1/* 2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26package sun.security.timestamp; 27 28import java.io.IOException; 29import java.math.BigInteger; 30import java.security.MessageDigest; 31import java.security.NoSuchAlgorithmException; 32import java.security.cert.X509Extension; 33import sun.security.util.DerValue; 34import sun.security.util.DerOutputStream; 35import sun.security.util.ObjectIdentifier; 36import sun.security.x509.AlgorithmId; 37 38/** 39 * This class provides a timestamp request, as defined in 40 * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>. 41 * 42 * The TimeStampReq ASN.1 type has the following definition: 43 * <pre> 44 * 45 * TimeStampReq ::= SEQUENCE { 46 * version INTEGER { v1(1) }, 47 * messageImprint MessageImprint 48 * -- a hash algorithm OID and the hash value of the data to be 49 * -- time-stamped. 50 * reqPolicy TSAPolicyId OPTIONAL, 51 * nonce INTEGER OPTIONAL, 52 * certReq BOOLEAN DEFAULT FALSE, 53 * extensions [0] IMPLICIT Extensions OPTIONAL } 54 * 55 * MessageImprint ::= SEQUENCE { 56 * hashAlgorithm AlgorithmIdentifier, 57 * hashedMessage OCTET STRING } 58 * 59 * TSAPolicyId ::= OBJECT IDENTIFIER 60 * 61 * </pre> 62 * 63 * @since 1.5 64 * @author Vincent Ryan 65 * @see Timestamper 66 */ 67 68public class TSRequest { 69 70 private int version = 1; 71 72 private AlgorithmId hashAlgorithmId = null; 73 74 private byte[] hashValue; 75 76 private String policyId = null; 77 78 private BigInteger nonce = null; 79 80 private boolean returnCertificate = false; 81 82 private X509Extension[] extensions = null; 83 84 /** 85 * Constructs a timestamp request for the supplied data. 86 * 87 * @param toBeTimeStamped The data to be timestamped. 88 * @param messageDigest The MessageDigest of the hash algorithm to use. 89 * @throws NoSuchAlgorithmException if the hash algorithm is not supported 90 */ 91 public TSRequest(String tSAPolicyID, byte[] toBeTimeStamped, MessageDigest messageDigest) 92 throws NoSuchAlgorithmException { 93 94 this.policyId = tSAPolicyID; 95 this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm()); 96 this.hashValue = messageDigest.digest(toBeTimeStamped); 97 } 98 99 public byte[] getHashedMessage() { 100 return hashValue.clone(); 101 } 102 103 /** 104 * Sets the Time-Stamp Protocol version. 105 * 106 * @param version The TSP version. 107 */ 108 public void setVersion(int version) { 109 this.version = version; 110 } 111 112 /** 113 * Sets an object identifier for the Time-Stamp Protocol policy. 114 * 115 * @param policyId The policy object identifier. 116 */ 117 public void setPolicyId(String policyId) { 118 this.policyId = policyId; 119 } 120 121 /** 122 * Sets a nonce. 123 * A nonce is a single-use random number. 124 * 125 * @param nonce The nonce value. 126 */ 127 public void setNonce(BigInteger nonce) { 128 this.nonce = nonce; 129 } 130 131 /** 132 * Request that the TSA include its signing certificate in the response. 133 * 134 * @param returnCertificate True if the TSA should return its signing 135 * certificate. By default it is not returned. 136 */ 137 public void requestCertificate(boolean returnCertificate) { 138 this.returnCertificate = returnCertificate; 139 } 140 141 /** 142 * Sets the Time-Stamp Protocol extensions. 143 * 144 * @param extensions The protocol extensions. 145 */ 146 public void setExtensions(X509Extension[] extensions) { 147 this.extensions = extensions; 148 } 149 150 public byte[] encode() throws IOException { 151 152 DerOutputStream request = new DerOutputStream(); 153 154 // encode version 155 request.putInteger(version); 156 157 // encode messageImprint 158 DerOutputStream messageImprint = new DerOutputStream(); 159 hashAlgorithmId.encode(messageImprint); 160 messageImprint.putOctetString(hashValue); 161 request.write(DerValue.tag_Sequence, messageImprint); 162 163 // encode optional elements 164 165 if (policyId != null) { 166 request.putOID(new ObjectIdentifier(policyId)); 167 } 168 if (nonce != null) { 169 request.putInteger(nonce); 170 } 171 if (returnCertificate) { 172 request.putBoolean(true); 173 } 174 175 DerOutputStream out = new DerOutputStream(); 176 out.write(DerValue.tag_Sequence, request); 177 return out.toByteArray(); 178 } 179} 180