protected internal virtual SignatureLevelBES VerifyLevelBES(AdvancedSignature signature
, DateTime referenceTime, ValidationContext ctx)
{
try
{
Result signingCertRefVerification = new Result();
if (signature.GetSigningCertificate() != null)
{
signingCertRefVerification.SetStatus(Result.ResultStatus.VALID, null);
}
else
{
signingCertRefVerification.SetStatus(Result.ResultStatus.INVALID, "no.signing.certificate"
);
}
SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx
);
Result levelReached = new Result(signingCertRefVerification.IsValid());
return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification,
counterSigsVerif, null));
}
catch (Exception)
{
return(new SignatureLevelBES(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"
), null, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null
, null));
}
}
/// <summary>Main method for validating a signature</summary>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <returns>the report part pertaining to the signature</returns>
protected internal virtual SignatureInformation ValidateSignature(AdvancedSignature
signature, DateTime referenceTime)
{
if (signature.GetSigningCertificate() == null)
{
LOG.Error("There is no signing certificate");
return(null);
}
QCStatementInformation qcStatementInformation = VerifyQStatement(signature.GetSigningCertificate
());
SignatureVerification signatureVerification = new SignatureVerification(new Result
(signature.CheckIntegrity(this.ExternalContent)), signature.GetSignatureAlgorithm
());
try
{
ValidationContext ctx = CertificateVerifier.ValidateCertificate(signature.GetSigningCertificate
(), referenceTime, signature.GetCertificateSource(), signature.GetCRLSource(), signature
.GetOCSPSource());
TrustedListInformation info = new TrustedListInformation(ctx.GetRelevantServiceInfo
());
CertPathRevocationAnalysis path = new CertPathRevocationAnalysis(ctx, info);
SignatureLevelXL signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx);
SignatureLevelC signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL
!= null ? signatureLevelXL.GetLevelReached().IsValid() : false);
SignatureLevelAnalysis signatureLevelAnalysis = new SignatureLevelAnalysis(signature
, VerifyLevelBES(signature, referenceTime, ctx), VerifyLevelEPES(signature, referenceTime
, ctx), VerifyLevelT(signature, referenceTime, ctx), signatureLevelC, VerifyLevelX
(signature, referenceTime, ctx), signatureLevelXL, VerifyLevelA(signature, referenceTime
, ctx), VerifyLevelLTV(signature, referenceTime, ctx));
QualificationsVerification qualificationsVerification = VerifyQualificationsElement
(signature, referenceTime, ctx);
SignatureInformation signatureInformation = new SignatureInformation(signatureVerification
, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation
);
return(signatureInformation);
}
catch (IOException e)
{
throw new RuntimeException("Cannot read signature file", e);
}
}
/// <summary>The default constructor for SignatureLevelBES.</summary>
/// <remarks>The default constructor for SignatureLevelBES.</remarks>
/// <param name="name"></param>
/// <param name="signature"></param>
/// <param name="levelReached"></param>
public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result
signingCertificateVerification, SignatureVerification[] counterSignatureVerification
, IList <TimestampVerificationResult> timestampsVerification) : base(levelReached
)
{
this.signingCertRefVerification = signingCertificateVerification;
this.counterSignaturesVerification = counterSignatureVerification;
this.timestampsVerification = timestampsVerification;
if (signature != null)
{
certificates = signature.GetCertificates();
signingCertificate = signature.GetSigningCertificate();
signingTime = signature.GetSigningTime().Value;
location = signature.GetLocation();
claimedSignerRole = signature.GetClaimedSignerRoles();
contentType = signature.GetContentType();
}
}
/// <summary>The default constructor for SignatureLevelBES.</summary>
/// <remarks>The default constructor for SignatureLevelBES.</remarks>
/// <param name="name"></param>
/// <param name="signature"></param>
/// <param name="levelReached"></param>
public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result
signingCertificateVerification, SignatureVerification[] counterSignatureVerification
, IList<TimestampVerificationResult> timestampsVerification) : base(levelReached
)
{
this.signingCertRefVerification = signingCertificateVerification;
