timestamptoken validate java bouncycastle

Question

Ich habe BouncyCastle verwendet, um die Signatur zu überprüfen und Informationen aus einer ".p7m" -Datei (Originalinhalt, Unterzeichner usw.) zu extrahieren.

Jetzt muss ich validieren und Informationen aus dem TimeStamp innerhalb der gleichen ".p7m" Datei extrahieren.

Wie kann ich die TimeStampToken validieren? Ich habe diesen Code geschrieben, der gut für die Signatur funktioniert, aber den TimeStamp nicht validiert. Ich habe die "cert" -Variable an die build() -Methode übergeben, um die Signatur und das TimeStampToken zu validieren. Für die Signature Es ist in Ordnung, aber für die Timestamp funktioniert es nicht :(

Wo finde ich falsch? Vielen Dank im Voraus.

import java.io.File; 
import java.io.FileInputStream; 
import java.io.FileOutputStream; 
import java.io.IOException; 
import java.security.Security; 
import java.util.Collection; 
import java.util.Iterator; 

import org.bouncycastle.asn1.ASN1Encodable; 
import org.bouncycastle.asn1.cms.Attribute; 
import org.bouncycastle.asn1.cms.AttributeTable; 
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 
import org.bouncycastle.cert.X509CertificateHolder; 
import org.bouncycastle.cms.CMSException; 
import org.bouncycastle.cms.CMSProcessable; 
import org.bouncycastle.cms.CMSSignedData; 
import org.bouncycastle.cms.CMSSignedDataParser; 
import org.bouncycastle.cms.SignerInformation; 
import org.bouncycastle.cms.SignerInformationStore; 
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; 
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; 
import org.bouncycastle.tsp.TimeStampToken; 
import org.bouncycastle.util.Store; 

public class Launcher3 { 

    public static void main(String[] args) throws Exception { 

     File myFile=new File("D:\\fdr\\bouncycastle\\New Text Document.txt.p7m"); 
     byte[] bytesArray = readContentIntoByteArray(myFile); 

     FileOutputStream fos = new FileOutputStream("D:\\fdr\\bouncycastle\\New Text Document.txt"); 
     byte[] bytesArrayOriginalFile=getData(bytesArray); 
     fos.write(bytesArrayOriginalFile); 
     fos.close(); 

     verifySign(bytesArray); 

    } 

    static public void verifySign(byte[] signedData) throws Exception { 
      Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 

      CMSSignedDataParser  sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signedData); 

      sp.getSignedContent().drain(); 

      Store     certStore = sp.getCertificates(); 
      SignerInformationStore signers = sp.getSignerInfos(); 

      Collection    c = signers.getSigners(); 
      Iterator    it = c.iterator(); 

      while (it.hasNext()) 
      { 
       SignerInformation signer = (SignerInformation)it.next(); 
       Collection   certCollection = certStore.getMatches(signer.getSID()); 
       Iterator  certIt = certCollection.iterator(); 
       X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); 

       System.out.println("info 1: "+cert.getIssuer()); 
       System.out.println("info 2: "+cert.getSubject()); 
       System.out.println("date from: "+cert.getNotBefore()); 
       System.out.println("date to: "+cert.getNotAfter()); 
       System.out.println("Serial n. "+cert.getSerialNumber()); 
       System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); 
       // --------------------------------------------------------------------------------------------------------------------^ 
       // LOOK AT HERE: it works! 

       AttributeTable  attrs = signer.getUnsignedAttributes(); 
       Attribute   att = attrs.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); 
       ASN1Encodable  dob = att.getAttrValues().getObjectAt(0); 
       byte[] encodedTsp = dob.toASN1Primitive().getEncoded(); 

       TimeStampToken result = null; 

       if(encodedTsp!=null) { 
        CMSSignedData cms = new CMSSignedData(encodedTsp); 
        result = new TimeStampToken(cms); 

       System.out.println("timestamp: "+result.getTimeStampInfo().getGenTime()); 
       System.out.println("serial n. "+result.getTimeStampInfo().getSerialNumber()); 
       System.out.println("tsa: "+result.getTimeStampInfo().getTsa()); 
       System.out.println("policy: "+result.getTimeStampInfo().getPolicy()); 

       result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); 
       // ------------------------------------------------------------------------------^ 
       // LOOK AT HERE: it doesn't work! 

       } 
      } 
    } 

    static public byte[] getData(final byte[] p7bytes) throws CMSException, IOException { 
     CMSSignedData signedData = new CMSSignedData(p7bytes); 
     CMSProcessable signedContent = signedData.getSignedContent(); 

     return (byte[])signedContent.getContent(); 

     } 

     private static byte[] readContentIntoByteArray(File file) 
     { 
      FileInputStream fileInputStream = null; 
      byte[] bFile = new byte[(int) file.length()]; 
      try 
      { 
      fileInputStream = new FileInputStream(file); 
      fileInputStream.read(bFile); 
      fileInputStream.close(); 
      } 
      catch (Exception e) 
      { 
      e.printStackTrace(); 
      } 
      return bFile; 
     } 

} 

Answer 1

ich von mir gelöst (und ich bin so glücklich). ich brauche das Zertifikat des Timestamp auf diese Weise zu finden:?

Store storeTt = result.getCertificates(); 
Collection collTt = storeTt.getMatches(result.getSID()); 
Iterator certIt2 = collTt.iterator(); 
X509CertificateHolder cert2 = (X509CertificateHolder)certIt2.next(); 

System.out.println("timestamp's verify: "+result.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2))); 
result.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert2));