-
Notifications
You must be signed in to change notification settings - Fork 1
/
Timestamping.cs
124 lines (102 loc) · 4.76 KB
/
Timestamping.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
using System;
using System.IO;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Text.Json.Serialization;
using System.Collections.Generic;
public static class Timestamping
{
private static readonly HttpClient HttpClient = new HttpClient();
private static readonly String RequestContentType = "application/timestamp-query";
private static readonly String ResponseContentType = "application/timestamp-reply";
private static readonly String TimestampAuthorityUrl = "https://freetsa.org/tsr";
/// <summary>
/// Requests a RFC3161 Timestamp from https://freetsa.org/tsr.
/// Timestamping works in accordance with RFC3161(https://www.ietf.org/rfc/rfc3161.txt). HTTP is used as the
/// transport protocol.
/// </summary>
/// <param name="hash">A string representation of a hash value</param>
/// <param name="hashAlgorithmName">The hashing algorithm used when generating <paramref name="hash"/></param>
/// <returns>An instance of Rfc3161TimestampToken</returns>
/// <exception cref="Exception"></exception>
public static Rfc3161TimestampToken RequestTimestampTokenForHash(byte[] hash, HashAlgorithmName hashAlgorithmName)
{
// A random nonce
byte[] nonce = GetNonce(20);
// Creating Rfc3161TimestampRequest instance, which will be used as the HTTP POST payload
Rfc3161TimestampRequest timestampRequest =
Rfc3161TimestampRequest.CreateFromHash(
hash,
hashAlgorithmName,
null,
nonce,
true);
// Construct HttpContent
byte[] timestampRequestBytes = timestampRequest.Encode();
using StreamContent streamContent = new StreamContent(new MemoryStream(timestampRequestBytes));
streamContent
.Headers
.ContentType = new MediaTypeHeaderValue(RequestContentType);
// Construct a HttpRequestMessage
using HttpRequestMessage httpRequestMessage = new HttpRequestMessage();
httpRequestMessage.RequestUri = new Uri(TimestampAuthorityUrl);
httpRequestMessage.Method = HttpMethod.Post;
httpRequestMessage.Content = streamContent;
// Send the request and wait for a response
using HttpResponseMessage httpResponseMessage = HttpClient.Send(httpRequestMessage);
MediaTypeHeaderValue contentType = httpRequestMessage.Content.Headers.ContentType;
if (httpResponseMessage.StatusCode != HttpStatusCode.OK)
throw new Exception($"Timestamp Server returned a {httpResponseMessage.StatusCode} response");
if (contentType is null)
throw new Exception("Content-Type of Response can't be null");
if (contentType.MediaType!.Equals(ResponseContentType))
throw new Exception($"Invalid response Content-Type: {contentType.MediaType}");
byte[] timestampResponseBytes = GetStreamBytes(httpResponseMessage.Content.ReadAsStream());
int bytesConsumed;
Rfc3161TimestampToken timestampToken =
timestampRequest.ProcessResponse(timestampResponseBytes, out bytesConsumed);
X509Certificate2? timestampAuthorityCertificate;
if (!timestampToken.VerifySignatureForHash(hash, hashAlgorithmName, out timestampAuthorityCertificate))
throw new Exception(
$"Timestamp could not be verified for hash({hashAlgorithmName.Name}: {CryptoUtils.BytesToHexString(hash)})");
return timestampToken;
}
/// <summary>
/// Reads the contents of <paramref name="stream"/> as an array of bytes.
/// </summary>
/// <param name="stream">Stream we are reading.</param>
/// <returns>An array of bytes representing the contents of the stream.</returns>
private static byte[] GetStreamBytes(Stream stream)
{
List<byte> bytes = new List<byte>();
using (stream)
{
while (true)
{
int b = stream.ReadByte();
if (b == -1) break;
bytes.Add((byte)b);
}
}
return bytes.ToArray();
}
/// <summary>
/// Generates a random nonce with a length of <paramref name="length"/>
/// </summary>
/// <param name="length">Length of the nonce (in bytes).</param>
/// <returns>Byte array representing the nonce value</returns>
private static byte[] GetNonce(int length)
{
byte[] outBytes = new byte[length];
using (RandomNumberGenerator randomNumberGenerator = RandomNumberGenerator.Create())
{
randomNumberGenerator.GetBytes(outBytes);
}
return outBytes;
}
}