All geek questions in one place

Check RFC 3161 Timestamp Response with PKIStatus Value

I have a query SOAPthat needs to be redesigned because it SoapUIcannot correctly handle binary responses. I decided to make it Java based. I found this really useful, but not sure how the functions come in code snippets. I have

  • Digestvalue
  • SignatureValue
  • X509Certificate

specified in the request SOAP, and not sure how to convert this information to send the request to my tsendpint. I tried TSAClientBouncyCastle but not sure why login credentials are needed. I left these fields blank, but it ends all the time with

TSAClientBouncyCastle @ 1f0e140b

message.

I am calling a TSAClientBouncyCastleclass from Mainusing a constructor.

This is the main part, it should decode the data.

   // Get TSA response as a byte array
    InputStream inp = tsaConnection.getInputStream();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    byte[] buffer = new byte[1024];
    int bytesRead = 0;
    while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
        baos.write(buffer, 0, bytesRead);
    }
    byte[] respBytes = baos.toByteArray();

    String encoding = tsaConnection.getContentEncoding();
    if (encoding != null && encoding.equalsIgnoreCase("base64")) {
        respBytes = Base64.decode(new String(respBytes));
    }
+4
source share
1 answer

The Time Stamp Owner (TSA) generates evidence that the datum existed before a specific time. It uses the protocol and format defined in RFC3161.

The response to timping is as follows (see RFC3161-section 2.4.2 ):

TimeStampResp ::= SEQUENCE  {
  status                  PKIStatusInfo,
  timeStampToken          TimeStampToken     OPTIONAL  }

You can parse the content type response application/timestamp-replyon a BouncyCastle to getPKIStatusInfo

TimeStampResponse response = new TimeStampResponse(tsaInputStream);
int status = response.getStatus();

Possible values:

PKIStatus ::= INTEGER {
  granted                (0),
  -- when the PKIStatus contains the value zero a TimeStampToken, as
     requested, is present.
  grantedWithMods        (1),
   -- when the PKIStatus contains the value one a TimeStampToken,
     with modifications, is present.
  rejection              (2),
  waiting                (3),
  revocationWarning      (4),
   -- this message contains a warning that a revocation is
   -- imminent
  revocationNotification (5)
   -- notification that a revocation has occurred  }
+1
source

Source: https://habr.com/ru/post/1682303/

More articles:


All Articles