List of usage examples for org.bouncycastle.tsp TSPAlgorithms SHA1
ASN1ObjectIdentifier SHA1
To view the source code for org.bouncycastle.tsp TSPAlgorithms SHA1.
Click Source Link
From source file:be.apsu.extremon.probes.tsp.TSPProbe.java
License:Open Source License
public void probe_forever() { double start = 0, end = 0; BigInteger requestNonce;//from w w w . j a va 2s . co m byte[] requestHashedMessage = new byte[20]; List<String> comments = new ArrayList<String>(); STATE result = STATE.OK; log("running"); this.running = true; while (this.running) { comments.clear(); this.random.nextBytes(requestHashedMessage); requestNonce = new BigInteger(512, this.random); TimeStampRequest request = requestGenerator.generate(TSPAlgorithms.SHA1, requestHashedMessage, requestNonce); end = 0; start = System.currentTimeMillis(); try { TimeStampResponse response = probe(request); switch (response.getStatus()) { case PKIStatus.GRANTED: comments.add("granted"); result = STATE.OK; break; case PKIStatus.GRANTED_WITH_MODS: comments.add("granted with modifications"); result = STATE.WARNING; break; case PKIStatus.REJECTION: comments.add("rejected"); result = STATE.ALERT; break; case PKIStatus.WAITING: comments.add("waiting"); result = STATE.ALERT; break; case PKIStatus.REVOCATION_WARNING: comments.add("revocation warning"); result = STATE.WARNING; break; case PKIStatus.REVOCATION_NOTIFICATION: comments.add("revocation notification"); result = STATE.ALERT; break; default: comments.add("response outside RFC3161"); result = STATE.ALERT; break; } if (response.getStatus() >= 2) comments.add(response.getFailInfo() != null ? response.getFailInfo().getString() : "(missing failinfo)"); if (response.getStatusString() != null) comments.add(response.getStatusString()); end = System.currentTimeMillis(); TimeStampToken timestampToken = response.getTimeStampToken(); timestampToken.validate(this.signerVerifier); comments.add("validated"); AttributeTable table = timestampToken.getSignedAttributes(); TimeStampTokenInfo tokenInfo = timestampToken.getTimeStampInfo(); BigInteger responseNonce = tokenInfo.getNonce(); byte[] responseHashedMessage = tokenInfo.getMessageImprintDigest(); long genTimeSeconds = (tokenInfo.getGenTime().getTime()) / 1000; long currentTimeSeconds = (long) (start + ((end - start) / 2)) / 1000; put("clockskew", (genTimeSeconds - currentTimeSeconds) * 1000); if (Math.abs((genTimeSeconds - currentTimeSeconds)) > 1) { comments.add("clock skew > 1s"); result = STATE.ALERT; } Store responseCertificatesStore = timestampToken.toCMSSignedData().getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certs = responseCertificatesStore.getMatches(null); for (X509CertificateHolder certificate : certs) { AlgorithmIdentifier sigalg = certificate.getSignatureAlgorithm(); if (!(oidsAllowed.contains(sigalg.getAlgorithm().getId()))) { String cleanDn = certificate.getSubject().toString().replace("=", ":"); comments.add("signature cert \"" + cleanDn + "\" signed using " + getName(sigalg.getAlgorithm().getId())); result = STATE.ALERT; } } if (!responseNonce.equals(requestNonce)) { comments.add("nonce modified"); result = STATE.ALERT; } if (!Arrays.equals(responseHashedMessage, requestHashedMessage)) { comments.add("hashed message modified"); result = STATE.ALERT; } if (table.get(PKCSObjectIdentifiers.id_aa_signingCertificate) == null) { comments.add("signingcertificate missing"); result = STATE.ALERT; } } catch (TSPException tspEx) { comments.add("validation failed"); comments.add("tspexception-" + tspEx.getMessage().toLowerCase()); result = STATE.ALERT; } catch (IOException iox) { comments.add("unable to obtain response"); comments.add("ioexception-" + iox.getMessage().toLowerCase()); result = STATE.ALERT; } catch (Exception ex) { comments.add("unhandled exception"); result = STATE.ALERT; } finally { if (end == 0) end = System.currentTimeMillis(); } put(RESULT_SUFFIX, result); put(RESULT_COMMENT_SUFFIX, StringUtils.join(comments, "|")); put("responsetime", (end - start)); try { Thread.sleep(this.delay); } catch (InterruptedException ex) { log("interrupted"); } } }
