Back to index...

	/*
	* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.timestamp;

	import java.io.IOException;
	import sun.security.pkcs.PKCS7;
	import sun.security.util.Debug;
	import sun.security.util.DerValue;

	/**
	* This class provides the response corresponding to a timestamp request,
	* as defined in
	* <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>.
	*
	* The TimeStampResp ASN.1 type has the following definition:
	* <pre>
	*
	* TimeStampResp ::= SEQUENCE {
	* status PKIStatusInfo,
	* timeStampToken TimeStampToken OPTIONAL ]
	*
	* PKIStatusInfo ::= SEQUENCE {
	* status PKIStatus,
	* statusString PKIFreeText OPTIONAL,
	* failInfo PKIFailureInfo OPTIONAL }
	*
	* PKIStatus ::= INTEGER {
	* granted (0),
	* -- when the PKIStatus contains the value zero a TimeStampToken, as
	* -- requested, is present.
	* grantedWithMods (1),
	* -- when the PKIStatus contains the value one a TimeStampToken,
	* -- with modifications, is present.
	* rejection (2),
	* waiting (3),
	* revocationWarning (4),
	* -- this message contains a warning that a revocation is
	* -- imminent
	* revocationNotification (5)
	* -- notification that a revocation has occurred }
	*
	* PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
	* -- text encoded as UTF-8 String (note: each UTF8String SHOULD
	* -- include an RFC 1766 language tag to indicate the language
	* -- of the contained text)
	*
	* PKIFailureInfo ::= BIT STRING {
	* badAlg (0),
	* -- unrecognized or unsupported Algorithm Identifier
	* badRequest (2),
	* -- transaction not permitted or supported
	* badDataFormat (5),
	* -- the data submitted has the wrong format
	* timeNotAvailable (14),
	* -- the TSA's time source is not available
	* unacceptedPolicy (15),
	* -- the requested TSA policy is not supported by the TSA
	* unacceptedExtension (16),
	* -- the requested extension is not supported by the TSA
	* addInfoNotAvailable (17)
	* -- the additional information requested could not be understood
	* -- or is not available
	* systemFailure (25)
	* -- the request cannot be handled due to system failure }
	*
	* TimeStampToken ::= ContentInfo
	* -- contentType is id-signedData
	* -- content is SignedData
	* -- eContentType within SignedData is id-ct-TSTInfo
	* -- eContent within SignedData is TSTInfo
	*
	* </pre>
	*
	* @since 1.5
	* @author Vincent Ryan
	* @see Timestamper
	*/

	public class TSResponse {

	// Status codes (from RFC 3161)

	/**
	* The requested timestamp was granted.
	*/
	public static final int GRANTED = 0;

	/**
	* The requested timestamp was granted with some modifications.
	*/
	public static final int GRANTED_WITH_MODS = 1;

	/**
	* The requested timestamp was not granted.
	*/
	public static final int REJECTION = 2;

	/**
	* The requested timestamp has not yet been processed.
	*/
	public static final int WAITING = 3;

	/**
	* A warning that a certificate revocation is imminent.
	*/
	public static final int REVOCATION_WARNING = 4;

	/**
	* Notification that a certificate revocation has occurred.
	*/
	public static final int REVOCATION_NOTIFICATION = 5;

	// Failure codes (from RFC 3161)

	/**
	* Unrecognized or unsupported algorithm identifier.
	*/
	public static final int BAD_ALG = 0;

	/**
	* The requested transaction is not permitted or supported.
	*/
	public static final int BAD_REQUEST = 2;

	/**
	* The data submitted has the wrong format.
	*/
	public static final int BAD_DATA_FORMAT = 5;

	/**
	* The TSA's time source is not available.
	*/
	public static final int TIME_NOT_AVAILABLE = 14;

	/**
	* The requested TSA policy is not supported by the TSA.
	*/
	public static final int UNACCEPTED_POLICY = 15;

	/**
	* The requested extension is not supported by the TSA.
	*/
	public static final int UNACCEPTED_EXTENSION = 16;

	/**
	* The additional information requested could not be understood or is not
	* available.
	*/
	public static final int ADD_INFO_NOT_AVAILABLE = 17;

	/**
	* The request cannot be handled due to system failure.
	*/
	public static final int SYSTEM_FAILURE = 25;

	private static final Debug debug = Debug.getInstance("ts");

	private int status;

	private String[] statusString = null;

	private boolean[] failureInfo = null;

	private byte[] encodedTsToken = null;

	private PKCS7 tsToken = null;

	private TimestampToken tstInfo;

	/**
	* Constructs an object to store the response to a timestamp request.
	*
	* @param tsReply A buffer containing the ASN.1 BER encoded response.
	* @throws IOException The exception is thrown if a problem is encountered
	* parsing the timestamp response.
	*/
	TSResponse(byte[] tsReply) throws IOException {
	parse(tsReply);
	}

	/**
	* Retrieve the status code returned by the TSA.
	*/
	public int getStatusCode() {
	return status;
	}

