TimeStampTokenGenerator
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cms;
using Org.BouncyCastle.Asn1.Ess;
using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.Tsp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Cms;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.Utilities.Date;
using Org.BouncyCastle.X509;
using System;
using System.Collections.Generic;
using System.IO;
namespace Org.BouncyCastle.Tsp
{
    public class TimeStampTokenGenerator
    {
        private class TableGen : CmsAttributeTableGenerator
        {
            private readonly SignerInfoGenerator infoGen;
            private readonly EssCertID essCertID;
            internal TableGen(SignerInfoGenerator infoGen, EssCertID essCertID)
            {
                this.infoGen = infoGen;
                this.essCertID = essCertID;
            }
            public Org.BouncyCastle.Asn1.Cms.AttributeTable GetAttributes(IDictionary<CmsAttributeTableParameter, object> parameters)
            {
                Org.BouncyCastle.Asn1.Cms.AttributeTable attributes = infoGen.SignedAttributeTableGenerator.GetAttributes(parameters);
                if (attributes[PkcsObjectIdentifiers.IdAASigningCertificate] == null)
                    return attributes.Add(PkcsObjectIdentifiers.IdAASigningCertificate, new SigningCertificate(essCertID));
                return attributes;
            }
        }
        private class TableGen2 : CmsAttributeTableGenerator
        {
            private readonly SignerInfoGenerator infoGen;
            private readonly EssCertIDv2 essCertIDv2;
            internal TableGen2(SignerInfoGenerator infoGen, EssCertIDv2 essCertIDv2)
            {
                this.infoGen = infoGen;
                this.essCertIDv2 = essCertIDv2;
            }
            public Org.BouncyCastle.Asn1.Cms.AttributeTable GetAttributes(IDictionary<CmsAttributeTableParameter, object> parameters)
            {
                Org.BouncyCastle.Asn1.Cms.AttributeTable attributes = infoGen.SignedAttributeTableGenerator.GetAttributes(parameters);
                if (attributes[PkcsObjectIdentifiers.IdAASigningCertificateV2] == null)
                    return attributes.Add(PkcsObjectIdentifiers.IdAASigningCertificateV2, new SigningCertificateV2(essCertIDv2));
                return attributes;
            }
        }
        private int accuracySeconds = -1;
        private int accuracyMillis = -1;
        private int accuracyMicros = -1;
        private bool ordering;
        private GeneralName tsa;
        private DerObjectIdentifier m_tsaPolicyOid;
        private IStore<X509Certificate> x509Certs;
        private IStore<X509Crl> x509Crls;
        private IStore<X509V2AttributeCertificate> x509AttrCerts;
        private Dictionary<DerObjectIdentifier, IStore<Asn1Encodable>> otherRevoc = new Dictionary<DerObjectIdentifier, IStore<Asn1Encodable>>();
        private SignerInfoGenerator signerInfoGenerator;
        private Resolution resolution;
        public Resolution Resolution {
            get {
                return resolution;
            }
            set {
                resolution = value;
            }
        }
        public TimeStampTokenGenerator(AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID)
            : this(key, cert, digestOID, tsaPolicyOID, null, null)
        {
        }
        public TimeStampTokenGenerator(SignerInfoGenerator signerInfoGen, IDigestFactory digestCalculator, DerObjectIdentifier tsaPolicy, bool isIssuerSerialIncluded)
        {
            signerInfoGenerator = signerInfoGen;
            m_tsaPolicyOid = tsaPolicy;
            X509Certificate certificate = signerInfoGen.Certificate;
            if (certificate == null)
                throw new ArgumentException("SignerInfoGenerator must have an associated certificate");
            X509Certificate x509Certificate = certificate;
            TspUtil.ValidateCertificate(x509Certificate);
            AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier)digestCalculator.AlgorithmDetails;
            DerObjectIdentifier algorithm = algorithmIdentifier.Algorithm;
            try {
                DerOctetString certHash = DerOctetString.WithContents(Org.BouncyCastle.X509.X509Utilities.CalculateDigest(digestCalculator, x509Certificate.GetEncoded()));
