private SignatureValidationResult ResultForTimestamps(IList <TimestampVerificationResult> signatureTimestampsVerification, SignatureValidationResult levelReached)
{
if (signatureTimestampsVerification == null || !signatureTimestampsVerification.Any())
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
else
{
levelReached.SetStatus(ResultStatus.VALID, null);
foreach (TimestampVerificationResult result in signatureTimestampsVerification)
{
if (result.SameDigest.IsUndetermined)
{
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_OneTimestampDigestUndetermined");
}
else
{
if (result.SameDigest.IsInvalid)
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
break;
}
}
}
}
return(levelReached);
}
protected internal virtual SignatureLevelBES VerifyLevelBES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult signingCertRefVerification = new SignatureValidationResult();
if (signature.SigningCertificate != null)
{
signingCertRefVerification.SetStatus(ResultStatus.VALID, null);
}
else
{
signingCertRefVerification.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoSigningCeritificate");
}
SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx, externalContent);
SignatureValidationResult levelReached = new SignatureValidationResult(signingCertRefVerification.IsValid);
return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null));
}
catch (Exception)
{
return(new SignatureLevelBES(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, null));
}
}
protected internal virtual SignatureLevelXL VerifyLevelXL(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult();
everyNeededRevocationData.SetStatus(ResultStatus.VALID, null);
IList <X509Certificate> refs = signature.Certificates;
if (!refs.Any())
{
logger.Info("There is no certificate refs in the signature");
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateValue");
}
else
{
if (!EveryCertificateValueAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCertificateValues");
}
}
logger.Info("Every certificate found " + everyNeededCertAreInSignature);
int valueCount = 0;
IList <BasicOcspResp> ocspValues = signature.OCSPs;
if (ocspValues != null)
{
valueCount += ocspValues.Count;
if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPValues");
}
}
IList <X509Crl> crlValues = signature.CRLs;
if (crlValues != null)
{
valueCount += crlValues.Count;
if (!EveryCRLValueOrRefAreThere(ctx, crlValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLValues");
}
}
if (valueCount == 0)
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataValue");
}
levelReached.SetStatus((everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID) ?
ResultStatus.VALID : ResultStatus.INVALID, null);
return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
catch (Exception)
{
return(new SignatureLevelXL(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
public CertPathRevocationAnalysis(IValidationContext ctx, TrustedListInformation info)
{
summary = new SignatureValidationResult();
trustedListInformation = info;
if (ctx != null && ctx.NeededCertificates != null)
{
foreach (CertificateAndContext cert in ctx.NeededCertificates)
{
CertificateVerification verif = new CertificateVerification(cert, ctx);
certificatePathVerification.Add(verif);
}
}
summary.SetStatus(ResultStatus.VALID, null);
if (certificatePathVerification != null)
{
foreach (CertificateVerification verif in certificatePathVerification)
{
if (verif.Summary.IsInvalid)
{
summary.SetStatus(ResultStatus.INVALID, verif.Summary.Description ?? "$UI_Signatures_ValidationText_CertificateIsNotValid");
break;
}
if (verif.Summary.IsUndetermined)
{
summary.SetStatus(ResultStatus.UNDETERMINED, verif.Summary.Description ?? "$UI_Signatures_ValidationText_NoRevocationData");
}
}
}
if (trustedListInformation != null)
{
if (!trustedListInformation.IsServiceWasFound)
{
summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound");
}
}
else
{
summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound");
}
}
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
IList <TimestampVerificationResult> verifs = null;
try
{
IList <TimestampToken> timestamps = signature.ArchiveTimestamps;
verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent));
}
catch (IOException e)
{
logger.Error("Error verifyind level A " + e.Message);
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs));
}
catch (Exception)
{
return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null));
}
}
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
levelReached.SetStatus(ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.TimestampsX1;
if (timestampX1 != null && timestampX1.Any())
{
byte[] data = signature.TimestampX1Data;
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
}
IList <TimestampToken> timestampX2 = signature.TimestampsX2;
if (timestampX2 != null && timestampX2.Any())
{
byte[] data = signature.TimestampX2Data;
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
}
if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
protected internal virtual SignatureLevelC VerifyLevelC(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, bool rehashValues, ICAdESLogger logger)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
IList <CertificateRef> refs = signature.CertificateRefs;
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
if (refs == null || !refs.Any())
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateRef");
}
else
{
if (EveryCertificateRefAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
}
else
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededcertificateRef");
}
}
logger.Info("Every CertificateRef found " + everyNeededCertAreInSignature);
IList <OCSPRef> ocspRefs = signature.OCSPRefs;
IList <CRLRef> crlRefs = signature.CRLRefs;
int refCount = 0;
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(ResultStatus.VALID, null);
refCount += ocspRefs.Count;
refCount += crlRefs.Count;
SignatureValidationResult thereIsRevocationData = null;
SignatureValidationResult levelCReached = null;
if (rehashValues)
{
if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPRef");
}
if (!EveryCRLValueOrRefAreThere(ctx, crlRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLRef");
}
levelCReached = new SignatureValidationResult(
everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
else
{
thereIsRevocationData = new SignatureValidationResult();
if (refCount == 0)
{
thereIsRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataRefs");
}
else
{
thereIsRevocationData.SetStatus(ResultStatus.VALID, "$UI_Signatures_ValidationText_AtLeastOneRef");
}
levelCReached = new SignatureValidationResult(everyNeededCertAreInSignature.Status == ResultStatus.VALID && thereIsRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData));
}
}
catch (Exception)
{
return(new SignatureLevelC(
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")
));
}
}
