You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
276 lines
8.8 KiB
276 lines
8.8 KiB
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR) |
|
#pragma warning disable |
|
using System; |
|
using System.Collections; |
|
using System.IO; |
|
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Cmp; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Cms; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Tsp; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Math; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Date; |
|
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Tsp |
|
{ |
|
/** |
|
* Generator for RFC 3161 Time Stamp Responses. |
|
*/ |
|
public class TimeStampResponseGenerator |
|
{ |
|
private PkiStatus status; |
|
|
|
private Asn1EncodableVector statusStrings; |
|
|
|
private int failInfo; |
|
private TimeStampTokenGenerator tokenGenerator; |
|
private IList acceptedAlgorithms; |
|
private IList acceptedPolicies; |
|
private IList acceptedExtensions; |
|
|
|
public TimeStampResponseGenerator( |
|
TimeStampTokenGenerator tokenGenerator, |
|
IList acceptedAlgorithms) |
|
: this(tokenGenerator, acceptedAlgorithms, null, null) |
|
{ |
|
} |
|
|
|
public TimeStampResponseGenerator( |
|
TimeStampTokenGenerator tokenGenerator, |
|
IList acceptedAlgorithms, |
|
IList acceptedPolicy) |
|
: this(tokenGenerator, acceptedAlgorithms, acceptedPolicy, null) |
|
{ |
|
} |
|
|
|
public TimeStampResponseGenerator( |
|
TimeStampTokenGenerator tokenGenerator, |
|
IList acceptedAlgorithms, |
|
IList acceptedPolicies, |
|
IList acceptedExtensions) |
|
{ |
|
this.tokenGenerator = tokenGenerator; |
|
this.acceptedAlgorithms = acceptedAlgorithms; |
|
this.acceptedPolicies = acceptedPolicies; |
|
this.acceptedExtensions = acceptedExtensions; |
|
|
|
statusStrings = new Asn1EncodableVector(); |
|
} |
|
|
|
private void AddStatusString(string statusString) |
|
{ |
|
statusStrings.Add(new DerUtf8String(statusString)); |
|
} |
|
|
|
private void SetFailInfoField(int field) |
|
{ |
|
failInfo |= field; |
|
} |
|
|
|
private PkiStatusInfo GetPkiStatusInfo() |
|
{ |
|
Asn1EncodableVector v = new Asn1EncodableVector( |
|
new DerInteger((int)status)); |
|
|
|
if (statusStrings.Count > 0) |
|
{ |
|
v.Add(new PkiFreeText(new DerSequence(statusStrings))); |
|
} |
|
|
|
if (failInfo != 0) |
|
{ |
|
v.Add(new FailInfo(failInfo)); |
|
} |
|
|
|
return new PkiStatusInfo(new DerSequence(v)); |
|
} |
|
|
|
public TimeStampResponse Generate( |
|
TimeStampRequest request, |
|
BigInteger serialNumber, |
|
DateTime genTime) |
|
{ |
|
return Generate(request, serialNumber, new DateTimeObject(genTime)); |
|
} |
|
|
|
/** |
|
* Return an appropriate TimeStampResponse. |
|
* <p> |
|
* If genTime is null a timeNotAvailable error response will be returned. |
|
* |
|
* @param request the request this response is for. |
|
* @param serialNumber serial number for the response token. |
|
* @param genTime generation time for the response token. |
|
* @param provider provider to use for signature calculation. |
|
* @return |
|
* @throws NoSuchAlgorithmException |
|
* @throws NoSuchProviderException |
|
* @throws TSPException |
|
* </p> |
|
*/ |
|
public TimeStampResponse Generate( |
|
TimeStampRequest request, |
|
BigInteger serialNumber, |
|
DateTimeObject genTime) |
|
{ |
|
TimeStampResp resp; |
|
|
|
try |
|
{ |
|
if (genTime == null) |
|
throw new TspValidationException("The time source is not available.", |
|
PkiFailureInfo.TimeNotAvailable); |
|
|
|
request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions); |
|
|
|
this.status = PkiStatus.Granted; |
|
this.AddStatusString("Operation Okay"); |
|
|
|
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); |
|
|
|
ContentInfo tstTokenContentInfo; |