From source file:be.fedict.eid.applet.service.signer.time.TSPTimeStampService.java
License:Open Source License
/** * Main constructor./* www .ja v a 2 s.c o m*/ * * @param tspServiceUrl * the URL of the TSP service. * @param validator * the trust validator used to validate incoming TSP response * signatures. * @param requestPolicy * the optional TSP request policy. * @param userAgent * the optional User-Agent TSP request header value. */ public TSPTimeStampService(String tspServiceUrl, TimeStampServiceValidator validator, String requestPolicy, String userAgent) { if (null == tspServiceUrl) { throw new IllegalArgumentException("TSP service URL required"); } this.tspServiceUrl = tspServiceUrl; if (null == validator) { throw new IllegalArgumentException("TSP validator required"); } this.validator = validator; this.requestPolicy = requestPolicy; if (null != userAgent) { this.userAgent = userAgent; } else { this.userAgent = DEFAULT_USER_AGENT; } this.digestAlgo = "SHA-1"; this.digestAlgoOid = TSPAlgorithms.SHA1; }
From source file:be.fedict.eid.applet.service.signer.time.TSPTimeStampService.java
License:Open Source License
/** * Sets the digest algorithm used for time-stamping data. Example value: * "SHA-1"./* w w w. j a v a 2 s . c om*/ * * @param digestAlgo */ public void setDigestAlgo(String digestAlgo) { if ("SHA-1".equals(digestAlgo)) { this.digestAlgoOid = TSPAlgorithms.SHA1; } else if ("SHA-256".equals(digestAlgo)) { this.digestAlgoOid = TSPAlgorithms.SHA256; } else if ("SHA-384".equals(digestAlgo)) { this.digestAlgoOid = TSPAlgorithms.SHA384; } else if ("SHA-512".equals(digestAlgo)) { this.digestAlgoOid = TSPAlgorithms.SHA512; } else { throw new IllegalArgumentException("unsupported digest algo: " + digestAlgo); } this.digestAlgo = digestAlgo; }
From source file:be.fedict.trust.service.util.ClockDriftUtil.java
License:Open Source License
public static Date executeTSP(ClockDriftConfigEntity clockDriftConfig, NetworkConfig networkConfig) throws IOException, TSPException { LOG.debug("clock drift detection: " + clockDriftConfig.toString()); TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestData = request.getEncoded(); HttpClient httpClient = new HttpClient(); if (null != networkConfig) { httpClient.getHostConfiguration().setProxy(networkConfig.getProxyHost(), networkConfig.getProxyPort()); }/*from ww w. j a v a 2 s . c o m*/ PostMethod postMethod = new PostMethod(clockDriftConfig.getServer()); postMethod.setRequestEntity(new ByteArrayRequestEntity(requestData, "application/timestamp-query")); int statusCode = httpClient.executeMethod(postMethod); if (statusCode != HttpStatus.SC_OK) { throw new TSPException("Error contacting TSP server " + clockDriftConfig.getServer()); } TimeStampResponse tspResponse = new TimeStampResponse(postMethod.getResponseBodyAsStream()); postMethod.releaseConnection(); return tspResponse.getTimeStampToken().getTimeStampInfo().getGenTime(); }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain) throws Exception { Store certs = new JcaCertStore(certificateChain); TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); requestGen.setCertReq(true);//from www .ja v a2s .c om TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)), new JcaDigestCalculatorProviderBuilder().build().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), new ASN1ObjectIdentifier("1.2")); tsTokenGen.addCertificates(certs); return tsTokenGen.generate(request, BigInteger.ONE, new Date()); }
From source file:br.gov.jfrj.siga.cd.TimeStamper.java
License:Open Source License
