private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters) { XmlElement signatureElement = signatureDocument.XadesSignature.GetSignatureElement(); XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(signatureDocument.Document.NameTable); xmlNamespaceManager.AddNamespace("xades", "http://uri.etsi.org/01903/v1.3.2#"); xmlNamespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlNode xmlNode = signatureElement.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", xmlNamespaceManager); if (xmlNode == null) { signatureDocument.UpdateDocument(); } ArrayList arrayList = new ArrayList(); arrayList.Add("ds:SignatureValue"); arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp"); arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs"); arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs"); byte[] hash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod); byte[] timeStamp = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true); TimeStamp timeStamp2 = new TimeStamp("SigAndRefsTimeStamp"); timeStamp2.Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id; timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp; timeStamp2.EncapsulatedTimeStamp.Id = "SigAndRefsStamp-" + Guid.NewGuid().ToString(); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false; unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(timeStamp2); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; }
private byte[] getSignatureInput(byte[] aData) { DigestAlg digestAlg = null; String digestAlgStr = null; try { digestAlgStr = Algorithms.getDigestAlgOfSignatureAlg(signatureAlgorithmStr); digestAlg = DigestAlg.fromName(digestAlgStr); } catch (ESYAException e) { throw new ESYAException("UnKnown Digest Algorithm", e); } catch (Exception aEx) { throw new Exception(digestAlg + " algorithm is not supported " + aEx.Message.ToString()); } byte[] messageHash = DigestUtil.digest(digestAlg, aData); byte[] hashPrefix = getPrefixForDigestAlg(digestAlgStr); byte[] realHashstruct = new byte[hashPrefix.Length + messageHash.Length]; Array.Copy(hashPrefix, 0, realHashstruct, 0, hashPrefix.Length); Array.Copy(messageHash, 0, realHashstruct, hashPrefix.Length, messageHash.Length); return(realHashstruct); }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("La firma ya contiene un sello de tiempo"); } ArrayList arrayList = new ArrayList(); arrayList.Add("ds:SignatureValue"); byte[] hash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod); byte[] timeStamp = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true); TimeStamp timeStamp2 = new TimeStamp("SignatureTimeStamp"); timeStamp2.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id; timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp; timeStamp2.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(timeStamp2); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); } catch (Exception innerException) { throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", innerException); } }
public ValidationResult Validate(SignatureDocument sigDocument) { ValidationResult validationResult = new ValidationResult(); try { sigDocument.XadesSignature.CheckXmldsigSignature(); } catch (Exception) { validationResult.IsValid = false; validationResult.Message = "La verificación de la firma no ha sido satisfactoria"; return(validationResult); } if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0]; TimeStampToken timeStampToken = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData)); byte[] messageImprintDigest = timeStampToken.TimeStampInfo.GetMessageImprintDigest(); FirmaXades.Crypto.DigestMethod byOid = FirmaXades.Crypto.DigestMethod.GetByOid(timeStampToken.TimeStampInfo.HashAlgorithm.ObjectID.Id); ArrayList arrayList = new ArrayList(); arrayList.Add("ds:SignatureValue"); byte[] b = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, arrayList), byOid); if (!Arrays.AreEqual(messageImprintDigest, b)) { validationResult.IsValid = false; validationResult.Message = "La huella del sello de tiempo no se corresponde con la calculada"; return(validationResult); } } validationResult.IsValid = true; validationResult.Message = "Verificación de la firma satisfactoria"; return(validationResult); }
private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer, IEnumerable <string> ocspServers, FirmaXades.Crypto.DigestMethod digestMethod) { bool byKey = false; List <string> list = new List <string>(); Org.BouncyCastle.X509.X509Certificate eeCert = client.