List of usage examples for org.bouncycastle.tsp TimeStampResponse getTimeStampToken
public TimeStampToken getTimeStampToken()
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** Tests issuance of time-stamp token when an EC key is specified. */ @Test/* www . j a v a 2 s. com*/ public void test20BasicTimeStampECDSA() throws Exception { final int workerId = WORKER20; try { // Setup signer final File keystore = new File(getSignServerHome(), "res/test/dss10/dss10_signer5ec.p12"); if (!keystore.exists()) { throw new FileNotFoundException(keystore.getAbsolutePath()); } addP12DummySigner(TimeStampSigner.class.getName(), workerId, "TestTimeStampP12ECDSA", keystore, "foo123", "signerec"); workerSession.setWorkerProperty(workerId, "DEFAULTTSAPOLICYOID", "1.2.3"); workerSession.setWorkerProperty(workerId, "SIGNATUREALGORITHM", "SHA1WithECDSA"); workerSession.reloadConfiguration(workerId); // Test signing TimeStampResponse response = assertSuccessfulTimestamp(WORKER20, true); // Test that it is using the right algorithm TimeStampToken token = response.getTimeStampToken(); SignerInformation si = (SignerInformation) token.toCMSSignedData().getSignerInfos().getSigners() .iterator().next(); assertEquals("sha1withecdsa", "1.2.840.10045.4.1", si.getEncryptionAlgOID()); // Test with SHA256WithECDSA workerSession.setWorkerProperty(workerId, "SIGNATUREALGORITHM", "SHA256WithECDSA"); workerSession.reloadConfiguration(workerId); // Test signing response = assertSuccessfulTimestamp(WORKER20, true); // Test that it is using the right algorithm token = response.getTimeStampToken(); si = (SignerInformation) token.toCMSSignedData().getSignerInfos().getSigners().iterator().next(); assertEquals("sha256withecdsa", "1.2.840.10045.4.3.2", si.getEncryptionAlgOID()); } finally { removeWorker(workerId); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** Tests issuance of time-stamp token when an DSA key is specified. */ @Test/*from w w w. j ava 2s . c o m*/ public void test21BasicTimeStampDSA() throws Exception { final int workerId = WORKER20; try { // Setup signer final File keystore = new File(getSignServerHome(), "res/test/dss10/dss10_tssigner6dsa.jks"); if (!keystore.exists()) { throw new FileNotFoundException(keystore.getAbsolutePath()); } addJKSDummySigner(TimeStampSigner.class.getName(), workerId, "TestTimeStampJKSDSA", keystore, "foo123", "mykey"); workerSession.setWorkerProperty(workerId, "DEFAULTTSAPOLICYOID", "1.2.3"); workerSession.setWorkerProperty(workerId, "SIGNATUREALGORITHM", "SHA1WithDSA"); workerSession.reloadConfiguration(workerId); // Test signing TimeStampResponse response = assertSuccessfulTimestamp(WORKER20, true); // Test that it is using the right algorithm TimeStampToken token = response.getTimeStampToken(); SignerInformation si = (SignerInformation) token.toCMSSignedData().getSignerInfos().getSigners() .iterator().next(); assertEquals("sha1withdsa", "1.2.840.10040.4.3", si.getEncryptionAlgOID()); } finally { removeWorker(workerId); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Test that the default behavior is to not include the TSA field. * @throws Exception// www . j av a 2 s . com */ @Test public void test31NoTSAName() throws Exception { // Test signing final TimeStampResponse response = assertSuccessfulTimestamp(WORKER1, true); assertNull("No TSA set", response.getTimeStampToken().getTimeStampInfo().getTsa()); }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Test setting the TSA worker property. * @throws Exception/* www . j a va2s.com*/ */ @Test public void test32ExplicitTSAName() throws Exception { workerSession.setWorkerProperty(WORKER1, TimeStampSigner.TSA, "CN=test"); workerSession.reloadConfiguration(WORKER1); final TimeStampResponse response = assertSuccessfulTimestamp(WORKER1, true); final GeneralName name = response.getTimeStampToken().getTimeStampInfo().getTsa(); final GeneralName expectedName = new GeneralName(new X500Name("CN=test")); assertEquals("TSA included", expectedName, name); // restore workerSession.removeWorkerProperty(WORKER1, TimeStampSigner.TSA); workerSession.reloadConfiguration(WORKER1); }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Test using the TSA_FROM_CERT property to set the TSA name from * the signing cert./* www. j a v a2 s.c om*/ * * @throws Exception */ @Test public void test34TSANameFromCert() throws Exception { workerSession.setWorkerProperty(WORKER1, TimeStampSigner.TSA_FROM_CERT, "true"); workerSession.reloadConfiguration(WORKER1); final TimeStampResponse response = assertSuccessfulTimestamp(WORKER1, true); final GeneralName name = response.getTimeStampToken().getTimeStampInfo().getTsa(); final GeneralName expectedName = new GeneralName( new X500Name("CN=TS Signer 1,OU=Testing,O=SignServer,C=SE")); assertEquals("TSA included", expectedName, name); final GeneralName certName = new GeneralName( new JcaX509CertificateHolder((X509Certificate) workerSession.getSignerCertificate(WORKER1)) .getSubject()); assertTrue("TSA name content equals cert", Arrays.equals(certName.getEncoded(), name.getEncoded())); // restore workerSession.removeWorkerProperty(WORKER1, TimeStampSigner.TSA_FROM_CERT); workerSession.reloadConfiguration(WORKER1); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension.//from w w w . j a v a 2 s . com * @throws Exception */ @Test public void testAcceptedExtensions() throws Exception { LOG.info("testAcceptedExtensions"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension also when ACCEPTEDEXTENSIONS contains spaces. * @throws Exception/*from ww w . j a v a 2 s .c om*/ */ @Test public void testAcceptedExtensionsWithSpaces() throws Exception { LOG.info("testAcceptedExtensionsWithSpaces"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER4, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request without extension is accepted also when the list of * extensions is empty./*from w w w . j av a2s . com*/ * @throws Exception */ @Test public void testEmptyAcceptedExtensionsOk() throws Exception { LOG.info("testEmptyAcceptedExtensions"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER3, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertNull("extensions in token", timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure().getExtensions()); }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void tsSigner() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_TSA, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_TSA, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .addExtension(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_TSA, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_TSA, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_TSA); // Test active List<String> errors = workerSession.getStatus(WORKER_TSA).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(567, requestBytes); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER_TSA, signRequest, new RequestContext()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert);/* w ww .j ava2s . co m*/ final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("Token granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertNotNull("Got timestamp token", timeStampResponse.getTimeStampToken()); }
From source file:org.signserver.server.tsa.InternalTimeStampTokenFetcher.java
License:Open Source License
public TimeStampToken fetchToken(byte[] imprint, ASN1ObjectIdentifier digestOID) throws IllegalRequestException, CryptoTokenOfflineException, SignServerException, TSPException, IOException { int workerId; try {/* w w w .j a v a 2 s. c o m*/ workerId = Integer.parseInt(workerNameOrId); } catch (NumberFormatException ex) { if (LOG.isDebugEnabled()) { LOG.debug("Not a workerId, maybe workerName: " + workerNameOrId); } workerId = session.getWorkerId(workerNameOrId); } // Setup the time stamp request TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.setCertReq(true); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); TimeStampRequest request = tsqGenerator.generate(digestOID, imprint, nonce); byte[] requestBytes = request.getEncoded(); final RequestContext context = new RequestContext(); if (username != null && password != null) { context.put(RequestContext.CLIENT_CREDENTIAL, new UsernamePasswordClientCredential(username, password)); } final ProcessResponse resp = session.process(workerId, new GenericSignRequest(hashCode(), requestBytes), context); if (resp instanceof GenericSignResponse) { final byte[] respBytes = ((GenericSignResponse) resp).getProcessedData(); TimeStampResponse response = new TimeStampResponse(respBytes); TimeStampToken tsToken = response.getTimeStampToken(); if (tsToken == null) { throw new SignServerException("TSA '" + workerNameOrId + "' failed to return time stamp token: " + response.getStatusString()); } if (response.getStatus() != PKIStatus.GRANTED && response.getStatus() != PKIStatus.GRANTED_WITH_MODS) { throw new SignServerException("Time stamp token not granted: " + response.getStatusString()); } response.validate(request); return tsToken; } else { throw new SignServerException("Unknown response"); } }