Example usage for org.bouncycastle.tsp TimeStampTokenInfo getNonce

Introduction

In this page you can find the example usage for org.bouncycastle.tsp TimeStampTokenInfo getNonce.

Prototype

public BigInteger getNonce() 

Source Link

Usage

From source file:be.apsu.extremon.probes.tsp.TSPProbe.java

License:Open Source License

public void probe_forever() {
    double start = 0, end = 0;
    BigInteger requestNonce;/*ww  w .  j a v a2 s . c  o m*/
    byte[] requestHashedMessage = new byte[20];
    List<String> comments = new ArrayList<String>();
    STATE result = STATE.OK;

    log("running");

    this.running = true;
    while (this.running) {
        comments.clear();
        this.random.nextBytes(requestHashedMessage);
        requestNonce = new BigInteger(512, this.random);
        TimeStampRequest request = requestGenerator.generate(TSPAlgorithms.SHA1, requestHashedMessage,
                requestNonce);

        end = 0;
        start = System.currentTimeMillis();

        try {
            TimeStampResponse response = probe(request);

            switch (response.getStatus()) {
            case PKIStatus.GRANTED:
                comments.add("granted");
                result = STATE.OK;
                break;
            case PKIStatus.GRANTED_WITH_MODS:
                comments.add("granted with modifications");
                result = STATE.WARNING;
                break;
            case PKIStatus.REJECTION:
                comments.add("rejected");
                result = STATE.ALERT;
                break;
            case PKIStatus.WAITING:
                comments.add("waiting");
                result = STATE.ALERT;
                break;
            case PKIStatus.REVOCATION_WARNING:
                comments.add("revocation warning");
                result = STATE.WARNING;
                break;
            case PKIStatus.REVOCATION_NOTIFICATION:
                comments.add("revocation notification");
                result = STATE.ALERT;
                break;
            default:
                comments.add("response outside RFC3161");
                result = STATE.ALERT;
                break;
            }

            if (response.getStatus() >= 2)
                comments.add(response.getFailInfo() != null ? response.getFailInfo().getString()
                        : "(missing failinfo)");

            if (response.getStatusString() != null)
                comments.add(response.getStatusString());

            end = System.currentTimeMillis();
            TimeStampToken timestampToken = response.getTimeStampToken();

            timestampToken.validate(this.signerVerifier);
            comments.add("validated");

            AttributeTable table = timestampToken.getSignedAttributes();
            TimeStampTokenInfo tokenInfo = timestampToken.getTimeStampInfo();
            BigInteger responseNonce = tokenInfo.getNonce();
            byte[] responseHashedMessage = tokenInfo.getMessageImprintDigest();
            long genTimeSeconds = (tokenInfo.getGenTime().getTime()) / 1000;
            long currentTimeSeconds = (long) (start + ((end - start) / 2)) / 1000;

            put("clockskew", (genTimeSeconds - currentTimeSeconds) * 1000);

            if (Math.abs((genTimeSeconds - currentTimeSeconds)) > 1) {
                comments.add("clock skew > 1s");
                result = STATE.ALERT;
            }

            Store responseCertificatesStore = timestampToken.toCMSSignedData().getCertificates();
            @SuppressWarnings("unchecked")
            Collection<X509CertificateHolder> certs = responseCertificatesStore.getMatches(null);
            for (X509CertificateHolder certificate : certs) {
                AlgorithmIdentifier sigalg = certificate.getSignatureAlgorithm();
                if (!(oidsAllowed.contains(sigalg.getAlgorithm().getId()))) {
                    String cleanDn = certificate.getSubject().toString().replace("=", ":");
                    comments.add("signature cert \"" + cleanDn + "\" signed using "
                            + getName(sigalg.getAlgorithm().getId()));
                    result = STATE.ALERT;
                }
            }

            if (!responseNonce.equals(requestNonce)) {
                comments.add("nonce modified");
                result = STATE.ALERT;
            }

            if (!Arrays.equals(responseHashedMessage, requestHashedMessage)) {
                comments.add("hashed message modified");
                result = STATE.ALERT;
            }

            if (table.get(PKCSObjectIdentifiers.id_aa_signingCertificate) == null) {
                comments.add("signingcertificate missing");
                result = STATE.ALERT;
            }
        } catch (TSPException tspEx) {
            comments.add("validation failed");
            comments.add("tspexception-" + tspEx.getMessage().toLowerCase());
            result = STATE.ALERT;
        } catch (IOException iox) {
            comments.add("unable to obtain response");
            comments.add("ioexception-" + iox.getMessage().toLowerCase());
            result = STATE.ALERT;
        } catch (Exception ex) {
            comments.add("unhandled exception");
            result = STATE.ALERT;
        } finally {
            if (end == 0)
                end = System.currentTimeMillis();
        }

        put(RESULT_SUFFIX, result);
        put(RESULT_COMMENT_SUFFIX, StringUtils.join(comments, "|"));
        put("responsetime", (end - start));

        try {
            Thread.sleep(this.delay);
        } catch (InterruptedException ex) {
            log("interrupted");
        }
    }
}

