com.entrust.toolkit.asn1.tsp

Class TimeStampToken

java.lang.Object

com.entrust.toolkit.asn1.tsp.TimeStampToken

All Implemented Interfaces:

ASN1Type

Direct Known Subclasses:

CMSTimeStampToken

public abstract class TimeStampToken
extends java.lang.Object
implements ASN1Type

This class defines an API for the ASN.1 structure for TimeStampToken as defined in RFC 3161, the Time-Stamp Protocol (TSP) specification, without any of the CMS structures.

It was specifically designed to allow PKCS7 to support time-stamps, but not be dependant on CMS when being used without time-stamps.

A TimeStampToken is as follows. It is defined as a ContentInfo ([CMS]) and SHALL encapsulate a signed data content type.

 TimeStampToken ::= ContentInfo
     -- contentType is id-signedData ([CMS])
     -- content is SignedData ([CMS])
 
 id-ct-TSTInfo  OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 
 rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}
 

The fields of type EncapsulatedContentInfo of the SignedData construct have the following meanings:

• eContentType is an object identifier that uniquely specifies the content type. For a time-stamp token it is defined as id-cd-TSTInfo.
• eContent is the content itself, carried as an octet string. The eContent SHALL be the DER-encoded value of TSTInfo.
• The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of the TSA certificate MUST be included as a signerInfo attribute inside a SigningCertificate attribute.

Since:

7.0

See Also:

RFC 3161

Constructor Summary

Constructors

Constructor and Description
TimeStampToken()

Method Summary

Methods

Modifier and Type	Method and Description
abstract void	decode(ASN1Object obj) Decodes a TimeStampToken object from an ASN1Object.
abstract java.security.cert.Certificate[]	getCertificates() Returns all the certificates contained in the time-stamp token; this WILL contain the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority.
X509Certificate	getTsaCert() Returns the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority, otherwise null is returned.
abstract byte[]	getTsaCertHash() Returns the 'SHA'-hash certificate identifier for the TimeStamp Authority certificate.
abstract GeneralNames	getTsaCertIssuer() Returns the issuer component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.
abstract java.math.BigInteger	getTsaCertSerialNumber() Returns the serial number component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.
TSTInfo	getTstInfo() Returns the time-stamp information.
abstract boolean	isSigner(X509Certificate cert) Determines whether the indicated certificate can be used to verify the signature protection.
static TimeStampToken	newInstance(ASN1Object obj) Creates a new TimeStampToken object using the default implementation (CMS).
abstract ASN1Object	toASN1Object() Encodes this TimeStampToken object as an ASN1Object.
java.lang.String	toString() Creates a text representation of the ASN.1 structure of this TimeStampToken object.
void	verifySignature() Verifies the signature protecting this TimeStampToken structure.
abstract void	verifySignature(X509Certificate tsaCert) Verifies the signature protecting this TimeStampToken structure using the TimeStamp Authority certificate provided.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

TimeStampToken

public TimeStampToken()

Method Detail

newInstance

public static TimeStampToken newInstance(ASN1Object obj)
                                  throws java.lang.ClassNotFoundException,
                                         CodingException

Creates a new TimeStampToken object using the default implementation (CMS).

Parameters:

obj - the ASN.1 representation of a TimeStampToken structure

Throws:

CodingException - thrown if an error occurs while decoding the ANS1Object

java.lang.ClassNotFoundException - thrown if the classes containing CMS functionality cannot be found.

getTstInfo

public TSTInfo getTstInfo()

Returns the time-stamp information.

Returns:

the time-stamp information

getTsaCert

public X509Certificate getTsaCert()

Returns the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority, otherwise null is returned.

Returns:

the TimeStamp Authority certificate

verifySignature

public void verifySignature()
                     throws java.security.SignatureException

Verifies the signature protecting this TimeStampToken structure.

The TimeStamp Authority certificate used in the validation is extracted from the TimeStampToken structure. If the TimeStampToken structure does not contain the TimeStamp Authority certificate, the validation will fail.

Throws:

java.security.SignatureException - thrown if the signature protection could not be verifier; the TimeStampToken structure may have been tampered

toString

public java.lang.String toString()

Creates a text representation of the ASN.1 structure of this TimeStampToken object.

Overrides:

toString in class java.lang.Object

Returns:

a text representation of the ASN.1 structure of this object

getCertificates

public abstract java.security.cert.Certificate[] getCertificates()

Returns all the certificates contained in the time-stamp token; this WILL contain the TimeStamp Authority certificate if it was included in the time-stamp token by the TimeStamp Authority.

Returns:

all the certificates contained in the time-stamp token

getTsaCertHash

public abstract byte[] getTsaCertHash()

Returns the 'SHA'-hash certificate identifier for the TimeStamp Authority certificate.

Returns:

the TimeStamp Authority certificate 'SHA'-hash

getTsaCertIssuer

public abstract GeneralNames getTsaCertIssuer()

Returns the issuer component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.

Returns:

the issuer of the TimeStamp Authority certificate

getTsaCertSerialNumber

public abstract java.math.BigInteger getTsaCertSerialNumber()

Returns the serial number component of the issuer/serial number certificate identifier for the TimeStamp Authority certificate if it exists, otherwise null is returned.

Returns:

the serial number of the TimeStamp Authority certificate

decode

public abstract void decode(ASN1Object obj)
                     throws CodingException,
                            java.lang.SecurityException

Decodes a TimeStampToken object from an ASN1Object.

The ASN1Object must be a ContentInfo structure, which contains a SignedData structure, which contains a TSTInfo structure in its encapContentInfo component. The SignedData structure must also contain a SigningCertificate attribute in its signed attributes, which contains a single ESSCertID structure.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the ASN.1 representation of a TimeStampToken structure

Throws:

CodingException - thrown if an errors occurs while decoding the ANS1Object

java.lang.SecurityException - thrown if an implementation for the SHA message digest algorithm is not available from any of the installed JCA providers

toASN1Object

public abstract ASN1Object toASN1Object()
                                 throws CodingException

Encodes this TimeStampToken object as an ASN1Object.

Specified by:

toASN1Object in interface ASN1Type

Returns:

an ASN.1 representation of this object

Throws:

CodingException - if an de/encoding error occurs

verifySignature

public abstract void verifySignature(X509Certificate tsaCert)
                              throws java.security.SignatureException

Verifies the signature protecting this TimeStampToken structure using the TimeStamp Authority certificate provided.

Parameters:

tsaCert - the TimeStamp Authority certificate

Throws:

java.security.SignatureException - thrown if the signature protection could not be verifier; the TimeStampToken structure may have been tampered

isSigner

public abstract boolean isSigner(X509Certificate cert)

Determines whether the indicated certificate can be used to verify the signature protection.

Parameters:

cert - the certificate

Returns:

true if the indicate certificate can be used to verify the signature protection; false otherwise