使用PKIStatus值验证RFC 3161时间戳响应

我有一个SOAP请求,需要重新设计,因为SoapUI无法正确处理二进制响应.

我决定让它基于
Java.我发现
this非常有用,但不确定,代码片段的功能如何.我有

> DigestValue
> SignatureValue
> X509证书

在SOAP请求中定义,并且不确定如何转换这些信息以将请求发送到我的tsendpint.
我也尝试了TSAClientBouncyCastle,但不确定为什么我们需要登录凭据.我把那些田地留空了,但它一直都是完成的

TSAClientBouncyCastle@1f0e140b

信息.

我使用构造函数从Main调用TSAClientBouncyCastle类.

它是主要部分,它应该解码数据.

   // Get TSA response as a byte array
    InputStream inp = tsaConnection.getInputStream();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    byte[] buffer = new byte[1024];
    int bytesRead = 0;
    while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
        baos.write(buffer, 0, bytesRead);
    }
    byte[] respBytes = baos.toByteArray();

    String encoding = tsaConnection.getContentEncoding();
    if (encoding != null && encoding.equalsIgnoreCase("base64")) {
        respBytes = Base64.decode(new String(respBytes));
    }

最佳答案 时间戳管理局(TSA)生成证据表明在特定时间之前存在数据.它使用RFC3161中定义的协议和格式.

时间戳响应如下(见RFC3161-section 2.4.2):

TimeStampResp ::= SEQUENCE  {
  status                  PKIStatusInfo,
  timeStampToken          TimeStampToken     OPTIONAL  }

您可以使用BouncyCastle解析content-type application / timestamp-reply的响应以获取PKIStatusInfo

TimeStampResponse response = new TimeStampResponse(tsaInputStream);
int status = response.getStatus();

可能的值是

PKIStatus ::= INTEGER {
  granted                (0),
  -- when the PKIStatus contains the value zero a TimeStampToken, as
     requested, is present.
  grantedWithMods        (1),
   -- when the PKIStatus contains the value one a TimeStampToken,
     with modifications, is present.
  rejection              (2),
  waiting                (3),
  revocationWarning      (4),
   -- this message contains a warning that a revocation is
   -- imminent
  revocationNotification (5)
   -- notification that a revocation has occurred  }
点赞