Package org.bouncycastle.tsp

Class TimeStampTokenGenerator

java.lang.Object
org.bouncycastle.tsp.TimeStampTokenGenerator
public class TimeStampTokenGenerator extends Object
Currently the class supports ESSCertID by if a digest calculator based on SHA1 is passed in, otherwise it uses ESSCertIDv2. In the event you need to pass both types, you will need to override the SignedAttributeGenerator for the SignerInfoGeneratorBuilder you are using. For the default for ESSCertIDv2 the code will look something like the following: 
 final ESSCertID essCertid = new ESSCertID(certHashSha1, issuerSerial);
 final ESSCertIDv2 essCertidV2 = new ESSCertIDv2(certHashSha256, issuerSerial);

 signerInfoGenBuilder.setSignedAttributeGenerator(new CMSAttributeTableGenerator()
 {
     public AttributeTable getAttributes(Map parameters)
         throws CMSAttributeTableGenerationException
     {
         CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator();

         AttributeTable table = attrGen.getAttributes(parameters);

         table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid));
         table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(essCertidV2));

         return table;
     }
 });

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    R_HUNDREDTHS_OF_SECONDS
    Create time-stamps with a resolution of 1 hundredth of a second.
    static final int
    R_MICROSECONDS
    Deprecated.
    use R_HUNDREDTHS_OF_SECONDS - this field will be deleted!!
    static final int
    R_MILLISECONDS
    Create time-stamps with a resolution of 1 millisecond.
    static final int
    R_SECONDS
    Create time-stamps with a resolution of 1 second (the default).
    static final int
    R_TENTHS_OF_SECONDS
    Create time-stamps with a resolution of 1 tenth of a second.

  • Constructor Summary

    Constructors
    Constructor
    Description
    TimeStampTokenGenerator(SignerInfoGenerator signerInfoGen, DigestCalculator digestCalculator, org.bouncycastle.asn1.ASN1ObjectIdentifier tsaPolicy)
    Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from the signer's associated certificate using the sha1DigestCalculator.
    TimeStampTokenGenerator(SignerInfoGenerator signerInfoGen, DigestCalculator digestCalculator, org.bouncycastle.asn1.ASN1ObjectIdentifier tsaPolicy, boolean isIssuerSerialIncluded)
    Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from the signer's associated certificate using the sha1DigestCalculator.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    addAttributeCertificates(org.bouncycastle.util.Store attrStore)
     
    void
    addCertificates(org.bouncycastle.util.Store certStore)
    Add the store of X509 Certificates to the generator.
    void
    addCRLs(org.bouncycastle.util.Store crlStore)
     
    void
    addOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat, org.bouncycastle.util.Store otherRevocationInfos)
    Add a Store of otherRevocationData to the CRL set to be included with the generated TimeStampToken.
    TimeStampToken
    generate(TimeStampRequest request, BigInteger serialNumber, Date genTime)
    Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed in genTime.
    TimeStampToken
    generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, org.bouncycastle.asn1.x509.Extensions additionalExtensions)
    Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed in genTime.
    void
    setAccuracyMicros(int accuracyMicros)
     
    void
    setAccuracyMillis(int accuracyMillis)
     
    void
    setAccuracySeconds(int accuracySeconds)
     
    void
    setLocale(Locale locale)
    Set a Locale for time creation - you may need to use this if the default locale doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
    void
    setOrdering(boolean ordering)
     
    void
    setResolution(int resolution)
    Set the resolution of the time stamp - R_SECONDS (the default), R_TENTH_OF_SECONDS, R_MICROSECONDS, R_MILLISECONDS
    void
    setTSA(org.bouncycastle.asn1.x509.GeneralName tsa)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • R_SECONDS

      public static final int R_SECONDS
      Create time-stamps with a resolution of 1 second (the default).
      See Also:

    • R_TENTHS_OF_SECONDS

      public static final int R_TENTHS_OF_SECONDS
      Create time-stamps with a resolution of 1 tenth of a second.
      See Also:

    • R_HUNDREDTHS_OF_SECONDS

      public static final int R_HUNDREDTHS_OF_SECONDS
      Create time-stamps with a resolution of 1 hundredth of a second.
      See Also:

    • R_MICROSECONDS

      public static final int R_MICROSECONDS
      Deprecated.
      use R_HUNDREDTHS_OF_SECONDS - this field will be deleted!!
      See Also:

    • R_MILLISECONDS

      public static final int R_MILLISECONDS
      Create time-stamps with a resolution of 1 millisecond.
      See Also:

