public ValidationError ValidateSignatureProperties(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
if (!xmlDoc.SelectXmlNode("//ds:Signature/ds:Object/ds:SignatureProperties").AtrExists("Id"))
{
return(validationError.AppendErrorMessage("Element SignatureProperties does not contain Id atribute."));
}
XmlNode signatureVersion = xmlDoc.SelectXmlNode("//ds:Signature/ds:Object/ds:SignatureProperties/ds:SignatureProperty/xzep:SignatureVersion");
XmlNode productInfos = xmlDoc.SelectXmlNode("//ds:Signature/ds:Object/ds:SignatureProperties/ds:SignatureProperty/xzep:ProductInfos");
if (signatureVersion == null || productInfos == null)
{
return(validationError.AppendErrorMessage("Element SignatureVersion or ProductInfos missing in SignatureProperties."));
}
string signatureId = xmlDoc.SelectXmlNode("//ds:Signature")?.AtrValue("Id");
if (signatureVersion.ParentNode.AtrValue("Target")?.Substring(1) != signatureId || productInfos.ParentNode.AtrValue("Target")?.Substring(1) != signatureId)
{
return(validationError.AppendErrorMessage("obidva ds:SignatureProperty musia mať atribút Target nastavený na ds:Signature, -oba kontrola cez mriežku #signatureid"));
}
return(validationError);
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
X509Certificate signerCert = GetSignerCertificate(xmlDoc);
if (signerCert == null)
{
return(validationError.AppendErrorMessage("Timestamp signer certificate missing."));
}
if (!signerCert.IsValidNow)
{
return(validationError.AppendErrorMessage("Timestamp signer certificate is not valid to current date."));
}
X509CrlEntry crlEntry = CrlHelper.GetRevokedCertificateEntry(signerCert.SerialNumber);
if (crlEntry != null)
{
return(validationError.AppendErrorMessage("Timestamp signer certificate is revoked."));
}
return(validationError);
}
public ValidationError DigestValueVerificationHandler(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
if (!ValidationEnums.ReferenceTypeConstraints.Mappings.ContainsKey("ds:Manifest"))
{
return(validationError.AppendErrorMessage("Signature reference type was not found."));
}
var referenceType = ValidationEnums.ReferenceTypeConstraints.Mappings["ds:Manifest"];
var referencesNodes = xmlDoc.SelectXmlNodes($"//ds:Signature/ds:SignedInfo/ds:Reference[@Type='{referenceType}']");
foreach (XmlNode refNode in referencesNodes)
{
string uriTarget = refNode.AtrValue("URI")?.Substring(1);
var manifestNode = xmlDoc.SelectXmlNode($"//ds:Manifest[@Id='{uriTarget}']");
if (manifestNode == null)
{
return(validationError.AppendErrorMessage($"Couldnt find Manifest element with id : {uriTarget}."));
}
// Reference digest method
string digestAlgorithm = refNode.SelectXmlNode("//ds:DigestMethod")?.AtrValue("Algorithm");
if (!ValidationEnums.HashAlgorithms.SHAMappings.ContainsKey(digestAlgorithm))
{
return(validationError.AppendErrorMessage($"Invalid digest method algorithm : {digestAlgorithm}"));
}
var transformNodes = refNode.SelectXmlNodes("ds:Transforms/ds:Transform");
// Should be only one algorithm (Canonicalization - omit comments)
foreach (XmlNode transformNode in transformNodes)
{
string transformAlgorithm = transformNode.AtrValue("Algorithm");
if (transformAlgorithm != ValidationEnums.Canonicalization.CanonicalizationMethod)
{
return(validationError.AppendErrorMessage($"Invalid transform algorithm : {transformAlgorithm}"));
}
var outputArray = CanonicalizationHelper.CanonicalizeXmlDigest(manifestNode, ValidationEnums.HashAlgorithms.SHAMappings[digestAlgorithm]);
string digestOutputBase64String = Convert.ToBase64String(outputArray);
// Retrieve expected digest
string xmlDigestValueBase64String = refNode.SelectXmlNode("ds:DigestValue")?.InnerText;
if (digestOutputBase64String != xmlDigestValueBase64String)
{
return(validationError.AppendErrorMessage("Digest values do not match."));
}
}
}
return(validationError);
}
public ValidationError ValidateManifestReference(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
XmlNodeList manifestReferences = xmlDoc.SelectXmlNodes("//ds:Signature/ds:Object/ds:Manifest/ds:Reference");
foreach (XmlNode manifestRef in manifestReferences)
{
var refURI = manifestRef.AtrValue("URI")?.Substring(1);
XmlNode referencedObject = xmlDoc.SelectXmlNode($"ds:Object[@Id='{refURI}']");
if (referencedObject == null)
{
return(validationError.AppendErrorMessage("Referenced object does not exist"));
}
byte[] referencedElementByte = CanonicalizationHelper.CanonicalizeXml(referencedObject);
string refStr = Encoding.UTF8.GetString(referencedElementByte);
