diff options
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/tsp')
31 files changed, 0 insertions, 5277 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java b/bcpkix/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java deleted file mode 100644 index 3cabb86..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.bouncycastle.tsp; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.tsp.Accuracy; - -public class GenTimeAccuracy -{ - private Accuracy accuracy; - - public GenTimeAccuracy(Accuracy accuracy) - { - this.accuracy = accuracy; - } - - public int getSeconds() - { - return getTimeComponent(accuracy.getSeconds()); - } - - public int getMillis() - { - return getTimeComponent(accuracy.getMillis()); - } - - public int getMicros() - { - return getTimeComponent(accuracy.getMicros()); - } - - private int getTimeComponent( - ASN1Integer time) - { - if (time != null) - { - return time.getValue().intValue(); - } - - return 0; - } - - public String toString() - { // digits - return getSeconds() + "." + format(getMillis()) + format(getMicros()); - } - - private String format(int v) - { - if (v < 10) - { - return "00" + v; - } - - if (v < 100) - { - return "0" + v; - } - - return Integer.toString(v); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java deleted file mode 100644 index e8b26ad..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.tsp; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; - -/** - * Recognised hash algorithms for the time stamp protocol. - */ -public interface TSPAlgorithms -{ - public static final ASN1ObjectIdentifier MD5 = PKCSObjectIdentifiers.md5; - - public static final ASN1ObjectIdentifier SHA1 = OIWObjectIdentifiers.idSHA1; - - public static final ASN1ObjectIdentifier SHA224 = NISTObjectIdentifiers.id_sha224; - public static final ASN1ObjectIdentifier SHA256 = NISTObjectIdentifiers.id_sha256; - public static final ASN1ObjectIdentifier SHA384 = NISTObjectIdentifiers.id_sha384; - public static final ASN1ObjectIdentifier SHA512 = NISTObjectIdentifiers.id_sha512; - - public static final ASN1ObjectIdentifier RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128; - public static final ASN1ObjectIdentifier RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160; - public static final ASN1ObjectIdentifier RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256; - - public static final ASN1ObjectIdentifier GOST3411 = CryptoProObjectIdentifiers.gostR3411; - - public static final Set ALLOWED = new HashSet(Arrays.asList(new ASN1ObjectIdentifier[] { GOST3411, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD128, RIPEMD160, RIPEMD256 })); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPException.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TSPException.java deleted file mode 100644 index a04e5c5..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPException.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.bouncycastle.tsp; - -public class TSPException - extends Exception -{ - Throwable underlyingException; - - public TSPException(String message) - { - super(message); - } - - public TSPException(String message, Throwable e) - { - super(message); - underlyingException = e; - } - - public Exception getUnderlyingException() - { - return (Exception)underlyingException; - } - - public Throwable getCause() - { - return underlyingException; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPIOException.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TSPIOException.java deleted file mode 100644 index 0be66db..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPIOException.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; - -public class TSPIOException - extends IOException -{ - Throwable underlyingException; - - public TSPIOException(String message) - { - super(message); - } - - public TSPIOException(String message, Throwable e) - { - super(message); - underlyingException = e; - } - - public Exception getUnderlyingException() - { - return (Exception)underlyingException; - } - - public Throwable getCause() - { - return underlyingException; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPUtil.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TSPUtil.java deleted file mode 100644 index d757071..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPUtil.java +++ /dev/null @@ -1,209 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.ExtendedKeyUsage; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; -import org.bouncycastle.asn1.x509.KeyPurposeId; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; - -public class TSPUtil -{ - private static List EMPTY_LIST = Collections.unmodifiableList(new ArrayList()); - - private static final Map digestLengths = new HashMap(); - private static final Map digestNames = new HashMap(); - - static - { - digestLengths.put(PKCSObjectIdentifiers.md5.getId(), Integers.valueOf(16)); - digestLengths.put(OIWObjectIdentifiers.idSHA1.getId(), Integers.valueOf(20)); - digestLengths.put(NISTObjectIdentifiers.id_sha224.getId(), Integers.valueOf(28)); - digestLengths.put(NISTObjectIdentifiers.id_sha256.getId(), Integers.valueOf(32)); - digestLengths.put(NISTObjectIdentifiers.id_sha384.getId(), Integers.valueOf(48)); - digestLengths.put(NISTObjectIdentifiers.id_sha512.getId(), Integers.valueOf(64)); - digestLengths.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), Integers.valueOf(16)); - digestLengths.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), Integers.valueOf(20)); - digestLengths.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), Integers.valueOf(32)); - digestLengths.put(CryptoProObjectIdentifiers.gostR3411.getId(), Integers.valueOf(32)); - - digestNames.put(PKCSObjectIdentifiers.md5.getId(), "MD5"); - digestNames.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1"); - digestNames.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224"); - digestNames.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256"); - digestNames.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384"); - digestNames.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512"); - digestNames.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1"); - digestNames.put(PKCSObjectIdentifiers.sha224WithRSAEncryption.getId(), "SHA224"); - digestNames.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256"); - digestNames.put(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId(), "SHA384"); - digestNames.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512"); - digestNames.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128"); - digestNames.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160"); - digestNames.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256"); - digestNames.put(CryptoProObjectIdentifiers.gostR3411.getId(), "GOST3411"); - } - - /** - * Fetches the signature time-stamp attributes from a SignerInformation object. - * Checks that the MessageImprint for each time-stamp matches the signature field. - * (see RFC 3161 Appendix A). - * - * @param signerInfo a SignerInformation to search for time-stamps - * @param digCalcProvider provider for digest calculators - * @return a collection of TimeStampToken objects - * @throws TSPValidationException - */ - public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) - throws TSPValidationException - { - List timestamps = new ArrayList(); - - AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes(); - if (unsignedAttrs != null) - { - ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll( - PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); - for (int i = 0; i < allTSAttrs.size(); ++i) - { - Attribute tsAttr = (Attribute)allTSAttrs.get(i); - ASN1Set tsAttrValues = tsAttr.getAttrValues(); - for (int j = 0; j < tsAttrValues.size(); ++j) - { - try - { - ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j)); - TimeStampToken timeStampToken = new TimeStampToken(contentInfo); - TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo(); - - DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm()); - - OutputStream dOut = digCalc.getOutputStream(); - - dOut.write(signerInfo.getSignature()); - dOut.close(); - - byte[] expectedDigest = digCalc.getDigest(); - - if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) - { - throw new TSPValidationException("Incorrect digest in message imprint"); - } - - timestamps.add(timeStampToken); - } - catch (OperatorCreationException e) - { - throw new TSPValidationException("Unknown hash algorithm specified in timestamp"); - } - catch (Exception e) - { - throw new TSPValidationException("Timestamp could not be parsed"); - } - } - } - } - - return timestamps; - } - - /** - * Validate the passed in certificate as being of the correct type to be used - * for time stamping. To be valid it must have an ExtendedKeyUsage extension - * which has a key purpose identifier of id-kp-timeStamping. - * - * @param cert the certificate of interest. - * @throws TSPValidationException if the certificate fails on one of the check points. - */ - public static void validateCertificate( - X509CertificateHolder cert) - throws TSPValidationException - { - if (cert.toASN1Structure().getVersionNumber() != 3) - { - throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension."); - } - - Extension ext = cert.getExtension(Extension.extendedKeyUsage); - if (ext == null) - { - throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension."); - } - - if (!ext.isCritical()) - { - throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical."); - } - - ExtendedKeyUsage extKey = ExtendedKeyUsage.getInstance(ext.getParsedValue()); - - if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1) - { - throw new TSPValidationException("ExtendedKeyUsage not solely time stamping."); - } - } - - static int getDigestLength( - String digestAlgOID) - throws TSPException - { - Integer length = (Integer)digestLengths.get(digestAlgOID); - - if (length != null) - { - return length.intValue(); - } - - throw new TSPException("digest algorithm cannot be found."); - } - - static List getExtensionOIDs(Extensions extensions) - { - if (extensions == null) - { - return EMPTY_LIST; - } - - return Collections.unmodifiableList(java.util.Arrays.asList(extensions.getExtensionOIDs())); - } - - static void addExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value) - throws TSPIOException - { - try - { - extGenerator.addExtension(oid, isCritical, value); - } - catch (IOException e) - { - throw new TSPIOException("cannot encode extension: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPValidationException.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TSPValidationException.java deleted file mode 100644 index 552b302..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TSPValidationException.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.tsp; - -/** - * Exception thrown if a TSP request or response fails to validate. - * <p> - * If a failure code is associated with the exception it can be retrieved using - * the getFailureCode() method. - */ -public class TSPValidationException - extends TSPException -{ - private int failureCode = -1; - - public TSPValidationException(String message) - { - super(message); - } - - public TSPValidationException(String message, int failureCode) - { - super(message); - this.failureCode = failureCode; - } - - /** - * Return the failure code associated with this exception - if one is set. - * - * @return the failure code if set, -1 otherwise. - */ - public int getFailureCode() - { - return failureCode; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java deleted file mode 100644 index fa7c9f7..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java +++ /dev/null @@ -1,267 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.util.Arrays; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.tsp.TimeStampReq; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; - -/** - * Base class for an RFC 3161 Time Stamp Request. - */ -public class TimeStampRequest -{ - private static Set EMPTY_SET = Collections.unmodifiableSet(new HashSet()); - - private TimeStampReq req; - private Extensions extensions; - - public TimeStampRequest(TimeStampReq req) - { - this.req = req; - this.extensions = req.getExtensions(); - } - - /** - * Create a TimeStampRequest from the past in byte array. - * - * @param req byte array containing the request. - * @throws IOException if the request is malformed. - */ - public TimeStampRequest(byte[] req) - throws IOException - { - this(new ByteArrayInputStream(req)); - } - - /** - * Create a TimeStampRequest from the past in input stream. - * - * @param in input stream containing the request. - * @throws IOException if the request is malformed. - */ - public TimeStampRequest(InputStream in) - throws IOException - { - this(loadRequest(in)); - } - - private static TimeStampReq loadRequest(InputStream in) - throws IOException - { - try - { - return TimeStampReq.getInstance(new ASN1InputStream(in).readObject()); - } - catch (ClassCastException e) - { - throw new IOException("malformed request: " + e); - } - catch (IllegalArgumentException e) - { - throw new IOException("malformed request: " + e); - } - } - - public int getVersion() - { - return req.getVersion().getValue().intValue(); - } - - public ASN1ObjectIdentifier getMessageImprintAlgOID() - { - return req.getMessageImprint().getHashAlgorithm().getAlgorithm(); - } - - public byte[] getMessageImprintDigest() - { - return req.getMessageImprint().getHashedMessage(); - } - - public ASN1ObjectIdentifier getReqPolicy() - { - if (req.getReqPolicy() != null) - { - return req.getReqPolicy(); - } - else - { - return null; - } - } - - public BigInteger getNonce() - { - if (req.getNonce() != null) - { - return req.getNonce().getValue(); - } - else - { - return null; - } - } - - public boolean getCertReq() - { - if (req.getCertReq() != null) - { - return req.getCertReq().isTrue(); - } - else - { - return false; - } - } - - /** - * Validate the timestamp request, checking the digest to see if it is of an - * accepted type and whether it is of the correct length for the algorithm specified. - * - * @param algorithms a set of OIDs giving accepted algorithms. - * @param policies if non-null a set of policies OIDs we are willing to sign under. - * @param extensions if non-null a set of extensions OIDs we are willing to accept. - * @throws TSPException if the request is invalid, or processing fails. - */ - public void validate( - Set algorithms, - Set policies, - Set extensions) - throws TSPException - { - algorithms = convert(algorithms); - policies = convert(policies); - extensions = convert(extensions); - - if (!algorithms.contains(this.getMessageImprintAlgOID())) - { - throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg); - } - - if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy())) - { - throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy); - } - - if (this.getExtensions() != null && extensions != null) - { - Enumeration en = this.getExtensions().oids(); - while(en.hasMoreElements()) - { - String oid = ((ASN1ObjectIdentifier)en.nextElement()).getId(); - if (!extensions.contains(oid)) - { - throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension); - } - } - } - - int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId()); - - if (digestLength != this.getMessageImprintDigest().length) - { - throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat); - } - } - - /** - * return the ASN.1 encoded representation of this object. - * @return the default ASN,1 byte encoding for the object. - */ - public byte[] getEncoded() throws IOException - { - return req.getEncoded(); - } - - Extensions getExtensions() - { - return extensions; - } - - public boolean hasExtensions() - { - return extensions != null; - } - - public Extension getExtension(ASN1ObjectIdentifier oid) - { - if (extensions != null) - { - return extensions.getExtension(oid); - } - - return null; - } - - public List getExtensionOIDs() - { - return TSPUtil.getExtensionOIDs(extensions); - } - - /** - * Returns a set of ASN1ObjectIdentifiers giving the non-critical extensions. - * @return a set of ASN1ObjectIdentifiers. - */ - public Set getNonCriticalExtensionOIDs() - { - if (extensions == null) - { - return EMPTY_SET; - } - - return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getNonCriticalExtensionOIDs()))); - } - - /** - * Returns a set of ASN1ObjectIdentifiers giving the critical extensions. - * @return a set of ASN1ObjectIdentifiers. - */ - public Set getCriticalExtensionOIDs() - { - if (extensions == null) - { - return EMPTY_SET; - } - - return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getCriticalExtensionOIDs()))); - } - - private Set convert(Set orig) - { - if (orig == null) - { - return orig; - } - - Set con = new HashSet(orig.size()); - - for (Iterator it = orig.iterator(); it.hasNext();) - { - Object o = it.next(); - - if (o instanceof String) - { - con.add(new ASN1ObjectIdentifier((String)o)); - } - else - { - con.add(o); - } - } - - return con; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java deleted file mode 100644 index 0f9900d..