Question

I am using Bouncy Castle to read response from Time Stamp server in .NET.Now i want to show time stamp server certificate to client, how can I read time stamp server certificate from response?

Thanks in advance.

Was it helpful?

Solution

Relevant section of RFC 3161:

If the certReq field is present and set to true, the TSA's public key certificate that is referenced by the ESSCertID identifier inside a SigningCertificate attribute in the response MUST be provided by the TSA in the certificates field from the SignedData structure in that response. That field may also contain other certificates.

So, first of all, you need to make sure that certReq is true in the request. This is an option in the Org.BouncyCastle.Asn1.Tsp.TimeStampReq constructor.

Then, the response will contain the certificate, and since there may be other certificates in there too, you need to fish out the one that was used for the timestamp signature:

TimeStampResponse resp = ...;
TimeStampToken tsToken = resp.TimeStampToken;
IX509Store store = tsToken.GetCertificates("Collection");
SignerID signerID = tsToken.SignerID;
ICollection matches = store.GetMatches(signerID);

That 'matches' collection should have exactly one cert in it.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top