com.entrust.toolkit.asn1.tsp

Class CMSTimeStampToken

java.lang.Object

com.entrust.toolkit.asn1.tsp.TimeStampToken

com.entrust.toolkit.asn1.tsp.CMSTimeStampToken

All Implemented Interfaces:

ASN1Type

public final class CMSTimeStampToken
extends TimeStampToken
implements ASN1Type

This class implements the ASN.1 structure for TimeStampToken as defined in RFC 3162, the Time-Stamp Protocol (TSP) specification.

A TimeStampToken is as follows. It is defined as a ContentInfo ([CMS]) and SHALL encapsulate a signed data content type.

 TimeStampToken ::= ContentInfo
     -- contentType is id-signedData ([CMS])
     -- content is SignedData ([CMS])
 
 id-ct-TSTInfo  OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 
 rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}
 

The fields of type EncapsulatedContentInfo of the SignedData construct have the following meanings:

• eContentType is an object identifier that uniquely specifies the content type. For a time-stamp token it is defined as id-cd-TSTInfo.
• eContent is the content itself, carried as an octet string. The eContent SHALL be the DER-encoded value of TSTInfo.
• The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of the TSA certificate MUST be included as a signerInfo attribute inside a SigningCertificate attribute.

The CMS structures are defined in RFC 2630, the Cryptographic Message Syntax specification.

Since:

7.0

See Also:

ContentInfo, SignedData, SigningCertificate, ESSCertID, RFC 3161, RFC 2630

Constructor Summary

Constructors

Constructor and Description
CMSTimeStampToken(ASN1Object obj) Creates a new CMSTimeStampToken object from an ASN1Object.
CMSTimeStampToken(TSTInfo tstInfo, X509Certificate tsaCert, java.security.PrivateKey tsaSigningKey) Creates a new CMSTimeStampToken object that contains the indicated time-stamp information and TimeStamp Authority certificate.
CMSTimeStampToken(TSTInfo tstInfo, X509Certificate tsaCert, java.security.PrivateKey tsaSigningKey, AlgorithmID digestAlgorithm, boolean includeIssuerSerial, boolean includeTsaCert) Creates a new CMSTimeStampToken object that contains the indicated time-stamp information and TimeStamp Authority certificate.

Method Summary

Methods

Modifier and Type	Method and Description
void	decode(ASN1Object obj) Decodes a CMSTimeStampToken object from an ASN1Object.
java.security.cert.Certificate[]	getCertificates() Returns all the certificates contained in the time-stamp token; this WILL contain the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority.
byte[]	getTsaCertHash() Returns the 'SHA'-hash certificate identifier for the TimeStamp Authority certificate.
GeneralNames	getTsaCertIssuer() Returns the issuer component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.
java.math.BigInteger	getTsaCertSerialNumber() Returns the serial number component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.
boolean	isSigner(X509Certificate cert) Determines whether the indicated certificate can be used to verify the signature protection.
ASN1Object	toASN1Object() Encodes this CMSTimeStampToken object as an ASN1Object.
void	verifySignature(X509Certificate tsaCert) Verifies the signature protecting this TimeStampToken structure using the TimeStamp Authority certificate provided.

Methods inherited from class com.entrust.toolkit.asn1.tsp.TimeStampToken

getTsaCert, getTstInfo, newInstance, toString, verifySignature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CMSTimeStampToken

public CMSTimeStampToken(TSTInfo tstInfo,
                 X509Certificate tsaCert,
                 java.security.PrivateKey tsaSigningKey)
                  throws java.lang.IllegalArgumentException,
                         java.lang.SecurityException

Creates a new CMSTimeStampToken object that contains the indicated time-stamp information and TimeStamp Authority certificate.

The TimeStamp Authority certificate identifier this object contains is created to always have an issuer/serial number. When converted to an ASN1Obejct, the ESSCertID in the structure will always include the 'SHA'-hash and the issuer/serial number.

Parameters:

tstInfo - the time-stamp information

tsaCert - the certificate of the TimeStamp Authority that issued the time-stamp information

tsaSigningKey - the private signing key of the TimeStamp Authority that corresponds to the TimeStamp Authority certificate; used to protect the time-stamp token with a signature (currently only RSA, DSA , and ECDSA keys are supported)

Throws:

java.lang.IllegalArgumentException - thrown if any of the parameters are null or the tsaCert cannot be encoded successfully

java.lang.SecurityException - thrown if an implementation for the SHA message digest algorithm is not available from any of the installed JCA providers

CMSTimeStampToken

public CMSTimeStampToken(TSTInfo tstInfo,
                 X509Certificate tsaCert,
                 java.security.PrivateKey tsaSigningKey,
                 AlgorithmID digestAlgorithm,
                 boolean includeIssuerSerial,
                 boolean includeTsaCert)
                  throws java.lang.IllegalArgumentException,
                         java.lang.SecurityException

Creates a new CMSTimeStampToken object that contains the indicated time-stamp information and TimeStamp Authority certificate.