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java +++ /dev/null @@ -1,163 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Boolean; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.tsp.MessageImprint; -import org.bouncycastle.asn1.tsp.TimeStampReq; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; - -/** - * Generator for RFC 3161 Time Stamp Request objects. - */ -public class TimeStampRequestGenerator -{ - private ASN1ObjectIdentifier reqPolicy; - - private ASN1Boolean certReq; - private ExtensionsGenerator extGenerator = new ExtensionsGenerator(); - - public TimeStampRequestGenerator() - { - } - - /** - * @deprecated use method taking ASN1ObjectIdentifier - * @param reqPolicy - */ - public void setReqPolicy( - String reqPolicy) - { - this.reqPolicy= new ASN1ObjectIdentifier(reqPolicy); - } - - public void setReqPolicy( - ASN1ObjectIdentifier reqPolicy) - { - this.reqPolicy= reqPolicy; - } - - public void setCertReq( - boolean certReq) - { - this.certReq = ASN1Boolean.getInstance(certReq); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * @throws IOException - * @deprecated use method taking ASN1ObjectIdentifier - */ - public void addExtension( - String OID, - boolean critical, - ASN1Encodable value) - throws IOException - { - this.addExtension(OID, critical, value.toASN1Primitive().getEncoded()); - } - - /** - * add a given extension field for the standard extensions tag - * The value parameter becomes the contents of the octet string associated - * with the extension. - * @deprecated use method taking ASN1ObjectIdentifier - */ - public void addExtension( - String OID, - boolean critical, - byte[] value) - { - extGenerator.addExtension(new ASN1ObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * @throws TSPIOException - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean isCritical, - ASN1Encodable value) - throws TSPIOException - { - TSPUtil.addExtension(extGenerator, oid, isCritical, value); - } - - /** - * add a given extension field for the standard extensions tag - * The value parameter becomes the contents of the octet string associated - * with the extension. - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean isCritical, - byte[] value) - { - extGenerator.addExtension(oid, isCritical, value); - } - - /** - * @deprecated use method taking ANS1ObjectIdentifier - */ - public TimeStampRequest generate( - String digestAlgorithm, - byte[] digest) - { - return this.generate(digestAlgorithm, digest, null); - } - - /** - * @deprecated use method taking ANS1ObjectIdentifier - */ - public TimeStampRequest generate( - String digestAlgorithmOID, - byte[] digest, - BigInteger nonce) - { - if (digestAlgorithmOID == null) - { - throw new IllegalArgumentException("No digest algorithm specified"); - } - - ASN1ObjectIdentifier digestAlgOID = new ASN1ObjectIdentifier(digestAlgorithmOID); - - AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DERNull.INSTANCE); - MessageImprint messageImprint = new MessageImprint(algID, digest); - - Extensions ext = null; - - if (!extGenerator.isEmpty()) - { - ext = extGenerator.generate(); - } - - if (nonce != null) - { - return new TimeStampRequest(new TimeStampReq(messageImprint, - reqPolicy, new ASN1Integer(nonce), certReq, ext)); - } - else - { - return new TimeStampRequest(new TimeStampReq(messageImprint, - reqPolicy, null, certReq, ext)); - } - } - - public TimeStampRequest generate(ASN1ObjectIdentifier digestAlgorithm, byte[] digest) - { - return generate(digestAlgorithm.getId(), digest); - } - - public TimeStampRequest generate(ASN1ObjectIdentifier digestAlgorithm, byte[] digest, BigInteger nonce) - { - return generate(digestAlgorithm.getId(), digest, nonce); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java deleted file mode 100644 index 7d13510..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java +++ /dev/null @@ -1,189 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.cmp.PKIFreeText; -import org.bouncycastle.asn1.cmp.PKIStatus; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.tsp.TimeStampResp; -import org.bouncycastle.util.Arrays; - -/** - * Base class for an RFC 3161 Time Stamp Response object. - */ -public class TimeStampResponse -{ - TimeStampResp resp; - TimeStampToken timeStampToken; - - public TimeStampResponse(TimeStampResp resp) - throws TSPException, IOException - { - this.resp = resp; - - if (resp.getTimeStampToken() != null) - { - timeStampToken = new TimeStampToken(resp.getTimeStampToken()); - } - } - - /** - * Create a TimeStampResponse from a byte array containing an ASN.1 encoding. - * - * @param resp the byte array containing the encoded response. - * @throws TSPException if the response is malformed. - * @throws IOException if the byte array doesn't represent an ASN.1 encoding. - */ - public TimeStampResponse(byte[] resp) - throws TSPException, IOException - { - this(new ByteArrayInputStream(resp)); - } - - /** - * Create a TimeStampResponse from an input stream containing an ASN.1 encoding. - * - * @param in the input stream containing the encoded response. - * @throws TSPException if the response is malformed. - * @throws IOException if the stream doesn't represent an ASN.1 encoding. - */ - public TimeStampResponse(InputStream in) - throws TSPException, IOException - { - this(readTimeStampResp(in)); - } - - private static TimeStampResp readTimeStampResp( - InputStream in) - throws IOException, TSPException - { - try - { - return TimeStampResp.getInstance(new ASN1InputStream(in).readObject()); - } - catch (IllegalArgumentException e) - { - throw new TSPException("malformed timestamp response: " + e, e); - } - catch (ClassCastException e) - { - throw new TSPException("malformed timestamp response: " + e, e); - } - } - - public int getStatus() - { - return resp.getStatus().getStatus().intValue(); - } - - public String getStatusString() - { - if (resp.getStatus().getStatusString() != null) - { - StringBuffer statusStringBuf = new StringBuffer(); - PKIFreeText text = resp.getStatus().getStatusString(); - for (int i = 0; i != text.size(); i++) - { - statusStringBuf.append(text.getStringAt(i).getString()); - } - return statusStringBuf.toString(); - } - else - { - return null; - } - } - - public PKIFailureInfo getFailInfo() - { - if (resp.getStatus().getFailInfo() != null) - { - return new PKIFailureInfo(resp.getStatus().getFailInfo()); - } - - return null; - } - - public TimeStampToken getTimeStampToken() - { - return timeStampToken; - } - - /** - * Check this response against to see if it a well formed response for - * the passed in request. Validation will include checking the time stamp - * token if the response status is GRANTED or GRANTED_WITH_MODS. - * - * @param request the request to be checked against - * @throws TSPException if the request can not match this response. - */ - public void validate( - TimeStampRequest request) - throws TSPException - { - TimeStampToken tok = this.getTimeStampToken(); - - if (tok != null) - { - TimeStampTokenInfo tstInfo = tok.getTimeStampInfo(); - - if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce())) - { - throw new TSPValidationException("response contains wrong nonce value."); - } - - if (this.getStatus() != PKIStatus.GRANTED && this.getStatus() != PKIStatus.GRANTED_WITH_MODS) - { - throw new TSPValidationException("time stamp token found in failed request."); - } - - if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest())) - { - throw new TSPValidationException("response for different message imprint digest."); - } - - if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID())) - { - throw new TSPValidationException("response for different message imprint algorithm."); - } - - Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate); - Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2); - - if (scV1 == null && scV2 == null) - { - throw new TSPValidationException("no signing certificate attribute present."); - } - - if (scV1 != null && scV2 != null) - { - /* - * RFC 5035 5.4. If both attributes exist in a single message, - * they are independently evaluated. - */ - } - - if (request.getReqPolicy() != null && !request.getReqPolicy().equals(tstInfo.getPolicy())) - { - throw new TSPValidationException("TSA policy wrong for request."); - } - } - else if (this.getStatus() == PKIStatus.GRANTED || this.getStatus() == PKIStatus.GRANTED_WITH_MODS) - { - throw new TSPValidationException("no time stamp token found and one expected."); - } - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() throws IOException - { - return resp.getEncoded(); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java deleted file mode 100644 index 8ab68aa..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java +++ /dev/null @@ -1,353 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Date; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.cmp.PKIFreeText; -import org.bouncycastle.asn1.cmp.PKIStatus; -import org.bouncycastle.asn1.cmp.PKIStatusInfo; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.tsp.TimeStampResp; - -/** - * Generator for RFC 3161 Time Stamp Responses. - * <p> - * New generate methods have been introduced to give people more control over what ends up in the message. - * Unfortunately it turns out that in some cases fields like statusString must be left out otherwise a an - * otherwise valid timestamp will be rejected. - * </p> - * If you're after the most control with generating a response use: - * <pre> - * TimeStampResponse tsResp; - * - * try - * { - * tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date()); - * } - * catch (Exception e) - * { - * tsResp = tsRespGen.generateRejectedResponse(e); - * } - * </pre> - * The generate method does this, but provides a status string of "Operation Okay". - * <p> - * It should be pointed out that generateRejectedResponse() may also, on very rare occasions throw a TSPException. - * In the event that happens, there's a serious internal problem with your responder. - * </p> - */ -public class TimeStampResponseGenerator -{ - int status; - - ASN1EncodableVector statusStrings; - - int failInfo; - private TimeStampTokenGenerator tokenGenerator; - private Set acceptedAlgorithms; - private Set acceptedPolicies; - private Set acceptedExtensions; - - /** - * - * @param tokenGenerator - * @param acceptedAlgorithms a set of OIDs giving accepted algorithms. - */ - public TimeStampResponseGenerator( - TimeStampTokenGenerator tokenGenerator, - Set acceptedAlgorithms) - { - this(tokenGenerator, acceptedAlgorithms, null, null); - } - - /** - * - * @param tokenGenerator - * @param acceptedAlgorithms a set of OIDs giving accepted algorithms. - * @param acceptedPolicies if non-null a set of policies OIDs we are willing to sign under. - */ - public TimeStampResponseGenerator( - TimeStampTokenGenerator tokenGenerator, - Set acceptedAlgorithms, - Set acceptedPolicies) - { - this(tokenGenerator, acceptedAlgorithms, acceptedPolicies, null); - } - - /** - * - * @param tokenGenerator - * @param acceptedAlgorithms a set of OIDs giving accepted algorithms. - * @param acceptedPolicies if non-null a set of policies OIDs we are willing to sign under. - * @param acceptedExtensions if non-null a set of extensions OIDs we are willing to accept. - */ - public TimeStampResponseGenerator( - TimeStampTokenGenerator tokenGenerator, - Set acceptedAlgorithms, - Set acceptedPolicies, - Set acceptedExtensions) - { - this.tokenGenerator = tokenGenerator; - this.acceptedAlgorithms = convert(acceptedAlgorithms); - this.acceptedPolicies = convert(acceptedPolicies); - this.acceptedExtensions = convert(acceptedExtensions); - - statusStrings = new ASN1EncodableVector(); - } - - private void addStatusString(String statusString) - { - statusStrings.add(new DERUTF8String(statusString)); - } - - private void setFailInfoField(int field) - { - failInfo = failInfo | field; - } - - private PKIStatusInfo getPKIStatusInfo() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new ASN1Integer(status)); - - if (statusStrings.size() > 0) - { - v.add(PKIFreeText.getInstance(new DERSequence(statusStrings))); - } - - if (failInfo != 0) - { - DERBitString failInfoBitString = new FailInfo(failInfo); - v.add(failInfoBitString); - } - - return PKIStatusInfo.getInstance(new DERSequence(v)); - } - - /** - * Return an appropriate TimeStampResponse. - * <p> - * If genTime is null a timeNotAvailable error response will be returned. Calling generate() is the - * equivalent of: - * <pre> - * TimeStampResponse tsResp; - * - * try - * { - * tsResp = tsRespGen.generateGrantedResponse(request, serialNumber, genTime, "Operation Okay"); - * } - * catch (Exception e) - * { - * tsResp = tsRespGen.generateRejectedResponse(e); - * } - * </pre> - * @param request the request this response is for. - * @param serialNumber serial number for the response token. - * @param genTime generation time for the response token. - * @return a TimeStampResponse. - * @throws TSPException - */ - public TimeStampResponse generate( - TimeStampRequest request, - BigInteger serialNumber, - Date genTime) - throws TSPException - { - try - { - return this.generateGrantedResponse(request, serialNumber, genTime, "Operation Okay"); - } - catch (Exception e) - { - return this.generateRejectedResponse(e); - } - } - - /** - * Return a granted response, if the passed in request passes validation. - * <p> - * If genTime is null a timeNotAvailable or a validation exception occurs a TSPValidationException will - * be thrown. The parent TSPException will only occur on some sort of system failure. - * </p> - * @param request the request this response is for. - * @param serialNumber serial number for the response token. - * @param genTime generation time for the response token. - * @return the TimeStampResponse with a status of PKIStatus.GRANTED - * @throws TSPException on validation exception or internal error. - */ - public TimeStampResponse generateGrantedResponse( - TimeStampRequest request, - BigInteger serialNumber, - Date genTime) - throws TSPException - { - return generateGrantedResponse(request, serialNumber, genTime, null); - } - - /** - * Return a granted response, if the passed in request passes validation with the passed in status string. - * <p> - * If genTime is null a timeNotAvailable or a validation exception occurs a TSPValidationException will - * be thrown. The parent TSPException will only occur on some sort of system failure. - * </p> - * @param request the request this response is for. - * @param serialNumber serial number for the response token. - * @param genTime generation time for the response token. - * @return the TimeStampResponse with a status of PKIStatus.GRANTED - * @throws TSPException on validation exception or internal error. - */ - public TimeStampResponse generateGrantedResponse( - TimeStampRequest request, - BigInteger serialNumber, - Date genTime, - String statusString) - throws TSPException - { - if (genTime == null) - { - throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable); - } - - request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions); - - status = PKIStatus.GRANTED; - statusStrings = new ASN1EncodableVector(); - - if (statusString != null) - { - this.addStatusString(statusString); - } - - PKIStatusInfo pkiStatusInfo = getPKIStatusInfo(); - - ContentInfo tstTokenContentInfo; - try - { - tstTokenContentInfo = tokenGenerator.generate(request, serialNumber, genTime).toCMSSignedData().toASN1Structure(); - } - catch (TSPException e) - { - throw e; - } - catch (Exception e) - { - throw new TSPException( - "Timestamp token received cannot be converted to ContentInfo", e); - } - - TimeStampResp resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo); - - try - { - return new TimeStampResponse(resp); - } - catch (IOException e) - { - throw new TSPException("created badly formatted response!"); - } - } - - /** - * Generate a generic rejection response based on a TSPValidationException or - * an Exception. Exceptions which are not an instance of TSPValidationException - * will be treated as systemFailure. The return value of exception.getMessage() will - * be used as the status string for the response. - * - * @param exception the exception thrown on validating the request. - * @return a TimeStampResponse. - * @throws TSPException if a failure response cannot be generated. - */ - public TimeStampResponse generateRejectedResponse(Exception exception) - throws TSPException - { - if (exception instanceof TSPValidationException) - { - return generateFailResponse(PKIStatus.REJECTION, ((TSPValidationException)exception).getFailureCode(), exception.getMessage()); - } - else - { - return generateFailResponse(PKIStatus.REJECTION, PKIFailureInfo.systemFailure, exception.getMessage()); - } - } - - /** - * Generate a non-granted TimeStampResponse with chosen status and FailInfoField. - * - * @param status the PKIStatus to set. - * @param failInfoField the FailInfoField to set. - * @param statusString an optional string describing the failure. - * @return a TimeStampResponse with a failInfoField and optional statusString - * @throws TSPException in case the response could not be created - */ - public TimeStampResponse generateFailResponse(int status, int failInfoField, String statusString) - throws TSPException - { - this.status = status; - this.statusStrings = new ASN1EncodableVector(); - - this.setFailInfoField(failInfoField); - - if (statusString != null) - { - this.addStatusString(statusString); - } - - PKIStatusInfo pkiStatusInfo = getPKIStatusInfo(); - - TimeStampResp resp = new TimeStampResp(pkiStatusInfo, null); - - try - { - return new TimeStampResponse(resp); - } - catch (IOException e) - { - throw new TSPException("created badly formatted response!"); - } - } - - private Set convert(Set orig) - { - if (orig == null) - { - return orig; - } - - Set con = new HashSet(orig.size()); - - for (Iterator it = orig.iterator(); it.hasNext();) - { - Object o = it.next(); - - if (o instanceof String) - { - con.add(new ASN1ObjectIdentifier((String)o)); - } - else - { - con.add(o); - } - } - - return con; - } - - class FailInfo extends DERBitString - { - FailInfo(int failInfoValue) - { - super(getBytes(failInfoValue), getPadBits(failInfoValue)); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java deleted file mode 100644 index 0422998..