List of usage examples for org.bouncycastle.tsp TimeStampTokenInfo getMessageImprintAlgOID
public ASN1ObjectIdentifier getMessageImprintAlgOID()
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * Use this constructor if you want to verify a signature. * @param contentsKey the /Contents key/*from w ww . j a v a 2s . c o m*/ * @param filterSubtype the filtersubtype * @param provider the provider or <code>null</code> for the default provider */ @SuppressWarnings({ "unchecked" }) public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype, String provider) { this.filterSubtype = filterSubtype; isTsp = PdfName.ETSI_RFC3161.equals(filterSubtype); isCades = PdfName.ETSI_CADES_DETACHED.equals(filterSubtype); try { this.provider = provider; ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(contentsKey)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("can.t.decode.pkcs7signeddata.object")); } if (!(pkcs instanceof ASN1Sequence)) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("not.a.valid.pkcs.7.object.not.a.sequence")); } ASN1Sequence signedData = (ASN1Sequence) pkcs; ASN1ObjectIdentifier objId = (ASN1ObjectIdentifier) signedData.getObjectAt(0); if (!objId.getId().equals(SecurityIDs.ID_PKCS7_SIGNED_DATA)) throw new IllegalArgumentException( MessageLocalization.getComposedMessage("not.a.valid.pkcs.7.object.not.signed.data")); ASN1Sequence content = (ASN1Sequence) ((ASN1TaggedObject) signedData.getObjectAt(1)).getObject(); // the positions that we care are: // 0 - version // 1 - digestAlgorithms // 2 - possible ID_PKCS7_DATA // (the certificates and crls are taken out by other means) // last - signerInfos // the version version = ((ASN1Integer) content.getObjectAt(0)).getValue().intValue(); // the digestAlgorithms digestalgos = new HashSet<String>(); Enumeration<ASN1Sequence> e = ((ASN1Set) content.getObjectAt(1)).getObjects(); while (e.hasMoreElements()) { ASN1Sequence s = e.nextElement(); ASN1ObjectIdentifier o = (ASN1ObjectIdentifier) s.getObjectAt(0); digestalgos.add(o.getId()); } // the possible ID_PKCS7_DATA ASN1Sequence rsaData = (ASN1Sequence) content.getObjectAt(2); if (rsaData.size() > 1) { ASN1OctetString rsaDataContent = (ASN1OctetString) ((ASN1TaggedObject) rsaData.getObjectAt(1)) .getObject(); RSAdata = rsaDataContent.getOctets(); } int next = 3; while (content.getObjectAt(next) instanceof ASN1TaggedObject) ++next; // the certificates /* This should work, but that's not always the case because of a bug in BouncyCastle: */ X509CertParser cr = new X509CertParser(); cr.engineInit(new ByteArrayInputStream(contentsKey)); certs = cr.engineReadAll(); /* The following workaround was provided by Alfonso Massa, but it doesn't always work either. ASN1Set certSet = null; ASN1Set crlSet = null; while (content.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagged = (ASN1TaggedObject)content.getObjectAt(next); switch (tagged.getTagNo()) { case 0: certSet = ASN1Set.getInstance(tagged, false); break; case 1: crlSet = ASN1Set.getInstance(tagged, false); break; default: throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo()); } ++next; } certs = new ArrayList<Certificate>(certSet.size()); CertificateFactory certFact = CertificateFactory.getInstance("X.509", new BouncyCastleProvider()); for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) { ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); if (obj instanceof ASN1Sequence) { ByteArrayInputStream stream = new ByteArrayInputStream(obj.getEncoded()); X509Certificate x509Certificate = (X509Certificate)certFact.generateCertificate(stream); stream.close(); certs.add(x509Certificate); } } */ // the signerInfos ASN1Set signerInfos = (ASN1Set) content.getObjectAt(next); if (signerInfos.size() != 1) throw new IllegalArgumentException(MessageLocalization.getComposedMessage( "this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time")); ASN1Sequence signerInfo = (ASN1Sequence) signerInfos.getObjectAt(0); // the positions that we care are // 0 - version // 1 - the signing certificate issuer and serial number // 2 - the digest algorithm // 3 or 4 - digestEncryptionAlgorithm // 4 or 5 - encryptedDigest signerversion = ((ASN1Integer) signerInfo.getObjectAt(0)).getValue().intValue(); // Get the signing certificate ASN1Sequence issuerAndSerialNumber = (ASN1Sequence) signerInfo.getObjectAt(1); X509Principal issuer = new X509Principal( issuerAndSerialNumber.getObjectAt(0).toASN1Primitive().getEncoded()); BigInteger serialNumber = ((ASN1Integer) issuerAndSerialNumber.getObjectAt(1)).getValue(); for (Object element : certs) { X509Certificate cert = (X509Certificate) element; if (cert.getIssuerDN().equals(issuer) && serialNumber.equals(cert.getSerialNumber())) { signCert = cert; break; } } if (signCert == null) { throw new IllegalArgumentException( MessageLocalization.getComposedMessage("can.t.find.signing.certificate.with.serial.1", issuer.getName() + " / " + serialNumber.toString(16))); } signCertificateChain(); digestAlgorithmOid = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)).getObjectAt(0)) .getId(); next = 3; boolean foundCades = false; if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject) signerInfo.getObjectAt(next); ASN1Set sseq = ASN1Set.getInstance(tagsig, false); sigAttr = sseq.getEncoded(); // maybe not necessary, but we use the following line as fallback: sigAttrDer = sseq.getEncoded(ASN1Encoding.DER); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence) sseq.getObjectAt(k); String idSeq2 = ((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId(); if (idSeq2.equals(SecurityIDs.ID_MESSAGE_DIGEST)) { ASN1Set set = (ASN1Set) seq2.getObjectAt(1); digestAttr = ((ASN1OctetString) set.getObjectAt(0)).getOctets(); } else if (idSeq2.equals(SecurityIDs.ID_ADBE_REVOCATION)) { ASN1Set setout = (ASN1Set) seq2.getObjectAt(1); ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0); for (int j = 0; j < seqout.size(); ++j) { ASN1TaggedObject tg = (ASN1TaggedObject) seqout.getObjectAt(j); if (tg.getTagNo() == 0) { ASN1Sequence seqin = (ASN1Sequence) tg.getObject(); findCRL(seqin); } if (tg.getTagNo() == 1) { ASN1Sequence seqin = (ASN1Sequence) tg.getObject(); findOcsp(seqin); } } } else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V1)) { ASN1Set setout = (ASN1Set) seq2.getObjectAt(1); ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0); SigningCertificate sv2 = SigningCertificate.getInstance(seqout); ESSCertID[] cerv2m = sv2.getCerts(); ESSCertID cerv2 = cerv2m[0]; byte[] enc2 = signCert.getEncoded(); MessageDigest m2 = new BouncyCastleDigest().getMessageDigest("SHA-1"); byte[] signCertHash = m2.digest(enc2); byte[] hs2 = cerv2.getCertHash(); if (!Arrays.equals(signCertHash, hs2)) throw new IllegalArgumentException( "Signing certificate doesn't match the ESS information."); foundCades = true; } else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)) { ASN1Set setout = (ASN1Set) seq2.getObjectAt(1); ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0); SigningCertificateV2 sv2 = SigningCertificateV2.getInstance(seqout); ESSCertIDv2[] cerv2m = sv2.getCerts(); ESSCertIDv2 cerv2 = cerv2m[0]; AlgorithmIdentifier ai2 = cerv2.getHashAlgorithm(); byte[] enc2 = signCert.getEncoded(); MessageDigest m2 = new BouncyCastleDigest() .getMessageDigest(DigestAlgorithms.getDigest(ai2.getAlgorithm().getId())); byte[] signCertHash = m2.digest(enc2); byte[] hs2 = cerv2.getCertHash(); if (!Arrays.equals(signCertHash, hs2)) throw new IllegalArgumentException( "Signing certificate doesn't match the ESS information."); foundCades = true; } } if (digestAttr == null) throw new IllegalArgumentException(MessageLocalization .getComposedMessage("authenticated.attribute.is.missing.the.digest")); ++next; } if (isCades && !foundCades) throw new IllegalArgumentException("CAdES ESS information missing."); digestEncryptionAlgorithmOid = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(next++)) .getObjectAt(0)).getId(); digest = ((ASN1OctetString) signerInfo.getObjectAt(next++)).getOctets(); if (next < signerInfo.size() && signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject taggedObject = (ASN1TaggedObject) signerInfo.getObjectAt(next); ASN1Set unat = ASN1Set.getInstance(taggedObject, false); AttributeTable attble = new AttributeTable(unat); Attribute ts = attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (ts != null && ts.getAttrValues().size() > 0) { ASN1Set attributeValues = ts.