  • Constructor Details

    • TimeStampTokenGenerator

      public TimeStampTokenGenerator(SignerInfoGenerator signerInfoGen, DigestCalculator digestCalculator, org.bouncycastle.asn1.ASN1ObjectIdentifier tsaPolicy) throws IllegalArgumentException, TSPException
      Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from the signer's associated certificate using the sha1DigestCalculator. If alternate values are required for id-aa-signingCertificate they should be added to the signerInfoGen object before it is passed in, otherwise a standard digest based value will be added.
      Parameters:
      signerInfoGen - the generator for the signer we are using.
      digestCalculator - calculator for to use for digest of certificate.
      tsaPolicy - tasPolicy to send.
      Throws:
      IllegalArgumentException - if calculator is not SHA-1 or there is no associated certificate for the signer,
      TSPException - if the signer certificate cannot be processed.

    • TimeStampTokenGenerator

      public TimeStampTokenGenerator(SignerInfoGenerator signerInfoGen, DigestCalculator digestCalculator, org.bouncycastle.asn1.ASN1ObjectIdentifier tsaPolicy, boolean isIssuerSerialIncluded) throws IllegalArgumentException, TSPException
      Basic Constructor - set up a calculator based on signerInfoGen with a ESSCertID calculated from the signer's associated certificate using the sha1DigestCalculator. If alternate values are required for id-aa-signingCertificate they should be added to the signerInfoGen object before it is passed in, otherwise a standard digest based value will be added.
      Parameters:
      signerInfoGen - the generator for the signer we are using.
      digestCalculator - calculator for to use for digest of certificate.
      tsaPolicy - tasPolicy to send.
      isIssuerSerialIncluded - should issuerSerial be included in the ESSCertIDs, true if yes, by default false.
      Throws:
      IllegalArgumentException - if calculator is not SHA-1 or there is no associated certificate for the signer,
      TSPException - if the signer certificate cannot be processed.

  • Method Details

    • addCertificates

      public void addCertificates(org.bouncycastle.util.Store certStore)
      Add the store of X509 Certificates to the generator.
      Parameters:
      certStore - a Store containing X509CertificateHolder objects

    • addCRLs

      public void addCRLs(org.bouncycastle.util.Store crlStore)
      Parameters:
      crlStore - a Store containing X509CRLHolder objects.

    • addAttributeCertificates

      public void addAttributeCertificates(org.bouncycastle.util.Store attrStore)
      Parameters:
      attrStore - a Store containing X509AttributeCertificate objects.

    • addOtherRevocationInfo

      public void addOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat, org.bouncycastle.util.Store otherRevocationInfos)
      Add a Store of otherRevocationData to the CRL set to be included with the generated TimeStampToken.
      Parameters:
      otherRevocationInfoFormat - the OID specifying the format of the otherRevocationInfo data.
      otherRevocationInfos - a Store of otherRevocationInfo data to add.

    • setResolution

      public void setResolution(int resolution)
      Set the resolution of the time stamp - R_SECONDS (the default), R_TENTH_OF_SECONDS, R_MICROSECONDS, R_MILLISECONDS
      Parameters:
      resolution - resolution of timestamps to be produced.

    • setLocale

      public void setLocale(Locale locale)
      Set a Locale for time creation - you may need to use this if the default locale doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
      Parameters:
      locale - a locale to use for converting system time into a GeneralizedTime.

    • setAccuracySeconds

      public void setAccuracySeconds(int accuracySeconds)

    • setAccuracyMillis

      public void setAccuracyMillis(int accuracyMillis)

    • setAccuracyMicros

      public void setAccuracyMicros(int accuracyMicros)

    • setOrdering

      public void setOrdering(boolean ordering)

    • setTSA

      public void setTSA(org.bouncycastle.asn1.x509.GeneralName tsa)

    • generate

      public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime) throws TSPException
      Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed in genTime.
      Parameters:
      request - the originating request.
      serialNumber - serial number for the TimeStampToken
      genTime - token generation time.
      Returns:
      a TimeStampToken
      Throws:
      TSPException

    • generate

      public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, org.bouncycastle.asn1.x509.Extensions additionalExtensions) throws TSPException
      Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed in genTime.
      Parameters:
      request - the originating request.
      serialNumber - serial number for the TimeStampToken
      genTime - token generation time.
      additionalExtensions - extra extensions to be added to the response token.
      Returns:
      a TimeStampToken
      Throws:
      TSPException