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate(); OcspClient ocspClient = new OcspClient(); string authorityInformationAccessOcspUrl = ocspClient.GetAuthorityInformationAccessOcspUrl(x509Certificate); if (!string.IsNullOrEmpty(authorityInformationAccessOcspUrl)) { list.Add(authorityInformationAccessOcspUrl); } foreach (string ocspServer in ocspServers) { list.Add(ocspServer); } foreach (string item in list) { byte[] array = ocspClient.QueryBinary(eeCert, x509Certificate, item); switch (ocspClient.ProcessOcspResponse(array)) { case FirmaXades.Clients.CertificateStatus.Revoked: throw new Exception("Certificado revocado"); case FirmaXades.Clients.CertificateStatus.Good: { OcspResp ocspResp = new OcspResp(array); byte[] encoded = ocspResp.GetEncoded(); BasicOcspResp basicOcspResp = (BasicOcspResp)ocspResp.GetResponseObject(); string str = Guid.NewGuid().ToString(); OCSPRef oCSPRef = new OCSPRef(); oCSPRef.OCSPIdentifier.UriAttribute = "#OcspValue" + str; DigestUtil.SetCertDigest(encoded, digestMethod, oCSPRef.CertDigest); ResponderID responderId = basicOcspResp.ResponderId.ToAsn1Object(); string responderName = GetResponderName(responderId, ref byKey); if (!byKey) { oCSPRef.OCSPIdentifier.ResponderID = RevertIssuerName(responderName); } else { oCSPRef.OCSPIdentifier.ResponderID = responderName; oCSPRef.OCSPIdentifier.ByKey = true; } oCSPRef.OCSPIdentifier.ProducedAt = basicOcspResp.ProducedAt.ToLocalTime(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(oCSPRef); OCSPValue oCSPValue = new OCSPValue(); oCSPValue.PkiData = encoded; oCSPValue.Id = "OcspValue" + str; unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(oCSPValue); return((from cert in basicOcspResp.GetCerts() select new X509Certificate2(cert.GetEncoded())).ToArray()); } } } throw new Exception("El certificado no ha podido ser validado"); }
/// <summary> /// Insert the certificate in the certificate list and check the certificate validity. /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <param name="addCert"></param> /// <param name="ocspServers"></param> /// <param name="crlList"></param> /// <param name="digestMethod"></param> /// <param name="addCertificateOcspUrl"></param> /// <param name="extraCerts"></param> /// <param name="useNonce">If true then nonce will be used. The ocsp server should support this. OCSP reposnder in Microsoft Windows must be configured explicitly to support nonce.</param> private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, IEnumerable <OcspServer> ocspServers, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl, X509Certificate2[] extraCerts = null, bool useNonce = true) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string guidCert = Guid.NewGuid().ToString(); Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = cert.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(cert.GetRawCertData(), digestMethod, chainCert.CertDigest); chainCert.URI = "#Cert" + guidCert; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate { Id = "Cert" + guidCert, PkiData = cert.GetRawCertData() }; unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chain.Count > 1) { X509ChainElementEnumerator enumerator = chain.GetEnumerator(); enumerator.MoveNext(); // el mismo certificado que el pasado por parametro enumerator.MoveNext(); bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate, crlList, digestMethod); if (!valid) { var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate, ocspServers, digestMethod, addCertificateOcspUrl, useNonce); if (ocspCerts != null) { X509Certificate2 startOcspCert = DetermineStartCert(ocspCerts); if (!EquivalentDN(startOcspCert.IssuerName, enumerator.Current.Certificate.SubjectName)) { var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts); AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, ocspCerts); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, extraCerts); } }
public ValidationResult Validate(SignatureDocument sigDocument) { /* Los elementos que se validan son: * * 1. Las huellas de las referencias de la firma. * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado. * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo. * * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto. */ ValidationResult result = new ValidationResult(); try { // Verifica las huellas de las referencias y la firma sigDocument.XadesSignature.CheckXmldsigSignature(); } catch { result.IsValid = false; result.Message = "Signature verification is unsuccessful!"; return(result); } if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { // Se comprueba el sello de tiempo TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0]; TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData)); byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest(); Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id); ArrayList signatureValueElementXpaths = new ArrayList { "ds:SignatureValue" }; byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod); if (!Arrays.AreEqual(tsHashValue, signatureValueHash)) { result.IsValid = false; result.Message = "La huella del sello de tiempo no se corresponde con la calculada"; return(result); } } result.IsValid = true; result.Message = "Verificación de la firma satisfactoria"; return(result); }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { var certificateIssuerName = !string.IsNullOrEmpty(parameters.CertificateIssuerName) ? parameters.CertificateIssuerName : createValidIssuerName(parameters.Signer.Certificate); Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificateIssuerName; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyDescription)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Description = parameters.SignaturePolicyInfo.PolicyDescription; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier sigPolicyQualifier = new SigPolicyQualifier(); sigPolicyQualifier.