|
try |
|
{ |
|
TimeStampToken token = tokenGenerator.Generate(request, serialNumber, genTime.Value); |
|
byte[] encoded = token.ToCmsSignedData().GetEncoded(); |
|
|
|
tstTokenContentInfo = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded)); |
|
} |
|
catch (IOException e) |
|
{ |
|
throw new TspException("Timestamp token received cannot be converted to ContentInfo", e); |
|
} |
|
|
|
resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo); |
|
} |
|
catch (TspValidationException e) |
|
{ |
|
status = PkiStatus.Rejection; |
|
|
|
this.SetFailInfoField(e.FailureCode); |
|
this.AddStatusString(e.Message); |
|
|
|
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); |
|
|
|
resp = new TimeStampResp(pkiStatusInfo, null); |
|
} |
|
|
|
try |
|
{ |
|
return new TimeStampResponse(resp); |
|
} |
|
catch (IOException e) |
|
{ |
|
throw new TspException("created badly formatted response!", e); |
|
} |
|
} |
|
|
|
|
|
public TimeStampResponse GenerateGrantedResponse( |
|
TimeStampRequest request, |
|
BigInteger serialNumber, |
|
DateTimeObject genTime, |
|
String statusString, |
|
X509Extensions additionalExtensions) |
|
{ |
|
TimeStampResp resp; |
|
|
|
try |
|
{ |
|
if (genTime == null) |
|
throw new TspValidationException("The time source is not available.", |
|
PkiFailureInfo.TimeNotAvailable); |
|
|
|
request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions); |
|
|
|
this.status = PkiStatus.Granted; |
|
this.AddStatusString(statusString); |
|
|
|
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); |
|
|
|
ContentInfo tstTokenContentInfo; |
|
try |
|
{ |
|
TimeStampToken token = tokenGenerator.Generate(request, serialNumber, genTime.Value,additionalExtensions); |
|
byte[] encoded = token.ToCmsSignedData().GetEncoded(); |
|
|
|
tstTokenContentInfo = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded)); |
|
} |
|
catch (IOException e) |
|
{ |
|
throw new TspException("Timestamp token received cannot be converted to ContentInfo", e); |
|
} |
|
|
|
resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo); |
|
} |
|
catch (TspValidationException e) |
|
{ |
|
status = PkiStatus.Rejection; |
|
|
|
this.SetFailInfoField(e.FailureCode); |
|
this.AddStatusString(e.Message); |
|
|
|
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); |
|
|
|
resp = new TimeStampResp(pkiStatusInfo, null); |
|
} |
|
|
|
try |
|
{ |
|
return new TimeStampResponse(resp); |
|
} |
|
catch (IOException e) |
|
{ |
|
throw new TspException("created badly formatted response!", e); |
|
} |
|
} |
|
|
|
|
|
|
|
class FailInfo |
|
: DerBitString |
|
{ |
|
internal FailInfo(int failInfoValue) |
|
: base(failInfoValue) |
|
{ |
|
} |
|
} |
|
|
|
/** |
|
* Generate a TimeStampResponse with chosen status and FailInfoField. |
|
* |
|
* @param status the PKIStatus to set. |
|
* @param failInfoField the FailInfoField to set. |
|
* @param statusString an optional string describing the failure. |
|
* @return a TimeStampResponse with a failInfoField and optional statusString |
|
* @throws TSPException in case the response could not be created |
|
*/ |
|
public TimeStampResponse GenerateFailResponse(PkiStatus status, int failInfoField, string statusString) |
|
{ |
|
this.status = status; |
|
|
|
this.SetFailInfoField(failInfoField); |
|
|
|
if (statusString != null) |
|
{ |
|
this.AddStatusString(statusString); |
|
} |
|
|
|
PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); |
|
|
|
TimeStampResp resp = new TimeStampResp(pkiStatusInfo, null); |
|
|
|
try |
|
{ |
|
return new TimeStampResponse(resp); |
|
} |
|
catch (IOException e) |
|
{ |
|
throw new TspException("created badly formatted response!", e); |
|
} |
|
} |
|
} |
|
} |
|
#pragma warning restore |
|
#endif
|
|
|