The TimeStamp Authority certificate identifier this object contains is created to have an issuer/serial number only when requested. When converted to an ASN1Obejct, the ESSCertID in the structure will include the 'SHA'-hash, and the issuer/serial number only if requested.

Parameters:

tstInfo - the time-stamp information

tsaCert - the certificate of the TimeStamp Authority that issued the time-stamp information

tsaSigningKey - the private signing key of the TimeStamp Authority that corresponds to the TimeStamp Authority certificate; used to protect the time-stamp token with a signature (currently only RSA, DSA , and ECDSA keys are supported)

digestAlgorithm - the message digest algorithm that will be used in the signature protection (OPTIONAL)

includeIssuerSerial - indicates whether the issuer/serial number should be used in addition to the certificate hash as an identifier for the TimeStamp Authority certificate

includeTsaCert - indicates whether the TimeStamp Authority certificate should be included in the certificates field of the SignedData structure

Throws:

java.lang.IllegalArgumentException - thrown if any of the required parameters are null or the tsaCert cannot be encoded successfully

java.lang.SecurityException - thrown if an implementation for the SHA or 'digestAlgorithm' message digest algorithm is not available from any of the installed JCA providers

CMSTimeStampToken

public CMSTimeStampToken(ASN1Object obj)
                  throws CodingException

Creates a new CMSTimeStampToken object from an ASN1Object.

The ASN1Object must be a ContentInfo structure, which contains a SignedData structure, which contains a TSTInfo structure in its encapContentInfo component. The SignedData structure must also contain a SigningCertificate attribute in its signed attributes, which contains a single ESSCertID structure.

Parameters:

obj - the ASN.1 representation of an CMSTimeStampToken structure

Throws:

CodingException - thrown if an errors occurs while decoding the ANS1Object

Method Detail

getCertificates

public java.security.cert.Certificate[] getCertificates()

Returns all the certificates contained in the time-stamp token; this WILL contain the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority.

Specified by:

getCertificates in class TimeStampToken

Returns:

all the certificates contained in the time-stamp token

getTsaCertHash

public byte[] getTsaCertHash()

Returns the 'SHA'-hash certificate identifier for the TimeStamp Authority certificate.

Specified by:

getTsaCertHash in class TimeStampToken

Returns:

the TimeStamp Authority certificate 'SHA'-hash

getTsaCertIssuer

public GeneralNames getTsaCertIssuer()

Returns the issuer component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.

Specified by:

getTsaCertIssuer in class TimeStampToken

Returns:

the issuer of the TimeStamp Authority certificate

getTsaCertSerialNumber

public java.math.BigInteger getTsaCertSerialNumber()

Returns the serial number component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.

Specified by:

getTsaCertSerialNumber in class TimeStampToken

Returns:

the serial number of the TimeStamp Authority certificate

decode

public void decode(ASN1Object obj)
            throws CodingException,
                   java.lang.SecurityException

Decodes a CMSTimeStampToken object from an ASN1Object.

The ASN1Object must be an ContentInfo structure, which contains a SignedData structure, which contains a TSTInfo structure in its encapContentInfo component. The SignedData structure must also contain a SigningCertificate attribute in its signed attributes, which contains a single ESSCertID structure.

Specified by:

decode in interface ASN1Type

Specified by:

decode in class TimeStampToken

Parameters:

obj - the ASN.1 representation of an CMSTimeStampToken structure

Throws:

CodingException - thrown if an errors occurs while decoding the ANS1Object

java.lang.SecurityException - thrown if an implementation for the SHA message digest algorithm is not available from any of the installed JCA providers

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException

Encodes this CMSTimeStampToken object as an ASN1Object.

Specified by:

toASN1Object in interface ASN1Type

Specified by:

toASN1Object in class TimeStampToken

Returns:

an ASN.1 representation of this object

Throws:

CodingException - if an de/encoding error occurs

verifySignature

public void verifySignature(X509Certificate tsaCert)
                     throws java.security.SignatureException

Verifies the signature protecting this TimeStampToken structure using the TimeStamp Authority certificate provided.

Specified by:

verifySignature in class TimeStampToken

Parameters:

tsaCert - the TimeStamp Authority certificate

Throws:

java.security.SignatureException - thrown if the signature protection could not be verifier; the TimeStampToken structure may have been tampered

isSigner

public boolean isSigner(X509Certificate cert)
                 throws java.lang.SecurityException

Determines whether the indicated certificate can be used to verify the signature protection.

Specified by:

isSigner in class TimeStampToken

Parameters:

cert - the certificate

Returns:

true if the indicate certificate can be used to verify the signature protection; false otherwise

Throws:

java.lang.SecurityException - thrown if an implementation for the SHA message digest algorithm is not available from any of the installed JCA providers