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java +++ /dev/null @@ -1,393 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collection; -import java.util.Date; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.ess.ESSCertID; -import org.bouncycastle.asn1.ess.ESSCertIDv2; -import org.bouncycastle.asn1.ess.SigningCertificate; -import org.bouncycastle.asn1.ess.SigningCertificateV2; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.tsp.TSTInfo; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.SignerId; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationVerifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Store; - -/** - * Carrier class for a TimeStampToken. - */ -public class TimeStampToken -{ - CMSSignedData tsToken; - - SignerInformation tsaSignerInfo; - - Date genTime; - - TimeStampTokenInfo tstInfo; - - CertID certID; - - public TimeStampToken(ContentInfo contentInfo) - throws TSPException, IOException - { - this(getSignedData(contentInfo)); - } - - private static CMSSignedData getSignedData(ContentInfo contentInfo) - throws TSPException - { - try - { - return new CMSSignedData(contentInfo); - } - catch (CMSException e) - { - throw new TSPException("TSP parsing error: " + e.getMessage(), e.getCause()); - } - } - - public TimeStampToken(CMSSignedData signedData) - throws TSPException, IOException - { - this.tsToken = signedData; - - if (!this.tsToken.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.id_ct_TSTInfo.getId())) - { - throw new TSPValidationException("ContentInfo object not for a time stamp."); - } - - Collection signers = tsToken.getSignerInfos().getSigners(); - - if (signers.size() != 1) - { - throw new IllegalArgumentException("Time-stamp token signed by " - + signers.size() - + " signers, but it must contain just the TSA signature."); - } - - tsaSignerInfo = (SignerInformation)signers.iterator().next(); - - try - { - CMSProcessable content = tsToken.getSignedContent(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - content.write(bOut); - - ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray())); - - this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(aIn.readObject())); - - Attribute attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate); - - if (attr != null) - { - SigningCertificate signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0)); - - this.certID = new CertID(ESSCertID.getInstance(signCert.getCerts()[0])); - } - else - { - attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2); - - if (attr == null) - { - throw new TSPValidationException("no signing certificate attribute found, time stamp invalid."); - } - - SigningCertificateV2 signCertV2 = SigningCertificateV2.getInstance(attr.getAttrValues().getObjectAt(0)); - - this.certID = new CertID(ESSCertIDv2.getInstance(signCertV2.getCerts()[0])); - } - } - catch (CMSException e) - { - throw new TSPException(e.getMessage(), e.getUnderlyingException()); - } - } - - public TimeStampTokenInfo getTimeStampInfo() - { - return tstInfo; - } - - public SignerId getSID() - { - return tsaSignerInfo.getSID(); - } - - public AttributeTable getSignedAttributes() - { - return tsaSignerInfo.getSignedAttributes(); - } - - public AttributeTable getUnsignedAttributes() - { - return tsaSignerInfo.getUnsignedAttributes(); - } - - public Store getCertificates() - { - return tsToken.getCertificates(); - } - - public Store getCRLs() - { - return tsToken.getCRLs(); - } - - public Store getAttributeCertificates() - { - return tsToken.getAttributeCertificates(); - } - - /** - * Validate the time stamp token. - * <p> - * To be valid the token must be signed by the passed in certificate and - * the certificate must be the one referred to by the SigningCertificate - * attribute included in the hashed attributes of the token. The - * certificate must also have the ExtendedKeyUsageExtension with only - * KeyPurposeId.id_kp_timeStamping and have been valid at the time the - * timestamp was created. - * </p> - * <p> - * A successful call to validate means all the above are true. - * </p> - * - * @param sigVerifier the content verifier create the objects required to verify the CMS object in the timestamp. - * @throws TSPException if an exception occurs in processing the token. - * @throws TSPValidationException if the certificate or signature fail to be valid. - * @throws IllegalArgumentException if the sigVerifierProvider has no associated certificate. - */ - public void validate( - SignerInformationVerifier sigVerifier) - throws TSPException, TSPValidationException - { - if (!sigVerifier.hasAssociatedCertificate()) - { - throw new IllegalArgumentException("verifier provider needs an associated certificate"); - } - - try - { - X509CertificateHolder certHolder = sigVerifier.getAssociatedCertificate(); - DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm()); - - OutputStream cOut = calc.getOutputStream(); - - cOut.write(certHolder.getEncoded()); - cOut.close(); - - if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest())) - { - throw new TSPValidationException("certificate hash does not match certID hash."); - } - - if (certID.getIssuerSerial() != null) - { - IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(certHolder.toASN1Structure()); - - if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber())) - { - throw new TSPValidationException("certificate serial number does not match certID for signature."); - } - - GeneralName[] names = certID.getIssuerSerial().getIssuer().getNames(); - boolean found = false; - - for (int i = 0; i != names.length; i++) - { - if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName()))) - { - found = true; - break; - } - } - - if (!found) - { - throw new TSPValidationException("certificate name does not match certID for signature. "); - } - } - - TSPUtil.validateCertificate(certHolder); - - if (!certHolder.isValidOn(tstInfo.getGenTime())) - { - throw new TSPValidationException("certificate not valid when time stamp created."); - } - - if (!tsaSignerInfo.verify(sigVerifier)) - { - throw new TSPValidationException("signature not created by certificate."); - } - } - catch (CMSException e) - { - if (e.getUnderlyingException() != null) - { - throw new TSPException(e.getMessage(), e.getUnderlyingException()); - } - else - { - throw new TSPException("CMS exception: " + e, e); - } - } - catch (IOException e) - { - throw new TSPException("problem processing certificate: " + e, e); - } - catch (OperatorCreationException e) - { - throw new TSPException("unable to create digest: " + e.getMessage(), e); - } - } - - /** - * Return true if the signature on time stamp token is valid. - * <p> - * Note: this is a much weaker proof of correctness than calling validate(). - * </p> - * - * @param sigVerifier the content verifier create the objects required to verify the CMS object in the timestamp. - * @return true if the signature matches, false otherwise. - * @throws TSPException if the signature cannot be processed or the provider cannot match the algorithm. - */ - public boolean isSignatureValid( - SignerInformationVerifier sigVerifier) - throws TSPException - { - try - { - return tsaSignerInfo.verify(sigVerifier); - } - catch (CMSException e) - { - if (e.getUnderlyingException() != null) - { - throw new TSPException(e.getMessage(), e.getUnderlyingException()); - } - else - { - throw new TSPException("CMS exception: " + e, e); - } - } - } - - /** - * Return the underlying CMSSignedData object. - * - * @return the underlying CMS structure. - */ - public CMSSignedData toCMSSignedData() - { - return tsToken; - } - - /** - * Return a ASN.1 encoded byte stream representing the encoded object. - * - * @throws IOException if encoding fails. - */ - public byte[] getEncoded() - throws IOException - { - return tsToken.getEncoded(); - } - - // perhaps this should be done using an interface on the ASN.1 classes... - private class CertID - { - private ESSCertID certID; - private ESSCertIDv2 certIDv2; - - CertID(ESSCertID certID) - { - this.certID = certID; - this.certIDv2 = null; - } - - CertID(ESSCertIDv2 certID) - { - this.certIDv2 = certID; - this.certID = null; - } - - public String getHashAlgorithmName() - { - if (certID != null) - { - return "SHA-1"; - } - else - { - if (NISTObjectIdentifiers.id_sha256.equals(certIDv2.getHashAlgorithm().getAlgorithm())) - { - return "SHA-256"; - } - return certIDv2.getHashAlgorithm().getAlgorithm().getId(); - } - } - - public AlgorithmIdentifier getHashAlgorithm() - { - if (certID != null) - { - return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1); - } - else - { - return certIDv2.getHashAlgorithm(); - } - } - - public byte[] getCertHash() - { - if (certID != null) - { - return certID.getCertHash(); - } - else - { - return certIDv2.getCertHash(); - } - } - - public IssuerSerial getIssuerSerial() - { - if (certID != null) - { - return certID.getIssuerSerial(); - } - else - { - return certIDv2.getIssuerSerial(); - } - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java deleted file mode 100644 index 91586c5..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java +++ /dev/null @@ -1,380 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; -import java.io.OutputStream; -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Boolean; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.ess.ESSCertID; -import org.bouncycastle.asn1.ess.ESSCertIDv2; -import org.bouncycastle.asn1.ess.SigningCertificate; -import org.bouncycastle.asn1.ess.SigningCertificateV2; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.tsp.Accuracy; -import org.bouncycastle.asn1.tsp.MessageImprint; -import org.bouncycastle.asn1.tsp.TSTInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.CMSAttributeTableGenerationException; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.SignerInfoGenerator; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Store; - -/** - * Currently the class supports ESSCertID by if a digest calculator based on SHA1 is passed in, otherwise it uses - * ESSCertIDv2. In the event you need to pass both types, you will need to override the SignedAttributeGenerator - * for the SignerInfoGeneratorBuilder you are using. For the default for ESSCertIDv2 the code will look something - * like the following: - * <pre> - * final ESSCertID essCertid = new ESSCertID(certHashSha1, issuerSerial); - * final ESSCertIDv2 essCertidV2 = new ESSCertIDv2(certHashSha256, issuerSerial); - * - * signerInfoGenBuilder.setSignedAttributeGenerator(new CMSAttributeTableGenerator() - * { - * public AttributeTable getAttributes(Map parameters) - * throws CMSAttributeTableGenerationException - * { - * CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(); - * - * AttributeTable table = attrGen.getAttributes(parameters); - * - * table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid)); - * table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(essCertidV2)); - * - * return table; - * } - * }); - * </pre> - */ -public class TimeStampTokenGenerator -{ - int accuracySeconds = -1; - - int accuracyMillis = -1; - - int accuracyMicros = -1; - - boolean ordering = false; - - GeneralName tsa = null; - - private ASN1ObjectIdentifier tsaPolicyOID; - - private List certs = new ArrayList(); - private List crls = new ArrayList(); - private List attrCerts = new ArrayList(); - private Map otherRevoc = new HashMap(); - private SignerInfoGenerator signerInfoGen; - - /** - * Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from - * the signer's associated certificate using the sha1DigestCalculator. If alternate values are required - * for id-aa-signingCertificate they should be added to the signerInfoGen object before it is passed in, - * otherwise a standard digest based value will be added. - * - * @param signerInfoGen the generator for the signer we are using. - * @param digestCalculator calculator for to use for digest of certificate. - * @param tsaPolicy tasPolicy to send. - * @throws IllegalArgumentException if calculator is not SHA-1 or there is no associated certificate for the signer, - * @throws TSPException if the signer certificate cannot be processed. - */ - public TimeStampTokenGenerator( - final SignerInfoGenerator signerInfoGen, - DigestCalculator digestCalculator, - ASN1ObjectIdentifier tsaPolicy) - throws IllegalArgumentException, TSPException - { - this(signerInfoGen, digestCalculator, tsaPolicy, false); - } - - /** - * Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from - * the signer's associated certificate using the sha1DigestCalculator. If alternate values are required - * for id-aa-signingCertificate they should be added to the signerInfoGen object before it is passed in, - * otherwise a standard digest based value will be added. - * - * @param signerInfoGen the generator for the signer we are using. - * @param digestCalculator calculator for to use for digest of certificate. - * @param tsaPolicy tasPolicy to send. - * @param isIssuerSerialIncluded should issuerSerial be included in the ESSCertIDs, true if yes, by default false. - * @throws IllegalArgumentException if calculator is not SHA-1 or there is no associated certificate for the signer, - * @throws TSPException if the signer certificate cannot be processed. - */ - public TimeStampTokenGenerator( - final SignerInfoGenerator signerInfoGen, - DigestCalculator digestCalculator, - ASN1ObjectIdentifier tsaPolicy, - boolean isIssuerSerialIncluded) - throws IllegalArgumentException, TSPException - { - this.signerInfoGen = signerInfoGen; - this.tsaPolicyOID = tsaPolicy; - - if (!signerInfoGen.hasAssociatedCertificate()) - { - throw new IllegalArgumentException("SignerInfoGenerator must have an associated certificate"); - } - - X509CertificateHolder assocCert = signerInfoGen.getAssociatedCertificate(); - TSPUtil.validateCertificate(assocCert); - - try - { - OutputStream dOut = digestCalculator.getOutputStream(); - - dOut.write(assocCert.getEncoded()); - - dOut.close(); - - if (digestCalculator.getAlgorithmIdentifier().getAlgorithm().equals(OIWObjectIdentifiers.idSHA1)) - { - final ESSCertID essCertid = new ESSCertID(digestCalculator.getDigest(), - isIssuerSerialIncluded ? new IssuerSerial(new GeneralNames(new GeneralName(assocCert.getIssuer())), assocCert.getSerialNumber()) - : null); - - this.signerInfoGen = new SignerInfoGenerator(signerInfoGen, new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - throws CMSAttributeTableGenerationException - { - AttributeTable table = signerInfoGen.getSignedAttributeTableGenerator().getAttributes(parameters); - - if (table.get(PKCSObjectIdentifiers.id_aa_signingCertificate) == null) - { - return table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid)); - } - - return table; - } - }, signerInfoGen.getUnsignedAttributeTableGenerator()); - } - else - { - AlgorithmIdentifier digAlgID = new AlgorithmIdentifier(digestCalculator.getAlgorithmIdentifier().getAlgorithm()); - final ESSCertIDv2 essCertid = new ESSCertIDv2(digAlgID, digestCalculator.getDigest(), - isIssuerSerialIncluded ? new IssuerSerial(new GeneralNames(new GeneralName(assocCert.getIssuer())), new ASN1Integer(assocCert.getSerialNumber())) - : null); - - this.signerInfoGen = new SignerInfoGenerator(signerInfoGen, new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - throws CMSAttributeTableGenerationException - { - AttributeTable table = signerInfoGen.getSignedAttributeTableGenerator().getAttributes(parameters); - - if (table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2) == null) - { - return table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(essCertid)); - } - - return table; - } - }, signerInfoGen.getUnsignedAttributeTableGenerator()); - } - } - catch (IOException e) - { - throw new TSPException("Exception processing certificate.", e); - } - } - - /** - * Add the store of X509 Certificates to the generator. - * - * @param certStore a Store containing X509CertificateHolder objects - */ - public void addCertificates( - Store certStore) - { - certs.addAll(certStore.getMatches(null)); - } - - /** - * - * @param crlStore a Store containing X509CRLHolder objects. - */ - public void addCRLs( - Store crlStore) - { - crls.addAll(crlStore.getMatches(null)); - } - - /** - * - * @param attrStore a Store containing X509AttributeCertificate objects. - */ - public void addAttributeCertificates( - Store attrStore) - { - attrCerts.addAll(attrStore.getMatches(null)); - } - - /** - * Add a Store of otherRevocationData to the CRL set to be included with the generated TimeStampToken. - * - * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. - * @param otherRevocationInfos a Store of otherRevocationInfo data to add. - */ - public void addOtherRevocationInfo( - ASN1ObjectIdentifier otherRevocationInfoFormat, - Store otherRevocationInfos) - { - otherRevoc.put(otherRevocationInfoFormat, otherRevocationInfos.getMatches(null)); - } - - public void setAccuracySeconds(int accuracySeconds) - { - this.accuracySeconds = accuracySeconds; - } - - public void setAccuracyMillis(int accuracyMillis) - { - this.accuracyMillis = accuracyMillis; - } - - public void setAccuracyMicros(int accuracyMicros) - { - this.accuracyMicros = accuracyMicros; - } - - public void setOrdering(boolean ordering) - { - this.ordering = ordering; - } - - public void setTSA(GeneralName tsa) - { - this.tsa = tsa; - } - - /** - * Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed in genTime. - * - * @param request the originating request. - * @param serialNumber serial number for the TimeStampToken - * @param genTime token generation time. - * @return a TimeStampToken - * @throws TSPException - */ - public TimeStampToken generate( - TimeStampRequest request, - BigInteger serialNumber, - Date genTime) - throws TSPException - { - ASN1ObjectIdentifier digestAlgOID = request.getMessageImprintAlgOID(); - - AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DERNull.INSTANCE); - MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest()); - - Accuracy accuracy = null; - if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) - { - ASN1Integer seconds = null; - if (accuracySeconds > 0) - { - seconds = new ASN1Integer(accuracySeconds); - } - - ASN1Integer millis = null; - if (accuracyMillis > 0) - { - millis = new ASN1Integer(accuracyMillis); - } - - ASN1Integer micros = null; - if (accuracyMicros > 0) - { - micros = new ASN1Integer(accuracyMicros); - } - - accuracy = new Accuracy(seconds, millis, micros); - } - - ASN1Boolean derOrdering = null; - if (ordering) - { - derOrdering = new ASN1Boolean(ordering); - } - - ASN1Integer nonce = null; - if (request.getNonce() != null) - { - nonce = new ASN1Integer(request.getNonce()); - } - - ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID; - if (request.getReqPolicy() != null) - { - tsaPolicy = request.getReqPolicy(); - } - - TSTInfo tstInfo = new TSTInfo(tsaPolicy, - messageImprint, new ASN1Integer(serialNumber), - new ASN1GeneralizedTime(genTime), accuracy, derOrdering, - nonce, tsa, request.getExtensions()); - - try - { - CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator(); - - if (request.getCertReq()) - { - // TODO: do we need to check certs non-empty? - signedDataGenerator.addCertificates(new CollectionStore(certs)); - signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts)); - } - - signedDataGenerator.addCRLs(new CollectionStore(crls)); - - if (!otherRevoc.isEmpty()) - { - for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext();) - { - ASN1ObjectIdentifier format = (ASN1ObjectIdentifier)it.next(); - - signedDataGenerator.addOtherRevocationInfo(format, new CollectionStore((Collection)otherRevoc.get(format))); - } - } - - signedDataGenerator.addSignerInfoGenerator(signerInfoGen); - - byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER); - - CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true); - - return new TimeStampToken(signedData); - } - catch (CMSException cmsEx) - { - throw new TSPException("Error generating time-stamp token", cmsEx); - } - catch (IOException e) - { - throw new TSPException("Exception encoding info", e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java b/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java deleted file mode 100644 index 98011a0..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.tsp; - -import java.io.IOException; -import java.math.BigInteger; -import java.text.ParseException; -import java.util.Date; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.tsp.Accuracy; -import org.bouncycastle.asn1.tsp.TSTInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; - -public class TimeStampTokenInfo -{ - TSTInfo tstInfo; - Date genTime; - - TimeStampTokenInfo(TSTInfo tstInfo) - throws TSPException, IOException - { - this.tstInfo = tstInfo; - - try - { - this.genTime = tstInfo.getGenTime().getDate(); - } - catch (ParseException e) - { - throw new TSPException("unable to parse genTime field"); - } - } - - public boolean isOrdered() - { - return tstInfo.getOrdering().isTrue(); - } - - public Accuracy getAccuracy() - { - return tstInfo.getAccuracy(); - } - - public Date getGenTime() - { - return genTime; - } - - public GenTimeAccuracy getGenTimeAccuracy() - { - if (this.getAccuracy() != null) - { - return new GenTimeAccuracy(this.getAccuracy()); - } - - return null; - } - - public ASN1ObjectIdentifier getPolicy() - { - return tstInfo.getPolicy(); - } - - public BigInteger getSerialNumber() - { - return tstInfo.getSerialNumber().getValue(); - } - - public GeneralName getTsa() - { - return tstInfo.getTsa(); - } - - /** - * @return the nonce value, null if there isn't one. - */ - public BigInteger getNonce() - { - if (tstInfo.getNonce() != null) - { - return tstInfo.getNonce().getValue(); - } - - return null; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return tstInfo.getMessageImprint().getHashAlgorithm(); - } - - public ASN1ObjectIdentifier getMessageImprintAlgOID() - { - return tstInfo.getMessageImprint().getHashAlgorithm().getAlgorithm(); - } - - public byte[] getMessageImprintDigest() - { - return tstInfo.getMessageImprint().getHashedMessage(); - } - - public byte[] getEncoded() - throws IOException - { - return tstInfo.getEncoded(); - } - - /** - * @deprecated use toASN1Structure - * @return - */ - public TSTInfo toTSTInfo() - { - return tstInfo; - } - - public TSTInfo toASN1Structure() - { - return tstInfo; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java deleted file mode 100644 index 3093a6d..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java +++ /dev/null @@ -1,204 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.Evidence; -import org.bouncycastle.asn1.cms.TimeStampAndCRL; -import org.bouncycastle.asn1.cms.TimeStampTokenEvidence; -import org.bouncycastle.asn1.cms.TimeStampedData; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.tsp.TimeStampToken; - -public class CMSTimeStampedData -{ - private TimeStampedData timeStampedData; - private ContentInfo contentInfo; - private TimeStampDataUtil util; - - public CMSTimeStampedData(ContentInfo contentInfo) - { - this.initialize(contentInfo); - } - - public CMSTimeStampedData(InputStream in) - throws IOException - { - try - { - initialize(ContentInfo.getInstance(new ASN1InputStream(in).readObject())); - } - catch (ClassCastException e) - { - throw new IOException("Malformed content: " + e); - } - catch (IllegalArgumentException e) - { - throw new IOException("Malformed content: " + e); - } - } - - public CMSTimeStampedData(byte[] baseData) - throws IOException - { - this(new ByteArrayInputStream(baseData)); - } - - private void initialize(ContentInfo contentInfo) - { - this.contentInfo = contentInfo; - - if (CMSObjectIdentifiers.timestampedData.equals(contentInfo.getContentType())) - { - this.timeStampedData = TimeStampedData.getInstance(contentInfo.getContent()); - } - else - { - throw new IllegalArgumentException("Malformed content - type must be " + CMSObjectIdentifiers.timestampedData.getId()); - } - - util = new TimeStampDataUtil(this.timeStampedData); - } - - public byte[] calculateNextHash(DigestCalculator calculator) - throws CMSException - { - return util.calculateNextHash(calculator); - } - - /** - * Return a new timeStampedData object with the additional token attached. - * - * @throws CMSException - */ - public CMSTimeStampedData addTimeStamp(TimeStampToken token) - throws CMSException - { - TimeStampAndCRL[] timeStamps = util.getTimeStamps(); - TimeStampAndCRL[] newTimeStamps = new TimeStampAndCRL[timeStamps.length + 1]; - - System.arraycopy(timeStamps, 0, newTimeStamps, 0, timeStamps.length); - - newTimeStamps[timeStamps.length] = new TimeStampAndCRL(token.toCMSSignedData().toASN1Structure()); - - return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(timeStampedData.getDataUri(), timeStampedData.getMetaData(), timeStampedData.getContent(), new Evidence(new TimeStampTokenEvidence(newTimeStamps))))); - } - - public byte[] getContent() - { - if (timeStampedData.getContent() != null) - { - return timeStampedData.getContent().getOctets(); - } - - return null; - } - - public URI getDataUri() - throws URISyntaxException - { - DERIA5String dataURI = this.timeStampedData.getDataUri(); - - if (dataURI != null) - { - return new URI(dataURI.getString()); - } - - return null; - } - - public String getFileName() - { - return util.getFileName(); - } - - public String getMediaType() - { - return util.getMediaType(); - } - - public AttributeTable getOtherMetaData() - { - return util.getOtherMetaData(); - } - - public TimeStampToken[] getTimeStampTokens() - throws CMSException - { - return util.getTimeStampTokens(); - } - - /** - * Initialise the passed in calculator with the MetaData for this message, if it is - * required as part of the initial message imprint calculation. - * - * @param calculator the digest calculator to be initialised. - * @throws CMSException if the MetaData is required and cannot be processed - */ - public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator) - throws CMSException - { - util.initialiseMessageImprintDigestCalculator(calculator); - } - - /** - * Returns an appropriately initialised digest calculator based on the message imprint algorithm - * described in the first time stamp in the TemporalData for this message. If the metadata is required - * to be included in the digest calculation, the returned calculator will be pre-initialised. - * - * @param calculatorProvider a provider of DigestCalculator objects. - * @return an initialised digest calculator. - * @throws OperatorCreationException if the provider is unable to create the calculator. - */ - public DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider) - throws OperatorCreationException - { - return util.getMessageImprintDigestCalculator(calculatorProvider); - } - - /** - * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData. - * - * @param calculatorProvider provider for digest calculators - * @param dataDigest the calculated data digest for the message - * @throws ImprintDigestInvalidException if an imprint digest fails to compare - * @throws CMSException if an exception occurs processing the message. - */ - public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest) - throws ImprintDigestInvalidException, CMSException - { - util.validate(calculatorProvider, dataDigest); - } - - /** - * Validate the passed in timestamp token against the tokens and data present in the message. - * - * @param calculatorProvider provider for digest calculators - * @param dataDigest the calculated data digest for the message. - * @param timeStampToken the timestamp token of interest. - * @throws ImprintDigestInvalidException if the token is not present in the message, or an imprint digest fails to compare. - * @throws CMSException if an exception occurs processing the message. - */ - public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken) - throws ImprintDigestInvalidException, CMSException - { - util.validate(calculatorProvider, dataDigest, timeStampToken); - } - - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java deleted file mode 100644 index e6f2830..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.Evidence; -import org.bouncycastle.asn1.cms.TimeStampAndCRL; -import org.bouncycastle.asn1.cms.TimeStampTokenEvidence; -import org.bouncycastle.asn1.cms.TimeStampedData; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.util.io.Streams; - -public class CMSTimeStampedDataGenerator - extends CMSTimeStampedGenerator -{ - public CMSTimeStampedData generate(TimeStampToken timeStamp) throws CMSException - { - return generate(timeStamp, (InputStream)null); - } - - public CMSTimeStampedData generate(TimeStampToken timeStamp, byte[] content) throws CMSException - { - return generate(timeStamp, new ByteArrayInputStream(content)); - } - - public CMSTimeStampedData generate(TimeStampToken timeStamp, InputStream content) - throws CMSException - { - ByteArrayOutputStream contentOut = new ByteArrayOutputStream(); - - if (content != null) - { - try - { - Streams.pipeAll(content, contentOut); - } - catch (IOException e) - { - throw new CMSException("exception encapsulating content: " + e.getMessage(), e); - } - } - - ASN1OctetString encContent = null; - - if (contentOut.size() != 0) - { - encContent = new BEROctetString(contentOut.toByteArray()); - } - - TimeStampAndCRL stamp = new TimeStampAndCRL(timeStamp.toCMSSignedData().toASN1Structure()); - - DERIA5String asn1DataUri = null; - - if (dataUri != null) - { - asn1DataUri = new DERIA5String(dataUri.toString()); - } - - return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(asn1DataUri, metaData, encContent, new Evidence(new TimeStampTokenEvidence(stamp))))); - } -} - diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java deleted file mode 100644 index 28c7e87..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java +++ /dev/null @@ -1,207 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; - -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfoParser; -import org.bouncycastle.asn1.cms.TimeStampedDataParser; -import org.bouncycastle.cms.CMSContentInfoParser; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.util.io.Streams; - -public class CMSTimeStampedDataParser - extends CMSContentInfoParser -{ - private TimeStampedDataParser timeStampedData; - private TimeStampDataUtil util; - - public CMSTimeStampedDataParser(InputStream in) - throws CMSException - { - super(in); - - initialize(_contentInfo); - } - - public CMSTimeStampedDataParser(byte[] baseData) - throws CMSException - { - this(new ByteArrayInputStream(baseData)); - } - - private void initialize(ContentInfoParser contentInfo) - throws CMSException - { - try - { - if (CMSObjectIdentifiers.timestampedData.equals(contentInfo.getContentType())) - { - this.timeStampedData = TimeStampedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - } - else - { - throw new IllegalArgumentException("Malformed content - type must be " + CMSObjectIdentifiers.timestampedData.getId()); - } - } - catch (IOException e) - { - throw new CMSException("parsing exception: " + e.getMessage(), e); - } - } - - public byte[] calculateNextHash(DigestCalculator calculator) - throws CMSException - { - return util.calculateNextHash(calculator); - } - - public InputStream getContent() - { - if (timeStampedData.getContent() != null) - { - return timeStampedData.getContent().getOctetStream(); - } - - return null; - } - - public URI getDataUri() - throws URISyntaxException - { - DERIA5String dataURI = this.timeStampedData.getDataUri(); - - if (dataURI != null) - { - return new URI(dataURI.getString()); - } - - return null; - } - - public String getFileName() - { - return util.getFileName(); - } - - public String getMediaType() - { - return util.getMediaType(); - } - - public AttributeTable getOtherMetaData() - { - return util.getOtherMetaData(); - } - - /** - * Initialise the passed in calculator with the MetaData for this message, if it is - * required as part of the initial message imprint calculation. - * - * @param calculator the digest calculator to be initialised. - * @throws CMSException if the MetaData is required and cannot be processed - */ - public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator) - throws CMSException - { - util.initialiseMessageImprintDigestCalculator(calculator); - } - - /** - * Returns an appropriately initialised digest calculator based on the message imprint algorithm - * described in the first time stamp in the TemporalData for this message. If the metadata is required - * to be included in the digest calculation, the returned calculator will be pre-initialised. - * - * @param calculatorProvider a provider of DigestCalculator objects. - * @return an initialised digest calculator. - * @throws OperatorCreationException if the provider is unable to create the calculator. - */ - public DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider) - throws OperatorCreationException - { - try - { - parseTimeStamps(); - } - catch (CMSException e) - { - throw new OperatorCreationException("unable to extract algorithm ID: " + e.getMessage(), e); - } - - return util.getMessageImprintDigestCalculator(calculatorProvider); - } - - public TimeStampToken[] getTimeStampTokens() - throws CMSException - { - parseTimeStamps(); - - return util.getTimeStampTokens(); - } - - /** - * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData. - * - * @param calculatorProvider provider for digest calculators - * @param dataDigest the calculated data digest for the message - * @throws ImprintDigestInvalidException if an imprint digest fails to compare - * @throws CMSException if an exception occurs processing the message. - */ - public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest) - throws ImprintDigestInvalidException, CMSException - { - parseTimeStamps(); - - util.validate(calculatorProvider, dataDigest); - } - - /** - * Validate the passed in timestamp token against the tokens and data present in the message. - * - * @param calculatorProvider provider for digest calculators - * @param dataDigest the calculated data digest for the message. - * @param timeStampToken the timestamp token of interest. - * @throws ImprintDigestInvalidException if the token is not present in the message, or an imprint digest fails to compare. - * @throws CMSException if an exception occurs processing the message. - */ - public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken) - throws ImprintDigestInvalidException, CMSException - { - parseTimeStamps(); - - util.validate(calculatorProvider, dataDigest, timeStampToken); - } - - private void parseTimeStamps() - throws CMSException - { - try - { - if (util == null) - { - InputStream cont = this.getContent(); - - if (cont != null) - { - Streams.drain(cont); - } - - util = new TimeStampDataUtil(timeStampedData); - } - } - catch (IOException e) - { - throw new CMSException("unable to parse evidence block: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java deleted file mode 100644 index 5cc8866..