XmlNodeList transforms = manifestRef.SelectXmlNodes("ds:Transforms/ds:Transform");
string digestAlgo = manifestRef.SelectXmlNode("ds:DigestMethod")?.AtrValue("Algorithm");
string digestOutputBase64String = null;
foreach (XmlNode transformEle in transforms)
{
string transformAlgo = transformEle.AtrValue("Algorithm");
if (transformAlgo == ValidationEnums.Canonicalization.CanonicalizationMethod)
{
var hashAlgo = ValidationEnums.HashAlgorithms.SHAMappings[digestAlgo];
var outputArray = CanonicalizationHelper.CanonicalizeXmlDigest(referencedObject, hashAlgo);
digestOutputBase64String = Convert.ToBase64String(outputArray);
}
else if (transformAlgo == "http://www.w3.org/2000/09/xmldsig#base64")
{
digestOutputBase64String = Encoding.UTF8.GetString(Convert.FromBase64String(Encoding.UTF8.GetString(referencedElementByte)));
}
else
{
return(validationError.AppendErrorMessage($"Not supported transform algorithm : {transformAlgo}"));
}
string digestValue = manifestRef.SelectXmlNode("ds:DigestValue")?.InnerText;
if (digestValue != digestOutputBase64String)
{
return(validationError.AppendErrorMessage($"ds:DigestValue values do not match {digestValue} <-> {digestOutputBase64String}"));
}
else
{
;
}
}
}
return(validationError);
}
public ValidationError ValidateManifestElement(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
XmlNodeList manifests = xmlDoc.SelectXmlNodes("//ds:Signature/ds:Object/ds:Manifest");
foreach (XmlNode manifest in manifests)
{
// Manifest/references - count validation (must have one)
XmlNodeList manifestReferences = manifest.SelectXmlNodes("ds:Reference");
if (manifestReferences.Count != 1)
{
return(validationError.AppendErrorMessage("Overenie ds:Manifest elementov: každý ds:Manifest element musí obsahovať práve jednu referenciu na ds: Object"));
}
// Id validation
if (!manifest.AtrExists("Id"))
{
return(validationError.AppendErrorMessage("Overenie ds:Manifest elementov: každý ds:Manifest element musí mať Id atribút"));
}
// Manifest/reference/transforms/transform - Algorithm validation
XmlNodeList manifestTransforms = manifest.SelectXmlNodes("ds:Reference/ds:Transforms/ds:Transform");
foreach (XmlNode transform in manifestTransforms)
{
if (!ValidationEnums.ManifestTransformation.SupportedTransformations.Contains(transform.AtrValue("Algorithm")))
{
return(validationError.AppendErrorMessage($"Overenie ds:Manifest elementov: ds:Transforms musí byť z množiny podporovaných algoritmov pre daný element podľa profilu XAdES_ZEP. {transform.AtrValue("Algorithm")}"));
}
}
// Manifest/reference/digestMethod - Algoritm validation
XmlNodeList manifestDigestMethods = manifest.SelectXmlNodes("ds:Reference/ds:DigestMethod");
foreach (XmlNode digestMethod in manifestDigestMethods)
{
if (!ValidationEnums.HashAlgorithms.SHAMappings.ContainsKey(digestMethod.AtrValue("Algorithm")))
{
return(validationError.AppendErrorMessage("Overenie ds:Manifest elementov: ds:DigestMethod – musí obsahovať URI niektorého z podporovaných algoritmov podľa profilu XAdES_ZEP"));
}
}
// Manifest/reference - Type validation
XmlNode manifestReference = manifest.SelectXmlNode("ds:Reference");
if (manifestReference.AtrValue("Type") != "http://www.w3.org/2000/09/xmldsig#Object")
{
return(validationError.AppendErrorMessage("Overenie ds:Manifest elementov: overenie hodnoty Type atribútu voči profilu XAdES_ZEP"));
}
}
return(validationError);
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát"));
}
if (token == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token"));
}
// Check certificate validity against timestamp token time
try
{
certificate.CheckValidity(token.TimeStampInfo.GenTime);
}
catch (Exception ex)
{
return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message));
}
// Check certificate validity against crl
X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber);
if (entry == null)
{
return(validationError);
}
if (entry.RevocationDate < token.TimeStampInfo.GenTime)
{
return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala"));
}
return(validationError);
}
public ValidationError CheckZipcode(Address address)
{
ValidationError se = new ValidationError("");
if (string.IsNullOrEmpty(address.ZipCode))
{
se.AppendErrorMessage("The Zipcode Is Empty");
}
return(se);
}
public ValidationError CheckCountry(Address address)
{
ValidationError se = new ValidationError("");
if (string.IsNullOrEmpty(address.Country))
{
se.AppendErrorMessage("Select Your Country");
}
return(se);
}
public ValidationError CheckCity(Address address)
{
ValidationError se = new ValidationError("");
