문제

I am using Bouncy Castle to read response from Time Stamp server in .NET.Now i want to show time stamp server certificate to client, how can I read time stamp server certificate from response?

Thanks in advance.

도움이 되었습니까?

해결책

Relevant section of RFC 3161:

If the certReq field is present and set to true, the TSA's public key certificate that is referenced by the ESSCertID identifier inside a SigningCertificate attribute in the response MUST be provided by the TSA in the certificates field from the SignedData structure in that response. That field may also contain other certificates.

So, first of all, you need to make sure that certReq is true in the request. This is an option in the Org.BouncyCastle.Asn1.Tsp.TimeStampReq constructor.

Then, the response will contain the certificate, and since there may be other certificates in there too, you need to fish out the one that was used for the timestamp signature:

TimeStampResponse resp = ...;
TimeStampToken tsToken = resp.TimeStampToken;
IX509Store store = tsToken.GetCertificates("Collection");
SignerID signerID = tsToken.SignerID;
ICollection matches = store.GetMatches(signerID);

That 'matches' collection should have exactly one cert in it.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top