www.beanizer.org - PKI - Timestamp verification with BouncyCastle

Select

Home

Tips'n Tricks

PKI

PKI - Timestamp verification with BouncyCastle

During the last years, I happened to work on many PKI projects, and in the continuous process of libraries selection my first choice has often fallen on iaik(commercial).
But last versions of BouncyCastle have drastically changed the situation and now they are my libraries of choice.

One of the features that attracted me is the good support for digital timestamp. Previously I've been using a patched version of openssl to create/verify timestamps, with obvious portability issues. Now I've converted all my procedures to use bouncycastle tsp library.
Here follows a simple class to show how easy it is to verify a timestamp response:

 import java.io.FileInputStream;
 import java.math.BigInteger;

 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.SignerId;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.tsp.TimeStampRequest;
 import org.bouncycastle.tsp.TimeStampResponse;
 import org.bouncycastle.tsp.TimeStampToken;
 import org.bouncycastle.tsp.TimeStampTokenInfo;
 import org.bouncycastle.tsp.TSPException;
 
 
 public class TS{
         public static void main(String args[]){
                 TS ts=new TS();
                 ts.go();
         }
         public void go(){
                 try{
                         FileInputStream inreq=new FileInputStream("tsq"); // request       
 			 FileInputStream inresp=new FileInputStream("tsr");// response
			 TimeStampRequest req = new TimeStampRequest (inreq);
                         TimeStampResponse resp = new TimeStampResponse (inresp);
                         resp.validate (req);  // if it fails a TSPException is raised
                         System.out.println ("TimeStamp verified.");
                         TimeStampToken  tsToken = resp.getTimeStampToken();
                         TimeStampTokenInfo tsInfo= tsToken.getTimeStampInfo();
                         SignerId signer_id = tsToken.getSID();
                         BigInteger cert_serial_number = signer_id.getSerialNumber();
                         System.out.println ("Generation time " + tsInfo.getGenTime());
                         System.out.println ("Signer ID serial "+signer_id.getSerialNumber());
                         System.out.println ("Signer ID issuer "+signer_id.getIssuerAsString());
                 } catch(TSPException tsex){
                         System.out.println(tsex.getMessage());
                                   } catch(Exception ex){
                         ex.printStackTrace();
                 }
 
                 }
 
 }

[ Back ]

Articles RSS feed

Latest Articles
SugarCRM integration with custom VB6 applications SugarCRM and Asterisk integration in Java ( II ) NuSOAP, HTTP Authentication and HTTP Proxy SugarCRM and Asterisk integration in Java - First steps SugarCRM integration - website session and SOAP session

Latest Software
Java Desktop Engine (ver 1.0) J2me ChartComponent - ver 1.5.2 Tunnel4J Thinlet-Helper JXosd ver. 1.0