use of xades4j.providers.TimeStampTokenVerificationException in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
use of xades4j.providers.TimeStampTokenVerificationException in project xades4j by luisgoncalves.
the class TimeStampVerifierBase method verify.
@Override
public final QualifyingProperty verify(TData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
try {
TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(propData.getCanonicalizationAlgorithm());
QualifyingProperty prop = addPropSpecificTimeStampInputAndCreateProperty(propData, digestInput, ctx);
byte[] data = digestInput.getBytes();
/**
* Verify the time-stamp tokens on a time-stamp property data object. All
* the tokens are verified, but the returned time-stamp is from the last token.
*/
List<byte[]> tokens = propData.getTimeStampTokens();
Date ts = null;
for (byte[] tkn : tokens) {
ts = this.tsVerifier.verifyToken(tkn, data);
}
// By convention all timestamp property types have a setTime(Date) method
Method setTimeMethod = prop.getClass().getMethod("setTime", Date.class);
setTimeMethod.invoke(prop, ts);
return prop;
} catch (UnsupportedAlgorithmException ex) {
throw getEx(ex, this.propName);
} catch (CannotAddDataToDigestInputException ex) {
throw new TimeStampDigestInputException(this.propName, ex);
} catch (TimeStampTokenVerificationException ex) {
throw getEx(ex, this.propName);
} catch (Exception ex) {
// Exceptions related to setTimeMethod.invoke(...)
throw getEx(ex, this.propName);
}
}
Aggregations