this.counterSignaturesVerification = counterSignatureVerification;
this.timestampsVerification = timestampsVerification;
if (signature != null)
{
certificates = signature.GetCertificates();
signingCertificate = signature.GetSigningCertificate();
signingTime = signature.GetSigningTime().Value;
location = signature.GetLocation();
claimedSignerRole = signature.GetClaimedSignerRoles();
contentType = signature.GetContentType();
}
}
protected internal virtual SignatureLevelXL VerifyLevelXL(AdvancedSignature signature
, DateTime referenceTime, ValidationContext ctx)
{
try
{
Result levelReached = new Result();
Result everyNeededCertAreInSignature = new Result();
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null);
Result everyNeededRevocationData = new Result();
everyNeededRevocationData.SetStatus(Result.ResultStatus.VALID, null);
IList <X509Certificate> refs = signature.GetCertificates();
if (refs.IsEmpty())
{
LOG.Info("There is no certificate refs in the signature");
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.value"
);
}
else
{
if (!EveryCertificateValueAreThere(ctx, refs, signature.GetSigningCertificate()))
{
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.value"
);
}
}
LOG.Info("Every certificate found " + everyNeededCertAreInSignature);
int valueCount = 0;
IList <BasicOcspResp> ocspValues = signature.GetOCSPs();
if (ocspValues != null)
{
valueCount += ocspValues.Count;
if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues))
{
everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.value"
);
}
}
IList <X509Crl> crlValues = signature.GetCRLs();
if (crlValues != null)
{
valueCount += crlValues.Count;
if (!EveryCRLValueOrRefAreThere(ctx, crlValues))
{
everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.value"
);
}
}
if (valueCount == 0)
{
everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.value"
);
}
levelReached.SetStatus((everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus
.VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID) ?
Result.ResultStatus.VALID : Result.ResultStatus.INVALID, null);
return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData
));
}
catch (Exception)
{
return(new SignatureLevelXL(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"
), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result
(Result.ResultStatus.INVALID, "exception.while.verifying")));
}
}
protected internal virtual SignatureLevelC VerifyLevelC(AdvancedSignature signature
, DateTime referenceTime, ValidationContext ctx, bool rehashValues)
{
try
{
IList <CertificateRef> refs = signature.GetCertificateRefs();
Result everyNeededCertAreInSignature = new Result();
if (refs == null || refs.IsEmpty())
{
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.ref"
);
}
else
{
if (EveryCertificateRefAreThere(ctx, refs, signature.GetSigningCertificate()))
{
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null);
}
else
{
everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.ref"
);
}
}
LOG.Info("Every CertificateRef found " + everyNeededCertAreInSignature);
IList <OCSPRef> ocspRefs = signature.GetOCSPRefs();
IList <CRLRef> crlRefs = signature.GetCRLRefs();
int refCount = 0;
Result everyNeededRevocationData = new Result(Result.ResultStatus.VALID, null);
refCount += ocspRefs.Count;
refCount += crlRefs.Count;
Result thereIsRevocationData = null;
Result levelCReached = null;
if (rehashValues)
{
if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs))
{
everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.ref"
);
}
if (!EveryCRLValueOrRefAreThere(ctx, crlRefs))
{
everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.ref"
);
}
levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus
.VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData
));
}
else
{
thereIsRevocationData = new Result();
if (refCount == 0)
{
thereIsRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.reference"
);
}
else
{
thereIsRevocationData.SetStatus(Result.ResultStatus.VALID, "at.least.one.reference"
);
}
levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus
.VALID && thereIsRevocationData.GetStatus() == Result.ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData
));
}
}
catch (Exception)
{
return(new SignatureLevelC(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"
), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result
(Result.ResultStatus.INVALID, "exception.while.verifying")));
}
}