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", "http://uri.etsi.org/01903/v1.3.2#"); sigPolicyQualifier.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(sigPolicyQualifier); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = (parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now); if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0)) { signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole(); foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles) { signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole { PkiData = certifiedRole.GetRawCertData() }); } foreach (string claimedRole in parameters.SignerRole.ClaimedRoles) { signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole { InnerText = claimedRole }); } } }
/// <summary> /// Inserta en la lista de certificados el certificado y comprueba la valided del certificado. /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <param name="addCertValue"></param> /// <param name="extraCerts"></param> private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string guidCert = Guid.NewGuid().ToString(); Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(cert.SerialNumber); DigestUtil.SetCertDigest(cert.GetRawCertData(), _firma.RefsDigestMethod, chainCert.CertDigest); chainCert.URI = "#Cert" + guidCert; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + guidCert; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chain.Count > 1) { X509ChainElementEnumerator enumerator = chain.GetEnumerator(); enumerator.MoveNext(); // el mismo certificado que el pasado por parametro enumerator.MoveNext(); bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate); if (!valid) { var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate); if (ocspCerts != null) { X509Certificate2 startOcspCert = DetermineStartCert(new List <X509Certificate2>(ocspCerts)); if (startOcspCert.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name) { var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts); AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspCerts); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, extraCerts); } }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate clientCert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate(); foreach (var crlEntry in crlList) { if (crlEntry.IssuerDN.Equivalent(issuerCert.SubjectDN) && crlEntry.NextUpdate.Value > DateTime.Now) { if (!crlEntry.IsRevoked(clientCert)) { if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string idCrlValue = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef crlRef = new CRLRef(); crlRef.CRLIdentifier.UriAttribute = "#" + idCrlValue; crlRef.CRLIdentifier.Issuer = issuer.Subject; crlRef.CRLIdentifier.IssueTime = crlEntry.ThisUpdate.ToLocalTime(); var crlNumber = GetCRLNumber(crlEntry); if (crlNumber.HasValue) { crlRef.CRLIdentifier.Number = crlNumber.Value; } byte[] crlEncoded = crlEntry.GetEncoded(); DigestUtil.SetCertDigest(crlEncoded, digestMethod, crlRef.CertDigest); CRLValue crlValue = new CRLValue { PkiData = crlEncoded, Id = idCrlValue }; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(crlRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(crlValue); } return(true); } else { throw new Exception("Certificate revoked"); } } } return(false); }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = sigDocument.Document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now; if (!string.IsNullOrEmpty(_mimeType)) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = _mimeType; newDataObjectFormat.Encoding = _encoding; newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp xadesXTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; XmlElement nodoFirma = signatureDocument.XadesSignature.GetSignatureElement(); XmlNamespaceManager nm = new XmlNamespaceManager(signatureDocument.Document.NameTable); nm.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri); nm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); XmlNode xmlCompleteCertRefs = nodoFirma.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", nm); if (xmlCompleteCertRefs == null) { signatureDocument.UpdateDocument(); } signatureValueElementXpaths = new ArrayList { "ds:SignatureValue", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs" }; signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); xadesXTimeStamp = new TimeStamp("SigAndRefsTimeStamp") { Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id }; xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; xadesXTimeStamp.EncapsulatedTimeStamp.Id = "SigAndRefsStamp-" + Guid.NewGuid().ToString(); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false; unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(xadesXTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; }
