Ejemplo n.º 1
0
 public static byte[] ComputeHashValue(byte[] value, FirmaXades.Crypto.DigestMethod digestMethod)
 {
     using (HashAlgorithm hashAlgorithm = digestMethod.GetHashAlgorithm())
     {
         return(hashAlgorithm.ComputeHash(value));
     }
 }
Ejemplo n.º 2
0
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            ValidationResult validationResult = new ValidationResult();

            try
            {
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch (Exception)
            {
                validationResult.IsValid = false;
                validationResult.Message = "La verificación de la firma no ha sido satisfactoria";
                return(validationResult);
            }
            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                TimeStamp      timeStamp             = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken timeStampToken        = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
                byte[]         messageImprintDigest  = timeStampToken.TimeStampInfo.GetMessageImprintDigest();
                FirmaXades.Crypto.DigestMethod byOid = FirmaXades.Crypto.DigestMethod.GetByOid(timeStampToken.TimeStampInfo.HashAlgorithm.ObjectID.Id);
                ArrayList arrayList = new ArrayList();
                arrayList.Add("ds:SignatureValue");
                byte[] b = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, arrayList), byOid);
                if (!Arrays.AreEqual(messageImprintDigest, b))
                {
                    validationResult.IsValid = false;
                    validationResult.Message = "La huella del sello de tiempo no se corresponde con la calculada";
                    return(validationResult);
                }
            }
            validationResult.IsValid = true;
            validationResult.Message = "Verificación de la firma satisfactoria";
            return(validationResult);
        }
Ejemplo n.º 3
0
 public static void SetCertDigest(byte[] rawCert, FirmaXades.Crypto.DigestMethod digestMethod, DigestAlgAndValueType destination)
 {
     using (HashAlgorithm hashAlgorithm = digestMethod.GetHashAlgorithm())
     {
         destination.DigestMethod.Algorithm = digestMethod.URI;
         destination.DigestValue            = hashAlgorithm.ComputeHash(rawCert);
     }
 }
Ejemplo n.º 4
0
        private void AddTSACertificates(UnsignedProperties unsignedProperties, IEnumerable <string> ocspServers, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod)
        {
            TimeStampToken          timeStampToken = new TimeStampToken(new CmsSignedData(unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0].EncapsulatedTimeStamp.PkiData));
            IX509Store              certificates   = timeStampToken.GetCertificates("Collection");
            SignerID                signerID       = timeStampToken.SignerID;
            List <X509Certificate2> list           = new List <X509Certificate2>();

            foreach (object match in certificates.GetMatches(null))
            {
                X509Certificate2 item = new X509Certificate2(((Org.BouncyCastle.X509.X509Certificate)match).GetEncoded());
                list.Add(item);
            }
            X509Certificate2 cert = DetermineStartCert(list);

            AddCertificate(cert, unsignedProperties, true, ocspServers, crlList, digestMethod, list.ToArray());
        }
Ejemplo n.º 5
0
        private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer, IEnumerable <string> ocspServers, FirmaXades.Crypto.DigestMethod digestMethod)
        {
            bool          byKey = false;
            List <string> list  = new List <string>();

            Org.BouncyCastle.X509.X509Certificate eeCert          = client.ToBouncyX509Certificate();
            Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate();
            OcspClient ocspClient = new OcspClient();
            string     authorityInformationAccessOcspUrl = ocspClient.GetAuthorityInformationAccessOcspUrl(x509Certificate);

            if (!string.IsNullOrEmpty(authorityInformationAccessOcspUrl))
            {
                list.Add(authorityInformationAccessOcspUrl);
            }
            foreach (string ocspServer in ocspServers)
            {
                list.Add(ocspServer);
            }
            foreach (string item in list)
            {
                byte[] array = ocspClient.QueryBinary(eeCert, x509Certificate, item);
                switch (ocspClient.ProcessOcspResponse(array))
                {
                case FirmaXades.Clients.CertificateStatus.Revoked:
                    throw new Exception("Certificado revocado");