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.net.URI; - -import org.bouncycastle.asn1.ASN1Boolean; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.cms.Attributes; -import org.bouncycastle.asn1.cms.MetaData; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DigestCalculator; - -public class CMSTimeStampedGenerator -{ - protected MetaData metaData; - protected URI dataUri; - - /** - * Set the dataURI to be included in message. - * - * @param dataUri URI for the data the initial message imprint digest is based on. - */ - public void setDataUri(URI dataUri) - { - this.dataUri = dataUri; - } - - /** - * Set the MetaData for the generated message. - * - * @param hashProtected true if the MetaData should be included in first imprint calculation, false otherwise. - * @param fileName optional file name, may be null. - * @param mediaType optional media type, may be null. - */ - public void setMetaData(boolean hashProtected, String fileName, String mediaType) - { - setMetaData(hashProtected, fileName, mediaType, null); - } - - /** - * Set the MetaData for the generated message. - * - * @param hashProtected true if the MetaData should be included in first imprint calculation, false otherwise. - * @param fileName optional file name, may be null. - * @param mediaType optional media type, may be null. - * @param attributes optional attributes, may be null. - */ - public void setMetaData(boolean hashProtected, String fileName, String mediaType, Attributes attributes) - { - DERUTF8String asn1FileName = null; - - if (fileName != null) - { - asn1FileName = new DERUTF8String(fileName); - } - - DERIA5String asn1MediaType = null; - - if (mediaType != null) - { - asn1MediaType = new DERIA5String(mediaType); - } - - setMetaData(hashProtected, asn1FileName, asn1MediaType, attributes); - } - - private void setMetaData(boolean hashProtected, DERUTF8String fileName, DERIA5String mediaType, Attributes attributes) - { - this.metaData = new MetaData(ASN1Boolean.getInstance(hashProtected), fileName, mediaType, attributes); - } - - /** - * Initialise the passed in calculator with the MetaData for this message, if it is - * required as part of the initial message imprint calculation. After initialisation the - * calculator can then be used to calculate the initial message imprint digest for the first - * timestamp. - * - * @param calculator the digest calculator to be initialised. - * @throws CMSException if the MetaData is required and cannot be processed - */ - public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator) - throws CMSException - { - MetaDataUtil util = new MetaDataUtil(metaData); - - util.initialiseMessageImprintDigestCalculator(calculator); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java deleted file mode 100644 index 3699997..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import org.bouncycastle.tsp.TimeStampToken; - -public class ImprintDigestInvalidException - extends Exception -{ - private TimeStampToken token; - - public ImprintDigestInvalidException(String message, TimeStampToken token) - { - super(message); - - this.token = token; - } - - public TimeStampToken getTimeStampToken() - { - return token; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java deleted file mode 100644 index b52f669..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.cms.Attributes; -import org.bouncycastle.asn1.cms.MetaData; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DigestCalculator; - -class MetaDataUtil -{ - private final MetaData metaData; - - MetaDataUtil(MetaData metaData) - { - this.metaData = metaData; - } - - void initialiseMessageImprintDigestCalculator(DigestCalculator calculator) - throws CMSException - { - if (metaData != null && metaData.isHashProtected()) - { - try - { - calculator.getOutputStream().write(metaData.getEncoded(ASN1Encoding.DER)); - } - catch (IOException e) - { - throw new CMSException("unable to initialise calculator from metaData: " + e.getMessage(), e); - } - } - } - - String getFileName() - { - if (metaData != null) - { - return convertString(metaData.getFileName()); - } - - return null; - } - - String getMediaType() - { - if (metaData != null) - { - return convertString(metaData.getMediaType()); - } - - return null; - } - - Attributes getOtherMetaData() - { - if (metaData != null) - { - return metaData.getOtherMetaData(); - } - - return null; - } - - private String convertString(ASN1String s) - { - if (s != null) - { - return s.toString(); - } - - return null; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java deleted file mode 100644 index ce115f4..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java +++ /dev/null @@ -1,256 +0,0 @@ -package org.bouncycastle.tsp.cms; - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.Evidence; -import org.bouncycastle.asn1.cms.TimeStampAndCRL; -import org.bouncycastle.asn1.cms.TimeStampedData; -import org.bouncycastle.asn1.cms.TimeStampedDataParser; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.tsp.TSPException; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.TimeStampTokenInfo; -import org.bouncycastle.util.Arrays; - -class TimeStampDataUtil -{ - private final TimeStampAndCRL[] timeStamps; - - private final MetaDataUtil metaDataUtil; - - TimeStampDataUtil(TimeStampedData timeStampedData) - { - this.metaDataUtil = new MetaDataUtil(timeStampedData.getMetaData()); - - Evidence evidence = timeStampedData.getTemporalEvidence(); - this.timeStamps = evidence.getTstEvidence().toTimeStampAndCRLArray(); - } - - TimeStampDataUtil(TimeStampedDataParser timeStampedData) - throws IOException - { - this.metaDataUtil = new MetaDataUtil(timeStampedData.getMetaData()); - - Evidence evidence = timeStampedData.getTemporalEvidence(); - this.timeStamps = evidence.getTstEvidence().toTimeStampAndCRLArray(); - } - - TimeStampToken getTimeStampToken(TimeStampAndCRL timeStampAndCRL) - throws CMSException - { - ContentInfo timeStampToken = timeStampAndCRL.getTimeStampToken(); - - try - { - TimeStampToken token = new TimeStampToken(timeStampToken); - return token; - } - catch (IOException e) - { - throw new CMSException("unable to parse token data: " + e.getMessage(), e); - } - catch (TSPException e) - { - if (e.getCause() instanceof CMSException) - { - throw (CMSException)e.getCause(); - } - - throw new CMSException("token data invalid: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("token data invalid: " + e.getMessage(), e); - } - } - - void initialiseMessageImprintDigestCalculator(DigestCalculator calculator) - throws CMSException - { - metaDataUtil.initialiseMessageImprintDigestCalculator(calculator); - } - - DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider) - throws OperatorCreationException - { - TimeStampToken token; - - try - { - token = this.getTimeStampToken(timeStamps[0]); - - TimeStampTokenInfo info = token.getTimeStampInfo(); - ASN1ObjectIdentifier algOID = info.getMessageImprintAlgOID(); - - DigestCalculator calc = calculatorProvider.get(new AlgorithmIdentifier(algOID)); - - initialiseMessageImprintDigestCalculator(calc); - - return calc; - } - catch (CMSException e) - { - throw new OperatorCreationException("unable to extract algorithm ID: " + e.getMessage(), e); - } - } - - TimeStampToken[] getTimeStampTokens() - throws CMSException - { - TimeStampToken[] tokens = new TimeStampToken[timeStamps.length]; - for (int i = 0; i < timeStamps.length; i++) - { - tokens[i] = this.getTimeStampToken(timeStamps[i]); - } - - return tokens; - } - - TimeStampAndCRL[] getTimeStamps() - { - return timeStamps; - } - - byte[] calculateNextHash(DigestCalculator calculator) - throws CMSException - { - TimeStampAndCRL tspToken = timeStamps[timeStamps.length - 1]; - - OutputStream out = calculator.getOutputStream(); - - try - { - out.write(tspToken.getEncoded(ASN1Encoding.DER)); - - out.close(); - - return calculator.getDigest(); - } - catch (IOException e) - { - throw new CMSException("exception calculating hash: " + e.getMessage(), e); - } - } - - /** - * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData. - */ - void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest) - throws ImprintDigestInvalidException, CMSException - { - byte[] currentDigest = dataDigest; - - for (int i = 0; i < timeStamps.length; i++) - { - try - { - TimeStampToken token = this.getTimeStampToken(timeStamps[i]); - if (i > 0) - { - TimeStampTokenInfo info = token.getTimeStampInfo(); - DigestCalculator calculator = calculatorProvider.get(info.getHashAlgorithm()); - - calculator.getOutputStream().write(timeStamps[i - 1].getEncoded(ASN1Encoding.DER)); - - currentDigest = calculator.getDigest(); - } - - this.compareDigest(token, currentDigest); - } - catch (IOException e) - { - throw new CMSException("exception calculating hash: " + e.getMessage(), e); - } - catch (OperatorCreationException e) - { - throw new CMSException("cannot create digest: " + e.getMessage(), e); - } - } - } - - void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken) - throws ImprintDigestInvalidException, CMSException - { - byte[] currentDigest = dataDigest; - byte[] encToken; - - try - { - encToken = timeStampToken.getEncoded(); - } - catch (IOException e) - { - throw new CMSException("exception encoding timeStampToken: " + e.getMessage(), e); - } - - for (int i = 0; i < timeStamps.length; i++) - { - try - { - TimeStampToken token = this.getTimeStampToken(timeStamps[i]); - if (i > 0) - { - TimeStampTokenInfo info = token.getTimeStampInfo(); - DigestCalculator calculator = calculatorProvider.get(info.getHashAlgorithm()); - - calculator.getOutputStream().write(timeStamps[i - 1].getEncoded(ASN1Encoding.DER)); - - currentDigest = calculator.getDigest(); - } - - this.compareDigest(token, currentDigest); - - if (Arrays.areEqual(token.getEncoded(), encToken)) - { - return; - } - } - catch (IOException e) - { - throw new CMSException("exception calculating hash: " + e.getMessage(), e); - } - catch (OperatorCreationException e) - { - throw new CMSException("cannot create digest: " + e.getMessage(), e); - } - } - - throw new ImprintDigestInvalidException("passed in token not associated with timestamps present", timeStampToken); - } - - private void compareDigest(TimeStampToken timeStampToken, byte[] digest) - throws ImprintDigestInvalidException - { - TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); - byte[] tsrMessageDigest = info.getMessageImprintDigest(); - - if (!Arrays.areEqual(digest, tsrMessageDigest)) - { - throw new ImprintDigestInvalidException("hash calculated is different from MessageImprintDigest found in TimeStampToken", timeStampToken); - } - } - - String getFileName() - { - return metaDataUtil.getFileName(); - } - - String getMediaType() - { - return metaDataUtil.getMediaType(); - } - - AttributeTable getOtherMetaData() - { - return new AttributeTable(metaDataUtil.getOtherMetaData()); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/package.html b/bcpkix/src/main/java/org/bouncycastle/tsp/cms/package.html deleted file mode 100644 index 2cf1bac..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/cms/package.html +++ /dev/null @@ -1,5 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -Classes for dealing Syntax for Binding Documents with Time-Stamps - RFC 5544. -</body> -</html> diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/package.html b/bcpkix/src/main/java/org/bouncycastle/tsp/package.html deleted file mode 100644 index 45d0c3c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/package.html +++ /dev/null @@ -1,5 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -Classes for dealing Time Stamp Protocol (TSP) - RFC 3161. -</body> -</html> diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/AllTests.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/AllTests.java deleted file mode 100644 index 19fc664..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/AllTests.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.security.Security; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class AllTests - extends TestCase -{ - public static void main (String[] args) - { - junit.textui.TestRunner.run(suite()); - } - - public static Test suite() - { - Security.addProvider(new BouncyCastleProvider()); - - TestSuite suite = new TestSuite("TSP Tests"); - - suite.addTestSuite(ParseTest.class); - suite.addTestSuite(NewTSPTest.class); - suite.addTestSuite(CMSTimeStampedDataTest.class); - suite.addTestSuite(CMSTimeStampedDataParserTest.class); - suite.addTestSuite(CMSTimeStampedDataGeneratorTest.class); - - return suite; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java deleted file mode 100644 index 45f502a..