List of usage examples for org.bouncycastle.tsp TimeStampToken TimeStampToken
public TimeStampToken(CMSSignedData signedData) throws TSPException, IOException
From source file:eu.europa.esig.dss.xades.validation.XAdESSignature.java
License:Open Source License
/** * This method generates a bouncycastle {@code TimeStampToken} based on base 64 encoded {@code String}. * * @param base64EncodedTimestamp//from w w w . j a v a 2 s . co m * @return bouncycastle {@code TimeStampToken} * @throws DSSException */ private TimeStampToken createTimeStampToken(final String base64EncodedTimestamp) throws DSSException { try { final byte[] tokenBytes = Base64.decodeBase64(base64EncodedTimestamp); final CMSSignedData signedData = new CMSSignedData(tokenBytes); return new TimeStampToken(signedData); } catch (Exception e) { throw new DSSException(e); } }
From source file:org.currency.cms.CMSSignedMessage.java
License:Open Source License
public static TimeStampToken checkTimeStampToken(SignerInformation signer) throws Exception { TimeStampToken timeStampToken = null; AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); if (unsignedAttributes != null) { Attribute timeStampAttribute = unsignedAttributes .get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (timeStampAttribute != null) { DEREncodable dob = timeStampAttribute.getAttrValues().getObjectAt(0); CMSSignedData signedData = new CMSSignedData(dob.getDERObject().getEncoded()); timeStampToken = new TimeStampToken(signedData); //byte[] hashToken = timeStampToken.getTimeStampInfo().getMessageImprintDigest(); //String hashTokenStr = new String(Base64.encode(hashToken)); //Log.d(TAG, "checkTimeStampToken - timeStampToken - hashTokenStr: " + hashTokenStr); timeStampToken = new TimeStampToken(signedData); return timeStampToken; }/* www .j a v a2s . c o m*/ } else log.info("checkTimeStampToken - without unsignedAttributes"); return timeStampToken; }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESChecker.java
License:Open Source License
/** * validade a timestampo on signature/*w w w . ja v a 2 s . c o m*/ * @param attributeTimeStamp * @param varSignature * @return */ private Timestamp validateTimestamp(Attribute attributeTimeStamp, byte[] varSignature) { try { TimeStampOperator timeStampOperator = new TimeStampOperator(); byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded(); TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp)); Timestamp timeStampSigner = new Timestamp(timeStampToken); timeStampOperator.validate(varSignature, varTimeStamp, null); return timeStampSigner; } catch (CertificateCoreException | IOException | TSPException | CMSException e) { throw new SignerException(e); } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESTimeStampSigner.java
License:Open Source License
@Override public List<Timestamp> checkTimeStampOnSignature(byte[] signature) { try {//ww w . j a v a2 s .com Security.addProvider(new BouncyCastleProvider()); List<Timestamp> listOfTimeStamp = new ArrayList<Timestamp>(); CMSSignedData cmsSignedData = new CMSSignedData(signature); SignerInformationStore signers = cmsSignedData.getSignerInfos(); Iterator<?> it = signers.getSigners().iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); Attribute attributeTimeStamp = unsignedAttributes .get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())); if (attributeTimeStamp != null) { TimeStampOperator timeStampOperator = new TimeStampOperator(); byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive() .getEncoded(); TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp)); Timestamp timeStampSigner = new Timestamp(timeStampToken); timeStampOperator.validate(signer.getSignature(), varTimeStamp, null); listOfTimeStamp.add(timeStampSigner); } } return listOfTimeStamp; } catch (CertificateCoreException | IOException | TSPException | CMSException e) { throw new SignerException(e); } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESTimeStampSigner.java
License:Open Source License
private Timestamp checkTimeStamp(byte[] timeStamp, byte[] content, byte[] hash) { try {/*from w w w . ja v a 2 s . co m*/ Security.addProvider(new BouncyCastleProvider()); ais = new ASN1InputStream(new ByteArrayInputStream(timeStamp)); ASN1Sequence seq = (ASN1Sequence) ais.readObject(); Attribute attributeTimeStamp = new Attribute((ASN1ObjectIdentifier) seq.getObjectAt(0), (ASN1Set) seq.getObjectAt(1)); byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded(); TimeStampOperator timeStampOperator = new TimeStampOperator(); if (content != null) { timeStampOperator.validate(content, varTimeStamp, null); } else { timeStampOperator.validate(null, varTimeStamp, hash); } TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp)); Timestamp timeStampSigner = new Timestamp(timeStampToken); return timeStampSigner; } catch (CertificateCoreException | IOException | TSPException | CMSException e) { throw new SignerException(e); } }
