Date.class);
        setTimeMethod.invoke(prop, ts);
        return prop;
    } catch (UnsupportedAlgorithmException ex) {
        throw getEx(ex, this.propName);
    } catch (CannotAddDataToDigestInputException ex) {
        throw new TimeStampDigestInputException(this.propName, ex);
    } catch (TimeStampTokenVerificationException ex) {
        throw getEx(ex, this.propName);
    } catch (Exception ex) {
        // Exceptions related to setTimeMethod.invoke(...)
        throw getEx(ex, this.propName);
    }
}
Also used : CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException) TimeStampDigestInput(xades4j.utils.TimeStampDigestInput) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) QualifyingProperty(xades4j.properties.QualifyingProperty) Method(java.lang.reflect.Method) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) Date(java.util.Date) CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)

Aggregations

UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)2 TimeStampTokenDigestException (xades4j.providers.TimeStampTokenDigestException)2 TimeStampTokenSignatureException (xades4j.providers.TimeStampTokenSignatureException)2 TimeStampTokenStructureException (xades4j.providers.TimeStampTokenStructureException)2 TimeStampTokenVerificationException (xades4j.providers.TimeStampTokenVerificationException)2 IOException (java.io.IOException)1 Method (java.lang.reflect.Method)1 MessageDigest (java.security.MessageDigest)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 LinkedList (java.util.LinkedList)1 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)1 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)1 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1 TSPException (org.bouncycastle.tsp.TSPException)1 TSPValidationException (org.bouncycastle.tsp.TSPValidationException)1 TimeStampToken (org.bouncycastle.tsp.TimeStampToken)1 XAdES4jException (xades4j.XAdES4jException)1 QualifyingProperty (xades4j.properties.QualifyingProperty)1