in jvm/src/main/kotlin/com/jetbrains/signatureverifier/bouncycastle/tsp/TimeStampToken.kt [117:165]
fun validate(
sigVerifier: SignerInformationVerifier
) {
require(sigVerifier.hasAssociatedCertificate()) { "verifier provider needs an associated certificate" }
try {
val certHolder = sigVerifier.associatedCertificate
val calc = sigVerifier.getDigestCalculator(certID.hashAlgorithm)
val cOut = calc.outputStream
cOut.write(certHolder.encoded)
cOut.close()
if (!Arrays.constantTimeAreEqual(certID.certHash, calc.digest)) {
throw TSPValidationException("certificate hash does not match certID hash.")
}
if (certID.issuerSerial != null) {
val issuerSerial = IssuerAndSerialNumber(certHolder.toASN1Structure())
if (!certID.issuerSerial!!.getSerial().equals(issuerSerial.serialNumber)) {
throw TSPValidationException("certificate serial number does not match certID for signature.")
}
val names: Array<GeneralName> = certID.issuerSerial!!.getIssuer().getNames()
var found = false
for (i in names.indices) {
if (names[i].tagNo == 4 && X500Name.getInstance(names[i].name) == X500Name.getInstance(issuerSerial.name)) {
found = true
break
}
}
if (!found) {
throw TSPValidationException("certificate name does not match certID for signature. ")
}
}
validateCertificate(certHolder)
if (!certHolder.isValidOn(timeStampInfo.genTime)) {
throw TSPValidationException("certificate not valid when time stamp created.")
}
if (!tsaSignerInfo.verify(sigVerifier)) {
throw TSPValidationException("signature not created by certificate.")
}
} catch (e: CMSException) {
if (e.underlyingException != null) {
throw TSPException(e.message, e.underlyingException)
} else {
throw TSPException("CMS exception: $e", e)
}
} catch (e: IOException) {
throw TSPException("problem processing certificate: $e", e)
} catch (e: OperatorCreationException) {
throw TSPException("unable to create digest: " + e.message, e)
}
}