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java +++ /dev/null @@ -1,309 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; - -import junit.framework.TestCase; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.tsp.TSPAlgorithms; -import org.bouncycastle.tsp.TimeStampRequest; -import org.bouncycastle.tsp.TimeStampRequestGenerator; -import org.bouncycastle.tsp.TimeStampResponse; -import org.bouncycastle.tsp.TimeStampResponseGenerator; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.TimeStampTokenGenerator; -import org.bouncycastle.tsp.cms.CMSTimeStampedData; -import org.bouncycastle.tsp.cms.CMSTimeStampedDataGenerator; -import org.bouncycastle.tsp.cms.CMSTimeStampedDataParser; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.io.Streams; - -public class CMSTimeStampedDataGeneratorTest - extends TestCase -{ - - BouncyCastleProvider bouncyCastleProvider; - CMSTimeStampedDataGenerator cmsTimeStampedDataGenerator = null; - String fileInput = "FileDaFirmare.data"; - byte[] baseData; - - protected void setUp() - throws Exception - { - bouncyCastleProvider = new BouncyCastleProvider(); - if (Security.getProvider(bouncyCastleProvider.getName()) == null) - { - Security.addProvider(bouncyCastleProvider); - } - - cmsTimeStampedDataGenerator = new CMSTimeStampedDataGenerator(); - ByteArrayOutputStream origStream = new ByteArrayOutputStream(); - InputStream in = this.getClass().getResourceAsStream(fileInput); - int ch; - - while ((ch = in.read()) >= 0) - { - origStream.write(ch); - } - - origStream.close(); - - this.baseData = origStream.toByteArray(); - - } - - protected void tearDown() - throws Exception - { - cmsTimeStampedDataGenerator = null; - Security.removeProvider(bouncyCastleProvider.getName()); - } - - public void testGenerate() - throws Exception - { - BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider(); - ASN1ObjectIdentifier algOID = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1"); // SHA-256 - DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algOID)); - - cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator); - - hashCalculator.getOutputStream().write(baseData); - hashCalculator.getOutputStream().close(); - - TimeStampToken timeStampToken = createTimeStampToken(hashCalculator.getDigest(), NISTObjectIdentifiers.id_sha256); - CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData); - - for (int i = 0; i < 3; i++) - { - byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator); - TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, NISTObjectIdentifiers.id_sha256); - cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken); - } - byte[] timeStampedData = cmsTimeStampedData.getEncoded(); - - // verify - DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider(); - DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(newCalculatorProvider); - CMSTimeStampedData newCMSTimeStampedData = new CMSTimeStampedData(timeStampedData); - byte[] newContent = newCMSTimeStampedData.getContent(); - assertEquals("Content expected and verified are different", true, Arrays.areEqual(newContent, baseData)); - - imprintCalculator.getOutputStream().write(newContent); - - byte[] digest = imprintCalculator.getDigest(); - - TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); - assertEquals("TimeStampToken expected and verified are different", 4, tokens.length); - for (int i = 0; i < tokens.length; i++) - { - cmsTimeStampedData.validate(newCalculatorProvider, digest, tokens[i]); - } - } - - public void testGenerateWithMetadata() - throws Exception - { - cmsTimeStampedDataGenerator.setMetaData(true, fileInput, "TXT"); - - BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider(); - ASN1ObjectIdentifier algOID = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1"); // SHA-256 - DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algOID)); - - cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator); - - hashCalculator.getOutputStream().write(baseData); - hashCalculator.getOutputStream().close(); - - TimeStampToken timeStampToken = createTimeStampToken(hashCalculator.getDigest(), NISTObjectIdentifiers.id_sha256); - CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData); - - for (int i = 0; i <= 3; i++) - { - byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator); - TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, NISTObjectIdentifiers.id_sha256); - cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken); - } - byte[] timeStampedData = cmsTimeStampedData.getEncoded(); - - metadataCheck(timeStampedData); - metadataParserCheck(timeStampedData); - } - - public void testGenerateWithMetadataAndDifferentAlgorithmIdentifier() - throws Exception - { - cmsTimeStampedDataGenerator.setMetaData(true, fileInput, "TXT"); - - BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider(); - - ASN1ObjectIdentifier algIdentifier = NISTObjectIdentifiers.id_sha224; - - DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algIdentifier)); - cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator); - hashCalculator.getOutputStream().write(baseData); - hashCalculator.getOutputStream().close(); - - byte[] requestData = hashCalculator.getDigest(); - TimeStampToken timeStampToken = createTimeStampToken(requestData, algIdentifier); - - CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData); - - for (int i = 0; i <= 3; i++) { - switch (i) { - case 0: - algIdentifier = NISTObjectIdentifiers.id_sha224; - break; - case 1: - algIdentifier = NISTObjectIdentifiers.id_sha256; - break; - case 2: - algIdentifier = NISTObjectIdentifiers.id_sha384; - break; - case 3: - algIdentifier = NISTObjectIdentifiers.id_sha512; - break; - } - hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algIdentifier)); - byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator); - TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, algIdentifier); - cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken); - } - byte[] timeStampedData = cmsTimeStampedData.getEncoded(); - - metadataCheck(timeStampedData); - metadataParserCheck(timeStampedData); - - } - - - private void metadataCheck(byte[] timeStampedData) - throws Exception - { - CMSTimeStampedData cmsTspData = new CMSTimeStampedData(timeStampedData); - DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider(); - DigestCalculator imprintCalculator = cmsTspData.getMessageImprintDigestCalculator(newCalculatorProvider); - - byte[] newContent = cmsTspData.getContent(); - assertEquals("Content expected and verified are different", true, Arrays.areEqual(newContent, baseData)); - - imprintCalculator.getOutputStream().write(newContent); - - assertEquals(fileInput, cmsTspData.getFileName()); - assertEquals("TXT", cmsTspData.getMediaType()); - - byte[] digest = imprintCalculator.getDigest(); - - TimeStampToken[] tokens = cmsTspData.getTimeStampTokens(); - assertEquals("TimeStampToken expected and verified are different", 5, tokens.length); - for (int i = 0; i < tokens.length; i++) - { - cmsTspData.validate(newCalculatorProvider, digest, tokens[i]); - } - } - - private void metadataParserCheck(byte[] timeStampedData) - throws Exception - { - CMSTimeStampedDataParser cmsTspData = new CMSTimeStampedDataParser(timeStampedData); - DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider(); - - InputStream input = cmsTspData.getContent(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - Streams.pipeAll(input, bOut); - - assertEquals("Content expected and verified are different", true, Arrays.areEqual(bOut.toByteArray(), baseData)); - - DigestCalculator imprintCalculator = cmsTspData.getMessageImprintDigestCalculator(newCalculatorProvider); - - Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream()); - - assertEquals(fileInput, cmsTspData.getFileName()); - assertEquals("TXT", cmsTspData.getMediaType()); - - byte[] digest = imprintCalculator.getDigest(); - - TimeStampToken[] tokens = cmsTspData.getTimeStampTokens(); - assertEquals("TimeStampToken expected and verified are different", 5, tokens.length); - for (int i = 0; i < tokens.length; i++) - { - cmsTspData.validate(newCalculatorProvider, digest, tokens[i]); - } - } - - private TimeStampToken createTimeStampToken(byte[] hash, ASN1ObjectIdentifier hashAlg) - throws Exception - { - String algorithmName = null; - if (hashAlg.equals(NISTObjectIdentifiers.id_sha224)) - { - algorithmName = "SHA224withRSA"; - } - else if (hashAlg.equals(NISTObjectIdentifiers.id_sha256)) - { - algorithmName = "SHA256withRSA"; - } - else if (hashAlg.equals(NISTObjectIdentifiers.id_sha384)) - { - algorithmName = "SHA384withRSA"; - } - else if (hashAlg.equals(NISTObjectIdentifiers.id_sha512)) - { - algorithmName = "SHA512withRSA"; - } - - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = TSPTestUtil.makeKeyPair(); - X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP, - signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - KeyPair origKP = TSPTestUtil.makeKeyPair(); - X509Certificate cert = TSPTestUtil.makeCertificate(origKP, - origDN, signKP, signDN); - - PrivateKey privateKey = origKP.getPrivate(); - - List certList = new ArrayList(); - certList.add(cert); - certList.add(signCert); - - Store certs = new JcaCertStore(certList); - - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").build(algorithmName, privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(hashAlg, hash); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - return tsResp.getTimeStampToken(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java deleted file mode 100644 index 138e892..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.InputStream; - -import junit.framework.TestCase; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.cms.CMSTimeStampedDataParser; -import org.bouncycastle.util.io.Streams; - -public class CMSTimeStampedDataParserTest - extends TestCase -{ - - CMSTimeStampedDataParser cmsTimeStampedData = null; - String fileInput = "FileDaFirmare.txt.tsd.der"; - private byte[] baseData; - - protected void setUp() - throws Exception - { - ByteArrayOutputStream origStream = new ByteArrayOutputStream(); - InputStream in = this.getClass().getResourceAsStream(fileInput); - int ch; - - while ((ch = in.read()) >= 0) - { - origStream.write(ch); - } - - origStream.close(); - - this.baseData = origStream.toByteArray(); - - cmsTimeStampedData = new CMSTimeStampedDataParser(baseData); - } - - protected void tearDown() - throws Exception - { - cmsTimeStampedData = null; - } - - public void testGetTimeStampTokens() - throws Exception - { - TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); - assertEquals(3, tokens.length); - } - - public void testValidateAllTokens() - throws Exception - { - DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - Streams.pipeAll(cmsTimeStampedData.getContent(), bOut); - - DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider); - - Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream()); - - byte[] digest = imprintCalculator.getDigest(); - - TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); - for (int i = 0; i < tokens.length; i++) - { - cmsTimeStampedData.validate(digestCalculatorProvider, digest, tokens[i]); - } - } - - public void testValidate() - throws Exception - { - DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - Streams.pipeAll(cmsTimeStampedData.getContent(), bOut); - - DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider); - - Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream()); - - cmsTimeStampedData.validate(digestCalculatorProvider, imprintCalculator.getDigest()); - } - -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java deleted file mode 100644 index 0bfefaa..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java +++ /dev/null @@ -1,84 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayOutputStream; -import java.io.InputStream; - -import junit.framework.TestCase; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.cms.CMSTimeStampedData; - -public class CMSTimeStampedDataTest - extends TestCase -{ - - CMSTimeStampedData cmsTimeStampedData = null; - String fileInput = "FileDaFirmare.txt.tsd.der"; - String fileOutput = fileInput.substring(0, fileInput.indexOf(".tsd")); - private byte[] baseData; - - protected void setUp() - throws Exception - { - ByteArrayOutputStream origStream = new ByteArrayOutputStream(); - InputStream in = this.getClass().getResourceAsStream(fileInput); - int ch; - - while ((ch = in.read()) >= 0) - { - origStream.write(ch); - } - - origStream.close(); - - this.baseData = origStream.toByteArray(); - - cmsTimeStampedData = new CMSTimeStampedData(baseData); - } - - protected void tearDown() - throws Exception - { - cmsTimeStampedData = null; - } - - public void testGetTimeStampTokens() - throws Exception - { - TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); - assertEquals(3, tokens.length); - } - - public void testValidateAllTokens() - throws Exception - { - DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); - - DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider); - - imprintCalculator.getOutputStream().write(cmsTimeStampedData.getContent()); - - byte[] digest = imprintCalculator.getDigest(); - - TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens(); - for (int i = 0; i < tokens.length; i++) - { - cmsTimeStampedData.validate(digestCalculatorProvider, digest, tokens[i]); - } - } - - public void testValidate() - throws Exception - { - DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); - - DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider); - - imprintCalculator.getOutputStream().write(cmsTimeStampedData.getContent()); - - cmsTimeStampedData.validate(digestCalculatorProvider, imprintCalculator.getDigest()); - } - -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/NewTSPTest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/NewTSPTest.java deleted file mode 100644 index 3aa3e97..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/NewTSPTest.java +++ /dev/null @@ -1,833 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.OutputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Map; - -import junit.framework.TestCase; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.cmp.PKIStatus; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.ess.ESSCertID; -import org.bouncycastle.asn1.ess.ESSCertIDv2; -import org.bouncycastle.asn1.ess.SigningCertificate; -import org.bouncycastle.asn1.ess.SigningCertificateV2; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cms.CMSAttributeTableGenerationException; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; -import org.bouncycastle.tsp.GenTimeAccuracy; -import org.bouncycastle.tsp.TSPAlgorithms; -import org.bouncycastle.tsp.TSPException; -import org.bouncycastle.tsp.TSPValidationException; -import org.bouncycastle.tsp.TimeStampRequest; -import org.bouncycastle.tsp.TimeStampRequestGenerator; -import org.bouncycastle.tsp.TimeStampResponse; -import org.bouncycastle.tsp.TimeStampResponseGenerator; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.TimeStampTokenGenerator; -import org.bouncycastle.tsp.TimeStampTokenInfo; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Store; - -public class NewTSPTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - public void setUp() - { - Security.addProvider(new BouncyCastleProvider()); - } - - public void testGeneral() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = TSPTestUtil.makeKeyPair(); - X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP, - signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - KeyPair origKP = TSPTestUtil.makeKeyPair(); - X509Certificate origCert = TSPTestUtil.makeCertificate(origKP, - origDN, signKP, signDN); - - - - List certList = new ArrayList(); - certList.add(origCert); - certList.add(signCert); - - Store certs = new JcaCertStore(certList); - - basicTest(origKP.getPrivate(), origCert, certs); - basicSha256Test(origKP.getPrivate(), origCert, certs); - basicTestWithTSA(origKP.getPrivate(), origCert, certs); - overrideAttrsTest(origKP.getPrivate(), origCert, certs); - responseValidationTest(origKP.getPrivate(), origCert, certs); - incorrectHashTest(origKP.getPrivate(), origCert, certs); - badAlgorithmTest(origKP.getPrivate(), origCert, certs); - timeNotAvailableTest(origKP.getPrivate(), origCert, certs); - badPolicyTest(origKP.getPrivate(), origCert, certs); - tokenEncodingTest(origKP.getPrivate(), origCert, certs); - certReqTest(origKP.getPrivate(), origCert, certs); - testAccuracyZeroCerts(origKP.getPrivate(), origCert, certs); - testAccuracyWithCertsAndOrdering(origKP.getPrivate(), origCert, certs); - testNoNonse(origKP.getPrivate(), origCert, certs); - } - - private void basicTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)); - - AttributeTable table = tsToken.getSignedAttributes(); - - assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate)); - } - - private void basicSha256Test( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - new JcaSimpleSignerInfoGeneratorBuilder().build("SHA256withRSA", privateKey, cert), new SHA256DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA256, new byte[32], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - assertEquals(PKIStatus.GRANTED, tsResp.getStatus()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)); - - AttributeTable table = tsToken.getSignedAttributes(); - - assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2)); - - DigestCalculator digCalc = new SHA256DigestCalculator(); - - OutputStream dOut = digCalc.getOutputStream(); - - dOut.write(cert.getEncoded()); - - dOut.close(); - - byte[] certHash = digCalc.getDigest(); - - SigningCertificateV2 sigCertV2 = SigningCertificateV2.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]); - - assertTrue(Arrays.areEqual(certHash, sigCertV2.getCerts()[0].getCertHash())); - } - - private void overrideAttrsTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSimpleSignerInfoGeneratorBuilder signerInfoGenBuilder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC"); - - IssuerSerial issuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(new X509CertificateHolder(cert.getEncoded()).getIssuer())), cert.getSerialNumber()); - - DigestCalculator digCalc = new SHA1DigestCalculator(); - - OutputStream dOut = digCalc.getOutputStream(); - - dOut.write(cert.getEncoded()); - - dOut.close(); - - byte[] certHash = digCalc.getDigest(); - - digCalc = new SHA256DigestCalculator(); - - dOut = digCalc.getOutputStream(); - - dOut.write(cert.getEncoded()); - - dOut.close(); - - byte[] certHash256 = digCalc.getDigest(); - - final ESSCertID essCertid = new ESSCertID(certHash, issuerSerial); - final ESSCertIDv2 essCertidV2 = new ESSCertIDv2(certHash256, issuerSerial); - - signerInfoGenBuilder.setSignedAttributeGenerator(new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - throws CMSAttributeTableGenerationException - { - CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(); - - AttributeTable table = attrGen.getAttributes(parameters); - table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid)); - table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(new ESSCertIDv2[]{essCertidV2})); - - return table; - } - }); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(signerInfoGenBuilder.build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)); - - AttributeTable table = tsToken.getSignedAttributes(); - - assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate)); - assertNotNull("no signingCertificateV2 attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2)); - - SigningCertificate sigCert = SigningCertificate.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificate).getAttributeValues()[0]); - - assertEquals(new X509CertificateHolder(cert.getEncoded()).getIssuer(), sigCert.