From source file:org.demoiselle.signer.timestamp.connector.TimeStampOperator.java
License:Open Source License
/** * Validate a time stamp// w w w. ja va2s . c om * * @param content if it is assigned, the parameter hash must to be null * @param timeStamp timestamp to be validated * @param hash if it is assigned, the parameter content must to be null * @throws CertificateCoreException validate exception */ @SuppressWarnings("unchecked") public void validate(byte[] content, byte[] timeStamp, byte[] hash) throws CertificateCoreException { try { TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(timeStamp)); CMSSignedData s = timeStampToken.toCMSSignedData(); int verified = 0; Store<?> certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); while (it.hasNext()) { SignerInformation signer = it.next(); Collection<?> certCollection = certStore.getMatches(signer.getSID()); Iterator<?> certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(cert); if (signer.verify(siv)) { verified++; } cert.getExtension(new ASN1ObjectIdentifier("2.5.29.31")).getExtnValue(); timeStampToken.validate(siv); } logger.info(timeStampMessagesBundle.getString("info.signature.verified", verified)); //Valida o hash incluso no carimbo de tempo com hash do arquivo carimbado byte[] calculatedHash = null; if (content != null) { Digest digest = DigestFactory.getInstance().factoryDefault(); TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); ASN1ObjectIdentifier algOID = info.getMessageImprintAlgOID(); digest.setAlgorithm(algOID.toString()); calculatedHash = digest.digest(content); } else { calculatedHash = hash; } if (Arrays.equals(calculatedHash, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) { logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok")); } else { throw new CertificateCoreException(timeStampMessagesBundle.getString("info.timestamp.hash.nok")); } } catch (TSPException | IOException | CMSException | OperatorCreationException | CertificateException ex) { throw new CertificateCoreException(ex.getMessage()); } }
From source file:org.digidoc4j.impl.bdoc.xades.TimestampSignature.java
License:GNU General Public License
private TimeStampToken createTimeStampToken(final String base64EncodedTimestamp) throws DSSException { logger.debug("Creating timestamp token"); try {// w ww . ja va 2 s .c o m byte[] tokenBytes = Base64.decodeBase64(base64EncodedTimestamp); CMSSignedData signedData = new CMSSignedData(tokenBytes); return new TimeStampToken(signedData); } catch (Exception e) { logger.error("Error parsing timestamp token: " + e.getMessage()); throw new TechnicalException("Error parsing timestamp token", e); } }
From source file:org.icepdf.core.pobjects.acroform.signature.AbstractPkcsValidator.java
License:Apache License
/** * SignedData ::= SEQUENCE {/*from ww w.ja v a2s. c o m*/ * 0, version CMSVersion, * 1, digestAlgorithms DigestAlgorithmIdentifiers, * 2, encapContentInfo EncapsulatedContentInfo, * 3, certificateChain [0] IMPLICIT CertificateSet OPTIONAL, * 4, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, * 5, signerInfos SignerInfos } * <p/> * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier * SignerInfos ::= SET OF SignerInfo */ protected void parseSignerData(ASN1Sequence signedData, byte[] cmsData) throws SignatureIntegrityException { // digest algorithms ID, not currently using them but useful for debug. if (logger.isLoggable(Level.FINER)) { // should always be 1. int cmsVersion = ((ASN1Integer) signedData.getObjectAt(0)).getValue().intValue(); logger.finest("CMS version: " + cmsVersion); Enumeration<ASN1Sequence> enumeration = ((ASN1Set) signedData.getObjectAt(1)).getObjects(); while (enumeration.hasMoreElements()) { String objectId = ((ASN1ObjectIdentifier) enumeration.nextElement().getObjectAt(0)).getId(); try { String digestAlgorithmName = AlgorithmIdentifier.getDigestAlgorithmName(objectId); MessageDigest tmp = AlgorithmIdentifier.getDigestInstance(objectId, null); logger.finest("DigestAlgorithmIdentifiers: " + digestAlgorithmName + " " + objectId); logger.finest(tmp.toString()); } catch (Throwable ex) { logger.log(Level.WARNING, "Error finding iod: " + objectId, ex); } } } /** * EncapsulatedContentInfo ::= SEQUENCE { * eContentType ContentType, * eContent [0] EXPLICIT OCTET STRING OPTIONAL } * * ContentType ::= OBJECT IDENTIFIER */ encapsulatedContentInfoData = null; ASN1Sequence encapsulatedContentInfo = (ASN1Sequence) signedData.getObjectAt(2); // grab just the first definitions, as we are looking for encapuslated data for PKCS7.sha1. if (encapsulatedContentInfo.size() >= 2) { // should still be iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 ... ASN1ObjectIdentifier eObjectIdentifier = (ASN1ObjectIdentifier) encapsulatedContentInfo.getObjectAt(0); String eObjectIdentifierId = eObjectIdentifier.getId(); if (logger.isLoggable(Level.FINER)) { logger.finest("EncapsulatedContentInfo: " + eObjectIdentifierId + " " + Pkcs7Validator.getObjectIdName(eObjectIdentifierId)); } // should be octets encode as pkcs#7 ASN1OctetString eContent = (ASN1OctetString) ((ASN1TaggedObject) encapsulatedContentInfo.getObjectAt(1)) .getObject(); // shows up in pkcs7.sha1 only encapsulatedContentInfoData = eContent.getOctets(); if (logger.isLoggable(Level.FINER)) { logger.finest("EncapsulatedContentInfo Data " + eContent.toString()); } } else if (encapsulatedContentInfo.size() == 1) { if (logger.isLoggable(Level.FINER)) { ASN1ObjectIdentifier eObjectIdentifier = (ASN1ObjectIdentifier) encapsulatedContentInfo .getObjectAt(0); String eObjectIdentifierId = eObjectIdentifier.getId(); logger.finest("EncapsulatedContentInfo size is 1: " + eObjectIdentifierId + " " + Pkcs7Validator.getObjectIdName(eObjectIdentifierId)); } } // grab the signer info. ASN1Sequence signerInfo = parseCertificateData(cmsData, signedData); // DigestAlgorithmIdentifier ::= AlgorithmIdentifier digestAlgorithmIdentifier = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)) .getObjectAt(0)).getId(); // signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, // signedAttrs is optional so we look for the occurrence // // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute // // Attribute ::= SEQUENCE { // attrType OBJECT IDENTIFIER, // attrValues SET OF AttributeValue } // // AttributeValue ::= ANY // SignatureValue ::= OCTET STRING int nextEntry = 3; messageDigest = null; ASN1TaggedObject signedAttributes; signedAttributesSequence = null; if (signerInfo.getObjectAt(nextEntry) instanceof ASN1TaggedObject) { signedAttributes = (ASN1TaggedObject) signerInfo.getObjectAt(nextEntry); signedAttributesSequence = ASN1Set.getInstance(signedAttributes, false); for (int i = 0, max = signedAttributesSequence.size(); i < max; ++i) { // attribute type/value pair. ASN1Sequence attributePair = (ASN1Sequence) signedAttributesSequence.getObjectAt(i); // mainly just looking for the message digest. if (((ASN1ObjectIdentifier) attributePair.getObjectAt(0)).getId() .equals(PKCSObjectIdentifiers.pkcs_9_at_messageDigest.getId())) { ASN1Set set = (ASN1Set) attributePair.getObjectAt(1); messageDigest = ((ASN1OctetString) set.getObjectAt(0)).getOctets(); } // try and pull out the signing time. // currently not using this time. // if (((ASN1ObjectIdentifier) attributePair.getObjectAt(0)).getId().equals( // PKCSObjectIdentifiers.pkcs_9_at_signingTime.getId())) { // ASN1Set set = (ASN1Set) attributePair.getObjectAt(1); // ASN1UTCTime signerTime = ((ASN1UTCTime) set.getObjectAt(0)); // try { // // see if the signer time matches the certificate validity times. // System.out.println(" SignatureSigner Time " + signerTime.getDate()); // } catch (ParseException e) { // e.printStackTrace(); // } // } // more attributes to come. } if (messageDigest == null) { throw new SignatureIntegrityException("Message Digest can nut be null"); } ++nextEntry; } // signatureAlgorithm SignatureAlgorithmIdentifier, signatureAlgorithmIdentifier = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(nextEntry)) .getObjectAt(0)).getId(); nextEntry++; // signature SignatureValue signatureValue = ((ASN1OctetString) signerInfo.getObjectAt(nextEntry)).getOctets(); nextEntry++; // unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL // once again optional so we check to see if the entry is available. if (nextEntry < signerInfo.size() && signerInfo.getObjectAt(nextEntry) instanceof ASN1TaggedObject) { ASN1TaggedObject unsignedAttributes = (ASN1TaggedObject) signerInfo.getObjectAt(nextEntry); ASN1Set unsignedAttributeSequence = ASN1Set.getInstance(unsignedAttributes, false); AttributeTable attributeTable = new AttributeTable(unsignedAttributeSequence); Attribute timeStamp = attributeTable.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (timeStamp != null && timeStamp.getAttrValues().size() > 0) { ASN1Set attributeValues = timeStamp.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = ContentInfo.getInstance(tokenSequence); // if we can parse it we call it good, so cert has a embedded time but we don't do any validation on it try { new TimeStampToken(contentInfo); isEmbeddedTimeStamp = true; } catch (Throwable e1) { throw new SignatureIntegrityException("Valid TimeStamp could now be created"); } } } }