                IssuerSerial issuerSerial = isIssuerSerialIncluded ? Org.BouncyCastle.X509.X509Utilities.CreateIssuerSerial(x509Certificate) : null;
                CmsAttributeTableGenerator signedGen;
                if (OiwObjectIdentifiers.IdSha1.Equals(algorithm))
                    signedGen = new TableGen(signerInfoGen, new EssCertID(certHash, issuerSerial));
                else {
                    algorithmIdentifier = new AlgorithmIdentifier(algorithm);
                    signedGen = new TableGen2(signerInfoGen, new EssCertIDv2(algorithmIdentifier, certHash, issuerSerial));
                }
                signerInfoGenerator = signerInfoGen.NewBuilder().WithSignedAttributeGenerator(signedGen).Build(signerInfoGen.SignatureFactory, signerInfoGen.Certificate);
            } catch (Exception innerException) {
                throw new TspException("Exception processing certificate", innerException);
            }
        }
        public TimeStampTokenGenerator(AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttr, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttr)
            : this(MakeInfoGenerator(key, cert, new DerObjectIdentifier(digestOID), signedAttr, unsignedAttr), Asn1DigestFactory.Get(OiwObjectIdentifiers.IdSha1), (tsaPolicyOID != null) ? new DerObjectIdentifier(tsaPolicyOID) : null, false)
        {
        }
        internal static SignerInfoGenerator MakeInfoGenerator(AsymmetricKeyParameter key, X509Certificate cert, DerObjectIdentifier digestOid, Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttr, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttr)
        {
            TspUtil.ValidateCertificate(cert);
            IDictionary<DerObjectIdentifier, object> attrs = (signedAttr == null) ? new Dictionary<DerObjectIdentifier, object>() : signedAttr.ToDictionary();
            string digestAlgName = CmsSignedHelper.GetDigestAlgName(digestOid);
            DerObjectIdentifier encOid = CmsSignedHelper.GetEncOid(key, digestOid.Id);
            Asn1SignatureFactory contentSigner = new Asn1SignatureFactory(digestAlgName + "with" + CmsSignedHelper.GetEncryptionAlgName(encOid), key);
            DefaultSignedAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator(new Org.BouncyCastle.Asn1.Cms.AttributeTable(attrs));
            SimpleAttributeTableGenerator unsignedGen = new SimpleAttributeTableGenerator(unsignedAttr);
            return new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedGen).WithUnsignedAttributeGenerator(unsignedGen).Build(contentSigner, cert);
        }
        public void SetAttributeCertificates(IStore<X509V2AttributeCertificate> attributeCertificates)
        {
            x509AttrCerts = attributeCertificates;
        }
        public void SetCertificates(IStore<X509Certificate> certificates)
        {
            x509Certs = certificates;
        }
        public void SetCrls(IStore<X509Crl> crls)
        {
            x509Crls = crls;
        }
        public void AddOtherRevocationInfos(DerObjectIdentifier otherRevInfoFormat, IStore<Asn1Encodable> otherRevInfoStore)
        {
            otherRevoc[otherRevInfoFormat] = otherRevInfoStore;
        }
        public void SetAccuracySeconds(int accuracySeconds)
        {
            this.accuracySeconds = accuracySeconds;
        }
        public void SetAccuracyMillis(int accuracyMillis)
        {
            this.accuracyMillis = accuracyMillis;
        }
        public void SetAccuracyMicros(int accuracyMicros)
        {
            this.accuracyMicros = accuracyMicros;
        }
        public void SetOrdering(bool ordering)
        {
            this.ordering = ordering;
        }
        public void SetTsa(GeneralName tsa)
        {
            this.tsa = tsa;
        }
        public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, DateTime genTime)
        {
            return Generate(request, serialNumber, genTime, null);
        }
        public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, DateTime genTime, X509Extensions additionalExtensions)
        {
            TimeStampReq timeStampReq = request.TimeStampReq;
            MessageImprint messageImprint = timeStampReq.MessageImprint;
