package org.liuy.bouncycastle;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import javax.security.auth.x500.X500PrivateCredential;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.liuy.security.cert.KeyStoreSeal;
import org.liuy.utils.SHA_MD;
/**
* 实现创建 ,验证TSA
* @author Liuy
* @version 2010-08-20
*
*/
public class BC_TSA {
/**
* 生成时间戳请求
* sha1: sha1值
*
*/
public static byte[] createTSAReq(byte[] sha1)
throws Exception
{
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId(),sha1, nonce);
byte[] requestBytes = request.getEncoded();
return requestBytes;
}
/**
* 创建B64 TSA信息
* @param tsaReq 时间戳请求内容
* @param privateKey 私钥
* @param x509cert 证书
*
*/
public static byte[] createTSA(byte[] tsaReq,PrivateKey privateKey,X509Certificate x509cert,Certificate[] chain)
throws Exception
{
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(privateKey, x509cert, TSPAlgorithms.SHA1, "1.2");
CertStore certsAndCRLs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(chain)), "BC");
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
tsTokenGen.setCertificatesAndCRLs(certsAndCRLs);
TimeStampRequest request=new TimeStampRequest(tsaReq);
BigInteger nonce = request.getNonce();
TimeStampResponse tsResp = tsRespGen.generate(request,nonce, new Date(), "BC");
tsResp = new TimeStampResponse(tsResp.getEncoded());
byte[] resp = tsResp.getEncoded();
return resp;
}
/**
* 验证时间戳
* @param tsa 时间戳
* @param sha1 sha1值
* @param x509cert 证书
* @return 时间
*
*/
public static String verifyTSA(byte[] tsa,byte[] sha1,X509Certificate x509cert) throws Exception
{
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampResponse tsResponse = new TimeStampResponse(tsa);
//获取一次性随机数
TimeStampToken tok = tsResponse.getTimeStampToken();
TimeStampTokenInfo tstInfo = tok.getTimeStampInfo();
BigInteger nonce=tstInfo.getNonce();
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1,sha1,nonce);
//验证请求
tsResponse.validate(request);
TimeStampToken tsToken = tsResponse.getTimeStampToken();
//验证证书
tsToken.validate(x509cert, "BC");
DateFormat format= new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String datetime=format.format(tsToken.getTimeStampInfo().getGenTime());
return datetime;
}
public static void main(String[] args) throws Exception
{
String input="124";
String tsaPath="F:\\TSA.pfx";
X500PrivateCredential x500=KeyStoreSeal.getX500Private(tsaPath, "123456", "user");
X509Certificate x509cert = x500.getCertificate();
PrivateKey privateKey = x500.getPrivateKey();
Certificate[] chain = {x509cert};
byte[] sha1=SHA_MD.encodeSHA1(input.getBytes()).toByteL();
//创建时间戳请求
byte[] tsaReq=createTSAReq(sha1);
//创建时间戳
byte[] tsa=createTSA(tsaReq, privateKey, x509cert, chain);
//验证时间戳
String datetime=verifyTSA(tsa, sha1, x509cert);
System.out.println(datetime);
}
}