TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator(); requestGenerator.setCertReq(true); String requestPolicy = signatureConfig.getTspRequestPolicy(); if (requestPolicy != null) { requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy)); TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce); byte[] encodedRequest = request.getEncoded(); TimeStampResponse timeStampResponse = new TimeStampResponse(bos.toByteArray()); timeStampResponse.validate(request); if (0 != timeStampResponse.getStatus()) { LOG.log(POILogger.DEBUG, "status: " + timeStampResponse.getStatus()); LOG.log(POILogger.DEBUG, "status string: " + timeStampResponse.getStatusString()); PKIFailureInfo failInfo = timeStampResponse.getFailInfo(); if (null != failInfo) { LOG.log(POILogger.DEBUG, "fail info int value: " + failInfo.intValue()); + timeStampResponse.getStatus()); TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken(); SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Name signerCertIssuer = signerId.getIssuer(); Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null); timeStampToken.validate(verifier);
TimeStampRequestGenerator tsaGenerator = new TimeStampRequestGenerator(); tsaGenerator.setCertReq(true); ASN1ObjectIdentifier oid = getHashObjectIdentifier(digest.getAlgorithm()); TimeStampRequest request = tsaGenerator.generate(oid, hash, BigInteger.valueOf(nonce)); byte[] tsaResponse = getTSAResponse(request.getEncoded()); response = new TimeStampResponse(tsaResponse); response.validate(request); TimeStampToken token = response.getTimeStampToken(); if (token == null) return token.getEncoded();
private List<TSDMetas> extractMetas(InputStream stream) { List<TSDMetas> tsdMetasList = new ArrayList<>(); try { CMSTimeStampedData cmsTimeStampedData = new CMSTimeStampedData(stream); TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); for (int i = 0; i < tokens.length; i++) { TSDMetas tsdMetas = new TSDMetas(true, tokens[i].getTimeStampInfo().getGenTime(), tokens[i].getTimeStampInfo().getPolicy().getId(), tokens[i].getTimeStampInfo().getSerialNumber(), tokens[i].getTimeStampInfo().getTsa(), tokens[i].getTimeStampInfo().getHashAlgorithm().getAlgorithm().getId()); tsdMetasList.add(tsdMetas); } } catch (Exception ex) { LOG.error("Error in TSDParser.buildMetas {}", ex.getMessage()); tsdMetasList.clear(); } return tsdMetasList; }
OperatorCreationException, CertificateVerificationException, CertificateException TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes())); System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime()); System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName()); System.out.println("certs=" + certs); String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId(); timeStampToken.getTimeStampInfo().getMessageImprintDigest())) SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp); validateTimestampToken(timeStampToken); verifyCertificateChain(timeStampToken.getCertificates(), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime());
/** * Retrieves timestamp issuing time * @return timestamp issuing time */ public Date getTime() { Date d = null; if(m_tsTinfo != null) { d = m_tsTok.getTimeStampInfo().getGenTime(); } return d; }
/** * Retrieves timestamp msg-imprint digest * @return timestamp msg-imprint digest */ public byte[] getMessageImprint() { byte[] b = null; if(m_tsTok != null) { b = m_tsTok.getTimeStampInfo().getMessageImprintDigest(); } return b; }
X509CertificateHolder tstCertHolder = (X509CertificateHolder) timeStampToken.getCertificates().getMatches(null).iterator().next(); X509Certificate certFromTimeStamp = new JcaX509CertificateConverter().getCertificate(tstCertHolder); certificateHolderSet.addAll(timeStampToken.getCertificates().getMatches(null)); verifyCertificateChain(new CollectionStore<>(certificateHolderSet), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime()); SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);
/** * Retorna o valor "nonce", ou retorna nulo se nao existir nenhum * * @return o valor "nonce" */ public BigInteger getNonce() { return timeStampToken.getTimeStampInfo().getNonce(); }
public TimestampInfo(String id, Signature sig, int type, byte[] hash, TimeStampResponse tresp) { m_id = id; m_signature = sig; m_includes = null; m_hash = hash; m_type = type; m_tresp = tresp; m_tsTok = tresp.getTimeStampToken(); m_tsTinfo = tresp.getTimeStampToken().getTimeStampInfo(); }
TimeStampToken tsToken = new TimeStampToken( new CMSSignedData(tsSeq.getEncoded("DER"))); Store<X509CertificateHolder> certificatesStore = tsToken.getCertificates(); processSignerStore(certificatesStore, tsToken.toCMSSignedData(), rootCertInfo.tsaCerts);
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
/** * Retrieves timestamp serial number * @return timestamp serial number */ public BigInteger getSerialNumber() { BigInteger b = null; if(m_tsTok != null) { b = m_tsTok.getTimeStampInfo().getSerialNumber(); } return b; }
/** * Retrieves timestamp is-ordered atribute * @return timestamp is-ordered atribute */ public boolean isOrdered() { boolean b = false; if(m_tsTok != null) { b = m_tsTok.getTimeStampInfo().isOrdered(); } return b; }
private TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException { if (signerInformation.getUnsignedAttributes() == null) { return null; } AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); // https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp Attribute attribute = unsignedAttributes.get( PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (attribute == null) { return null; } ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0); CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded()); return new TimeStampToken(signedTSTData); }
/** * Retrieves the timestamp generation time. * * @return {@code Date} */ public Date getGenerationTime() { return timeStamp.getTimeStampInfo().getGenTime(); }
public byte[] getMessageImprintDigest() { return timeStampToken.getTimeStampInfo().getMessageImprintDigest(); }
/** * Returns the nonce value, or returns null if there is no * * @return nonce value, or returns null if there is no */ public BigInteger getNonce() { return timeStampToken.getTimeStampInfo().getNonce(); }
static Calendar getTimeStampDate(TimeStampToken timeStampToken) { GregorianCalendar calendar = new GregorianCalendar(); calendar.setTime(timeStampToken.getTimeStampInfo().getGenTime()); return calendar; }
public byte[] getMessageImprintDigest() { return timeStampToken.getTimeStampInfo().getMessageImprintDigest(); }
/** * Retrieves timestamp nonce * @return timestamp nonce */ public BigInteger getNonce() { BigInteger b = null; if(m_tsTok != null) { b = m_tsTok.getTimeStampInfo().getNonce(); } return b; }