---

From source file:org.signserver.client.cli.defaultimpl.TimeStampCommand.java

License:Open Source License

private void tsaPrintReply() throws Exception {
    final byte[] bytes = readFiletoBuffer(inrepstring);

    TimeStampResponse response = null;/*from  w ww .  j  ava  2  s .  c  o  m*/
    out.println("Time-stamp response {");
    try {
        response = new TimeStampResponse(bytes);
        out.println("  Status:                           " + response.getStatus());
        out.println("  Status message:                   " + response.getStatusString());
    } catch (TSPException ex) {
        out.println("  Not a response");
    }
    if (response != null) {
        PKIFailureInfo failureInfo = response.getFailInfo();
        if (failureInfo != null) {
            out.print("  Failure info:                          ");
            out.println(failureInfo.intValue());
        }
    }

    final TimeStampToken token;
    if (response == null) {
        token = new TimeStampToken(new CMSSignedData(bytes));
    } else {
        token = response.getTimeStampToken();
    }
    if (token != null) {
        out.println("  Time-stamp token:");
        TimeStampTokenInfo info = token.getTimeStampInfo();
        if (info != null) {
            out.println("      Info:");
            out.print("         " + "Accuracy:                  ");
            out.println(info.getAccuracy() != null ? info.getAccuracy() : "(null)");

            out.print("         " + "Gen Time:                  ");
            out.println(info.getGenTime());

            out.print("         " + "Gen Time Accuracy:         ");
            out.println(info.getGenTimeAccuracy());

            out.print("         " + "Message imprint digest:    ");
            out.println(new String(Hex.encode(info.getMessageImprintDigest())));

            out.print("         " + "Message imprint algorithm: ");
            out.println(info.getMessageImprintAlgOID());

            out.print("         " + "Nonce:                     ");
            out.println(info.getNonce() != null ? info.getNonce().toString(16) : "(null)");

            out.print("         " + "Serial Number:             ");
            out.println(info.getSerialNumber() != null ? info.getSerialNumber().toString(16) : "(null)");

            out.print("         " + "TSA:                       ");
            out.println(info.getTsa() != null ? info.getTsa() : "(null)");

            out.print("         " + "Policy:                    ");
            out.println(info.getPolicy());
        }
        out.println("      Signer ID: ");
        out.println("         Serial Number:             " + token.getSID().getSerialNumber().toString(16));
        out.println("         Issuer:                    " + token.getSID().getIssuer());

        out.println("      Signer certificate:           ");

        Store certs = token.getCertificates();
        Selector signerSelector = new AttributeCertificateHolder(token.getSID().getIssuer(),
                token.getSID().getSerialNumber());

        Collection certCollection = certs.getMatches(signerSelector);
        for (Object o : certCollection) {
            if (o instanceof X509CertificateHolder) {
                X509CertificateHolder cert = (X509CertificateHolder) o;
                out.println("         Certificate: ");
                out.println("            Serial Number:          " + cert.getSerialNumber().toString(16));
                out.println("            Subject:                " + cert.getSubject());
                out.println("            Issuer:                 " + cert.getIssuer());
            } else {
                out.println("Not an X.509 certificate: " + o);
            }
        }

        out.println("      Other certificates: ");
        certCollection = certs.getMatches(new InvertedSelector(signerSelector));
        for (Object o : certCollection) {
            if (o instanceof X509CertificateHolder) {
                X509CertificateHolder cert = (X509CertificateHolder) o;
                out.println("         Certificate: ");
                out.println("            Serial Number:          " + cert.getSerialNumber().toString(16));
                out.println("            Subject:                " + cert.getSubject());
                out.println("            Issuer:                 " + cert.getIssuer());
            } else {
                out.println("Not an X.509 certificate: " + o);
            }
        }
    }
    out.println("}");
}

---