@Override
public boolean isSignedBy(final CertificateToken issuerToken) {
if (this.issuerToken != null) {
return this.issuerToken.equals(issuerToken);
}
final TimestampValidation timestampValidation = validateTimestampToken(timeStamp, issuerToken);
final TimestampValidity timestampValidity = timestampValidation.getValidity();
signatureInvalidityReason = timestampValidity.name();
signatureValid = timestampValidation.isValid();
if (signatureValid) {
this.issuerToken = issuerToken;
issuerX500Principal = issuerToken.getSubjectX500Principal();
final String algorithm = issuerToken.getPublicKey().getAlgorithm();
final EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.forName(algorithm);
final AlgorithmIdentifier hashAlgorithm = timeStamp.getTimeStampInfo().getHashAlgorithm();
final DigestAlgorithm digestAlgorithm =
DigestAlgorithm.forOID(hashAlgorithm.getAlgorithm().getId());
signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm);
}
return signatureValid;
}
private TimestampReference createCertificateTimestampReference(CertificateToken certificate) {
final byte[] certificateDigest =
DSSUtils.digest(DigestAlgorithm.SHA1, certificate.getEncoded());
final TimestampReference reference =
new TimestampReference(
DigestAlgorithm.SHA1.name(), Base64.encodeBase64String(certificateDigest));
return reference;
}
/**
* Constructor with an indication of the timestamp type. The default constructor for {@code
* TimestampToken}.
*
* @param timeStamp {@code TimeStampToken}
* @param type {@code TimestampType}
* @param certPool {@code CertificatePool} which is used to identify the signing certificate of
* the timestamp
*/
public TimestampToken(
final TimeStampToken timeStamp, final TimestampType type, final CertificatePool certPool) {
this.timeStamp = timeStamp;
this.timeStampType = type;
this.extraInfo = new TokenValidationExtraInfo();
wrappedSource = new CAdESCertificateSource(timeStamp, certPool);
final Collection<CertificateToken> certs = wrappedSource.getCertificates();
for (final CertificateToken certificateToken : certs) {
final byte[] encoded = certificateToken.getEncoded();
final Certificate certificate = Certificate.getInstance(encoded);
final X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificate);
if (timeStamp.getSID().match(x509CertificateHolder)) {
boolean valid = isSignedBy(certificateToken);
if (valid) {
break;
}
}
}
}
private TimestampValidation validateTimestampToken(
final TimeStampToken timeStampToken, final CertificateToken issuerToken) {
TimestampValidity timestampValidity;
try {
final JcaSimpleSignerInfoVerifierBuilder verifierBuilder =
new JcaSimpleSignerInfoVerifierBuilder();
final X509Certificate x509Certificate = issuerToken.getCertificate();
final SignerInformationVerifier verifier = verifierBuilder.build(x509Certificate);
timeStampToken.validate(verifier);
timestampValidity = TimestampValidity.VALID;
} catch (IllegalArgumentException e) {
if (logger.isDebugEnabled()) {
logger.debug("No signing certificate for timestamp token: ", e);
} else {
logger.info("No signing certificate for timestamp token: ", e.getMessage());
}
timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE;
} catch (TSPValidationException e) {
if (logger.isDebugEnabled()) {
logger.debug("No valid signature for timestamp token: ", e);
} else {
logger.info("No valid signature for timestamp token: " + e.getMessage());
}
timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE;
} catch (TSPException e) {
if (logger.isDebugEnabled()) {
logger.debug("No valid structure for timestamp token: ", e);
} else {
logger.info("No valid structure for timestamp token: " + e.getMessage());
}
timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE;
} catch (OperatorCreationException e) {
if (logger.isDebugEnabled()) {
logger.debug("No valid structure for timestamp token: ", e);
} else {
logger.info("No valid structure for timestamp token: " + e.getMessage());
}
timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE;
}
final TimestampValidation timestampValidation = new TimestampValidation(timestampValidity);
return timestampValidation;
}
