481 public AlgorithmId getDigestAlgorithmId() {
482 return digestAlgorithmId;
483 }
484
485 public PKCS9Attributes getAuthenticatedAttributes() {
486 return authenticatedAttributes;
487 }
488
489 public AlgorithmId getDigestEncryptionAlgorithmId() {
490 return digestEncryptionAlgorithmId;
491 }
492
493 public byte[] getEncryptedDigest() {
494 return encryptedDigest;
495 }
496
497 public PKCS9Attributes getUnauthenticatedAttributes() {
498 return unauthenticatedAttributes;
499 }
500
501 /*
502 * Extracts a timestamp from a PKCS7 SignerInfo.
503 *
504 * Examines the signer's unsigned attributes for a
505 * {@code signatureTimestampToken} attribute. If present,
506 * then it is parsed to extract the date and time at which the
507 * timestamp was generated.
508 *
509 * @param info A signer information element of a PKCS 7 block.
510 *
511 * @return A timestamp token or null if none is present.
512 * @throws IOException if an error is encountered while parsing the
513 * PKCS7 data.
514 * @throws NoSuchAlgorithmException if an error is encountered while
515 * verifying the PKCS7 object.
516 * @throws SignatureException if an error is encountered while
517 * verifying the PKCS7 object.
518 * @throws CertificateException if an error is encountered while generating
519 * the TSA's certpath.
520 */
521 public Timestamp getTimestamp()
522 throws IOException, NoSuchAlgorithmException, SignatureException,
523 CertificateException
524 {
525 if (timestamp != null || !hasTimestamp)
526 return timestamp;
527
528 if (unauthenticatedAttributes == null) {
529 hasTimestamp = false;
530 return null;
531 }
532 PKCS9Attribute tsTokenAttr =
533 unauthenticatedAttributes.getAttribute(
534 PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
535 if (tsTokenAttr == null) {
536 hasTimestamp = false;
537 return null;
538 }
539
540 PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue());
541 // Extract the content (an encoded timestamp token info)
542 byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
543 // Extract the signer (the Timestamping Authority)
544 // while verifying the content
545 SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
546 // Expect only one signer
547 ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken);
548 CertificateFactory cf = CertificateFactory.getInstance("X.509");
549 CertPath tsaChain = cf.generateCertPath(chain);
550 // Create a timestamp token info object
551 TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
552 // Check that the signature timestamp applies to this signature
553 verifyTimestamp(tsTokenInfo);
554 // Create a timestamp object
555 timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
556 return timestamp;
557 }
558
559 /*
560 * Check that the signature timestamp applies to this signature.
|
481 public AlgorithmId getDigestAlgorithmId() {
482 return digestAlgorithmId;
483 }
484
485 public PKCS9Attributes getAuthenticatedAttributes() {
486 return authenticatedAttributes;
487 }
488
489 public AlgorithmId getDigestEncryptionAlgorithmId() {
490 return digestEncryptionAlgorithmId;
491 }
492
493 public byte[] getEncryptedDigest() {
494 return encryptedDigest;
495 }
496
497 public PKCS9Attributes getUnauthenticatedAttributes() {
498 return unauthenticatedAttributes;
499 }
500
501 /**
502 * Returns the timestamp PKCS7 data unverified.
503 * @return a PKCS7 object
504 */
505 public PKCS7 getTsToken() throws IOException {
506 if (unauthenticatedAttributes == null) {
507 return null;
508 }
509 PKCS9Attribute tsTokenAttr =
510 unauthenticatedAttributes.getAttribute(
511 PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
512 if (tsTokenAttr == null) {
513 return null;
514 }
515 return new PKCS7((byte[])tsTokenAttr.getValue());
516 }
517
518 /*
519 * Extracts a timestamp from a PKCS7 SignerInfo.
520 *
521 * Examines the signer's unsigned attributes for a
522 * {@code signatureTimestampToken} attribute. If present,
523 * then it is parsed to extract the date and time at which the
524 * timestamp was generated.
525 *
526 * @param info A signer information element of a PKCS 7 block.
527 *
528 * @return A timestamp token or null if none is present.
529 * @throws IOException if an error is encountered while parsing the
530 * PKCS7 data.
531 * @throws NoSuchAlgorithmException if an error is encountered while
532 * verifying the PKCS7 object.
533 * @throws SignatureException if an error is encountered while
534 * verifying the PKCS7 object.
535 * @throws CertificateException if an error is encountered while generating
536 * the TSA's certpath.
537 */
538 public Timestamp getTimestamp()
539 throws IOException, NoSuchAlgorithmException, SignatureException,
540 CertificateException
541 {
542 if (timestamp != null || !hasTimestamp)
543 return timestamp;
544
545 PKCS7 tsToken = getTsToken();
546 if (tsToken == null) {
547 hasTimestamp = false;
548 return null;
549 }
550
551 // Extract the content (an encoded timestamp token info)
552 byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
553 // Extract the signer (the Timestamping Authority)
554 // while verifying the content
555 SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
556 // Expect only one signer
557 ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken);
558 CertificateFactory cf = CertificateFactory.getInstance("X.509");
559 CertPath tsaChain = cf.generateCertPath(chain);
560 // Create a timestamp token info object
561 TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
562 // Check that the signature timestamp applies to this signature
563 verifyTimestamp(tsTokenInfo);
564 // Create a timestamp object
565 timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
566 return timestamp;
567 }
568
569 /*
570 * Check that the signature timestamp applies to this signature.
|