USBKEY全解析---时间戳(java)

package org.liuy.bouncycastle;

import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import javax.security.auth.x500.X500PrivateCredential;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.liuy.security.cert.KeyStoreSeal;
import org.liuy.utils.SHA_MD;

/**
 * 实现创建 ，验证TSA
 * @author Liuy
 * @version 2010-08-20 
 * 
 */
public class BC_TSA {
        
    /**
     * 生成时间戳请求
     * sha1: sha1值
     * 
     */
    public static byte[] createTSAReq(byte[] sha1) 
    throws Exception
    {
            TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
         tsqGenerator.setCertReq(true);
         // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
         BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
         TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId(),sha1, nonce);

         byte[] requestBytes = request.getEncoded();
         return requestBytes;
    }
    
    /**
     * 创建B64 TSA信息
     * @param tsaReq 时间戳请求内容
     * @param privateKey  私钥
     * @param x509cert  证书
     * 
     */
    public static byte[] createTSA(byte[] tsaReq,PrivateKey privateKey,X509Certificate x509cert,Certificate[] chain) 
            throws Exception
    {
           TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(privateKey, x509cert, TSPAlgorithms.SHA1, "1.2");
            CertStore certsAndCRLs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(chain)), "BC");
            TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
            tsTokenGen.setCertificatesAndCRLs(certsAndCRLs);
            
            TimeStampRequest request=new TimeStampRequest(tsaReq);
            BigInteger nonce = request.getNonce();
            TimeStampResponse tsResp = tsRespGen.generate(request,nonce, new Date(), "BC");
            tsResp = new TimeStampResponse(tsResp.getEncoded());
            byte[] resp   = tsResp.getEncoded();
         return resp;
    }
    
    /**
     * 验证时间戳
     * @param tsa 时间戳
     * @param sha1  sha1值
     * @param x509cert  证书
     * @return 时间
     * 
     */
    public static String verifyTSA(byte[] tsa,byte[] sha1,X509Certificate x509cert) throws Exception
    {
            TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
            TimeStampResponse tsResponse = new TimeStampResponse(tsa);
            //获取一次性随机数
            TimeStampToken tok = tsResponse.getTimeStampToken();
            TimeStampTokenInfo  tstInfo = tok.getTimeStampInfo();
            BigInteger nonce=tstInfo.getNonce();
            TimeStampRequest  request = reqGen.generate(TSPAlgorithms.SHA1,sha1,nonce);          
            //验证请求  
            tsResponse.validate(request);
            TimeStampToken  tsToken = tsResponse.getTimeStampToken();
            //验证证书
            tsToken.validate(x509cert, "BC");
            DateFormat format= new SimpleDateFormat("yyyy-MM-dd HH：mm：ss");   
            String datetime=format.format(tsToken.getTimeStampInfo().getGenTime());
            return datetime;
    }
    
    public static void main(String[] args) throws Exception 
    {    
        String input="124";
             String tsaPath="F:\\TSA.pfx";
           X500PrivateCredential x500=KeyStoreSeal.getX500Private(tsaPath, "123456", "user");
           X509Certificate x509cert = x500.getCertificate();
           PrivateKey privateKey = x500.getPrivateKey();    
           Certificate[] chain = {x509cert};
           
           byte[] sha1=SHA_MD.encodeSHA1(input.getBytes()).toByteL();    
        //创建时间戳请求
        byte[] tsaReq=createTSAReq(sha1);
        //创建时间戳
        byte[] tsa=createTSA(tsaReq, privateKey, x509cert, chain);
        //验证时间戳
        String datetime=verifyTSA(tsa, sha1, x509cert);
        System.out.println(datetime);
                  
    }
    
}