            Accuracy accuracy = null;
            if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
                DerInteger seconds = null;
                if (accuracySeconds > 0)
                    seconds = new DerInteger(accuracySeconds);
                DerInteger millis = null;
                if (accuracyMillis > 0)
                    millis = new DerInteger(accuracyMillis);
                DerInteger micros = null;
                if (accuracyMicros > 0)
                    micros = new DerInteger(accuracyMicros);
                accuracy = new Accuracy(seconds, millis, micros);
            }
            DerBoolean derBoolean = null;
            if (ordering)
                derBoolean = DerBoolean.GetInstance(ordering);
            DerInteger nonce = timeStampReq.Nonce;
            object derObjectIdentifier = timeStampReq.ReqPolicy;
            if (derObjectIdentifier == null) {
                derObjectIdentifier = m_tsaPolicyOid;
                if (derObjectIdentifier == null)
                    throw new TspValidationException("request contains no policy", 256);
            }
            DerObjectIdentifier tsaPolicyId = (DerObjectIdentifier)derObjectIdentifier;
            X509Extensions x509Extensions = request.Extensions;
            if (additionalExtensions != null) {
                X509ExtensionsGenerator x509ExtensionsGenerator = new X509ExtensionsGenerator();
                if (x509Extensions != null) {
                    foreach (DerObjectIdentifier extensionOid in x509Extensions.ExtensionOids) {
                        x509ExtensionsGenerator.AddExtension(extensionOid, x509Extensions.GetExtension(extensionOid));
                    }
                }
                foreach (DerObjectIdentifier extensionOid2 in additionalExtensions.ExtensionOids) {
                    x509ExtensionsGenerator.AddExtension(extensionOid2, additionalExtensions.GetExtension(extensionOid2));
                }
                x509Extensions = x509ExtensionsGenerator.Generate();
            }
            DerGeneralizedTime genTime2 = new DerGeneralizedTime(WithResolution(genTime, resolution));
            TstInfo tstInfo = new TstInfo(tsaPolicyId, messageImprint, new DerInteger(serialNumber), genTime2, accuracy, derBoolean, nonce, tsa, x509Extensions);
            try {
                CmsSignedDataGenerator cmsSignedDataGenerator = new CmsSignedDataGenerator();
                byte[] derEncoded = tstInfo.GetDerEncoded();
                if (request.CertReq) {
                    cmsSignedDataGenerator.AddCertificates(x509Certs);
                    cmsSignedDataGenerator.AddAttributeCertificates(x509AttrCerts);
                }
                cmsSignedDataGenerator.AddCrls(x509Crls);
                foreach (KeyValuePair<DerObjectIdentifier, IStore<Asn1Encodable>> item in otherRevoc) {
                    cmsSignedDataGenerator.AddOtherRevocationInfos(item.Key, item.Value);
                }
                cmsSignedDataGenerator.AddSignerInfoGenerator(signerInfoGenerator);
                return new TimeStampToken(cmsSignedDataGenerator.Generate(PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncoded), true));
            } catch (CmsException innerException) {
                throw new TspException("Error generating time-stamp token", innerException);
            } catch (IOException innerException2) {
                throw new TspException("Exception encoding info", innerException2);
            }
        }
        private static DateTime WithResolution(DateTime dateTime, Resolution resolution)
        {
            switch (resolution) {
            case Resolution.R_SECONDS:
                return DateTimeUtilities.WithPrecisionSecond(dateTime);
            case Resolution.R_TENTHS_OF_SECONDS:
                return DateTimeUtilities.WithPrecisionDecisecond(dateTime);
            case Resolution.R_HUNDREDTHS_OF_SECONDS:
                return DateTimeUtilities.WithPrecisionCentisecond(dateTime);
            case Resolution.R_MILLISECONDS:
                return DateTimeUtilities.WithPrecisionMillisecond(dateTime);
            default:
                throw new ArgumentException("Invalid enum value", "resolution");
            }
        }
    }
}