/// <summary> /// The elements that are validated are: /// 1.The traces of the references of the signature. /// 2.The trace of the SignedInfo element is verified and the signature is verified with the public key of the ///certificate. /// 3. If the signature contains a time stamp it is verified that the imprint of the signature coincides with that of the time stamp. /// The validation of profiles -C, -X, -XL and -A is outside the scope of this project. /// </summary> /// <param name="sigDocument"></param> /// <returns></returns> public ValidationResult Validate(SignatureDocument sigDocument) { ValidationResult result = new ValidationResult(); try { // Check the traces of references and signature sigDocument.XadesSignature.CheckXmldsigSignature(); } catch { result.IsValid = false; result.Message = "Signature verification is unsuccessful!"; return(result); } if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { // Check time stamp TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0]; TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData)); byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest(); Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id); ArrayList signatureValueElementXpaths = new ArrayList { "ds:SignatureValue" }; byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod); if (!Arrays.AreEqual(tsHashValue, signatureValueHash)) { result.IsValid = false; result.Message = "The imprint of the time stamp does not correspond with the calculated"; return(result); } } result.IsValid = true; result.Message = "Signature validated successfully"; return(result); }
private void AddSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, string mimeType, X509Certificate2 certificado) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificado.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(certificado.SerialNumber); DigestUtil.SetCertDigest(_signCertificate.GetRawCertData(), _refsMethodUri, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (!string.IsNullOrEmpty(_policyId)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = _policyId; } if (!string.IsNullOrEmpty(_policyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = _document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = _policyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(_policyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(PolicyHash); } signedSignatureProperties.SigningTime = DateTime.Now; if (!string.IsNullOrEmpty(mimeType)) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = mimeType; newDataObjectFormat.ObjectReferenceAttribute = "#" + _objectReference; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, IEnumerable <string> ocspServers, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string str = Guid.NewGuid().ToString(); Cert cert2 = new Cert(); cert2.IssuerSerial.X509IssuerName = cert.IssuerName.Name; cert2.IssuerSerial.X509SerialNumber = cert.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(cert.GetRawCertData(), digestMethod, cert2.CertDigest); cert2.URI = "#Cert" + str; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(cert2); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + str; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } X509ChainElementCollection chainElements = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chainElements.Count > 1) { X509ChainElementEnumerator enumerator = chainElements.GetEnumerator(); enumerator.MoveNext(); enumerator.MoveNext(); if (!ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate, crlList, digestMethod)) { X509Certificate2[] array = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate, ocspServers, digestMethod); if (array != null) { X509Certificate2 x509Certificate = DetermineStartCert(new List <X509Certificate2>(array)); if (x509Certificate.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name) { X509Chain certChain = CertUtil.GetCertChain(x509Certificate, array); AddCertificate(certChain.ChainElements[1].Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, array); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, extraCerts); } }
/// <summary> /// Determina si un certificado ya ha sido añadido a la colección de certificados /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <returns></returns> private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties) { string certHash = null; using (var hashAlg = DigestUtil.GetHashAlg(_firma.RefsDigestMethod)) { certHash = Convert.ToBase64String(hashAlg.ComputeHash(cert.GetRawCertData())); } foreach (Cert item in unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection) { if (Convert.ToBase64String(item.CertDigest.DigestValue) == certHash) { return(true); } } return(false); }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("La firma ya contiene un sello de tiempo"); } XmlDsigExcC14NTransform excTransform = new XmlDsigExcC14NTransform(); signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths, excTransform), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp"); signatureTimeStamp.