/// <summary>Build the validation context for the specific date</summary>
/// <param name="validationDate"></param>
/// <param name="optionalSource"></param>
/// <exception cref="System.IO.IOException"></exception>
public virtual void Validate(DateTime validationDate, CertificateSource optionalSource
, ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource)
{
int previousSize = revocationInfo.Count;
int previousVerified = VerifiedTokenCount();
SignedToken signedToken = GetOneNotYetVerifiedToken();
if (signedToken != null)
{
CertificateSource otherSource = optionalSource;
if (signedToken != null)
{
otherSource = new CompositeCertificateSource(signedToken.GetWrappedCertificateSource
(), optionalSource);
}
CertificateAndContext issuer = GetIssuerCertificate(signedToken, otherSource, validationDate
);
RevocationData data = null;
if (issuer == null)
{
LOG.Warn("Don't found any issuer for token " + signedToken);
data = new RevocationData(signedToken);
}
else
{
AddNotYetVerifiedToken(new CertificateToken(issuer));
if (issuer.GetCertificate().SubjectDN.Equals(issuer.GetCertificate
().IssuerDN))
{
SignedToken trustedToken = new CertificateToken(issuer);
RevocationData noNeedToValidate = new RevocationData();
// noNeedToValidate.setRevocationData(CertificateSourceType.TRUSTED_LIST);
Validate(trustedToken, noNeedToValidate);
}
if (issuer.GetCertificateSource() == CertificateSourceType.TRUSTED_LIST)
{
SignedToken trustedToken = new CertificateToken(issuer);
RevocationData noNeedToValidate = new RevocationData();
noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST);
Validate(trustedToken, noNeedToValidate);
}
if (signedToken is CertificateToken)
{
CertificateToken ct = (CertificateToken)signedToken;
CertificateStatus status = GetCertificateValidity(ct.GetCertificateAndContext(),
issuer, validationDate, optionalCRLSource, optionalOCPSSource);
data = new RevocationData(signedToken);
if (status != null)
{
data.SetRevocationData(status.StatusSource);
if (status.StatusSource is X509Crl)
{
AddNotYetVerifiedToken(new CRLToken((X509Crl)status.StatusSource));
}
else
{
if (status.StatusSource is BasicOcspResp)
{
AddNotYetVerifiedToken(new OCSPRespToken((BasicOcspResp)status.StatusSource));
}
}
}
else
{
LOG.Warn("No status for " + signedToken);
}
}
else
{
if (signedToken is CRLToken || signedToken is OCSPRespToken || signedToken is TimestampToken)
{
data = new RevocationData(signedToken);
data.SetRevocationData(issuer);
}
else
{
throw new RuntimeException("Not supported token type " + signedToken.GetType().Name
);
}
}
}
Validate(signedToken, data);
LOG.Info(this.ToString());
int newSize = revocationInfo.Count;
int newVerified = VerifiedTokenCount();
if (newSize != previousSize || newVerified != previousVerified)
{
Validate(validationDate, otherSource, optionalCRLSource, optionalOCPSSource);
}
}
}
/// <param name="signedToken"></param>
/// <param name="optionalSource"></param>
/// <param name="validationDate"></param>
/// <returns></returns>
/// <exception cref="System.IO.IOException">An error occurs when accessing the CertificateSource
/// </exception>
internal virtual CertificateAndContext GetIssuerCertificate(SignedToken signedToken
, CertificateSource optionalSource, DateTime validationDate)
{
if (signedToken.GetSignerSubjectName() == null)
{
return(null);
}
IList <CertificateAndContext> list = new CompositeCertificateSource(trustedListCertificatesSource
, optionalSource).GetCertificateBySubjectName(signedToken.GetSignerSubjectName()
);
if (list != null)
{
foreach (CertificateAndContext cert in list)
{
LOG.Info(cert.ToString());
if (validationDate != null)
{
try
{
cert.GetCertificate().CheckValidity(validationDate);
}
catch (CertificateExpiredException)
{
LOG.Info("Was expired");
continue;
}
catch (CertificateNotYetValidException)
{
LOG.Info("Was not yet valid");
continue;
}
if (cert.GetCertificateSource() == CertificateSourceType.TRUSTED_LIST && cert.GetContext
() != null)
{
ServiceInfo info = (ServiceInfo)cert.GetContext();
if (info.GetStatusStartingDateAtReferenceTime() != null && validationDate.CompareTo( //jbonilla Before
info.GetStatusStartingDateAtReferenceTime()) < 0)
{
LOG.Info("Was not valid in the TSL");
continue;
}
else
{
if (info.GetStatusEndingDateAtReferenceTime() != null && validationDate.CompareTo(info //jbonilla After
.GetStatusEndingDateAtReferenceTime()) > 0)
{
LOG.Info("Was not valid in the TSL");
continue;
}
}
}
}
if (signedToken.IsSignedBy(cert.GetCertificate()))
{
return(cert);
}
}
}
return(null);
}
