private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult
result, ValidationContext ctx, AdvancedSignature signature)
{
try
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.INVALID, "cannot.reached.tsl"
);
ctx.ValidateTimestamp(t, signature.GetCertificateSource(), signature.GetCRLSource
(), signature.GetOCSPSource());
foreach (CertificateAndContext c in ctx.GetNeededCertificates())
{
if (c.GetCertificate().SubjectDN.Equals(t.GetSignerSubjectName()))
{
if (ctx.GetParentFromTrustedList(c) != null)
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.VALID, null);
break;
}
}
}
}
catch (IOException)
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.UNDETERMINED, "exception.while.verifying"
);
}
}
/// <summary>Validate the timestamp</summary>
/// <param name="timestamp"></param>
/// <param name="optionalSource"></param>
/// <param name="optionalCRLSource"></param>
/// <param name="optionalOCPSSource"></param>
/// <exception cref="System.IO.IOException"></exception>
public virtual void ValidateTimestamp(TimestampToken timestamp, CertificateSource
optionalSource, ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource)
{
AddNotYetVerifiedToken(timestamp);
Validate(timestamp.GetTimeStamp().TimeStampInfo.GenTime, new CompositeCertificateSource
(timestamp.GetWrappedCertificateSource(), optionalSource), optionalCRLSource, optionalOCPSSource
);
}
/// <summary>The default constructor for TimestampVerificationResult.</summary>
/// <remarks>The default constructor for TimestampVerificationResult.</remarks>
public TimestampVerificationResult(TimestampToken token)
{
if (token != null && token.GetTimeStamp() != null)
{
IEnumerator signers = token.GetTimeStamp().ToCmsSignedData().GetSignerInfos
().GetSigners().GetEnumerator();
signers.MoveNext();
signatureAlgorithm = ((SignerInformation)signers.Current).EncryptionAlgOid;
serialNumber = token.GetTimeStamp().TimeStampInfo.SerialNumber.ToString();
creationTime = token.GetTimeStamp().TimeStampInfo.GenTime;
issuerName = token.GetSignerSubjectName().ToString();
}
}
protected internal virtual SignatureLevelX VerifyLevelX(AdvancedSignature signature
, DateTime referenceTime, ValidationContext ctx)
{
try
{
Result levelReached = new Result();
levelReached.SetStatus(Result.ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.GetTimestampsX1();
if (timestampX1 != null && !timestampX1.IsEmpty())
{
byte[] data = signature.GetTimestampX1Data();
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
try
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
x1Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"
));
}
else
{
x1Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
catch (NoSuchAlgorithmException)
{
levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
}
}
}
IList <TimestampToken> timestampX2 = signature.GetTimestampsX2();
if (timestampX2 != null && !timestampX2.IsEmpty())
{
byte[] data = signature.GetTimestampX2Data();
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
try
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
x2Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"
));
}
else
{
x2Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
catch (NoSuchAlgorithmException)
{
levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
}
}
}
if ((timestampX1 == null || timestampX1.IsEmpty()) && (timestampX2 == null || timestampX2
.IsEmpty()))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "no.timestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"
)));
}
}