public static TimeStampToken gerarCarimboTempo(byte[] assinatura) throws URISyntaxException, IOException, TSPException, NoSuchAlgorithmException { TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); reqGen.setCertReq(true);/*from ww w. j a v a 2 s.c o m*/ log.info("Criando requisio para recuperar carimbo"); MessageDigest md = MessageDigest.getInstance("SHA"); md.update(assinatura); assinatura = md.digest(); TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, assinatura); log.info("Enviando requisio para " + SERVIDOR_CARIMBO); TimeStampResponse response = sendRequest(request, SERVIDOR_CARIMBO); response.validate(request); TimeStampToken respToken = response.getTimeStampToken(); byte[] token = respToken.getEncoded(); if (token == null) { throw new TSPException("Nenhum token retornado"); } log.info("Recebidos " + token.length + " bytes do carimbador"); return respToken; }
From source file:br.gov.jfrj.siga.cd.TimeStamper.java
License:Open Source License
/** * @param args/* w w w . java 2s. co m*/ * @throws Exception */ public static void main_old(String[] args) throws Exception { TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); // Dummy request for sha1 // Sha256 "2.16.840.1.101.3.4.2.1", // TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] reqData = request.getEncoded(); URL url; URLConnection urlConn; DataOutputStream printout; DataInputStream input; Properties systemProperties = System.getProperties(); systemProperties.setProperty("http.proxyHost", SigaCdProperties.getProxyHost()); systemProperties.setProperty("http.proxyPort", SigaCdProperties.getProxyPort()); // URL of CGI-Bin script. // url = new URL("http://www.cryptopro.ru/tsp/tsp.srf"); url = new URL("http://201.41.100.134:318"); // URL connection channel. urlConn = url.openConnection(); // Let the run-time system (RTS) know that we want input. urlConn.setDoInput(true); // Let the RTS know that we want to do output. urlConn.setDoOutput(true); // No caching, we want the real thing. urlConn.setUseCaches(false); // Specify the content type. urlConn.setRequestProperty("Content-Type", "application/timestamp-query"); urlConn.setRequestProperty("Content-Length", String.valueOf(reqData.length)); // Send POST output. printout = new DataOutputStream(urlConn.getOutputStream()); printout.write(reqData); printout.flush(); printout.close(); // Get response data. input = new DataInputStream(urlConn.getInputStream()); TimeStampResponse response = new TimeStampResponse(input); input.close(); TimeStampToken tsToken = response.getTimeStampToken(); // tsToken.validate(cert, "BC"); // // check validation // response.validate(request); return; }
From source file:br.gov.jfrj.siga.cd.TimeStamper.java
License:Open Source License
private static TimeStampToken getTimeStampToken(byte[] content) throws Exception { TimeStampToken tsToken;//w w w .j a va 2 s. co m boolean fSTF = true; if (!fSTF) { TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); reqGen.setCertReq(true); MessageDigest md = MessageDigest.getInstance("SHA1"); md.update(content); byte[] assinatura = md.digest(); TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, assinatura); // TimeStampRequestGenerator reqGen = new // TimeStampRequestGenerator(); // // // request TSA to return certificate // reqGen.setCertReq(true); // // // Dummy request for sha1 // // Sha256 "2.16.840.1.101.3.4.2.1", // // TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, // MessageDigest.getInstance("SHA").digest(content)); byte[] reqData = request.getEncoded(); URL url; URLConnection urlConn; DataOutputStream printout; DataInputStream input; Properties systemProperties = System.getProperties(); systemProperties.setProperty("http.proxyHost", SigaCdProperties.getProxyHost()); systemProperties.setProperty("http.proxyPort", SigaCdProperties.getProxyPort()); // URL of CGI-Bin script. //url = new URL("http://www.edelweb.fr/cgi-bin/service-tsp"); url = new URL(SigaCdProperties.getTSPUrl()); // url = new URL("http://www.cryptopro.ru/tsp/tsp.srf"); // url = new URL("http://ns.szikszi.hu:8080/tsa"); // url = new URL("http://time.certum.pl/"); // URL connection channel. urlConn = url.openConnection(); // Let the run-time system (RTS) know that we want