使用TSA URL和Java API的时间戳记 [英] Timestamping using TSA URL and Java APIs
问题描述
任何人都可以帮助我理解在给签名加上时间戳的同时使用的过程和Java API。
Can anyone please help me in understanding the process and Java APIs used while timestamping a signature.
我需要对文件签名并使用TSA网址对其加时间戳使用Java API的href = http://timestamp.globalsign.com/scripts/timstamp.dll rel = nofollow> http://timestamp.globalsign.com/scripts/timstamp.dll 。
I need to sign a file and timestamp it using TSA url "http://timestamp.globalsign.com/scripts/timstamp.dll" using Java APIs.
我可以使用java.security API对该文件签名,但无法为其添加时间戳。
I am able to sign the file using java.security APIs but unable to timestamp it.
推荐答案
您的问题有点宽泛...我将向您提供一些信息,希望它可以为您指明正确的方向。
Your question is a bit broad... I will give you some info which I hope it will point you on the right direction.
问题是,您想使用时间戳服务来使用其中的服务执行时间戳签名: http://timestamp.globalsign.com/scripts/timstamp.dll
。
The thing is that you want to use a timestamp service to perform a timestamp signature using the service there: http://timestamp.globalsign.com/scripts/timstamp.dll
.
首先,此服务是时间戳协议(TSP)RFC3161
编译器, 此处的RFC定义以获得清晰的
First of all this service is an Time-Stamp Protocol (TSP) RFC3161
compilant, take a look on the RFC definition here to get a clear idea about how this works.
无论如何,我认为您正在寻找一个Java代码示例,因此下面我为您提供了一个示例代码,该示例代码使用
Anywise I think that you're looking for a java code example, so below I give you a sample code which performs a timestamp signature using a timestamp server of RFC3161.
此示例中的基本步骤是:
Basically the steps in this sample are:
首先创建时间戳请求,然后将请求发送到
服务,最后读取响应。
First create the timestamp request, then send the request to the service and finally read the response.
时间戳请求具有以下定义:
The timestamp request has the follow definition:
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL }
如您所见,仅需要 messageImprint
,其余为
可选,具体取决于您的tsp选项服务提供给您。
As you can see only the messageImprint
it's required, the rest are
optional an depends on the options of your tsp service gives to you.
第二步是使用<$ c发送此时间戳请求$ c> POST 方法将
指定为Content-type
http-header:
应用阳离子/时间戳查询
。
Second step is to send this timestamp request using
POST
method an specifying as aContent-type
http-header:application/timestamp-query
.
最后一部分是解析响应并获取时间戳记令牌。
The last part is to parse the response and get the timestamp token.
所以这是代码:
所有:
import java.math.BigInteger;
import java.security.MessageDigest;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.tsp.TimeStampReq;
import org.bouncycastle.asn1.tsp.TimeStampResp;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
public class TimeStampGenerationSample {
public static void main(String args[]) throws Exception{
// for this sample we will use SHA1 to perform the hashes
// however feel free to use another algorithm since sha1 is weakness
String sha1Oid = "1.3.14.3.2.26";
// data to be timestamped
byte[] data = "some sample data... or your signature...".getBytes();
// perform the hash of your data
byte[] digestData = MessageDigest.getInstance(sha1Oid, new BouncyCastleProvider()).digest(data);
// generate random data to perform your ts, it's optional depends on your ts service
Random rand = new Random(new Date().getTime());
String nonce = BigInteger.valueOf(rand.nextLong()).toString();
// require cert optional (default false... so use false)
boolean requireCert = false;
// timestampPolicy it's an oid to identify a policy, if it's required
// must be provided by your ts service... it's optional so we put null
String timestampPolicy = null;
TimeStampReq ts_req = createTimeStampRequest(digestData, nonce, requireCert, sha1Oid, timestampPolicy);
// the data to be send to the service
byte[] dataToSend = ts_req.getEncoded();
// simply send your data using POST method
// don't forget to specify http-header content-type as "application/timestamp-query"
byte[] response = // send the request as you want
// parse the response
ASN1StreamParser asn1Sp = new ASN1StreamParser(response);
TimeStampResp tspResp = new TimeStampResp((ASN1Sequence)asn1Sp.readObject());
TimeStampResponse tsr = new TimeStampResponse(tspResp);
// and get the timestamp token :)
TimeStampToken token = tsr.getTimeStampToken();
}
/**
* Create the timestamp request
* @param hashedData
* @param nonce
* @param requireCert
* @param digestAlgorithm
* @param timestampPolicy
* @return
* @throws TimeStampGenerationException
*/
public static TimeStampReq createTimeStampRequest(byte[] hashedData, String nonce, boolean requireCert, String digestAlgorithm, String timestampPolicy) throws TimeStampGenerationException {
MessageImprint imprint = new MessageImprint(new AlgorithmIdentifier(digestAlgorithm), hashedData);
TimeStampReq request = new TimeStampReq(
imprint,
timestampPolicy!=null?new DERObjectIdentifier(timestampPolicy):null,
nonce!=null?new DERInteger(nonce.getBytes()):null,
new DERBoolean(requireCert),
null
);
return request;
}
}
请注意,我使用的是 bouncycastle API
。
希望这会有所帮助,
这篇关于使用TSA URL和Java API的时间戳记的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!