	/**
	* Retrieve the status messages returned by the TSA.
	*
	* @return If null then no status messages were received.
	*/
	public String[] getStatusMessages() {
	return statusString;
	}

	/**
	* Retrieve the failure info returned by the TSA.
	*
	* @return the failure info, or null if no failure code was received.
	*/
	public boolean[] getFailureInfo() {
	return failureInfo;
	}

	public String getStatusCodeAsText() {

	switch (status) {
	case GRANTED:
	return "the timestamp request was granted.";

	case GRANTED_WITH_MODS:
	return
	"the timestamp request was granted with some modifications.";

	case REJECTION:
	return "the timestamp request was rejected.";

	case WAITING:
	return "the timestamp request has not yet been processed.";

	case REVOCATION_WARNING:
	return "warning: a certificate revocation is imminent.";

	case REVOCATION_NOTIFICATION:
	return "notification: a certificate revocation has occurred.";

	default:
	return ("unknown status code " + status + ".");
	}
	}

	private boolean isSet(int position) {
	return failureInfo[position];
	}

	public String getFailureCodeAsText() {

	if (failureInfo == null) {
	return "";
	}

	try {
	if (isSet(BAD_ALG))
	return "Unrecognized or unsupported algorithm identifier.";
	if (isSet(BAD_REQUEST))
	return "The requested transaction is not permitted or " +
	"supported.";
	if (isSet(BAD_DATA_FORMAT))
	return "The data submitted has the wrong format.";
	if (isSet(TIME_NOT_AVAILABLE))
	return "The TSA's time source is not available.";
	if (isSet(UNACCEPTED_POLICY))
	return "The requested TSA policy is not supported by the TSA.";
	if (isSet(UNACCEPTED_EXTENSION))
	return "The requested extension is not supported by the TSA.";
	if (isSet(ADD_INFO_NOT_AVAILABLE))
	return "The additional information requested could not be " +
	"understood or is not available.";
	if (isSet(SYSTEM_FAILURE))
	return "The request cannot be handled due to system failure.";
	} catch (ArrayIndexOutOfBoundsException ex) {}

	return ("unknown failure code");
	}

	/**
	* Retrieve the timestamp token returned by the TSA.
	*
	* @return If null then no token was received.
	*/
	public PKCS7 getToken() {
	return tsToken;
	}

	public TimestampToken getTimestampToken() {
	return tstInfo;
	}

	/**
	* Retrieve the ASN.1 BER encoded timestamp token returned by the TSA.
	*
	* @return If null then no token was received.
	*/
	public byte[] getEncodedToken() {
	return encodedTsToken;
	}

	/*
	* Parses the timestamp response.
	*
	* @param status A buffer containing the ASN.1 BER encoded response.
	* @throws IOException The exception is thrown if a problem is encountered
	* parsing the timestamp response.
	*/
	private void parse(byte[] tsReply) throws IOException {
	// Decode TimeStampResp

	DerValue derValue = new DerValue(tsReply);
	if (derValue.tag != DerValue.tag_Sequence) {
	throw new IOException("Bad encoding for timestamp response");
	}

	// Parse status

	DerValue statusInfo = derValue.data.getDerValue();
	this.status = statusInfo.data.getInteger();
	if (debug != null) {
	debug.println("timestamp response: status=" + this.status);
	}
	// Parse statusString, if present
	if (statusInfo.data.available() > 0) {
	byte tag = (byte)statusInfo.data.peekByte();
	if (tag == DerValue.tag_SequenceOf) {
	DerValue[] strings = statusInfo.data.getSequence(1);
	statusString = new String[strings.length];
	for (int i = 0; i < strings.length; i++) {
	statusString[i] = strings[i].getUTF8String();
	if (debug != null) {
	debug.println("timestamp response: statusString=" +
	statusString[i]);
	}
	}
	}
	}
	// Parse failInfo, if present
	if (statusInfo.data.available() > 0) {
	this.failureInfo
	= statusInfo.data.getUnalignedBitString().toBooleanArray();
	}

	// Parse timeStampToken, if present
	if (derValue.data.available() > 0) {
	DerValue timestampToken = derValue.data.getDerValue();
	encodedTsToken = timestampToken.toByteArray();
	tsToken = new PKCS7(encodedTsToken);
	tstInfo = new TimestampToken(tsToken.getContentInfo().getData());
	}

	// Check the format of the timestamp response
	if (this.status == 0 \|\| this.status == 1) {
	if (tsToken == null) {
	throw new TimestampException(
	"Bad encoding for timestamp response: " +
	"expected a timeStampToken element to be present");
	}
	} else if (tsToken != null) {
	throw new TimestampException(
	"Bad encoding for timestamp response: " +
	"expected no timeStampToken element to be present");
	}
	}

	static final class TimestampException extends IOException {
	@java.io.Serial
	private static final long serialVersionUID = -1631631794891940953L;

	TimestampException(String message) {
	super(message);
	}
	}
	}

Back to index...