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = new ContentInfo(tokenSequence); this.timeStampToken = new TimeStampToken(contentInfo); } } if (isTsp) { ContentInfo contentInfoTsp = new ContentInfo(signedData); this.timeStampToken = new TimeStampToken(contentInfoTsp); TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); String algOID = info.getMessageImprintAlgOID().getId(); messageDigest = DigestAlgorithms.getMessageDigestFromOid(algOID, null); } else { if (RSAdata != null || digestAttr != null) { if (PdfName.ADBE_PKCS7_SHA1.equals(getFilterSubtype())) { messageDigest = DigestAlgorithms.getMessageDigest("SHA1", provider); } else { messageDigest = DigestAlgorithms.getMessageDigest(getHashAlgorithm(), provider); } encContDigest = DigestAlgorithms.getMessageDigest(getHashAlgorithm(), provider); } sig = initSignature(signCert.getPublicKey()); } } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * Checks if the timestamp refers to this document. * @return true if it checks false otherwise * @throws GeneralSecurityException on error * @since 2.1.6/*from w w w . ja v a2 s . co m*/ */ public boolean verifyTimestampImprint() throws GeneralSecurityException { if (timeStampToken == null) return false; TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); MessageImprint imprint = info.toASN1Structure().getMessageImprint(); String algOID = info.getMessageImprintAlgOID().getId(); byte[] md = new BouncyCastleDigest().getMessageDigest(DigestAlgorithms.getDigest(algOID)).digest(digest); byte[] imphashed = imprint.getHashedMessage(); boolean res = Arrays.equals(md, imphashed); return res; }
From source file:es.mityc.firmaJava.ts.TSCliente.java
License:LGPL
/** * Este mtodo valida el Sello de Tiempo//from ww w.j a v a2s.co m * @param binarioaSellar fichero binario a validar * @param sellodeTiempo El Sello de Tiempo se ingresa en formato binario * @return TSValidacion Valores TSA * @throws NoSuchAlgorithmException * @throws TSPException * @throws IOException * @throws NoSuchProviderException * @throws CertStoreException * @throws TSClienteError */ public static TSValidacion validarSelloTiempo(byte[] binarioaSellar, byte[] sellodeTiempo) throws NoSuchAlgorithmException, TSPException, IOException, NoSuchProviderException, CertStoreException, TSClienteError { // Set permitidos = new HashSet(Arrays.asList(TSPAlgoritmos.getValoresPermitidos())); // si el algoritmo pasado no es permitido o es nulo se usa el algortimo por defecto TimeStampToken tst = null; TSValidacion tsv = new TSValidacion(); try { tst = new TimeStampToken(new CMSSignedData(sellodeTiempo)); } catch (CMSException e) { // Intenta obtenerlo como una TimeStampResp try { TimeStampResponse tsr = new TimeStampResponse(sellodeTiempo); tst = tsr.getTimeStampToken(); if (tst == null) throw new TSClienteError(I18n.getResource(ConstantesTSA.LIBRERIA_TSA_ERROR_2)); } catch (TSPException ex) { throw new TSClienteError(I18n.getResource(ConstantesTSA.LIBRERIA_TSA_ERROR_2)); } catch (IOException ex) { throw new TSClienteError(I18n.getResource(ConstantesTSA.LIBRERIA_TSA_ERROR_2)); } } tsv.setTst(tst); TimeStampTokenInfo tokenInfo = tst.getTimeStampInfo(); MessageDigest resumen = TSPAlgoritmos.getDigest(tokenInfo.getMessageImprintAlgOID()); if (resumen == null) { tsv.setRespuesta(false); return tsv; } resumen.update(binarioaSellar); if (MessageDigest.isEqual(resumen.digest(), tst.getTimeStampInfo().getMessageImprintDigest())) { //TimeStampTokenInfo tokenInfo = tst.getTimeStampInfo(); SimpleDateFormat formato = new SimpleDateFormat(FORMATO_FECHA); tsv.setFecha(formato.format(tokenInfo.getGenTime())); tsv.setFechaDate(tokenInfo.getGenTime()); GenTimeAccuracy precision = tokenInfo.getGenTimeAccuracy(); tsv.setPrecision(precision); long accuLong = 0; if (precision != null) { accuLong = (precision.getMicros() * 1L) + (precision.getMillis() * 1000L) + (precision.getSeconds() * 1000000L); } tsv.setPrecisionLong(accuLong); tsv.setSello(tokenInfo.getSerialNumber()); tsv.setFirmaDigest(new String(Base64Coder.encode(tokenInfo.getMessageImprintDigest()))); tsv.setRespuesta(true); tsv.setSelloAlg(tokenInfo.getMessageImprintAlgOID()); tsv.setEmisor(tst.getSID().getIssuer()); } else { tsv.setRespuesta(false); } return tsv; }