if (string.IsNullOrEmpty(address.City))
{
se.AppendErrorMessage("The Value City is Empty");
}
return(se);
}
public ValidationError ValidateSignatureValue(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
if (!xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue").AtrExists("Id"))
{
return(validationError.AppendErrorMessage("SignatureValue Id attribute missing or empty."));
}
return(validationError);
}
public ValidationError IsValidPhoneNumber(string strPhone)
{
ValidationError se = new ValidationError("");
string regExPattern = @"[0-9]{6}$";
if (!MatchStringFromRegex(strPhone, regExPattern))
{
se.AppendErrorMessage("Invalid phone number");
}
return(se);
}
public ValidationError CheckAddress(Address adress)
{
//todo should not be empty or invalid
ValidationError se = new ValidationError("");
if (string.IsNullOrEmpty(adress.Street))
{
se.AppendErrorMessage("The Address of the Company is empty");
}
return(se);
}
public ValidationError ValidateReferences(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
XmlNodeList signedInfoRefs = xmlDoc.SelectXmlNodes("//ds:Signature/ds:SignedInfo/ds:Reference");
foreach (XmlElement signedInfoRef in signedInfoRefs)
{
string refType = signedInfoRef.AtrValue("Type");
string refURI = signedInfoRef.AtrValue("URI")?.Substring(1);
XmlNode referencedEle = xmlDoc.SelectXmlNode($"//ds:Signature//*[@Id='{refURI}']");
if (referencedEle == null)
{
return(validationError.AppendErrorMessage($"Referenced with Id {refURI} does not exists."));
}
if (!ValidationEnums.ReferenceTypeConstraints.Mappings.Contains(new KeyValuePair <string, string>(referencedEle.Name, refType)))
{
return(validationError.AppendErrorMessage("Referenced not exists or type is not supported."));
}
}
/*
* if (xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:Reference[@Type='http://www.w3.org/2000/09/xmldsig#Object']") == null)
* {
* validationError.ErrorMessage = GetErrorMessage(MethodBase.GetCurrentMethod());
* }
* else if (xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:Reference[@Type='http://www.w3.org/2000/09/xmldsig#SignatureProperties']") == null)
* {
* validationError.ErrorMessage = GetErrorMessage(MethodBase.GetCurrentMethod());
* }
* else if (xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:Reference[@Type='http://uri.etsi.org/01903#SignedProperties']") == null)
* {
* validationError.ErrorMessage = GetErrorMessage(MethodBase.GetCurrentMethod());
* }*/
return(validationError);
}
public ValidationError ValidateSignature(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
var signatureNode = xmlDoc.SelectXmlNode("//ds:Signature");
if (signatureNode == null)
{
return(validationError.AppendErrorMessage("Missing signature element."));
}
if (!signatureNode.AtrExists("Id"))
{
return(validationError.AppendErrorMessage("Signature Id attribute missing or empty."));
}
else if (signatureNode.AtrValue("xmlns:ds") != "http://www.w3.org/2000/09/xmldsig#")
{
return(validationError.AppendErrorMessage("Signature xmlns:ds missing or not equal to http://www.w3.org/2000/09/xmldsig#"));
}
return(validationError);
}
public ValidationError CheckEmail(string email)
{
ValidationError se = new ValidationError("");
string expresion;
expresion = "\\w+([-+.']\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*";
if (!MatchStringFromRegex(email, expresion))
{
se.AppendErrorMessage("Invalid Email");
}
return(se);
}
public ValidationError CheckCpyName(string cpyName)
{
//todo should not be empty or duplicate
ValidationError se = new ValidationError("");
if (string.IsNullOrEmpty(cpyName))
{
se.AppendErrorMessage("The Name of the company is empty");
}
return(se);
}
public ValidationError ValidationHandler2(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
byte[] timesStampDigestArray = token.TimeStampInfo.GetMessageImprintDigest();
string hashAlgorithmId = token.TimeStampInfo.HashAlgorithm.Algorithm.Id;
var signatureEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue");
if (signatureEle == null)
{
return(validationError.AppendErrorMessage("Missing SignatureValue element."));
}
byte[] signatureValueByteArray = Convert.FromBase64String(signatureEle.InnerText);
var signatureMethodAlgorithm = xmlDoc.SelectXmlNode("//ds:SignedInfo/ds:SignatureMethod").AtrValue("Algorithm");
if (signatureMethodAlgorithm != "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
{
return(validationError.AppendErrorMessage($"Unknown SignatureMethod Algorithm {signatureMethodAlgorithm}."));
}
System.Security.Cryptography.HashAlgorithm hashAlgo = System.Security.Cryptography.SHA256Managed.Create();