input. urlConn.setDoInput(true); // Let the RTS know that we want to do output. urlConn.setDoOutput(true); // No caching, we want the real thing. urlConn.setUseCaches(false); // Specify the content type. urlConn.setRequestProperty("Content-Type", "application/timestamp-query"); urlConn.setRequestProperty("Content-Length", String.valueOf(reqData.length)); // Send POST output. printout = new DataOutputStream(urlConn.getOutputStream()); printout.write(reqData); printout.flush(); printout.close(); // Get response data. input = new DataInputStream(urlConn.getInputStream()); // byte[] ba = streamToByteArray(input); TimeStampResponse response = new TimeStampResponse(input); input.close(); tsToken = response.getTimeStampToken(); } else { tsToken = gerarCarimboTempo(content); } SignerId signer_id = tsToken.getSID(); BigInteger cert_serial_number = signer_id.getSerialNumber(); System.out.println("Signer ID serial " + signer_id.getSerialNumber()); System.out.println("Signer ID issuer " + signer_id.getIssuer().toString()); Store cs = tsToken.getCertificates(); Collection certs = cs.getMatches(null); Iterator iter = certs.iterator(); X509Certificate certificate = null; while (iter.hasNext()) { X509Certificate cert = (X509Certificate) iter.next(); if (cert_serial_number != null) { if (cert.getSerialNumber().equals(cert_serial_number)) { System.out.println("using certificate with serial: " + cert.getSerialNumber()); System.out.println( "using certificate with base 64: " + Base64.encode(cert.getEncoded()) + "\n\n"); certificate = cert; } } else { if (certificate == null) { certificate = cert; } } System.out.println("Certificate subject dn " + cert.getSubjectDN()); System.out.println("Certificate serial " + cert.getSerialNumber()); } // Nato: validao do carimbo de tempo est desabilitada porque existe // um problema no certificado do STF if (!fSTF) tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate)); System.out.println("TS info " + tsToken.getTimeStampInfo().getGenTime()); System.out.println("TS info " + tsToken.getTimeStampInfo()); System.out.println("TS info " + tsToken.getTimeStampInfo().getAccuracy()); System.out.println("TS info " + tsToken.getTimeStampInfo().getNonce()); return tsToken; }
From source file:controller.Controller.java
private void getap() throws IOException, ParserConfigurationException, SAXException, TSPException { String xmlFilePath = "sign.xml"; DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder docBuilder = factory.newDocumentBuilder(); Document document = docBuilder.parse(new File(xmlFilePath)); Node signatureValueElement = document.getElementsByTagName("ds:SignatureValue").item(0); String out = signatureValueElement.getChildNodes().item(0).getNodeValue(); byte[] signatureValue = out.getBytes(); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); reqGen.setCertReq(true);//from www.j av a2 s .c om TimeStampRequest tsReq = reqGen.generate(TSPAlgorithms.SHA1, signatureValue); byte[] tsData = tsReq.getEncoded(); String base64data = Base64.toBase64String(tsData); TS ts = new TS(); TSSoap soap = ts.getTSSoap(); String timestamp = soap.getTimestamp(base64data); if (timestamp == null) throw new WebServiceException("Webov sluba nedostupn"); byte[] responseB64 = timestamp.getBytes(); TimeStampResponse tsRes = new TimeStampResponse(Base64.decode(responseB64)); String decodedTimestamp = Base64.toBase64String(tsRes.getTimeStampToken().getEncoded()); System.out.println(decodedTimestamp); }
From source file:es.mityc.firmaJava.ts.TSPAlgoritmos.java
License:LGPL
public static String getAlgName(String oid) { if (TSPAlgorithms.SHA1.equals(oid)) return SHA1; else if (TSPAlgorithms.SHA256.equals(oid)) return SHA2; else if (TSPAlgorithms.SHA224.equals(oid)) return SHA224; else if (TSPAlgorithms.SHA256.equals(oid)) return SHA256; else if (TSPAlgorithms.SHA384.equals(oid)) return SHA384; else if (TSPAlgorithms.SHA512.equals(oid)) return SHA512; return oid;/*from w w w .j a va2 s. c o m*/ }