-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathTSAClient.java
163 lines (141 loc) · 4.85 KB
/
TSAClient.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
package PDFSignature;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.MessageDigest;
import java.security.SecureRandom;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.pdfbox.io.IOUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
/**
* Time Stamping Authority (TSA) Client [RFC 3161].
*
* @author Vakhtang Koroghlishvili
* @author John Hewson
*/
public class TSAClient {
private static final Log LOG = LogFactory.getLog(TSAClient.class);
private final URL url;
private final String username;
private final String password;
private final MessageDigest digest;
/**
*
* @param url
* the URL of the TSA service
* @param username
* user name of TSA
* @param password
* password of TSA
* @param digest
* the message digest to use
*/
public TSAClient(URL url, String username, String password, MessageDigest digest) {
this.url = url;
this.username = username;
this.password = password;
this.digest = digest;
}
/**
*
* @param messageImprint
* imprint of message contents
* @return the encoded time stamp token
* @throws IOException
* if there was an error with the connection or data from the
* TSA server, or if the time stamp response could not be
* validated
*/
public byte[] getTimeStampToken(byte[] messageImprint) throws IOException {
digest.reset();
byte[] hash = digest.digest(messageImprint);
// 32-bit cryptographic nonce
SecureRandom random = new SecureRandom();
int nonce = random.nextInt();
// generate TSA request
TimeStampRequestGenerator tsaGenerator = new TimeStampRequestGenerator();
tsaGenerator.setCertReq(true);
ASN1ObjectIdentifier oid = getHashObjectIdentifier(digest.getAlgorithm());
TimeStampRequest request = tsaGenerator.generate(oid, hash, BigInteger.valueOf(nonce));
// get TSA response
byte[] tsaResponse = getTSAResponse(request.getEncoded());
TimeStampResponse response;
try {
response = new TimeStampResponse(tsaResponse);
response.validate(request);
} catch (TSPException e) {
throw new IOException(e);
}
TimeStampToken token = response.getTimeStampToken();
if (token == null) {
throw new IOException("Response does not have a time stamp token");
}
return token.getEncoded();
}
// gets response data for the given encoded TimeStampRequest data
// throws IOException if a connection to the TSA cannot be established
private byte[] getTSAResponse(byte[] request) throws IOException {
LOG.debug("Opening connection to TSA server");
// todo: support proxy servers
URLConnection connection = url.openConnection();
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestProperty("Content-Type", "application/timestamp-query");
LOG.debug("Established connection to TSA server");
if (username != null && password != null && !username.isEmpty() && !password.isEmpty()) {
connection.setRequestProperty(username, password);
}
// read response
OutputStream output = null;
try {
output = connection.getOutputStream();
output.write(request);
} finally {
IOUtils.closeQuietly(output);
}
LOG.debug("Waiting for response from TSA server");
InputStream input = null;
byte[] response;
try {
input = connection.getInputStream();
response = IOUtils.toByteArray(input);
} finally {
IOUtils.closeQuietly(input);
}
LOG.debug("Received response from TSA server");
return response;
}
// returns the ASN.1 OID of the given hash algorithm
private ASN1ObjectIdentifier getHashObjectIdentifier(String algorithm) {
switch (algorithm) {
case "MD2":
return new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md2.getId());
case "MD5":
return new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md5.getId());
case "SHA-1":
return new ASN1ObjectIdentifier(OIWObjectIdentifiers.idSHA1.getId());
case "SHA-224":
return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha224.getId());
case "SHA-256":
return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha256.getId());
case "SHA-384":
return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha384.getId());
case "SHA-512":
return new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha512.getId());
default:
return new ASN1ObjectIdentifier(algorithm);
}
}
}