var conputedSignatureByteArray = hashAlgo.ComputeHash(signatureValueByteArray);
if (!StructuralComparisons.StructuralEqualityComparer.Equals(conputedSignatureByteArray, timesStampDigestArray))
{
return(validationError.AppendErrorMessage("Missing SignatureValue element."));
}
return(validationError);
}
public ValidationError SignatureValueVerificationHandler(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
var signedInfoElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo");
var signatureMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:SignatureMethod");
var canonicalizationMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:CanonicalizationMethod");
var signatureValueElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue");
if (signatureValueElement == null)
{
return(validationError.AppendErrorMessage(nameof(signatureValueElement) + " missing"));
}
if (signatureMethodElement == null)
{
return(validationError.AppendErrorMessage(nameof(signatureMethodElement) + " missing"));
}
if (canonicalizationMethodElement == null)
{
return(validationError.AppendErrorMessage(nameof(canonicalizationMethodElement) + " missing"));
}
if (signedInfoElement == null)
{
return(validationError.AppendErrorMessage(nameof(signedInfoElement) + " missing"));
}
var certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("X509Certificate element is missing"));
}
var canMethod = canonicalizationMethodElement.AtrValue("Algorithm");
if (canMethod != ValidationEnums.Canonicalization.CanonicalizationMethod)
{
return(validationError.AppendErrorMessage($"Not supported cannonicalization method. {canMethod}"));
}
var digestBytes = CanonicalizationHelper.CanonicalizeXml(signedInfoElement);
string singnatureAlgorithm = signatureMethodElement.AtrValue("Algorithm");
if (!ValidationEnums.Cryptography.SupportedSignatureSchemasMappings.ContainsKey(singnatureAlgorithm))
{
return(validationError.AppendErrorMessage($"Not supported signing algorithm {singnatureAlgorithm}"));
}
var signingAlgo = ValidationEnums.Cryptography.SupportedSignatureSchemasMappings[singnatureAlgorithm];
AsymmetricKeyParameter publicKey = certificate.GetPublicKey();
ISigner signer = SignerUtilities.GetSigner(signingAlgo);
signer.Init(false, publicKey);
signer.BlockUpdate(digestBytes, 0, digestBytes.Length);
if (!signer.VerifySignature(Convert.FromBase64String(signatureValueElement.InnerText)))
{
return(validationError.AppendErrorMessage("Cannot verify signature with publick key."));
}
return(validationError);
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
var keyInfoEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo");
if (keyInfoEle == null || !keyInfoEle.AtrExists("Id"))
{
return(validationError.AppendErrorMessage("KeyInfo does not exists or missing Id attribute."));
}
// check x509
var x509Data = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo/ds:X509Data");
if (x509Data == null)
{
return(validationError.AppendErrorMessage("KeyInfo musí obsahovať element x509Data"));
}
if (x509Data.SelectXmlNode("ds:X509Certificate") == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element x509Certificate"));
}
X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
//check SubjectName
if (x509Data.SelectXmlNode("ds:X509SubjectName") == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element SubjectName"));
}
else
{
var X509SubjectName = x509Data.SelectXmlNode("ds:X509SubjectName");
if (X509SubjectName.InnerText != certificate.CertificateStructure.Subject.ToString())
{
return(validationError.AppendErrorMessage("X509SubjectName sa nezhoduje"));
}
}
//check IssuerSerial
if (x509Data.SelectXmlNode("ds:X509IssuerSerial") == null)
{
validationError.AppendErrorMessage("x509Data musí obsahovať element IssuerSerial");
}
else
{
var X509IssuerSerial = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509IssuerName");
X509Name xmlName = new X509Name(X509IssuerSerial.InnerText.Replace("S=", "ST="));
if (!xmlName.Equivalent(certificate.CertificateStructure.Issuer))
{
return(validationError.AppendErrorMessage("IssuerSerial sa nezhoduje"));
}
}
//check SerialNumber
var X509SerialNumber = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509SerialNumber");
if (X509SerialNumber == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element SerialNumber"));
}
else if (X509SerialNumber.InnerText != certificate.SerialNumber.ToString())
{
return(validationError.AppendErrorMessage("X509SerialNumber sa nezhoduje"));
}
return(validationError);
}
