SignerInformationVerifier verifier = verifierBuilder.build(holder); timeStampToken.validate(verifier);
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
TimeStampToken token = new TimeStampToken(new CMSSignedData(response)); InputStream in = new FileInputStream("tsp.cer"); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) factory.generateCertificate(in); //RSA Signature processing with BC X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(holder); //Signature processing with JCA and other provider //X509CertificateHolder holderJca = new JcaX509CertificateHolder(cert); //SignerInformationVerifier sivJca = new JcaSimpleSignerInfoVerifierBuilder().setProvider("anotherprovider").build(holderJca); token.validate(siv);
/** * Verifies a timestamp against a KeyStore. * @param ts the timestamp * @param keystore the <CODE>KeyStore</CODE> * @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider * @return <CODE>true</CODE> is a certificate was found * @since 2.1.6 */ public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { if (provider == null) provider = "BC"; try { for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { try { String alias = (String)aliases.nextElement(); if (!keystore.isCertificateEntry(alias)) continue; X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); ts.validate(certStoreX509, provider); return true; } catch (Exception ex) { } } } catch (Exception e) { } return false; }
ts.validate(certStoreX509, provider); return true;
static void isSignatureValid(TimeStampToken validator, X509Certificate certStoreX509, String provider) throws OperatorCreationException, TSPException { if (provider == null) provider = "BC"; validator.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509)); }
static void isSignatureValid(TimeStampToken validator, X509Certificate certStoreX509, String provider) throws OperatorCreationException, TSPException { if (provider == null) provider = "BC"; validator.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509)); }
private void validateTimestampToken(TimeStampToken timeStampToken) throws IOException, CertificateException, TSPException, OperatorCreationException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
private TimestampValidation validateTimestampToken(final TimeStampToken timeStampToken, final CertificateToken issuerToken) { TimestampValidity timestampValidity; try { final JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); final X509Certificate x509Certificate = issuerToken.getCertificate(); final SignerInformationVerifier verifier = verifierBuilder.build(x509Certificate); timeStampToken.validate(verifier); timestampValidity = TimestampValidity.VALID; } catch (IllegalArgumentException e) { timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE; LOG.error("No signing certificate for timestamp token: " + e); } catch (TSPValidationException e) { timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE; } catch (TSPException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } catch (OperatorCreationException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } final TimestampValidation timestampValidation = new TimestampValidation(timestampValidity); return timestampValidation; }
timeStampToken.validate(tsaCertificate, BouncyCastleProvider.PROVIDER_NAME); } catch (Exception e) {
timeStampToken.validate(tspCertificateChain.get(0), BouncyCastleProvider.PROVIDER_NAME);
SignerInformationVerifier verifier = verifierBuilder.build(holder); timeStampToken.validate(verifier);
timeStampToken.validate(siv);
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));