protected internal byte[] GetTimeStampToken(byte[] imprint) {
byte[] respBytes = null;
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount);
TimeStampRequest request = tsqGenerator.Generate(X509ObjectIdentifiers.IdSha1.Id, imprint, nonce);
byte[] requestBytes = request.GetEncoded();
// Call the communications layer
respBytes = GetTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.Validate(request);
PkiFailureInfo failure = response.GetFailInfo();
int value = (failure == null) ? 0 : failure.IntValue;
if (value != 0) {
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.TimeStampToken;
if (tsToken == null) {
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.GetStatusString());
}
TimeStampTokenInfo info = tsToken.TimeStampInfo; // to view details
byte[] encoded = tsToken.GetEncoded();
// Update our token size estimate for the next call (padded to be safe)
this.tokSzEstimate = encoded.Length + 32;
return encoded;
}