/// <summary>
/// Validate the document and all its signatures
/// </summary>
/// <returns>
/// the validation report
/// </returns>
public ValidationReport ValidateDocument(Document document, bool checkIntegrity = true, Document externalContent = null)
{
var cmsSignedData = GetCmsSignedData(document);
var verificationTime = DateTime.Now;
var timeInformation = new TimeInformation(verificationTime);
var signatureInformationList = new List <SignatureInformation>();
var context = new SignatureValidationContext();
foreach (IAdvancedSignature signature in GetSignatures(cmsSignedData))
{
var logger = loggerFactory();
var validationInfo = ValidateSignature(signature, signature.SigningTime?.Value ?? DateTime.Now, logger, context, checkIntegrity, externalContent);
validationInfo.ValidationLog = logger.GetEntries();
signatureInformationList.Add(validationInfo);
}
return(new ValidationReport(timeInformation, signatureInformationList));
}
/// <summary>
/// Main method for validating a signature
/// </summary>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <returns>
/// the report part pertaining to the signature
/// </returns>
protected internal virtual SignatureInformation ValidateSignature(IAdvancedSignature signature, DateTime referenceTime, ICAdESLogger logger, SignatureValidationContext signatureValidationContext, bool checkIntegrity, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
if (signature.SigningCertificate == null)
{
logger.Error("There is no signing certificate");
return(null);
}
var signatureVerification = new SignatureVerification(new SignatureValidationResult(checkIntegrity ? signature.CheckIntegrity(externalContent) : true), signature.SignatureAlgorithm);
IValidationContext ctx = signatureValidationContext.GetExisted(signature.SigningCertificate, referenceTime);
IList <CertificateAndContext> usedCerts = new List <CertificateAndContext>();
if (ctx == null)
{
ctx = CertificateVerifier.ValidateCertificate(signature.SigningCertificate, referenceTime, signature.CertificateSource, usedCerts, signature.CRLSource, signature.OCSPSource, logger);
signatureValidationContext.Contexts.Add(ctx);
}
var qcStatementInformation = VerifyQStatement(signature.SigningCertificate);
var qualificationsVerification = VerifyQualificationsElement(signature, referenceTime, ctx);
// TODO: serviceinfo is never set, so invalid everytime - hack added - ?? new ServiceInfo()
var info = new TrustedListInformation(ctx.GetRelevantServiceInfo() ?? new ServiceInfo());
var path = new CertPathRevocationAnalysis(ctx, info);
var signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx, logger);
// order matters
var signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL?.LevelReached.IsValid ?? false, logger);
var signatureLevelAnalysis = new SignatureLevelAnalysis(
signature,
VerifyLevelBES(signature, referenceTime, ctx, externalContent),
VerifyLevelEPES(signature, referenceTime, ctx),
VerifyLevelT(signature, referenceTime, ctx),
signatureLevelC,
VerifyLevelX(signature, referenceTime, ctx),
signatureLevelXL,
VerifyLevelA(signature, referenceTime, ctx, logger, externalContent));
var signatureInformation = new SignatureInformation(signatureVerification, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation, ctx.NeededCertificates.Select(cert => new CertificateVerification(cert, ctx)), ctx);
return(signatureInformation);
}