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName()); - assertEquals(cert.getSerialNumber(), sigCert.getCerts()[0].getIssuerSerial().getSerial().getValue()); - assertTrue(Arrays.areEqual(certHash, sigCert.getCerts()[0].getCertHash())); - - SigningCertificateV2 sigCertV2 = SigningCertificateV2.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]); - - assertEquals(new X509CertificateHolder(cert.getEncoded()).getIssuer(), sigCertV2.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName()); - assertEquals(cert.getSerialNumber(), sigCertV2.getCerts()[0].getIssuerSerial().getSerial().getValue()); - assertTrue(Arrays.areEqual(certHash256, sigCertV2.getCerts()[0].getCertHash())); - } - - private void basicTestWithTSA( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - tsTokenGen.setTSA(new GeneralName(new X500Name("CN=Test"))); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)); - - AttributeTable table = tsToken.getSignedAttributes(); - - assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate)); - } - - private void responseValidationTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - - // - // check validation - // - tsResp.validate(request); - - try - { - request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101)); - - tsResp.validate(request); - - fail("response validation failed on invalid nonce."); - } - catch (TSPValidationException e) - { - // ignore - } - - try - { - request = reqGen.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100)); - - tsResp.validate(request); - - fail("response validation failed on wrong digest."); - } - catch (TSPValidationException e) - { - // ignore - } - - try - { - request = reqGen.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100)); - - tsResp.validate(request); - - fail("response validation failed on wrong digest."); - } - catch (TSPValidationException e) - { - // ignore - } - } - - private void incorrectHashTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[16]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("incorrectHash - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("incorrectHash - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.badDataFormat) - { - fail("incorrectHash - wrong failure info returned."); - } - } - - private void badAlgorithmTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSimpleSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("badAlgorithm - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("badAlgorithm - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.badAlg) - { - fail("badAlgorithm - wrong failure info returned."); - } - } - - private void timeNotAvailableTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp; - - try - { - tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), null); - } - catch (TSPException e) - { - tsResp = tsRespGen.generateRejectedResponse(e); - } - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("timeNotAvailable - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("timeNotAvailable - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable) - { - fail("timeNotAvailable - wrong failure info returned."); - } - } - - private void badPolicyTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - reqGen.setReqPolicy(new ASN1ObjectIdentifier("1.1")); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED, new HashSet()); - - TimeStampResponse tsResp; - - try - { - tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date()); - } - catch (TSPException e) - { - tsResp = tsRespGen.generateRejectedResponse(e); - } - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("badPolicy - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("badPolicy - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.unacceptedPolicy) - { - fail("badPolicy - wrong failure info returned."); - } - } - - private void certReqTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - // - // request with certReq false - // - reqGen.setCertReq(false); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - assertNull(tsToken.getTimeStampInfo().getGenTimeAccuracy()); // check for abscence of accuracy - - assertEquals("1.2", tsToken.getTimeStampInfo().getPolicy().getId()); - - try - { - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)); - } - catch (TSPValidationException e) - { - fail("certReq(false) verification of token failed."); - } - - Store respCerts = tsToken.getCertificates(); - - Collection certsColl = respCerts.getMatches(null); - - if (!certsColl.isEmpty()) - { - fail("certReq(false) found certificates in response."); - } - } - - - private void tokenEncodingTest( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3.4.5.6")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampResponse tsResponse = new TimeStampResponse(tsResp.getEncoded()); - - if (!Arrays.areEqual(tsResponse.getEncoded(), tsResp.getEncoded()) - || !Arrays.areEqual(tsResponse.getTimeStampToken().getEncoded(), - tsResp.getTimeStampToken().getEncoded())) - { - fail(); - } - } - - private void testAccuracyZeroCerts( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2")); - - tsTokenGen.addCertificates(certs); - - tsTokenGen.setAccuracySeconds(1); - tsTokenGen.setAccuracyMillis(2); - tsTokenGen.setAccuracyMicros(3); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertEquals(1, accuracy.getSeconds()); - assertEquals(2, accuracy.getMillis()); - assertEquals(3, accuracy.getMicros()); - - assertEquals(new BigInteger("23"), tstInfo.getSerialNumber()); - - assertEquals("1.2", tstInfo.getPolicy().getId()); - - // - // test certReq - // - Store store = tsToken.getCertificates(); - - Collection certificates = store.getMatches(null); - - assertEquals(0, certificates.size()); - } - - private void testAccuracyWithCertsAndOrdering( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3")); - - tsTokenGen.addCertificates(certs); - - tsTokenGen.setAccuracySeconds(3); - tsTokenGen.setAccuracyMillis(1); - tsTokenGen.setAccuracyMicros(2); - - tsTokenGen.setOrdering(true); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - reqGen.setCertReq(true); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - assertTrue(request.getCertReq()); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp; - - try - { - tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date()); - } - catch (TSPException e) - { - tsResp = tsRespGen.generateRejectedResponse(e); - } - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertEquals(3, accuracy.getSeconds()); - assertEquals(1, accuracy.getMillis()); - assertEquals(2, accuracy.getMicros()); - - assertEquals(new BigInteger("23"), tstInfo.getSerialNumber()); - - assertEquals("1.2.3", tstInfo.getPolicy().getId()); - - assertEquals(true, tstInfo.isOrdered()); - - assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100)); - - // - // test certReq - // - Store store = tsToken.getCertificates(); - - Collection certificates = store.getMatches(null); - - assertEquals(2, certificates.size()); - } - - private void testNoNonse( - PrivateKey privateKey, - X509Certificate cert, - Store certs) - throws Exception - { - JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3")); - - tsTokenGen.addCertificates(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]); - - assertFalse(request.getCertReq()); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("24"), new Date()); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertNull(accuracy); - - assertEquals(new BigInteger("24"), tstInfo.getSerialNumber()); - - assertEquals("1.2.3", tstInfo.getPolicy().getId()); - - assertEquals(false, tstInfo.isOrdered()); - - assertNull(tstInfo.getNonce()); - - // - // test certReq - // - Store store = tsToken.getCertificates(); - - Collection certificates = store.getMatches(null); - - assertEquals(0, certificates.size()); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/ParseTest.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/ParseTest.java deleted file mode 100644 index 46821d4..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/ParseTest.java +++ /dev/null @@ -1,417 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.Security; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -import junit.framework.TestCase; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.cmp.PKIStatus; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.tsp.TSPAlgorithms; -import org.bouncycastle.tsp.TimeStampRequest; -import org.bouncycastle.tsp.TimeStampResponse; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.encoders.Base64; - -/** - * Test Cases - */ -public class ParseTest - extends TestCase -{ - private byte[] sha1Request = Base64.decode( - "MDACAQEwITAJBgUrDgMCGgUABBT5UbEBmJssO3RxcQtOePxNvfoMpgIIC+Gv" - + "YW2mtZQ="); - - - private byte[] sha1noNonse = Base64.decode( - "MCYCAQEwITAJBgUrDgMCGgUABBT5UbEBmJssO3RxcQtOePxNvfoMpg=="); - - private byte[] md5Request = Base64.decode( - "MDoCAQEwIDAMBggqhkiG9w0CBQUABBDIl9FBCvjyx0+6EbHbUR6eBgkrBgEE" - + "AakHBQECCDQluayIxIzn"); - - private byte[] ripemd160Request = Base64.decode( - "MD8CAQEwITAJBgUrJAMCAQUABBSq03a/mk50Yd9lMF+BSqOp/RHGQQYJKwYB" - + "BAGpBwUBAgkA4SZs9NfqISMBAf8="); - - private byte[] sha1Response = Base64.decode( - "MIICbDADAgEAMIICYwYJKoZIhvcNAQcCoIICVDCCAlACAQMxCzAJBgUrDgMC" - + "GgUAMIHaBgsqhkiG9w0BCRABBKCBygSBxzCBxAIBAQYEKgMEATAhMAkGBSsO" - + "AwIaBQAEFPlRsQGYmyw7dHFxC054/E29+gymAgEEGA8yMDA0MTIwOTA3NTIw" - + "NVowCgIBAYACAfSBAWQBAf8CCAvhr2FtprWUoGmkZzBlMRgwFgYDVQQDEw9F" - + "cmljIEguIEVjaGlkbmExJDAiBgkqhkiG9w0BCQEWFWVyaWNAYm91bmN5Y2Fz" - + "dGxlLm9yZzEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUx" - + "ggFfMIIBWwIBATAqMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNV" - + "BAYTAkFVAgECMAkGBSsOAwIaBQCggYwwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3" - + "DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0wNDEyMDkwNzUyMDVaMCMGCSqGSIb3" - + "DQEJBDEWBBTGR1cbm94tWbcpDWrH+bD8UYePsTArBgsqhkiG9w0BCRACDDEc" - + "MBowGDAWBBS37aLzFcheqeJ5cla0gjNWHGKbRzANBgkqhkiG9w0BAQEFAASB" - + "gBrc9CJ3xlcTQuWQXJUqPEn6f6vfJAINKsn22z8LIfS/2p/CTFU6+W/bz8j8" - + "j+8uWEJe8okTsI0FflljIsspqOPTB/RrnXteajbkuk/rLmz1B2g/qWBGAzPI" - + "D214raBc1a7Bpd76PkvSSdjqrEaaskd+7JJiPr9l9yeSoh1AIt0N"); - - private byte[] sha1noNonseResponse = Base64.decode( - "MIICYjADAgEAMIICWQYJKoZIhvcNAQcCoIICSjCCAkYCAQMxCzAJBgUrDgMC" - + "GgUAMIHQBgsqhkiG9w0BCRABBKCBwASBvTCBugIBAQYEKgMEATAhMAkGBSsO" - + "AwIaBQAEFPlRsQGYmyw7dHFxC054/E29+gymAgECGA8yMDA0MTIwOTA3MzQx" - + "MlowCgIBAYACAfSBAWQBAf+gaaRnMGUxGDAWBgNVBAMTD0VyaWMgSC4gRWNo" - + "aWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0bGUub3JnMRYw" - + "FAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTGCAV8wggFbAgEB" - + "MCowJTEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUCAQIw" - + "CQYFKw4DAhoFAKCBjDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJ" - + "KoZIhvcNAQkFMQ8XDTA0MTIwOTA3MzQxMlowIwYJKoZIhvcNAQkEMRYEFMNA" - + "xlscHYiByHL9DIEh3FewIhgSMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFLft" - + "ovMVyF6p4nlyVrSCM1YcYptHMA0GCSqGSIb3DQEBAQUABIGAaj46Tarrg7V7" - + "z13bbetrGv+xy159eE8kmIW9nPegru3DuK/GmbMx9W3l0ydx0zdXRwYi6NZc" - + "nNqbEZQZ2L1biJVTflgWq4Nxu4gPGjH/BGHKdH/LyW4eDcXZR39AkNBMnDAK" - + "EmhhJo1/Tc+S/WkV9lnHJCPIn+TAijBUO6EiTik="); - - private byte[] md5Response = Base64.decode( - "MIICcDADAgEAMIICZwYJKoZIhvcNAQcCoIICWDCCAlQCAQMxCzAJBgUrDgMC" - + "GgUAMIHeBgsqhkiG9w0BCRABBKCBzgSByzCByAIBAQYJKwYBBAGpBwUBMCAw" - + "DAYIKoZIhvcNAgUFAAQQyJfRQQr48sdPuhGx21EengIBAxgPMjAwNDEyMDkw" - + "NzQ2MTZaMAoCAQGAAgH0gQFkAQH/Agg0JbmsiMSM56BppGcwZTEYMBYGA1UE" - + "AxMPRXJpYyBILiBFY2hpZG5hMSQwIgYJKoZIhvcNAQkBFhVlcmljQGJvdW5j" - + "eWNhc3RsZS5vcmcxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYT" - + "AkFVMYIBXzCCAVsCAQEwKjAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQsw" - + "CQYDVQQGEwJBVQIBAjAJBgUrDgMCGgUAoIGMMBoGCSqGSIb3DQEJAzENBgsq" - + "hkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMDQxMjA5MDc0NjE2WjAjBgkq" - + "hkiG9w0BCQQxFgQUFpRpaiRUUjiY7EbefbWLKDIY0XMwKwYLKoZIhvcNAQkQ" - + "AgwxHDAaMBgwFgQUt+2i8xXIXqnieXJWtIIzVhxim0cwDQYJKoZIhvcNAQEB" - + "BQAEgYBTwKsLLrQm+bvKV7Jwto/cMQh0KsVB5RoEeGn5CI9XyF2Bm+JRcvQL" - + "Nm7SgSOBVt4A90TqujxirNeyQnXRiSnFvXd09Wet9WIQNpwpiGlE7lCrAhuq" - + "/TAUe79VIpoQZDtyhbh0Vzxl24yRoechabC0zuPpOWOzrA4YC3Hv1J2tAA=="); - - private byte[] signingCert = Base64.decode( - "MIICWjCCAcOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAlMRYwFAYDVQQKEw1Cb3Vu" - + "Y3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAeFw0wNDEyMDkwNzEzMTRaFw0wNTAzMTkw" - + "NzEzMTRaMGUxGDAWBgNVBAMTD0VyaWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJ" - + "ARYVZXJpY0Bib3VuY3ljYXN0bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxl" - + "MQswCQYDVQQGEwJBVTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqGAFO3dK" - + "jB7Ca7u5Z3CabsbGr2Exg+3sztSPiRCIba03es4295EhtDF5bXQvrW2R1Bg72vED" - + "5tWaQjVDetvDfCzVC3ErHLTVk3OgpLIP1gf2T0LcOH2pTh2LP9c5Ceta+uggK8zK" - + "9sYUUnzGPSAZxrqHIIAlPIgqk0BMV+KApyECAwEAAaNaMFgwHQYDVR0OBBYEFO4F" - + "YoqogtB9MjD0NB5x5HN3TrGUMB8GA1UdIwQYMBaAFPXAecuwLqNkCxYVLE/ngFQR" - + "7RLIMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBBAUAA4GBADGi" - + "D5/qmGvcBgswEM/z2dF4lOxbTNKUW31ZHiU8CXlN0IkFtNbBLBTbJOQIAUnNEabL" - + "T7aYgj813OZKUbJTx4MuGChhot/TEP7hKo/xz9OnXLsqYDKbqbo8iLOode+SI7II" - + "+yYghOtqvx32cL2Qmffi1LaMbhJP+8NbsIxowdRC"); - - private byte[] unacceptablePolicy = Base64.decode( - "MDAwLgIBAjAkDCJSZXF1ZXN0ZWQgcG9saWN5IGlzIG5vdCBzdXBwb3J0ZWQu" - + "AwMAAAE="); - - private byte[] generalizedTime = Base64.decode( - "MIIKPTADAgEAMIIKNAYJKoZIhvcNAQcCoIIKJTCCCiECAQMxCzAJBgUrDgMC" - + "GgUAMIIBGwYLKoZIhvcNAQkQAQSgggEKBIIBBjCCAQICAQEGCisGAQQBhFkK" - + "AwEwITAJBgUrDgMCGgUABBQAAAAAAAAAAAAAAAAAAAAAAAAAAAICUC8YEzIw" - + "MDUwMzEwMTA1ODQzLjkzM1owBIACAfQBAf8CAWSggaikgaUwgaIxCzAJBgNV" - + "BAYTAkdCMRcwFQYDVQQIEw5DYW1icmlkZ2VzaGlyZTESMBAGA1UEBxMJQ2Ft" - + "YnJpZGdlMSQwIgYDVQQKExtuQ2lwaGVyIENvcnBvcmF0aW9uIExpbWl0ZWQx" - + "JzAlBgNVBAsTHm5DaXBoZXIgRFNFIEVTTjozMjJBLUI1REQtNzI1QjEXMBUG" - + "A1UEAxMOZGVtby1kc2UyMDAtMDGgggaFMIID2TCCA0KgAwIBAgICAIswDQYJ" - + "KoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkdCMRcwFQYDVQQIEw5DYW1icmlk" - + "Z2VzaGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdlMSQwIgYDVQQKExtuQ2lwaGVy" - + "IENvcnBvcmF0aW9uIExpbWl0ZWQxGDAWBgNVBAsTD1Byb2R1Y3Rpb24gVEVT" - + "VDEQMA4GA1UEAxMHVEVTVCBDQTAeFw0wNDA2MTQxNDIzNTlaFw0wNTA2MTQx" - + "NDIzNTlaMIGiMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hp" - + "cmUxEjAQBgNVBAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jw" - + "b3JhdGlvbiBMaW1pdGVkMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046MzIy" - + "QS1CNURELTcyNUIxFzAVBgNVBAMTDmRlbW8tZHNlMjAwLTAxMIGfMA0GCSqG" - + "SIb3DQEBAQUAA4GNADCBiQKBgQC7zUamCeLIApddx1etW5YEFrL1WXnlCd7j" - + "mMFI6RpSq056LBkF1z5LgucLY+e/c3u2Nw+XJuS3a2fKuBD7I1s/6IkVtIb/" - + "KLDjjafOnottKhprH8K41siJUeuK3PRzfZ5kF0vwB3rNvWPCBJmp7kHtUQw3" - + "RhIsJTYs7Wy8oVFHVwIDAQABo4IBMDCCASwwCQYDVR0TBAIwADAWBgNVHSUB" - + "Af8EDDAKBggrBgEFBQcDCDAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l" - + "cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDlEe9Pd0WwQrtnEmFRI2Vmt" - + "b+lCMIG5BgNVHSMEgbEwga6AFNy1VPweOQLC65bs6/0RcUYB19vJoYGSpIGP" - + "MIGMMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hpcmUxEjAQ" - + "BgNVBAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlv" - + "biBMaW1pdGVkMRgwFgYDVQQLEw9Qcm9kdWN0aW9uIFRFU1QxEDAOBgNVBAMT" - + "B1RFU1QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADgYEASEMlrpRE1RYZPxP3530e" - + "hOYUDjgQbw0dwpPjQtLWkeJrePMzDBAbuWwpRI8dOzKP3Rnrm5rxJ7oLY2S0" - + "A9ZfV+iwFKagEHFytfnPm2Y9AeNR7a3ladKd7NFMw+5Tbk7Asbetbb+NJfCl" - + "9YzHwxLGiQbpKxgc+zYOjq74eGLKtcKhggKkMIICDQIBATCB0qGBqKSBpTCB" - + "ojELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYD" - + "VQQHEwlDYW1icmlkZ2UxJDAiBgNVBAoTG25DaXBoZXIgQ29ycG9yYXRpb24g" - + "TGltaXRlZDEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMyMkEtQjVERC03" - + "MjVCMRcwFQYDVQQDEw5kZW1vLWRzZTIwMC0wMaIlCgEBMAkGBSsOAwIaBQAD" - + "FQDaLe88TQvM+iMKmIXMmDSyPCZ/+KBmMGSkYjBgMQswCQYDVQQGEwJVUzEk" - + "MCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlvbiBMaW1pdGVkMRgwFgYDVQQL" - + "Ew9Qcm9kdWN0aW9uIFRlc3QxETAPBgNVBAMTCFRlc3QgVE1DMA0GCSqGSIb3" - + "DQEBBQUAAgjF2jVbAAAAADAiGA8yMDA1MDMxMDAyNTQxOVoYDzIwMDUwMzEz" - + "MDI1NDE5WjCBjTBLBgorBgEEAYRZCgQBMT0wOzAMAgTF2jVbAgQAAAAAMA8C" - + "BAAAAAACBAAAaLkCAf8wDAIEAAAAAAIEAAKV/DAMAgTF3inbAgQAAAAAMD4G" - + "CisGAQQBhFkKBAIxMDAuMAwGCisGAQQBhFkKAwGgDjAMAgQAAAAAAgQAB6Eg" - + "oQ4wDAIEAAAAAAIEAAPQkDANBgkqhkiG9w0BAQUFAAOBgQB1q4d3GNWk7oAT" - + "WkpYmZaTFvapMhTwAmAtSGgFmNOZhs21iHWl/X990/HEBsduwxohfrd8Pz64" - + "hV/a76rpeJCVUfUNmbRIrsurFx6uKwe2HUHKW8grZWeCD1L8Y1pKQdrD41gu" - + "v0msfOXzLWW+xe5BcJguKclN8HmT7s2odtgiMTGCAmUwggJhAgEBMIGTMIGM" - + "MQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hpcmUxEjAQBgNV" - + "BAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlvbiBM" - + "aW1pdGVkMRgwFgYDVQQLEw9Qcm9kdWN0aW9uIFRFU1QxEDAOBgNVBAMTB1RF" - + "U1QgQ0ECAgCLMAkGBSsOAwIaBQCgggEnMBoGCSqGSIb3DQEJAzENBgsqhkiG" - + "9w0BCRABBDAjBgkqhkiG9w0BCQQxFgQUi1iYx5H3ACnvngWZTPfdxGswkSkw" - + "geMGCyqGSIb3DQEJEAIMMYHTMIHQMIHNMIGyBBTaLe88TQvM+iMKmIXMmDSy" - + "PCZ/+DCBmTCBkqSBjzCBjDELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDkNhbWJy" - + "aWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlkZ2UxJDAiBgNVBAoTG25DaXBo" - + "ZXIgQ29ycG9yYXRpb24gTGltaXRlZDEYMBYGA1UECxMPUHJvZHVjdGlvbiBU" - + "RVNUMRAwDgYDVQQDEwdURVNUIENBAgIAizAWBBSpS/lH6bN/wf3E2z2X29vF" - + "2U7YHTANBgkqhkiG9w0BAQUFAASBgGvDVsgsG5I5WKjEDVHvdRwUx+8Cp10l" - + "zGF8o1h7aK5O3zQ4jLayYHea54E5+df35gG7Z3eoOy8E350J7BvHiwDLTqe8" - + "SoRlGs9VhL6LMmCcERfGSlSn61Aa15iXZ8eHMSc5JTeJl+kqy4I3FPP4m2ai" - + "8wy2fQhn7hUM8Ntg7Y2s"); - - private