Example #1
0
 private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, IValidationContext ctx, IAdvancedSignature signature)
 {
     try
     {
         result.CertPathUpToTrustedList.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_CannotReachTSL");
         ctx.ValidateTimestamp(t, signature.CertificateSource, signature.CRLSource, signature.OCSPSource, result.UsedCerts);
         var tsSignerSubjectName = t.GetSignerSubjectName();
         foreach (CertificateAndContext c in ctx.NeededCertificates)
         {
             if (c.Certificate.SubjectDN.Equals(tsSignerSubjectName))
             {
                 if (ctx.GetParentFromTrustedList(c) != null)
                 {
                     result.CertPathUpToTrustedList.SetStatus(ResultStatus.VALID, null);
                     break;
                 }
             }
         }
     }
     catch (IOException)
     {
         result.CertPathUpToTrustedList.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
     }
 }
Example #2
0
        /// <summary>
        /// Check the list of Timestamptoken.
        /// </summary>
        /// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationSignatureValidationResult is produced
        ///     </remarks>
        /// <param name="signature"></param>
        /// <param name="referenceTime"></param>
        /// <param name="ctx"></param>
        /// <param name="tstokens"></param>
        /// <param name="data"></param>
        /// <returns></returns>
        protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, IList <TimestampToken> tstokens, byte[] data)
        {
            IList <TimestampVerificationResult> tstokenVerifs = new List <TimestampVerificationResult>();

            if (tstokens != null)
            {
                foreach (TimestampToken t in tstokens)
                {
                    TimestampVerificationResult verif = new TimestampVerificationResult(t);

                    if (t.MatchData(data))
                    {
                        verif.SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
                    }
                    else
                    {
                        verif.SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
                    }
                    CheckTimeStampCertPath(t, verif, ctx, signature);
                    tstokenVerifs.Add(verif);
                }
            }
            return(tstokenVerifs);
        }
Example #3
0
        protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
        {
            if (signature is null)
            {
                throw new ArgumentNullException(nameof(signature));
            }

            try
            {
                SignatureValidationResult levelReached = new SignatureValidationResult();
                levelReached.SetStatus(ResultStatus.VALID, null);
                TimestampVerificationResult[] x1Results   = null;
                TimestampVerificationResult[] x2Results   = null;
                IList <TimestampToken>        timestampX1 = signature.TimestampsX1;
                if (timestampX1 != null && timestampX1.Any())
                {
                    byte[] data = signature.TimestampX1Data;
                    x1Results = new TimestampVerificationResult[timestampX1.Count];
                    for (int i = 0; i < timestampX1.Count; i++)
                    {
                        TimestampToken t = timestampX1[i];
                        x1Results[i] = new TimestampVerificationResult(t);
                        if (!t.MatchData(data))
                        {
                            levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
                            x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
                        }
                        else
                        {
                            x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
                        }
                        CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
                    }
                }
                IList <TimestampToken> timestampX2 = signature.TimestampsX2;
                if (timestampX2 != null && timestampX2.Any())
                {
                    byte[] data = signature.TimestampX2Data;
                    x2Results = new TimestampVerificationResult[timestampX2.Count];
                    int i = 0;
                    foreach (TimestampToken t in timestampX2)
                    {
                        x2Results[i] = new TimestampVerificationResult(t);
                        if (!t.MatchData(data))
                        {
                            levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
                            x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
                        }
                        else
                        {
                            x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
                        }
                        CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
                    }
                }
                if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
                {
                    levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
                }
                return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
            }
            catch (Exception)
            {
                return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
            }
        }