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id; signatureTimeStamp.CanonicalizationMethod = new CanonicalizationMethod(); signatureTimeStamp.CanonicalizationMethod.Algorithm = excTransform.Algorithm; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); } catch (Exception ex) { throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex); } }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("The signature already contains a time stamp"); } signatureValueElementXpaths = new ArrayList { "ds:SignatureValue" }; signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp") { Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id }; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); } catch (Exception ex) { throw new Exception("An error occurred while inserting the time stamp", ex); } }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate cert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate(); foreach (X509Crl crl in crlList) { if (crl.IssuerDN.Equivalent(x509Certificate.SubjectDN) && crl.NextUpdate.Value > DateTime.Now) { if (crl.IsRevoked(cert)) { throw new Exception("Certificado revocado"); } if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string text = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef cRLRef = new CRLRef(); cRLRef.CRLIdentifier.UriAttribute = "#" + text; cRLRef.CRLIdentifier.Issuer = issuer.Subject; cRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate.ToLocalTime(); long?cRLNumber = GetCRLNumber(crl); if (cRLNumber.HasValue) { cRLRef.CRLIdentifier.Number = cRLNumber.Value; } byte[] encoded = crl.GetEncoded(); DigestUtil.SetCertDigest(encoded, digestMethod, cRLRef.CertDigest); CRLValue cRLValue = new CRLValue(); cRLValue.PkiData = encoded; cRLValue.Id = text; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(cRLRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(cRLValue); } return(true); } } return(false); }
public override void Upgrade() { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = _firma.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("La firma ya contiene un sello de tiempo"); } signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(_firma.XadesSignature, signatureValueElementXpaths), DigestMethod.SHA1); byte[] tsa = TimeStampClient.GetTimeStamp(_firma.TSAServer, signatureValueHash, DigestMethod.SHA1, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp"); signatureTimeStamp.Id = "SignatureTimeStamp-" + _firma.XadesSignature.Signature.Id; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); _firma.XadesSignature.UnsignedProperties = unsignedProperties; _firma.UpdateDocument(); } catch (Exception ex) { throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex); } }
public void TestGetMD5AsBase64() { Assert.That(DigestUtil.GetMD5AsBase64(""), Is.EqualTo("1B2M2Y8AsgTpgAmY7PhCfg==")); Assert.That(DigestUtil.GetMD5AsBase64("hoge"), Is.EqualTo("6nA+eqHv2gBk6qUH2eirfg==")); }
private void AddSignatureProperties(SignatureDocument sigDocument, SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = parameters.Signer.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = parameters.Signer.Certificate.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(parameters.Signer.Certificate.GetRawCertData(), parameters.DigestMethod, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (parameters.SignaturePolicyInfo != null) { if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyIdentifier)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = parameters.SignaturePolicyInfo.PolicyIdentifier; } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = sigDocument.Document.CreateElement(XadesSignedXml.XmlXadesPrefix, "SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = parameters.SignaturePolicyInfo.PolicyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(parameters.SignaturePolicyInfo.PolicyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.URI; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash); } } signedSignatureProperties.SigningTime = parameters.SigningDate.HasValue ? parameters.SigningDate.Value : DateTime.Now; if (_dataFormat != null) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = _dataFormat.MimeType; newDataObjectFormat.Encoding = _dataFormat.Encoding; newDataObjectFormat.Description = _dataFormat.Description; newDataObjectFormat.ObjectReferenceAttribute = "#" + _refContent.Id; if (_dataFormat.ObjectIdentifier != null) { newDataObjectFormat.ObjectIdentifier.Identifier.IdentifierUri = _dataFormat.ObjectIdentifier.Identifier.IdentifierUri; } signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } if (parameters.SignerRole != null && (parameters.SignerRole.CertifiedRoles.Count > 0 || parameters.SignerRole.ClaimedRoles.Count > 0)) { signedSignatureProperties.SignerRole = new Microsoft.Xades.SignerRole(); foreach (X509Certificate certifiedRole in parameters.SignerRole.CertifiedRoles) { signedSignatureProperties.SignerRole.CertifiedRoles.CertifiedRoleCollection.Add(new CertifiedRole() { PkiData = certifiedRole.GetRawCertData() }); } foreach (string claimedRole in parameters.SignerRole.ClaimedRoles) { signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(new ClaimedRole() { InnerText = claimedRole }); } } foreach (SignatureCommitment signatureCommitment in parameters.SignatureCommitments) { CommitmentTypeIndication cti = new CommitmentTypeIndication(); cti.CommitmentTypeId.Identifier.IdentifierUri = signatureCommitment.CommitmentType.URI; cti.AllSignedDataObjects = true; foreach (XmlElement signatureCommitmentQualifier in signatureCommitment.CommitmentTypeQualifiers) { CommitmentTypeQualifier ctq = new CommitmentTypeQualifier(); ctq.AnyXmlElement = signatureCommitmentQualifier; cti.CommitmentTypeQualifiers.CommitmentTypeQualifierCollection.Add(ctq); } signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(cti); } if (parameters.SignatureProductionPlace != null) { signedSignatureProperties.SignatureProductionPlace.City = parameters.SignatureProductionPlace.City; signedSignatureProperties.SignatureProductionPlace.StateOrProvince = parameters.SignatureProductionPlace.StateOrProvince; signedSignatureProperties.SignatureProductionPlace.PostalCode = parameters.SignatureProductionPlace.PostalCode; signedSignatureProperties.SignatureProductionPlace.CountryName = parameters.SignatureProductionPlace.CountryName; } }
private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer, IEnumerable <OcspServer> ocspServers, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl) { bool byKey = false; List <OcspServer> finalOcspServers = new List <OcspServer>(); Org.BouncyCastle.X509.X509Certificate clientCert = client.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate(); OcspClient ocsp = new OcspClient(); if (addCertificateOcspUrl) { string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert); if (!string.IsNullOrEmpty(certOcspUrl)) { finalOcspServers.Add(new OcspServer(certOcspUrl)); } } foreach (var ocspServer in ocspServers) { finalOcspServers.Add(ocspServer); } foreach (var ocspServer in finalOcspServers) { byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspServer.Url, ocspServer.RequestorName, ocspServer.SignCertificate); FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(resp); if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked) { throw new Exception("Certificado revocado"); } else if (status == FirmaXadesNet.Clients.CertificateStatus.Good) { Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp); byte[] rEncoded = r.GetEncoded(); BasicOcspResp or = (BasicOcspResp)r.GetResponseObject(); string guidOcsp = Guid.NewGuid().ToString(); OCSPRef ocspRef = new OCSPRef(); ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp; DigestUtil.SetCertDigest(rEncoded, digestMethod, ocspRef.CertDigest); ResponderID rpId = or.ResponderId.ToAsn1Object(); ocspRef.OCSPIdentifier.ResponderID = GetResponderName(rpId, ref byKey); ocspRef.OCSPIdentifier.ByKey = byKey; ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef); OCSPValue ocspValue = new OCSPValue(); ocspValue.PkiData = rEncoded; ocspValue.Id = "OcspValue" + guidOcsp; unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue); return((from cert in or.GetCerts() select new X509Certificate2(cert.GetEncoded())).ToArray()); } } throw new Exception("El certificado no ha podido ser validado"); }
public void TestGetMD5() { Assert.That(DigestUtil.GetMD5(""), Is.EqualTo("d41d8cd98f00b204e9800998ecf8427e")); Assert.That(DigestUtil.GetMD5("hoge"), Is.EqualTo("ea703e7aa1efda0064eaa507d9e8ab7e")); }
public ValidationResult Validate(SignatureDocument sigDocument) { /* Los elementos que se validan son: * * 1. Las huellas de las referencias de la firma. * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado. * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo. * * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto. */ ValidationResult result = new ValidationResult(); try { // Verifica las huellas de las referencias y la firma sigDocument.XadesSignature.CheckXmldsigSignature(); } catch (Exception ex) { result.IsValid = false; result.Message = "La verificación de la firma no ha sido satisfactoria"; return(result); } if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { // Se comprueba el sello de tiempo TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0]; TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData)); byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest(); //TODO: Verificare // Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.ObjectID.Id); Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id); System.Security.Cryptography.Xml.Transform transform = null; if (timeStamp.CanonicalizationMethod != null) { transform = CryptoConfig.CreateFromName(timeStamp.CanonicalizationMethod.Algorithm) as System.Security.Cryptography.Xml.Transform; } else { transform = new XmlDsigC14NTransform(); } ArrayList signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths, transform), tsDigestMethod); if (!Arrays.AreEqual(tsHashValue, signatureValueHash)) { result.IsValid = false; result.Message = "La huella del sello de tiempo no se corresponde con la calculada"; return(result); } } result.IsValid = true; result.Message = "Verificación de la firma satisfactoria"; return(result); }