/// <summary> /// For level -XL, every X509Crl values contained in the IValidationContext must be in the RevocationValues of the /// signature /// </summary> /// <param name="ctx"></param> /// <param name="refs"></param> /// <param name="signingCert"></param> /// <returns></returns> protected internal virtual bool EveryCRLValueOrRefAreThere <_T0>(IValidationContext ctx, IList <_T0> crlValuesOrRef, ICAdESLogger logger) { foreach (X509Crl crl in ctx.NeededCRL) { logger.Info("Looking for CRL ref issued by " + crl.IssuerDN); bool found = false; foreach (object valueOrRef in crlValuesOrRef) { if (valueOrRef is X509Crl) { X509Crl sigCRL = (X509Crl)valueOrRef; if (sigCRL.Equals(crl)) { found = true; break; } } if (valueOrRef is CRLRef) { CRLRef @ref = (CRLRef)valueOrRef; if (@ref.Match(crl)) { found = true; break; } } } logger.Info("Ref " + (found ? " found" : " not found")); if (!found) { return(false); } } return(true); }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate clientCert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate(); foreach (var crlEntry in crlList) { if (crlEntry.IssuerDN.Equivalent(issuerCert.SubjectDN) && crlEntry.NextUpdate.Value > DateTime.Now) { if (!crlEntry.IsRevoked(clientCert)) { if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string idCrlValue = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef crlRef = new CRLRef(); crlRef.CRLIdentifier.UriAttribute = "#" + idCrlValue; crlRef.CRLIdentifier.Issuer = issuer.Subject; crlRef.CRLIdentifier.IssueTime = crlEntry.ThisUpdate.ToLocalTime(); var crlNumber = GetCRLNumber(crlEntry); if (crlNumber.HasValue) { crlRef.CRLIdentifier.Number = crlNumber.Value; } byte[] crlEncoded = crlEntry.GetEncoded(); DigestUtil.SetCertDigest(crlEncoded, digestMethod, crlRef.CertDigest); CRLValue crlValue = new CRLValue { PkiData = crlEncoded, Id = idCrlValue }; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(crlRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(crlValue); } return(true); } else { throw new Exception("Certificate revoked"); } } } return(false); }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate cert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate(); foreach (X509Crl crl in crlList) { if (crl.IssuerDN.Equivalent(x509Certificate.SubjectDN) && crl.NextUpdate.Value > DateTime.Now) { if (crl.IsRevoked(cert)) { throw new Exception("Certificado revocado"); } if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string text = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef cRLRef = new CRLRef(); cRLRef.CRLIdentifier.UriAttribute = "#" + text; cRLRef.CRLIdentifier.Issuer = issuer.Subject; cRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate.ToLocalTime(); long?cRLNumber = GetCRLNumber(crl); if (cRLNumber.HasValue) { cRLRef.CRLIdentifier.Number = cRLNumber.Value; } byte[] encoded = crl.GetEncoded(); DigestUtil.SetCertDigest(encoded, digestMethod, cRLRef.CertDigest); CRLValue cRLValue = new CRLValue(); cRLValue.PkiData = encoded; cRLValue.Id = text; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(cRLRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(cRLValue); } return(true); } } return(false); }