demo.cms.tsp
Class TimeStampListener

java.lang.Object
  iaik.cms.SDSEncodeListener
      demo.cms.tsp.TimeStampListener

public class TimeStampListener
extends iaik.cms.SDSEncodeListener

A simple SignedDataStream encode listener implementation allowing an application to add a SignatureTimeStampToken attribute to the SignerInfo of a SignedDataStream (during the encoding is performed).

Using an SignedDataStream encode listener for adding a SignatureTimeStampToken may be useful when having to time stamp the signature calculated from a large data volume. Since reading all the data into memory may cause an OutOfMemory problem, class SignedDataStream should to be used for creating/encoding the SignedData object and the SignatureTimeStampToken may be added by means of a SDSEncodeListener.

This SDSEncodeListener implements method afterComputeSignature to add a SignatureTimeStampToken attribute to the SignerInfo of a SignedDataStream object (Attention: This demo assumes that the SignedData contains only one single SignerInfo). When creating a TimeStampListener the HTTP URL of the Time Stamp Authority from which to get the TimeStamp has to be supplied (Attention: This demo only works for TSAs that can be accessed via http). This SDSEncodeListener implements method afterComputeSignature to connect to the specified TSA service to get a timestamp for the signature value of the single SignerInfo object. The TimeStampToken received from the TSA then is included as unsigned SignatureTimeStampToken attribute into the SignerInfo object. If there occurs an error during the TSP processing an exception is thrown, except the application has decided to finsih the SignedData creating/encoding procedure without including the SignatureTimeStampToken attribute (which then may be added later).

This SDSEncodeListener implementation is part of the CMS TimeStamp demo. Please look at TimeStampDemo for an usage example:

 // cretae a SignedDataStream object
 SignedDataStream signedData = ...;
 ...
 // add certificates and SignerInfo...
 ...
 // create and add a TimeStampListener to include a TimeStampToken to be obtained from the specified TSA
 String tsaUrl = "http://...";
 TimeStampListener tsl = new TimeStampListener(tsaUrl);
 // debug info goes to System.out
 tsl.setDebugStream(System.out);
 signedData.setSDSEncodeListener(tsl);   
 ...
 // encode the SignedData to some output stream
 OutputStream os = ...;
 signedData.writeTo(...);
 

See Also:

TimeStampDemo, SDSEncodeListener, SignedDataStream, SignerInfo, SignatureTimeStampToken

Field Summary

Fields inherited from class iaik.cms.SDSEncodeListener

digestAlgorithms_, outputStream_, report_

Constructor Summary

TimeStampListener(java.lang.String tsaUrl)
Creates a TimeStampListener for the given TSA url.

Method Summary

protected void	afterComputeSignature(iaik.cms.SignedDataStream signedData)
protected void	beforeComputeSignature(iaik.cms.SignedDataStream signedData) Does nothing.
iaik.tsp.TimeStampReq	getTimeStampRequest() Gets the TimeStampRequest.
iaik.tsp.TimeStampResp	getTimeStampResponse() Gets the TimeStampResponse.
iaik.tsp.TspException	getTspFailure() Returns a TspException, if has been thrown during TSP processing.
void	setDebugStream(java.io.OutputStream out) Sets the stream to which debug information shall be printed.
void	setStopOnTSPProcessingError(boolean stop) Decides whether SignedData creation shall be stopped and an exception shall be thrown if the TSA response is invalid, or if the SignedData should be finished without including a SignatureTimeStampToken attribute (which then may be added later).
void	setTimeStampResponse(iaik.tsp.TimeStampResp response) Sets the (already validated) TimeStamp response.
void	setTSAPolicyID(iaik.asn1.ObjectID tsaPolicyID) Sets the policyID of the TSA (if only some specific TSA (policy) shall be trusted).

Methods inherited from class iaik.cms.SDSEncodeListener

getDigestAlgorithms, getOutputStream, getReport, setDigestAlgorithms, setOutputStream

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TimeStampListener

public TimeStampListener(java.lang.String tsaUrl)

Creates a TimeStampListener for the given TSA url.

Parameters:

tsaUrl - the URL of the TimeStamp responder to which to connect to

Method Detail

setStopOnTSPProcessingError

public void setStopOnTSPProcessingError(boolean stop)

Decides whether SignedData creation shall be stopped and an exception shall be thrown if the TSA response is invalid, or if the SignedData should be finished without including a SignatureTimeStampToken attribute (which then may be added later).

Parameters:

stop - whether to stop processing if the TSA response is invalid or to continue without including a TimeStampToken attribute

setTSAPolicyID

public void setTSAPolicyID(iaik.asn1.ObjectID tsaPolicyID)

Sets the policyID of the TSA (if only some specific TSA (policy) shall be trusted). If the TSA policy ID is set by this method, it will be included in the TimeStamp request to indicate the TSA policy to be trusted. If the TSA sends back a different policy id in the response, the response will be rejected.

Parameters:

tsaPolicyID - the TSA policy id to be trusted

setTimeStampResponse

public void setTimeStampResponse(iaik.tsp.TimeStampResp response)

Sets the (already validated) TimeStamp response. If the response is set by this method its inherent TimeStampToken will be included as SignedData attribute. It no response is set, a TimeStamp request is created and sent to the TSA that has been specified when creating this TimeStampListener. The TimeStampToken of the response received from the TSA then is included as attribute into the SignedData message.

Parameters:

response - the (already validated) TimeStampResponse containing the TimeStampToken to be included as attribute into the SignedData message

getTimeStampResponse

public iaik.tsp.TimeStampResp getTimeStampResponse()

Gets the TimeStampResponse. After SignedDataStream.writeTo is finished, this method may be used to get the TimeStamp response received from the TSA.

Returns:

the TimeStampResponse

getTimeStampRequest

public iaik.tsp.TimeStampReq getTimeStampRequest()

Gets the TimeStampRequest. After SignedDataStream.writeTo is finished, this method may be used to get the TimeStamp request that has been created and sent to the TSA.

Returns:

the TimeStampRequest

getTspFailure

public iaik.tsp.TspException getTspFailure()

Returns a TspException, if has been thrown during TSP processing. If you have decided to finish the SignedData encoding (and not include a TimeStamp attribute) if an TSP processing error has been occured, you may use this method to query if the TSP processing has been completed successfully or not.

Returns:

an TspException indicating an error during TSP processing, or null if the TSP processing has completed successfully

beforeComputeSignature

protected void beforeComputeSignature(iaik.cms.SignedDataStream signedData)
                               throws iaik.cms.CMSException

Does nothing.

Specified by:

beforeComputeSignature in class iaik.cms.SDSEncodeListener

Throws:

iaik.cms.CMSException

afterComputeSignature

protected void afterComputeSignature(iaik.cms.SignedDataStream signedData)
                              throws iaik.cms.CMSException

Specified by:

afterComputeSignature in class iaik.cms.SDSEncodeListener

Parameters:

signedData - the SignedDataStream to which to add a SignatureTimeStampToken

Throws:

iaik.cms.CMSException - if the SignatureTimeStampToken cannot be added (e.g. because the SignerInfo to which to add the SignatureTimeStampToken cannot be verified, or an error occurs when connecting to the TSA, or parsing/verifying the response)

setDebugStream

public void setDebugStream(java.io.OutputStream out)

Sets the stream to which debug information shall be printed.

Parameters:

out - the stream to which debug information shall be written; maybe null for disabling debug output