001/** 002 * Copyright 2014 Emmanuel Bourg 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package net.jsign.timestamp; 018 019import java.io.ByteArrayOutputStream; 020import java.io.IOException; 021import java.io.InputStream; 022import java.net.HttpURLConnection; 023import java.util.Collection; 024 025import org.bouncycastle.asn1.DERSet; 026import org.bouncycastle.asn1.cms.Attribute; 027import org.bouncycastle.asn1.cms.CMSAttributes; 028import org.bouncycastle.cert.X509CertificateHolder; 029import org.bouncycastle.cms.CMSSignedData; 030import org.bouncycastle.cms.SignerInformation; 031import org.bouncycastle.util.encoders.Base64; 032 033import net.jsign.DigestAlgorithm; 034import net.jsign.asn1.authenticode.AuthenticodeTimeStampRequest; 035 036/** 037 * Legacy Authenticode timestamping. 038 * 039 * @author Emmanuel Bourg 040 * @since 1.3 041 */ 042public class AuthenticodeTimestamper extends Timestamper { 043 044 public AuthenticodeTimestamper() { 045 setURL("http://timestamp.sectigo.com"); 046 } 047 048 protected CMSSignedData timestamp(DigestAlgorithm algo, byte[] encryptedDigest) throws IOException, TimestampingException { 049 AuthenticodeTimeStampRequest timestampRequest = new AuthenticodeTimeStampRequest(encryptedDigest); 050 051 byte[] request = Base64.encode(timestampRequest.getEncoded("DER")); 052 053 HttpURLConnection conn = (HttpURLConnection) tsaurl.openConnection(); 054 conn.setConnectTimeout(10000); 055 conn.setReadTimeout(10000); 056 conn.setDoOutput(true); 057 conn.setDoInput(true); 058 conn.setUseCaches(false); 059 conn.setRequestMethod("POST"); 060 conn.setRequestProperty("Content-type", "application/octet-stream"); 061 conn.setRequestProperty("Content-length", String.valueOf(request.length)); 062 conn.setRequestProperty("Accept", "application/octet-stream"); 063 conn.setRequestProperty("User-Agent", "Transport"); 064 065 conn.getOutputStream().write(request); 066 conn.getOutputStream().flush(); 067 068 if (conn.getResponseCode() >= 400) { 069 throw new IOException("Unable to complete the timestamping due to HTTP error: " + conn.getResponseCode() + " - " + conn.getResponseMessage()); 070 } 071 072 try { 073 byte[] response = Base64.decode(toBytes(conn.getInputStream())); 074 return new CMSSignedData(response); 075 } catch (Exception e) { 076 throw new TimestampingException("Unable to complete the timestamping", e); 077 } 078 } 079 080 @Override 081 protected Collection<X509CertificateHolder> getExtraCertificates(CMSSignedData token) { 082 return token.getCertificates().getMatches(null); 083 } 084 085 @Override 086 protected Attribute getCounterSignature(CMSSignedData token) { 087 SignerInformation timestampSignerInformation = token.getSignerInfos().getSigners().iterator().next(); 088 return new Attribute(CMSAttributes.counterSignature, new DERSet(timestampSignerInformation.toASN1Structure())); 089 } 090 091 private byte[] toBytes(InputStream in) throws IOException { 092 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 093 094 byte[] buffer = new byte[4096]; 095 int n; 096 while ((n = in.read(buffer)) != -1) { 097 bout.write(buffer, 0, n); 098 } 099 100 return bout.toByteArray(); 101 } 102}