diff options
-rw-r--r-- | crypto/src/tsp/TimeStampTokenGenerator.cs | 24 | ||||
-rw-r--r-- | crypto/test/src/tsp/test/TSPTest.cs | 56 |
2 files changed, 69 insertions, 11 deletions
diff --git a/crypto/src/tsp/TimeStampTokenGenerator.cs b/crypto/src/tsp/TimeStampTokenGenerator.cs index dad0db63b..4783c8772 100644 --- a/crypto/src/tsp/TimeStampTokenGenerator.cs +++ b/crypto/src/tsp/TimeStampTokenGenerator.cs @@ -3,6 +3,7 @@ using System.Collections; using System.IO; using System.Text; using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.Ess; using Org.BouncyCastle.Asn1.Oiw; @@ -31,7 +32,7 @@ namespace Org.BouncyCastle.Tsp private int accuracyMicros = -1; private bool ordering = false; private GeneralName tsa = null; - private String tsaPolicyOID; + private DerObjectIdentifier tsaPolicyOID; private IX509Store x509Certs; private IX509Store x509Crls; @@ -68,7 +69,7 @@ namespace Org.BouncyCastle.Tsp this.signerInfoGenerator = signerInfoGen; this.digestCalculator = digestCalculator; - this.tsaPolicyOID = tsaPolicy.Id; + this.tsaPolicyOID = tsaPolicy; if (signerInfoGenerator.certificate == null) { @@ -138,12 +139,8 @@ namespace Org.BouncyCastle.Tsp Asn1.Cms.AttributeTable unsignedAttr) : this( makeInfoGenerator(key, cert, digestOID, signedAttr, unsignedAttr), Asn1DigestFactory.Get(OiwObjectIdentifiers.IdSha1), - tsaPolicyOID != null?new DerObjectIdentifier(tsaPolicyOID):null, false) + tsaPolicyOID != null ? new DerObjectIdentifier(tsaPolicyOID):null, false) { - - this.tsaPolicyOID = tsaPolicyOID; - - } @@ -261,7 +258,7 @@ namespace Org.BouncyCastle.Tsp } - public TimeStampToken Generate( + public TimeStampToken Generate( TimeStampRequest request, BigInteger serialNumber, DateTime genTime, X509Extensions additionalExtensions) @@ -306,13 +303,17 @@ namespace Org.BouncyCastle.Tsp { nonce = new DerInteger(request.Nonce); } - - DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID); + + DerObjectIdentifier tsaPolicy = tsaPolicyOID; if (request.ReqPolicy != null) { tsaPolicy = new DerObjectIdentifier(request.ReqPolicy); } + if (tsaPolicy == null) + { + throw new TspValidationException("request contains no policy", PkiFailureInfo.UnacceptedPolicy); + } X509Extensions respExtensions = request.Extensions; if (additionalExtensions != null) @@ -344,7 +345,8 @@ namespace Org.BouncyCastle.Tsp if (resolution != Resolution.R_SECONDS) { generalizedTime = new DerGeneralizedTime(createGeneralizedTime(genTime)); - } else + } + else { generalizedTime = new DerGeneralizedTime(genTime); } diff --git a/crypto/test/src/tsp/test/TSPTest.cs b/crypto/test/src/tsp/test/TSPTest.cs index 968929b6d..4a4f2e28f 100644 --- a/crypto/test/src/tsp/test/TSPTest.cs +++ b/crypto/test/src/tsp/test/TSPTest.cs @@ -298,6 +298,62 @@ namespace Org.BouncyCastle.Tsp.Tests } [Test] + public void TestNullPolicy() + { + // null in request and token generator - should fail + TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( + privateKey, cert, TspAlgorithms.Sha1, null); + + tsTokenGen.SetCertificates(certs); + + TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); + + TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]); + + TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, null); + + TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow); + + tsResp = new TimeStampResponse(tsResp.GetEncoded()); + + TimeStampToken tsToken = tsResp.TimeStampToken; + + if (tsToken != null) + { + Assert.Fail("badPolicy - token not null."); + } + + PkiFailureInfo failInfo = tsResp.GetFailInfo(); + + if (failInfo == null) + { + Assert.Fail("badPolicy - failInfo set to null."); + } + + if (failInfo.IntValue != PkiFailureInfo.UnacceptedPolicy) + { + Assert.Fail("badPolicy - wrong failure info returned."); + } + + // request specifies policy, token generator doesn't - should work + reqGen = new TimeStampRequestGenerator(); + + reqGen.SetReqPolicy("1.1"); + + request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]); + + tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, null); + + tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(24), DateTime.UtcNow); + + tsResp = new TimeStampResponse(tsResp.GetEncoded()); + + tsToken = tsResp.TimeStampToken; + + Assert.AreEqual(tsToken.TimeStampInfo.Policy, "1.1"); // policy should be picked up off request + } + + [Test] public void TestCertReq() { TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( |