                case FirmaXades.Clients.CertificateStatus.Good:
                {
                    OcspResp      ocspResp      = new OcspResp(array);
                    byte[]        encoded       = ocspResp.GetEncoded();
                    BasicOcspResp basicOcspResp = (BasicOcspResp)ocspResp.GetResponseObject();
                    string        str           = Guid.NewGuid().ToString();
                    OCSPRef       oCSPRef       = new OCSPRef();
                    oCSPRef.OCSPIdentifier.UriAttribute = "#OcspValue" + str;
                    DigestUtil.SetCertDigest(encoded, digestMethod, oCSPRef.CertDigest);
                    ResponderID responderId   = basicOcspResp.ResponderId.ToAsn1Object();
                    string      responderName = GetResponderName(responderId, ref byKey);
                    if (!byKey)
                    {
                        oCSPRef.OCSPIdentifier.ResponderID = RevertIssuerName(responderName);
                    }
                    else
                    {
                        oCSPRef.OCSPIdentifier.ResponderID = responderName;
                        oCSPRef.OCSPIdentifier.ByKey       = true;
                    }
                    oCSPRef.OCSPIdentifier.ProducedAt = basicOcspResp.ProducedAt.ToLocalTime();
                    unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(oCSPRef);
                    OCSPValue oCSPValue = new OCSPValue();
                    oCSPValue.PkiData = encoded;
                    oCSPValue.Id      = "OcspValue" + str;
                    unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(oCSPValue);
                    return((from cert in basicOcspResp.GetCerts()
                            select new X509Certificate2(cert.GetEncoded())).ToArray());
                }
                }
            }
            throw new Exception("El certificado no ha podido ser validado");
        }
Ejemplo n.º 6
0
 private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod)
 {
     Org.BouncyCastle.X509.X509Certificate cert            = certificate.ToBouncyX509Certificate();
     Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate();
     foreach (X509Crl crl in crlList)
     {
         if (crl.IssuerDN.Equivalent(x509Certificate.SubjectDN) && crl.NextUpdate.Value > DateTime.Now)
         {
             if (crl.IsRevoked(cert))
             {
                 throw new Exception("Certificado revocado");
             }
             if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject))
             {
                 string text   = "CRLValue-" + Guid.NewGuid().ToString();
                 CRLRef cRLRef = new CRLRef();
                 cRLRef.CRLIdentifier.UriAttribute = "#" + text;
                 cRLRef.CRLIdentifier.Issuer       = issuer.Subject;
                 cRLRef.CRLIdentifier.IssueTime    = crl.ThisUpdate.ToLocalTime();
                 long?cRLNumber = GetCRLNumber(crl);
                 if (cRLNumber.HasValue)
                 {
                     cRLRef.CRLIdentifier.Number = cRLNumber.Value;
                 }
                 byte[] encoded = crl.GetEncoded();
                 DigestUtil.SetCertDigest(encoded, digestMethod, cRLRef.CertDigest);
                 CRLValue cRLValue = new CRLValue();
                 cRLValue.PkiData = encoded;
                 cRLValue.Id      = text;
                 unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(cRLRef);
                 unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(cRLValue);
             }
             return(true);
         }
     }
     return(false);
 }
Ejemplo n.º 7
0
        private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, IEnumerable <string> ocspServers, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod, X509Certificate2[] extraCerts = null)
        {
            if (addCert)
            {
                if (CertificateChecked(cert, unsignedProperties))
                {
                    return;
                }
                string str   = Guid.NewGuid().ToString();
                Cert   cert2 = new Cert();
                cert2.IssuerSerial.X509IssuerName   = cert.IssuerName.Name;
                cert2.IssuerSerial.X509SerialNumber = cert.GetSerialNumberAsDecimalString();
                DigestUtil.SetCertDigest(cert.GetRawCertData(), digestMethod, cert2.CertDigest);
                cert2.URI = "#Cert" + str;
                unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(cert2);
                EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate();
                encapsulatedX509Certificate.Id      = "Cert" + str;
                encapsulatedX509Certificate.PkiData = cert.GetRawCertData();
                unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate);
            }
            X509ChainElementCollection chainElements = CertUtil.GetCertChain(cert, extraCerts).ChainElements;

            if (chainElements.Count > 1)
            {
                X509ChainElementEnumerator enumerator = chainElements.GetEnumerator();
                enumerator.MoveNext();
                enumerator.MoveNext();
                if (!ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate, crlList, digestMethod))
                {
                    X509Certificate2[] array = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate, ocspServers, digestMethod);
                    if (array != null)
                    {
                        X509Certificate2 x509Certificate = DetermineStartCert(new List <X509Certificate2>(array));
                        if (x509Certificate.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name)
                        {
                            X509Chain certChain = CertUtil.GetCertChain(x509Certificate, array);
                            AddCertificate(certChain.ChainElements[1].Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, array);
                        }
                    }
                }
                AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, extraCerts);
            }
        }