From source file:org.signserver.client.cli.defaultimpl.TimeStampCommand.java
License:Open Source License
private void tsaPrintReply() throws Exception { final byte[] bytes = readFiletoBuffer(inrepstring); TimeStampResponse response = null;/*from w ww .j a va 2 s.co m*/ out.println("Time-stamp response {"); try { response = new TimeStampResponse(bytes); out.println(" Status: " + response.getStatus()); out.println(" Status message: " + response.getStatusString()); } catch (TSPException ex) { out.println(" Not a response"); } if (response != null) { PKIFailureInfo failureInfo = response.getFailInfo(); if (failureInfo != null) { out.print(" Failure info: "); out.println(failureInfo.intValue()); } } final TimeStampToken token; if (response == null) { token = new TimeStampToken(new CMSSignedData(bytes)); } else { token = response.getTimeStampToken(); } if (token != null) { out.println(" Time-stamp token:"); TimeStampTokenInfo info = token.getTimeStampInfo(); if (info != null) { out.println(" Info:"); out.print(" " + "Accuracy: "); out.println(info.getAccuracy() != null ? info.getAccuracy() : "(null)"); out.print(" " + "Gen Time: "); out.println(info.getGenTime()); out.print(" " + "Gen Time Accuracy: "); out.println(info.getGenTimeAccuracy()); out.print(" " + "Message imprint digest: "); out.println(new String(Hex.encode(info.getMessageImprintDigest()))); out.print(" " + "Message imprint algorithm: "); out.println(info.getMessageImprintAlgOID()); out.print(" " + "Nonce: "); out.println(info.getNonce() != null ? info.getNonce().toString(16) : "(null)"); out.print(" " + "Serial Number: "); out.println(info.getSerialNumber() != null ? info.getSerialNumber().toString(16) : "(null)"); out.print(" " + "TSA: "); out.println(info.getTsa() != null ? info.getTsa() : "(null)"); out.print(" " + "Policy: "); out.println(info.getPolicy()); } out.println(" Signer ID: "); out.println(" Serial Number: " + token.getSID().getSerialNumber().toString(16)); out.println(" Issuer: " + token.getSID().getIssuer()); out.println(" Signer certificate: "); Store certs = token.getCertificates(); Selector signerSelector = new AttributeCertificateHolder(token.getSID().getIssuer(), token.getSID().getSerialNumber()); Collection certCollection = certs.getMatches(signerSelector); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } out.println(" Other certificates: "); certCollection = certs.getMatches(new InvertedSelector(signerSelector)); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } } out.println("}"); }
From source file:org.votingsystem.callable.AccessRequestDataSender.java
License:Open Source License
@Override public ResponseVS call() throws Exception { log.info("doInBackground - accessServiceURL: " + ContextVS.getInstance().getAccessControl().getAccessServiceURL()); TimeStampRequest timeStampRequest = smimeMessage.getTimeStampRequest(); ResponseVS responseVS = HttpHelper.getInstance().sendData(timeStampRequest.getEncoded(), ContentTypeVS.TIMESTAMP_QUERY, ContextVS.getInstance().getAccessControl().getTimeStampServiceURL()); if (ResponseVS.SC_OK == responseVS.getStatusCode()) { byte[] bytesToken = responseVS.getMessageBytes(); TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(bytesToken)); X509Certificate timeStampCert = ContextVS.getInstance().getAccessControl().getTimeStampCert(); SignerInformationVerifier timeStampSignerInfoVerifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(ContextVS.PROVIDER).build(timeStampCert); timeStampToken.validate(timeStampSignerInfoVerifier); smimeMessage.setTimeStampToken(timeStampToken); //byte[] encryptedCSRBytes = Encryptor.encryptMessage(certificationRequest.getCsrPEM(),destinationCert); //byte[] accessRequestEncryptedBytes = Encryptor.encryptSMIME(smimeMessage, destinationCert); Map<String, Object> mapToSend = new HashMap<String, Object>(); mapToSend.put(ContextVS.CSR_FILE_NAME, certificationRequest.getCsrPEM()); mapToSend.put(ContextVS.ACCESS_REQUEST_FILE_NAME, smimeMessage.getBytes()); responseVS = HttpHelper.getInstance().sendObjectMap(mapToSend, ContextVS.getInstance().getAccessControl().getAccessServiceURL()); if (ResponseVS.SC_OK == responseVS.getStatusCode()) { /*byte[] encryptedData = responseVS.getMessageBytes(); byte[] decryptedData = Encryptor.decryptFile(encryptedData, certificationRequest.getPublicKey(), certificationRequest.getPrivateKey());*/ certificationRequest.initSigner(responseVS.getMessageBytes()); responseVS.setData(certificationRequest); } else {/*from w ww .j a v a 2 s.c o m*/ responseVS.setData(null); } } return responseVS; }