/// <summary>
/// For level -XL, every X509Crl values contained in the IValidationContext must be in the RevocationValues of the
/// signature
/// </summary>
/// <param name="ctx"></param>
/// <param name="refs"></param>
/// <param name="signingCert"></param>
/// <returns></returns>
protected internal virtual bool EveryCRLValueOrRefAreThere <_T0>(IValidationContext ctx, IList <_T0> crlValuesOrRef, ICAdESLogger logger)
{
foreach (X509Crl crl in ctx.NeededCRL)
{
logger.Info("Looking for CRL ref issued by " + crl.IssuerDN);
bool found = false;
foreach (object valueOrRef in crlValuesOrRef)
{
if (valueOrRef is X509Crl)
{
X509Crl sigCRL = (X509Crl)valueOrRef;
if (sigCRL.Equals(crl))
{
found = true;
break;
}
}
if (valueOrRef is CRLRef)
{
CRLRef @ref = (CRLRef)valueOrRef;
if (@ref.Match(crl))
{
found = true;
break;
}
}
}
logger.Info("Ref " + (found ? " found" : " not found"));
if (!found)
{
return(false);
}
}
return(true);
}
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer,
IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod)
{
Org.BouncyCastle.X509.X509Certificate clientCert = certificate.ToBouncyX509Certificate();
Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate();
foreach (var crlEntry in crlList)
{
if (crlEntry.IssuerDN.Equivalent(issuerCert.SubjectDN) && crlEntry.NextUpdate.Value > DateTime.Now)
{
if (!crlEntry.IsRevoked(clientCert))
{
if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection,
issuer.Subject))
{
string idCrlValue = "CRLValue-" + Guid.NewGuid().ToString();
CRLRef crlRef = new CRLRef();
crlRef.CRLIdentifier.UriAttribute = "#" + idCrlValue;
crlRef.CRLIdentifier.Issuer = issuer.Subject;
crlRef.CRLIdentifier.IssueTime = crlEntry.ThisUpdate.ToLocalTime();
var crlNumber = GetCRLNumber(crlEntry);
if (crlNumber.HasValue)
{
crlRef.CRLIdentifier.Number = crlNumber.Value;
}
byte[] crlEncoded = crlEntry.GetEncoded();
DigestUtil.SetCertDigest(crlEncoded, digestMethod, crlRef.CertDigest);
CRLValue crlValue = new CRLValue
{
PkiData = crlEncoded,
Id = idCrlValue
};
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(crlRef);
unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(crlValue);
}
return(true);
}
else
{
throw new Exception("Certificate revoked");
}
}
}
return(false);
}
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod)
{
Org.BouncyCastle.X509.X509Certificate cert = certificate.ToBouncyX509Certificate();
Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate();
foreach (X509Crl crl in crlList)
{
if (crl.IssuerDN.Equivalent(x509Certificate.SubjectDN) && crl.NextUpdate.Value > DateTime.Now)
{
if (crl.IsRevoked(cert))
{
throw new Exception("Certificado revocado");
}
if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject))
{
string text = "CRLValue-" + Guid.NewGuid().ToString();
CRLRef cRLRef = new CRLRef();
cRLRef.CRLIdentifier.UriAttribute = "#" + text;
cRLRef.CRLIdentifier.Issuer = issuer.Subject;
cRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate.ToLocalTime();
long?cRLNumber = GetCRLNumber(crl);
if (cRLNumber.HasValue)
{
cRLRef.CRLIdentifier.Number = cRLNumber.Value;
}
byte[] encoded = crl.GetEncoded();
DigestUtil.SetCertDigest(encoded, digestMethod, cRLRef.CertDigest);
CRLValue cRLValue = new CRLValue();
cRLValue.PkiData = encoded;
cRLValue.Id = text;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(cRLRef);
unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(cRLValue);
}
return(true);
}
}
return(false);
}
