250 lines
6.3 KiB
C#
250 lines
6.3 KiB
C#
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
|
#pragma warning disable
|
|
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Ess;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Tsp;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Cms;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Math;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security.Certificates;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509;
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509.Store;
|
|
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Tsp
|
|
{
|
|
public class TimeStampTokenGenerator
|
|
{
|
|
private int accuracySeconds = -1;
|
|
private int accuracyMillis = -1;
|
|
private int accuracyMicros = -1;
|
|
private bool ordering = false;
|
|
private GeneralName tsa = null;
|
|
private string tsaPolicyOID;
|
|
|
|
private AsymmetricKeyParameter key;
|
|
private X509Certificate cert;
|
|
private string digestOID;
|
|
private Asn1.Cms.AttributeTable signedAttr;
|
|
private Asn1.Cms.AttributeTable unsignedAttr;
|
|
private IX509Store x509Certs;
|
|
private IX509Store x509Crls;
|
|
|
|
/**
|
|
* basic creation - only the default attributes will be included here.
|
|
*/
|
|
public TimeStampTokenGenerator(
|
|
AsymmetricKeyParameter key,
|
|
X509Certificate cert,
|
|
string digestOID,
|
|
string tsaPolicyOID)
|
|
: this(key, cert, digestOID, tsaPolicyOID, null, null)
|
|
{
|
|
}
|
|
|
|
/**
|
|
* create with a signer with extra signed/unsigned attributes.
|
|
*/
|
|
public TimeStampTokenGenerator(
|
|
AsymmetricKeyParameter key,
|
|
X509Certificate cert,
|
|
string digestOID,
|
|
string tsaPolicyOID,
|
|
Asn1.Cms.AttributeTable signedAttr,
|
|
Asn1.Cms.AttributeTable unsignedAttr)
|
|
{
|
|
this.key = key;
|
|
this.cert = cert;
|
|
this.digestOID = digestOID;
|
|
this.tsaPolicyOID = tsaPolicyOID;
|
|
this.unsignedAttr = unsignedAttr;
|
|
|
|
TspUtil.ValidateCertificate(cert);
|
|
|
|
//
|
|
// Add the ESSCertID attribute
|
|
//
|
|
IDictionary signedAttrs;
|
|
if (signedAttr != null)
|
|
{
|
|
signedAttrs = signedAttr.ToDictionary();
|
|
}
|
|
else
|
|
{
|
|
signedAttrs = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
|
|
}
|
|
|
|
try
|
|
{
|
|
byte[] hash = DigestUtilities.CalculateDigest("SHA-1", cert.GetEncoded());
|
|
|
|
EssCertID essCertid = new EssCertID(hash);
|
|
|
|
Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(
|
|
PkcsObjectIdentifiers.IdAASigningCertificate,
|
|
new DerSet(new SigningCertificate(essCertid)));
|
|
|
|
signedAttrs[attr.AttrType] = attr;
|
|
}
|
|
catch (CertificateEncodingException e)
|
|
{
|
|
throw new TspException("Exception processing certificate.", e);
|
|
}
|
|
catch (SecurityUtilityException e)
|
|
{
|
|
throw new TspException("Can't find a SHA-1 implementation.", e);
|
|
}
|
|
|
|
this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs);
|
|
}
|
|
|
|
public void SetCertificates(
|
|
IX509Store certificates)
|
|
{
|
|
this.x509Certs = certificates;
|
|
}
|
|
|
|
public void SetCrls(
|
|
IX509Store crls)
|
|
{
|
|
this.x509Crls = crls;
|
|
}
|
|
|
|
public void SetAccuracySeconds(
|
|
int accuracySeconds)
|
|
{
|
|
this.accuracySeconds = accuracySeconds;
|
|
}
|
|
|
|
public void SetAccuracyMillis(
|
|
int accuracyMillis)
|
|
{
|
|
this.accuracyMillis = accuracyMillis;
|
|
}
|
|
|
|
public void SetAccuracyMicros(
|
|
int accuracyMicros)
|
|
{
|
|
this.accuracyMicros = accuracyMicros;
|
|
}
|
|
|
|
public void SetOrdering(
|
|
bool ordering)
|
|
{
|
|
this.ordering = ordering;
|
|
}
|
|
|
|
public void SetTsa(
|
|
GeneralName tsa)
|
|
{
|
|
this.tsa = tsa;
|
|
}
|
|
|
|
//------------------------------------------------------------------------------
|
|
|
|
public TimeStampToken Generate(
|
|
TimeStampRequest request,
|
|
BigInteger serialNumber,
|
|
DateTime genTime)
|
|
{
|
|
DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid);
|
|
|
|
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance);
|
|
MessageImprint messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest());
|
|
|
|
Accuracy accuracy = null;
|
|
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
|
|
{
|
|
DerInteger seconds = null;
|
|
if (accuracySeconds > 0)
|
|
{
|
|
seconds = new DerInteger(accuracySeconds);
|
|
}
|
|
|
|
DerInteger millis = null;
|
|
if (accuracyMillis > 0)
|
|
{
|
|
millis = new DerInteger(accuracyMillis);
|
|
}
|
|
|
|
DerInteger micros = null;
|
|
if (accuracyMicros > 0)
|
|
{
|
|
micros = new DerInteger(accuracyMicros);
|
|
}
|
|
|
|
accuracy = new Accuracy(seconds, millis, micros);
|
|
}
|
|
|
|
DerBoolean derOrdering = null;
|
|
if (ordering)
|
|
{
|
|
derOrdering = DerBoolean.GetInstance(ordering);
|
|
}
|
|
|
|
DerInteger nonce = null;
|
|
if (request.Nonce != null)
|
|
{
|
|
nonce = new DerInteger(request.Nonce);
|
|
}
|
|
|
|
DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID);
|
|
if (request.ReqPolicy != null)
|
|
{
|
|
tsaPolicy = new DerObjectIdentifier(request.ReqPolicy);
|
|
}
|
|
|
|
TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint,
|
|
new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy,
|
|
derOrdering, nonce, tsa, request.Extensions);
|
|
|
|
try
|
|
{
|
|
CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();
|
|
|
|
byte[] derEncodedTstInfo = tstInfo.GetDerEncoded();
|
|
|
|
if (request.CertReq)
|
|
{
|
|
signedDataGenerator.AddCertificates(x509Certs);
|
|
}
|
|
|
|
signedDataGenerator.AddCrls(x509Crls);
|
|
signedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr);
|
|
|
|
CmsSignedData signedData = signedDataGenerator.Generate(
|
|
PkcsObjectIdentifiers.IdCTTstInfo.Id,
|
|
new CmsProcessableByteArray(derEncodedTstInfo),
|
|
true);
|
|
|
|
return new TimeStampToken(signedData);
|
|
}
|
|
catch (CmsException cmsEx)
|
|
{
|
|
throw new TspException("Error generating time-stamp token", cmsEx);
|
|
}
|
|
catch (IOException e)
|
|
{
|
|
throw new TspException("Exception encoding info", e);
|
|
}
|
|
catch (X509StoreException e)
|
|
{
|
|
throw new TspException("Exception handling CertStore", e);
|
|
}
|
|
// catch (InvalidAlgorithmParameterException e)
|
|
// {
|
|
// throw new TspException("Exception handling CertStore CRLs", e);
|
|
// }
|
|
}
|
|
}
|
|
}
|
|
#pragma warning restore
|
|
#endif
|