From source file:org.demoiselle.signer.timestamp.connector.TimeStampOperator.java
License:Open Source License
/** * Validate a time stamp/*from w w w.j a v a2 s .c om*/ * * @param content if it is assigned, the parameter hash must to be null * @param timeStamp timestamp to be validated * @param hash if it is assigned, the parameter content must to be null * @throws CertificateCoreException validate exception */ @SuppressWarnings("unchecked") public void validate(byte[] content, byte[] timeStamp, byte[] hash) throws CertificateCoreException { try { TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(timeStamp)); CMSSignedData s = timeStampToken.toCMSSignedData(); int verified = 0; Store<?> certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); while (it.hasNext()) { SignerInformation signer = it.next(); Collection<?> certCollection = certStore.getMatches(signer.getSID()); Iterator<?> certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(cert); if (signer.verify(siv)) { verified++; } cert.getExtension(new ASN1ObjectIdentifier("2.5.29.31")).getExtnValue(); timeStampToken.validate(siv); } logger.info(timeStampMessagesBundle.getString("info.signature.verified", verified)); //Valida o hash incluso no carimbo de tempo com hash do arquivo carimbado byte[] calculatedHash = null; if (content != null) { Digest digest = DigestFactory.getInstance().factoryDefault(); TimeStampTokenInfo info = timeStampToken.getTimeStampInfo(); ASN1ObjectIdentifier algOID = info.getMessageImprintAlgOID(); digest.setAlgorithm(algOID.toString()); calculatedHash = digest.digest(content); } else { calculatedHash = hash; } if (Arrays.equals(calculatedHash, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) { logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok")); } else { throw new CertificateCoreException(timeStampMessagesBundle.getString("info.timestamp.hash.nok")); } } catch (TSPException | IOException | CMSException | OperatorCreationException | CertificateException ex) { throw new CertificateCoreException(ex.getMessage()); } }
From source file:org.signserver.client.cli.defaultimpl.TimeStampCommand.java
License:Open Source License
private void tsaPrintReply() throws Exception { final byte[] bytes = readFiletoBuffer(inrepstring); TimeStampResponse response = null;//from w w w. jav a 2 s .c o m out.println("Time-stamp response {"); try { response = new TimeStampResponse(bytes); out.println(" Status: " + response.getStatus()); out.println(" Status message: " + response.getStatusString()); } catch (TSPException ex) { out.println(" Not a response"); } if (response != null) { PKIFailureInfo failureInfo = response.getFailInfo(); if (failureInfo != null) { out.print(" Failure info: "); out.println(failureInfo.intValue()); } } final TimeStampToken token; if (response == null) { token = new TimeStampToken(new CMSSignedData(bytes)); } else { token = response.getTimeStampToken(); } if (token != null) { out.println(" Time-stamp token:"); TimeStampTokenInfo info = token.getTimeStampInfo(); if (info != null) { out.println(" Info:"); out.print(" " + "Accuracy: "); out.println(info.getAccuracy() != null ? info.getAccuracy() : "(null)"); out.print(" " + "Gen Time: "); out.println(info.getGenTime()); out.print(" " + "Gen Time Accuracy: "); out.println(info.getGenTimeAccuracy()); out.print(" " + "Message imprint digest: "); out.println(new String(Hex.encode(info.getMessageImprintDigest()))); out.print(" " + "Message imprint algorithm: "); out.println(info.getMessageImprintAlgOID()); out.print(" " + "Nonce: "); out.println(info.getNonce() != null ? info.getNonce().toString(16) : "(null)"); out.print(" " + "Serial Number: "); out.println(info.getSerialNumber() != null ? info.getSerialNumber().toString(16) : "(null)"); out.print(" " + "TSA: "); out.println(info.getTsa() != null ? info.getTsa() : "(null)"); out.print(" " + "Policy: "); out.println(info.getPolicy()); } out.println(" Signer ID: "); out.println(" Serial Number: " + token.getSID().getSerialNumber().toString(16)); out.println(" Issuer: " + token.getSID().getIssuer()); out.println(" Signer certificate: "); Store certs = token.getCertificates(); Selector signerSelector = new AttributeCertificateHolder(token.getSID().getIssuer(), token.getSID().getSerialNumber()); Collection certCollection = certs.getMatches(signerSelector); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } out.println(" Other certificates: "); certCollection = certs.getMatches(new InvertedSelector(signerSelector)); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } } out.println("}"); }
From source file:org.signserver.client.cli.defaultimpl.TimeStampCommand.java
License:Open Source License
private void tsaVerify() throws Exception { if (inrepstring == null) { LOG.error("Needs an inrep!"); } else if (signerfilestring == null) { LOG.error("Needs a signerfile!"); } else {/*from ww w .j a v a 2s .co m*/ final Collection<X509Certificate> col = getCertsFromPEM(signerfilestring); final X509Certificate[] list = (X509Certificate[]) col.toArray(new X509Certificate[0]); if (list.length == 0) { LOG.error("No certificate found in file: " + signerfilestring); return; } final byte[] b64Bytes = readFiletoBuffer(inrepstring); final byte[] replyBytes = Base64.decode(b64Bytes); final TimeStampResponse timeStampResponse = new TimeStampResponse(replyBytes); final TimeStampToken token = timeStampResponse.getTimeStampToken(); final SignerInformationVerifier infoVerifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider("BC").build(list[0]); token.validate(infoVerifier); LOG.info("Token was validated successfully."); final TimeStampTokenInfo info = token.getTimeStampInfo(); LOG.info("Token was generated on: " + info.getGenTime()); if (LOG.isDebugEnabled()) { if (info.getMessageImprintAlgOID().equals(TSPAlgorithms.SHA1)) { LOG.debug("Token hash alg: SHA1"); } else { LOG.debug("Token hash alg: " + info.getMessageImprintAlgOID()); } } final byte[] hexDigest = Hex.encode(info.getMessageImprintDigest()); LOG.info("MessageDigest=" + new String(hexDigest)); } }
From source file:xades4j.providers.impl.DefaultTimeStampVerificationProvider.java
License:Open Source License
@Override public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException { TimeStampToken tsToken;/* w ww . j a v a 2 s . co m*/ try { ASN1InputStream asn1is = new ASN1InputStream(timeStampToken); ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject()); asn1is.close(); tsToken = new TimeStampToken(tsContentInfo); } catch (IOException ex) { throw new TimeStampTokenStructureException("Error parsing encoded token", ex); } catch (TSPException ex) { throw new TimeStampTokenStructureException("Invalid token", ex); } X509Certificate tsaCert = null; try { /* Validate the TSA certificate */ LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>(); for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) { certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder)); } ValidationData vData = this.certificateValidationProvider.validate( x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs); tsaCert = vData.getCerts().get(0); } catch (CertificateException ex) { throw new TimeStampTokenVerificationException(ex.getMessage(), ex); } catch (XAdES4jException ex) { throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex); } try { tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert)); } catch (TSPValidationException ex) { throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex); } catch (Exception ex) { throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex); } org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo(); try { String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID()); MessageDigest md = messageDigestProvider.getEngine(digestAlgUri); if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) { throw new TimeStampTokenDigestException(); } } catch (UnsupportedAlgorithmException ex) { throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex); } return tsTokenInfo.getGenTime(); }