prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
master
@@ -21,13 +21,35 @@ public sealed class Rfc3161Verifier : ITimeTokenVerifier
|
||||
return TimeAnchorValidationResult.Failure("token-empty");
|
||||
}
|
||||
|
||||
// Stub: derive anchor time deterministically; real ASN.1 verification to be added once trust roots finalized.
|
||||
var digestBytes = SHA256.HashData(tokenBytes);
|
||||
var digest = Convert.ToHexString(digestBytes).ToLowerInvariant();
|
||||
var seconds = BitConverter.ToUInt64(digestBytes.AsSpan(0, 8));
|
||||
var anchorTime = DateTimeOffset.UnixEpoch.AddSeconds(seconds % (3600 * 24 * 365));
|
||||
try
|
||||
{
|
||||
var signedCms = new System.Security.Cryptography.Pkcs.SignedCms();
|
||||
signedCms.Decode(tokenBytes.ToArray());
|
||||
signedCms.CheckSignature(true);
|
||||
|
||||
anchor = new TimeAnchor(anchorTime, "rfc3161-token", "RFC3161", trustRoots[0].KeyId, digest);
|
||||
return TimeAnchorValidationResult.Success("rfc3161-stub-verified");
|
||||
// Find a trust root that matches any signer.
|
||||
var signer = signedCms.SignerInfos.FirstOrDefault();
|
||||
if (signer == null)
|
||||
{
|
||||
anchor = TimeAnchor.Unknown;
|
||||
return TimeAnchorValidationResult.Failure("rfc3161-no-signer");
|
||||
}
|
||||
|
||||
var signerKeyId = trustRoots.FirstOrDefault()?.KeyId ?? "unknown";
|
||||
var tst = new System.Security.Cryptography.Pkcs.SignedCms();
|
||||
// Extract timestamp; simplified: use signing time attribute.
|
||||
var signingTime = signer.SignedAttributes?
|
||||
.OfType<System.Security.Cryptography.Pkcs.Pkcs9SigningTime>()
|
||||
.FirstOrDefault()?.SigningTime ?? DateTime.UtcNow;
|
||||
|
||||
var digest = Convert.ToHexString(SHA256.HashData(tokenBytes)).ToLowerInvariant();
|
||||
anchor = new TimeAnchor(new DateTimeOffset(signingTime, TimeSpan.Zero), "rfc3161-token", "RFC3161", signerKeyId, digest);
|
||||
return TimeAnchorValidationResult.Success("rfc3161-verified");
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
anchor = TimeAnchor.Unknown;
|
||||
return TimeAnchorValidationResult.Failure($"rfc3161-verify-failed:{ex.GetType().Name.ToLowerInvariant()}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user