private List<TSDMetas> extractMetas(InputStream stream) { List<TSDMetas> tsdMetasList = new ArrayList<>(); try { CMSTimeStampedData cmsTimeStampedData = new CMSTimeStampedData(stream); TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); for (int i = 0; i < tokens.length; i++) { TSDMetas tsdMetas = new TSDMetas(true, tokens[i].getTimeStampInfo().getGenTime(), tokens[i].getTimeStampInfo().getPolicy().getId(), tokens[i].getTimeStampInfo().getSerialNumber(), tokens[i].getTimeStampInfo().getTsa(), tokens[i].getTimeStampInfo().getHashAlgorithm().getAlgorithm().getId()); tsdMetasList.add(tsdMetas); } } catch (Exception ex) { LOG.error("Error in TSDParser.buildMetas {}", ex.getMessage()); tsdMetasList.clear(); } return tsdMetasList; }
private TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException { if (signerInformation.getUnsignedAttributes() == null) { return null; } AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); // https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp Attribute attribute = unsignedAttributes.get( PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (attribute == null) { return null; } ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0); CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded()); return new TimeStampToken(signedTSTData); }
SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Name signerCertIssuer = signerId.getIssuer(); Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null); SignerInformationVerifier verifier = verifierBuilder.build(holder); timeStampToken.validate(verifier); + timeStampToken.getTimeStampInfo().getGenTime()); return timeStampToken.getEncoded();
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
OperatorCreationException, CertificateVerificationException, CertificateException TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes())); System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime()); System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName()); System.out.println("certs=" + certs); String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId(); timeStampToken.getTimeStampInfo().getMessageImprintDigest())) SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp); validateTimestampToken(timeStampToken); verifyCertificateChain(timeStampToken.getCertificates(), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime());
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details byte[] encoded = tsToken.getEncoded(); long stop = System.currentTimeMillis();
/** * Remove any archive-timestamp-v2/3 attribute added after the timestampToken */ private ASN1Sequence filterUnauthenticatedAttributes(ASN1Set unauthenticatedAttributes, TimestampToken timestampToken) { ASN1EncodableVector result = new ASN1EncodableVector(); for (int ii = 0; ii < unauthenticatedAttributes.size(); ii++) { final Attribute attribute = Attribute.getInstance(unauthenticatedAttributes.getObjectAt(ii)); final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (id_aa_ets_archiveTimestampV2.equals(attrType) || id_aa_ets_archiveTimestampV3.equals(attrType)) { try { TimeStampToken token = new TimeStampToken(new CMSSignedData(DSSASN1Utils.getDEREncoded(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()))); if (!token.getTimeStampInfo().getGenTime().before(timestampToken.getGenerationTime())) { continue; } } catch (Exception e) { throw new DSSException(e); } } result.add(unauthenticatedAttributes.getObjectAt(ii)); } return new DERSequence(result); }
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject()); asn1is.close(); tsToken = new TimeStampToken(tsContentInfo); } catch (IOException ex) for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs); tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert)); org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Principal signerCertIssuer = signerId.getIssuer(); CertStore certStore = timeStampToken.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME); Collection<? extends Certificate> certificates = certStore.getCertificates(null); X509Certificate signerCert = null; timeStampToken.validate(tspCertificateChain.get(0), BouncyCastleProvider.PROVIDER_NAME); LOG.debug("time-stamp token time: " + timeStampToken.getTimeStampInfo().getGenTime()); byte[] timestamp = timeStampToken.getEncoded(); return timestamp;
public void validate(byte[] content, byte[] timeStamp, byte[] hash) throws CertificateCoreException { try { TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(timeStamp)); CMSSignedData s = timeStampToken.toCMSSignedData(); timeStampToken.validate(siv); if (content != null){ Digest digest = DigestFactory.getInstance().factoryDefault(); TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); ASN1ObjectIdentifier algOID = info.getMessageImprintAlgOID(); digest.setAlgorithm(algOID.toString()); if (Arrays.equals(calculatedHash, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) { logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok")); } else {
return token.getEncoded();
TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(response)); CMSSignedData s = timeStampToken.toCMSSignedData(); digest.digest(content); if (Arrays.equals(digest.digest(content), timeStampToken.getTimeStampInfo().getMessageImprintDigest())) { logger.info("Hash do documento conferido com sucesso."); } else {
TimeStampToken tsToken = new TimeStampToken( new CMSSignedData(tsSeq.getEncoded("DER"))); Store<X509CertificateHolder> certificatesStore = tsToken.getCertificates(); processSignerStore(certificatesStore, tsToken.toCMSSignedData(), rootCertInfo.tsaCerts);
X509CertificateHolder tstCertHolder = (X509CertificateHolder) timeStampToken.getCertificates().getMatches(null).iterator().next(); X509Certificate certFromTimeStamp = new JcaX509CertificateConverter().getCertificate(tstCertHolder); certificateHolderSet.addAll(timeStampToken.getCertificates().getMatches(null)); verifyCertificateChain(new CollectionStore<>(certificateHolderSet), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime()); SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);
LOG.debug("TSA trust domain: " + tsaTrustDomain); Date validationDate = timeStampToken.getTimeStampInfo().getGenTime(); LOG.debug("TSA validation date is TST time: " + validationDate); LOG.debug("# TSA ocsp responses: " + ocspResponses.size()); CertStore certStore = timeStampToken.getCertificatesAndCRLs( "Collection", "BC"); Collection<? extends Certificate> certificates = certStore SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Principal signerCertIssuer = signerId.getIssuer();
TimeStampToken token = new TimeStampToken(new CMSSignedData(response)); InputStream in = new FileInputStream("tsp.cer"); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) factory.generateCertificate(in); //RSA Signature processing with BC X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(holder); //Signature processing with JCA and other provider //X509CertificateHolder holderJca = new JcaX509CertificateHolder(cert); //SignerInformationVerifier sivJca = new JcaSimpleSignerInfoVerifierBuilder().setProvider("anotherprovider").build(holderJca); token.validate(siv);
SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Principal signerCertIssuer = signerId.getIssuer(); CertStore certStore = timeStampToken.getCertificatesAndCRLs( "Collection", BouncyCastleProvider.PROVIDER_NAME); Collection<? extends Certificate> certificates = certStore timeStampToken.validate(tsaCertificate, BouncyCastleProvider.PROVIDER_NAME); } catch (Exception e) {
private boolean isSignatureValid(TimeStampToken timeStampToken) { try { JcaSimpleSignerInfoVerifierBuilder sigVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); Collection certCollection = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); Certificate x509Cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(cert.getEncoded())); SignerInformationVerifier signerInfoVerifier = sigVerifierBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509Cert.getPublicKey()); return timeStampToken.isSignatureValid(signerInfoVerifier); } catch (Exception e) { throw new MalformedDocumentException(e); } }
TimeStampToken timestampToken = new TimeStampToken(new CMSSignedData( encodedTimestampToken)); CertStore certStore = timestampToken.getCertificatesAndCRLs( "Collection", "BC"); Collection<? extends Certificate> certificates = certStore
/** * Verifies a timestamp against a KeyStore. * @param ts the timestamp * @param keystore the <CODE>KeyStore</CODE> * @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider * @return <CODE>true</CODE> is a certificate was found * @since 2.1.6 */ public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { if (provider == null) provider = "BC"; try { for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { try { String alias = (String)aliases.nextElement(); if (!keystore.isCertificateEntry(alias)) continue; X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); ts.validate(certStoreX509, provider); return true; } catch (Exception ex) { } } } catch (Exception e) { } return false; }