byte[] v2SigningCertResponse = Base64.decode( - "MIIPPTADAgEAMIIPNAYJKoZIhvcNAQcCoIIPJTCCDyECAQMxDzANBglghkgBZQMEAgEFADCB6QYL" - + "KoZIhvcNAQkQAQSggdkEgdYwgdMCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCBcU0GN08TA" - + "LUFi7AAwQwVkSXqGu9tAzvJ7EXW7SMXHHQIRAM7Fa7g6tMvZI3dgllwMfpcYDzIwMDcxMjExMTAy" - + "MTU5WjADAgEBAgYBFsi5OlmgYqRgMF4xCzAJBgNVBAYTAkRFMSQwIgYDVQQKDBtEZXV0c2NoZSBS" - + "ZW50ZW52ZXJzaWNoZXJ1bmcxEzARBgNVBAsMClFDIFJvb3QgQ0ExFDASBgNVBAMMC1FDIFJvb3Qg" - + "VFNQoIILQjCCBwkwggXxoAMCAQICAwN1pjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJERTEk" - + "MCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2ljaGVydW5nMRMwEQYDVQQLDApRQyBSb290IENB" - + "MB4XDTA3MTEyMDE2MDcyMFoXDTEyMDcyNzIwMjExMVowXjELMAkGA1UEBhMCREUxJDAiBgNVBAoM" - + "G0RldXRzY2hlIFJlbnRlbnZlcnNpY2hlcnVuZzETMBEGA1UECwwKUUMgUm9vdCBDQTEUMBIGA1UE" - + "AwwLUUMgUm9vdCBUU1AwggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCv1vO+EtGnJNs0" - + "atv76BAJXs4bmO8yzVwe3RUtgeu5z9iefh8P46i1g3EL2CD15NcTfoHksr5KudNY30olfjHG7lIu" - + "MO3R5sAcrGDPP7riZJnaI6VD/e6kVR569VBid5z105fJAB7mID7+Bn7pdRwDW3Fy2CzfofXGuvrO" - + "GPNEWq8x8kqqf75DB5nAs5QP8H41obkdkap2ttHkkPZCiMghTs8iHfpJ0STn47MKq+QrUmuATMZi" - + "XrdEfb7f3TBMjO0UVJF64Mh+kC9GtUEHlcm0Tq2Pk5XIUxWEyL94rZ4UWcVdSVE7IjggV2MifMNx" - + "geZO3SwsDZk71AhDBy30CSzBAgUAx3HB5aOCA+IwggPeMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI" - + "MBMGA1UdIwQMMAqACECefuBmflfeMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwUAYIKwYBBQUH" - + "AQEERDBCMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC1yb290cWMudGMuZGV1dHNjaGUtcmVudGVu" - + "dmVyc2ljaGVydW5nLmRlMHcGA1UdIARwMG4wbAYNKwYBBAGBrTwBCAEBAzBbMFkGCCsGAQUFBwIB" - + "Fk1odHRwOi8vd3d3LmRldXRzY2hlLXJlbnRlbnZlcnNpY2hlcnVuZy1idW5kLmRlL3N0YXRpYy90" - + "cnVzdGNlbnRlci9wb2xpY3kuaHRtbDCCATwGA1UdHwSCATMwggEvMHygeqB4hnZsZGFwOi8vZGly" - + "LnRjLmRldXRzY2hlLXJlbnRlbnZlcnNpY2hlcnVuZy5kZS9vdT1RQyUyMFJvb3QlMjBDQSxjbj1Q" - + "dWJsaWMsbz1EUlYsYz1ERT9hdHRybmFtZT1jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MIGuoIGr" - + "oIGohoGlaHR0cDovL2Rpci50Yy5kZXV0c2NoZS1yZW50ZW52ZXJzaWNoZXJ1bmcuZGU6ODA4OS9z" - + "ZXJ2bGV0L0Rpclh3ZWIvQ2EveC5jcmw/ZG49b3UlM0RRQyUyMFJvb3QlMjBDQSUyQ2NuJTNEUHVi" - + "bGljJTJDbyUzRERSViUyQ2MlM0RERSZhdHRybmFtZT1jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0" - + "MIIBLQYDVR0SBIIBJDCCASCGdGxkYXA6Ly9kaXIudGMuZGV1dHNjaGUtcmVudGVudmVyc2ljaGVy" - + "dW5nLmRlL2NuPTE0NTUxOCxvdT1RQyUyMFJvb3QlMjBDQSxjbj1QdWJsaWMsbz1EUlYsYz1ERT9h" - + "dHRybmFtZT1jQUNlcnRpZmljYXRlhoGnaHR0cDovL2Rpci50Yy5kZXV0c2NoZS1yZW50ZW52ZXJz" - + "aWNoZXJ1bmcuZGU6ODA4OS9zZXJ2bGV0L0Rpclh3ZWIvQ2EveC5jZXI/ZG49Y24lM0QxNDU1MTgl" - + "MkNvdSUzRFFDJTIwUm9vdCUyMENBJTJDY24lM0RQdWJsaWMlMkNvJTNERFJWJTJDYyUzRERFJmF0" - + "dHJuYW1lPWNBQ2VydGlmaWNhdGUwDgYDVR0PAQH/BAQDAgZAMDsGA1UdCQQ0MDIwMAYDVQQDMSkT" - + "J1FDIFRTUCBEZXV0c2NoZSBSZW50ZW52ZXJzaWNoZXJ1bmcgMTpQTjAMBgNVHRMBAf8EAjAAMA0G" - + "CSqGSIb3DQEBCwUAA4IBAQCCrWe3Pd3ioX7d8phXvVAa859Rvgf0k3pZ6R4GMj8h/k6MNjNIrdAs" - + "wgUVkBbXMLLBk0smsvTdFIVtTBdp1urb9l7vXjDA4MckXBOXPcz4fN8Oswk92d+fM9XU1jKVPsFG" - + "PV6j8lAqfq5jwaRxOnS96UBGLKG+NdcrEyiMp/ZkpqnEQZZfu2mkeq6CPahnbBTZqsE0jgY351gU" - + "9T6SFVvLIFH7cOxJqsoxPqv5YEcgiXPpOyyu2rpQqKYBYcnerF6/zx5hmWHxTd7MWaTHm0gJI/Im" - + "d8esbW+xyaJuAVUcBA+sDmSe8AAoRVxwBRY+xi9ApaJHpmwT+0n2K2GsL3wIMIIEMTCCAxmgAwIB" - + "AgIDAjhuMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYTAkRFMSQwIgYDVQQKDBtEZXV0c2NoZSBS" - + "ZW50ZW52ZXJzaWNoZXJ1bmcxEzARBgNVBAsMClFDIFJvb3QgQ0EwHhcNMDcwNzI3MjAyMTExWhcN" - + "MTIwNzI3MjAyMTExWjBIMQswCQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVy" - + "c2ljaGVydW5nMRMwEQYDVQQLDApRQyBSb290IENBMIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIB" - + "DAKCAQEAzuhBdo9c84DdzsggjWOgfC4jJ2jYqpsOpBo3DVyem+5R26QK4feZdyFnaGvyG+TLcdLO" - + "iCecGmrRGD+ey4IhjCONb7hsQQhJWTyDEtBblzYB0yjY8+9fnNeR61W+M/KlMgC6Rw/w+zwzklTM" - + "MWwIbxLHm8l9jTSKFjAWTwjE8bCzpUCwN8+4JbFTwjwOJ5lsVA5Xa34wpgr6lgL3WrVTV1NSprqR" - + "ZYDWg477tht0KkyOJt3guF3RONKBBuTO2qCbpUeI8m4v3tznoopYbV5Gp5wu5gqd6lTfgju3ldql" - + "bxtuCLZd0nAI5rLEOPItDKl4vPXllmmtGIrtDZlwr86cbwIFAJvMJpGjggEgMIIBHDAPBgNVHRMB" - + "Af8EBTADAQH/MBEGA1UdDgQKBAhAnn7gZn5X3jB3BgNVHSAEcDBuMGwGDSsGAQQBga08AQgBAQEw" - + "WzBZBggrBgEFBQcCARZNaHR0cDovL3d3dy5kZXV0c2NoZS1yZW50ZW52ZXJzaWNoZXJ1bmctYnVu" - + "ZC5kZS9zdGF0aWMvdHJ1c3RjZW50ZXIvcG9saWN5Lmh0bWwwUwYDVR0JBEwwSjBIBgNVBAMxQRM/" - + "UUMgV3VyemVsemVydGlmaXppZXJ1bmdzc3RlbGxlIERldXRzY2hlIFJlbnRlbnZlcnNpY2hlcnVu" - + "ZyAxOlBOMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3" - + "DQEBCwUAA4IBAQBNGs7Dnc1yzzpZrkuC+oLv+NhbORTEYNgpaOetB1JQ1EbUBoPuNN4ih0ngy/uJ" - + "D2O+h4JsNkmELgaehLWyFwATqCYZY4cTAGVoEwgn93x3aW8JbMDQf+YEJDSDsXcm4oIDFPqv5M6o" - + "HZUWfsPka3mxKivfKtWhooTz1/+BEGReVQ2oOAvlwXlkEab9e3GOqXQUcLPYDTl8BQxiYhtQtf3d" - + "kORiUkuGiGX1YJ5JnZnG3ElMjPgOl8rOiYU7oj9uv1HVb5sdAwuVw0BR/eiMVDBT8DNyfoJmPeQQ" - + "A9pXtoAYO0Ya7wNNmCY2Y63YfBlRCF+9VQv2RZ4TdO1KGWwxR98OMYIC1zCCAtMCAQEwTzBIMQsw" - + "CQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2ljaGVydW5nMRMwEQYDVQQL" - + "DApRQyBSb290IENBAgMDdaYwDQYJYIZIAWUDBAIBBQCgggFZMBoGCSqGSIb3DQEJAzENBgsqhkiG" - + "9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgO7FFODWWwF5RUjo6wjIkgkD5u7dH+NICiCpSgRRqd/Aw" - + "ggEIBgsqhkiG9w0BCRACLzGB+DCB9TCB8jB3BCAMMZqK/5pZxOb3ruCbcgxStaTDwDHaf2glEo6P" - + "+89t8TBTMEykSjBIMQswCQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2lj" - + "aGVydW5nMRMwEQYDVQQLDApRQyBSb290IENBAgMDdaYwdwQgl7vwI+P47kpxhWLoIdEco7UfGwZ2" - + "X4el3jaZ67q5/9IwUzBMpEowSDELMAkGA1UEBhMCREUxJDAiBgNVBAoMG0RldXRzY2hlIFJlbnRl" - + "bnZlcnNpY2hlcnVuZzETMBEGA1UECwwKUUMgUm9vdCBDQQIDAjhuMA0GCSqGSIb3DQEBCwUABIIB" - + "AIOYgpDI0BaeG4RF/EB5QzkUqAZ9nX6w895+m2hHyRKrAKdj3913j5QI+aEVIG3DVbFaAfdKeKfn" - + "xsTW48aWs6aARtPAc+1OXwoGUSYElOFqqVpSeTaXe+kjY5bsLSQeETB+EPvXl8EcKTaxTRCNOqJU" - + "XbnyYRgWTI55A2jH6IsQQVHc5DaIcmbdI8iATaRTHY5eUeVuI+Q/3RMVBFAb5qRhM61Ddcrjq058" - + "C0uiH9G2IB5QRyu6RsCUgrkeMTMBqlIBlnDBy+EgLouDU4Dehxy5uzEl5DBKZEewZpQZOTO/kAgL" - + "WruAAg/Lj4r0f9vN12wRlHoS2UKDjrE1DnUBbrM="); - - /* (non-Javadoc) - * @see org.bouncycastle.util.test.Test#getName() - */ - public String getName() - { - return "ParseTest"; - } - - private void requestParse( - byte[] request, - ASN1ObjectIdentifier algorithm) - throws IOException - { - TimeStampRequest req = new TimeStampRequest(request); - - if (!req.getMessageImprintAlgOID().equals(algorithm)) - { - fail("failed to get expected algorithm - got " - + req.getMessageImprintAlgOID() + " not " + algorithm); - } - - if (request != sha1Request && request != sha1noNonse) - { - if (!req.getReqPolicy().equals(TSPTestUtil.EuroPKI_TSA_Test_Policy)) - { - fail("" + algorithm + " failed policy check."); - } - - if (request == ripemd160Request) - { - if (!req.getCertReq()) - { - fail("" + algorithm + " failed certReq check."); - } - } - } - - assertEquals("version not 1", 1, req.getVersion()); - - assertEquals("critical extensions found when none expected", 0, req.getCriticalExtensionOIDs().size()); - - assertEquals("non-critical extensions found when none expected", 0, req.getNonCriticalExtensionOIDs().size()); - - if (request != sha1noNonse) - { - if (req.getNonce() == null) - { - fail("" + algorithm + " nonse not found when one expected."); - } - } - else - { - if (req.getNonce() != null) - { - fail("" + algorithm + " nonse not found when one not expected."); - } - } - - try - { - req.validate(TSPAlgorithms.ALLOWED, null, null); - } - catch (Exception e) - { - fail("validation exception."); - } - - if (!Arrays.areEqual(req.getEncoded(), request)) - { - fail("" + algorithm + " failed encode check."); - } - } - - private void responseParse( - byte[] request, - byte[] response, - ASN1ObjectIdentifier algorithm) - throws Exception - { - TimeStampRequest req = new TimeStampRequest(request); - TimeStampResponse resp = new TimeStampResponse(response); - - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - X509Certificate cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signingCert)); - - resp.validate(req); - - resp.getTimeStampToken().validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - } - - private void unacceptableResponseParse( - byte[] response) - throws Exception - { - TimeStampResponse resp = new TimeStampResponse(response); - - if (resp.getStatus() != PKIStatus.REJECTION) - { - fail("request not rejected."); - } - - if (resp.getFailInfo().intValue() != PKIFailureInfo.unacceptedPolicy) - { - fail("request not rejected."); - } - } - - private void generalizedTimeParse( - byte[] response) - throws Exception - { - TimeStampResponse resp = new TimeStampResponse(response); - - if (resp.getStatus() != PKIStatus.GRANTED) - { - fail("request not rejected."); - } - } - - public void setUp() - { - Security.addProvider(new BouncyCastleProvider()); - } - - public void testParsing() - throws Exception - { - requestParse(sha1Request, TSPAlgorithms.SHA1); - - requestParse(sha1noNonse, TSPAlgorithms.SHA1); - - requestParse(md5Request, TSPAlgorithms.MD5); - - requestParse(ripemd160Request, TSPAlgorithms.RIPEMD160); - - responseParse(sha1Request, sha1Response, TSPAlgorithms.SHA1); - - responseParse(sha1noNonse, sha1noNonseResponse, TSPAlgorithms.SHA1); - - responseParse(md5Request, md5Response, TSPAlgorithms.MD5); - - unacceptableResponseParse(unacceptablePolicy); - - generalizedTimeParse(generalizedTime); - - v2SigningResponseParse(v2SigningCertResponse); - } - - private void v2SigningResponseParse( - byte[] encoded) - throws Exception - { - TimeStampResponse response = new TimeStampResponse(encoded); - - Store store = response.getTimeStampToken().getCertificates(); - X509CertificateHolder cert = (X509CertificateHolder)store.getMatches(response.getTimeStampToken().getSID()).iterator().next(); - - response.getTimeStampToken().validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); - } - - public void parse( - byte[] encoded, - boolean tokenPresent) - throws Exception - { - TimeStampResponse response = new TimeStampResponse(encoded); - - if (tokenPresent && response.getTimeStampToken() == null) - { - fail("token not found when expected."); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java deleted file mode 100644 index 8bbd4ad..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.operator.DigestCalculator; - - -class SHA1DigestCalculator - implements DigestCalculator -{ - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1); - } - - public OutputStream getOutputStream() - { - return bOut; - } - - public byte[] getDigest() - { - byte[] bytes = bOut.toByteArray(); - - bOut.reset(); - - Digest sha1 = new SHA1Digest(); - - sha1.update(bytes, 0, bytes.length); - - byte[] digest = new byte[sha1.getDigestSize()]; - - sha1.doFinal(digest, 0); - - return digest; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java deleted file mode 100644 index 89b0a1f..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.operator.DigestCalculator; - - -class SHA256DigestCalculator - implements DigestCalculator -{ - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256); - } - - public OutputStream getOutputStream() - { - return bOut; - } - - public byte[] getDigest() - { - byte[] bytes = bOut.toByteArray(); - - bOut.reset(); - - Digest sha256 = new SHA256Digest(); - - sha256.update(bytes, 0, bytes.length); - - byte[] digest = new byte[sha256.getDigestSize()]; - - sha256.doFinal(digest, 0); - - return digest; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/tsp/test/TSPTestUtil.java b/bcpkix/src/main/java/org/bouncycastle/tsp/test/TSPTestUtil.java deleted file mode 100644 index e9d9426..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/tsp/test/TSPTestUtil.java +++ /dev/null @@ -1,229 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.cert.X509Certificate; -import java.util.Date; - -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.ExtendedKeyUsage; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.KeyPurposeId; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.x509.X509V3CertificateGenerator; - -public class TSPTestUtil -{ - - public static SecureRandom rand = new SecureRandom(); - - public static KeyPairGenerator kpg; - - public static KeyGenerator desede128kg; - - public static KeyGenerator desede192kg; - - public static KeyGenerator rc240kg; - - public static KeyGenerator rc264kg; - - public static KeyGenerator rc2128kg; - - public static BigInteger serialNumber = BigInteger.ONE; - - public static final boolean DEBUG = true; - - public static ASN1ObjectIdentifier EuroPKI_TSA_Test_Policy = new ASN1ObjectIdentifier( - "1.3.6.1.4.1.5255.5.1"); - - public static JcaX509ExtensionUtils extUtils; - - static - { - try - { - rand = new SecureRandom(); - - kpg = KeyPairGenerator.getInstance("RSA", "BC"); - kpg.initialize(1024, rand); - - desede128kg = KeyGenerator.getInstance("DESEDE", "BC"); - desede128kg.init(112, rand); - - desede192kg = KeyGenerator.getInstance("DESEDE", "BC"); - desede192kg.init(168, rand); - - rc240kg = KeyGenerator.getInstance("RC2", "BC"); - rc240kg.init(40, rand); - - rc264kg = KeyGenerator.getInstance("RC2", "BC"); - rc264kg.init(64, rand); - - rc2128kg = KeyGenerator.getInstance("RC2", "BC"); - rc2128kg.init(128, rand); - - serialNumber = new BigInteger("1"); - - extUtils = new JcaX509ExtensionUtils(); - - } - catch (Exception ex) - { - throw new RuntimeException(ex.toString()); - } - } - - public static String dumpBase64(byte[] data) - { - StringBuffer buf = new StringBuffer(); - - data = Base64.encode(data); - - for (int i = 0; i < data.length; i += 64) - { - if (i + 64 < data.length) - { - buf.append(new String(data, i, 64)); - } - else - { - buf.append(new String(data, i, data.length - i)); - } - buf.append('\n'); - } - - return buf.toString(); - } - - public static KeyPair makeKeyPair() - { - return kpg.generateKeyPair(); - } - - public static SecretKey makeDesede128Key() - { - return desede128kg.generateKey(); - } - - public static SecretKey makeDesede192Key() - { - return desede192kg.generateKey(); - } - - public static SecretKey makeRC240Key() - { - return rc240kg.generateKey(); - } - - public static SecretKey makeRC264Key() - { - return rc264kg.generateKey(); - } - - public static SecretKey makeRC2128Key() - { - return rc2128kg.generateKey(); - } - - public static X509Certificate makeCertificate(KeyPair _subKP, - String _subDN, KeyPair _issKP, String _issDN) - throws GeneralSecurityException, IOException - { - - return makeCertificate(_subKP, _subDN, _issKP, _issDN, false); - } - - public static X509Certificate makeCACertificate(KeyPair _subKP, - String _subDN, KeyPair _issKP, String _issDN) - throws GeneralSecurityException, IOException - { - - return makeCertificate(_subKP, _subDN, _issKP, _issDN, true); - } - - public static X509Certificate makeCertificate(KeyPair _subKP, - String _subDN, KeyPair _issKP, String _issDN, boolean _ca) - throws GeneralSecurityException, IOException - { - - PublicKey _subPub = _subKP.getPublic(); - PrivateKey _issPriv = _issKP.getPrivate(); - PublicKey _issPub = _issKP.getPublic(); - - X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator(); - - _v3CertGen.reset(); - _v3CertGen.setSerialNumber(allocateSerialNumber()); - _v3CertGen.setIssuerDN(new X509Name(_issDN)); - _v3CertGen.setNotBefore(new Date(System.currentTimeMillis())); - _v3CertGen.setNotAfter(new Date(System.currentTimeMillis() - + (1000L * 60 * 60 * 24 * 100))); - _v3CertGen.setSubjectDN(new X509Name(_subDN)); - _v3CertGen.setPublicKey(_subPub); - _v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); - - _v3CertGen.addExtension(Extension.subjectKeyIdentifier, false, - createSubjectKeyId(_subPub)); - - _v3CertGen.addExtension(Extension.authorityKeyIdentifier, false, - createAuthorityKeyId(_issPub)); - - if (_ca) - { - _v3CertGen.addExtension(Extension.basicConstraints, false, - new BasicConstraints(_ca)); - } - else - { - _v3CertGen.addExtension(Extension.extendedKeyUsage, true, - new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); - } - - X509Certificate _cert = _v3CertGen.generate(_issPriv); - - _cert.checkValidity(new Date()); - _cert.verify(_issPub); - - return _cert; - } - - /* - * - * INTERNAL METHODS - * - */ - - - private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey _pubKey) - throws IOException - { - return extUtils.createAuthorityKeyIdentifier(_pubKey); - } - - private static SubjectKeyIdentifier createSubjectKeyId(PublicKey _pubKey) - throws IOException - { - return extUtils.createSubjectKeyIdentifier(_pubKey); - } - - private static BigInteger allocateSerialNumber() - { - BigInteger _tmp = serialNumber; - serialNumber = serialNumber.add(BigInteger.ONE); - return _tmp; - } -} |