/// <summary> /// Inserta en la lista de certificados el certificado y comprueba la valided del certificado. /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <param name="addCertValue"></param> /// <param name="extraCerts"></param> private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, IEnumerable <OcspServer> ocspServers, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string guidCert = Guid.NewGuid().ToString(); Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = cert.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(cert.GetRawCertData(), digestMethod, chainCert.CertDigest); chainCert.URI = "#Cert" + guidCert; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + guidCert; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chain.Count > 1) { X509ChainElementEnumerator enumerator = chain.GetEnumerator(); enumerator.MoveNext(); // el mismo certificado que el pasado por parametro enumerator.MoveNext(); bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate, crlList, digestMethod); if (!valid) { var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate, ocspServers, digestMethod, addCertificateOcspUrl); if (ocspCerts != null) { X509Certificate2 startOcspCert = DetermineStartCert(ocspCerts); if (!EquivalentDN(startOcspCert.IssuerName, enumerator.Current.Certificate.SubjectName)) { var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts); AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, ocspCerts); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, extraCerts); } }
private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties) { foreach (EncapsulatedX509Certificate item in unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection) { X509Certificate2 x509Certificate = new X509Certificate2(item.PkiData); if (x509Certificate.SubjectName.Equals(cert.SubjectName)) { return(true); } } return(false); }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate clientCert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate(); foreach (var crlEntry in crlList) { if (crlEntry.IssuerDN.Equivalent(issuerCert.SubjectDN) && crlEntry.NextUpdate.Value > DateTime.Now) { if (!crlEntry.IsRevoked(clientCert)) { if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string idCrlValue = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef crlRef = new CRLRef(); crlRef.CRLIdentifier.UriAttribute = "#" + idCrlValue; crlRef.CRLIdentifier.Issuer = issuer.Subject; crlRef.CRLIdentifier.IssueTime = crlEntry.ThisUpdate.ToLocalTime(); var crlNumber = GetCRLNumber(crlEntry); if (crlNumber.HasValue) { crlRef.CRLIdentifier.Number = crlNumber.Value; } byte[] crlEncoded = crlEntry.GetEncoded(); DigestUtil.SetCertDigest(crlEncoded, digestMethod, crlRef.CertDigest); CRLValue crlValue = new CRLValue { PkiData = crlEncoded, Id = idCrlValue }; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(crlRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(crlValue); } return(true); } else { throw new Exception("Certificate revoked"); } } } return(false); }
/// <summary> /// Determina si un certificado ya ha sido añadido a la colección de certificados /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <returns></returns> private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties) { foreach (EncapsulatedX509Certificate item in unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection) { X509Certificate2 certItem = new X509Certificate2(item.PkiData); if (certItem.Thumbprint == cert.Thumbprint) { return(true); } } return(false); }
private void AddTSACertificates(UnsignedProperties unsignedProperties, IEnumerable <string> ocspServers, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod) { TimeStampToken timeStampToken = new TimeStampToken(new CmsSignedData(unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0].EncapsulatedTimeStamp.PkiData)); IX509Store certificates = timeStampToken.GetCertificates("Collection"); SignerID signerID = timeStampToken.SignerID; List <X509Certificate2> list = new List <X509Certificate2>(); foreach (object match in certificates.GetMatches(null)) { X509Certificate2 item = new X509Certificate2(((Org.BouncyCastle.X509.X509Certificate)match).GetEncoded()); list.Add(item); } X509Certificate2 cert = DetermineStartCert(list); AddCertificate(cert, unsignedProperties, true, ocspServers, crlList, digestMethod, list.ToArray()); }
private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp xadesXTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; XmlElement nodoFirma = signatureDocument.XadesSignature.GetSignatureElement(); XmlNamespaceManager nm = new XmlNamespaceManager(signatureDocument.Document.NameTable); nm.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri); nm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); XmlNode xmlCompleteCertRefs = nodoFirma.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", nm); if (xmlCompleteCertRefs == null) { signatureDocument.UpdateDocument(); } signatureValueElementXpaths = new ArrayList { "ds:SignatureValue", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs" }; signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); xadesXTimeStamp = new TimeStamp("SigAndRefsTimeStamp") { Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id }; xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; xadesXTimeStamp.EncapsulatedTimeStamp.Id = "SigAndRefsStamp-" + Guid.NewGuid().ToString(); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false; unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(xadesXTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; }
/// <summary> /// Inserta y valida los certificados del servidor de sellado de tiempo. /// </summary> /// <param name="unsignedProperties"></param> private void AddTSACertificates(UnsignedProperties unsignedProperties) { TimeStampToken token = new TimeStampToken(new Org.BouncyCastle.Cms.CmsSignedData(unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0].EncapsulatedTimeStamp.PkiData)); IX509Store store = token.GetCertificates("Collection"); Org.BouncyCastle.Cms.SignerID signerId = token.SignerID; List <X509Certificate2> tsaCerts = new List <X509Certificate2>(); foreach (var tsaCert in store.GetMatches(null)) { X509Certificate2 cert = new X509Certificate2(((Org.BouncyCastle.X509.X509Certificate)tsaCert).GetEncoded()); tsaCerts.Add(cert); } X509Certificate2 startCert = DetermineStartCert(tsaCerts); AddCertificate(startCert, unsignedProperties, true, tsaCerts.ToArray()); }
/// <summary> /// Determina si un certificado ya ha sido añadido a la colección de certificados /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <returns></returns> private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties) { string certHash = null; using (var hashAlg = DigestUtil.GetHashAlg(_firma.RefsDigestMethod)) { certHash = Convert.ToBase64String(hashAlg.ComputeHash(cert.GetRawCertData())); } foreach (Cert item in unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection) { if (Convert.ToBase64String(item.CertDigest.DigestValue) == certHash) { return(true); } } return(false); }
/// <summary> /// Inserta y valida los certificados del servidor de sellado de tiempo. /// </summary> /// <param name="unsignedProperties"></param> private void AddTSACertificates(UnsignedProperties unsignedProperties, IEnumerable <OcspServer> ocspServers, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl) { TimeStampToken token = new TimeStampToken(new CmsSignedData(unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0].EncapsulatedTimeStamp.PkiData)); IX509Store store = token.GetCertificates("Collection"); Org.BouncyCastle.Cms.SignerID signerId = token.SignerID; List <X509Certificate2> tsaCerts = new List <X509Certificate2>(); foreach (var tsaCert in store.GetMatches(null)) { X509Certificate2 cert = new X509Certificate2(((Org.BouncyCastle.X509.X509Certificate)tsaCert).GetEncoded()); tsaCerts.Add(cert); } X509Certificate2 startCert = DetermineStartCert(tsaCerts.ToArray()); AddCertificate(startCert, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, tsaCerts.ToArray()); }
private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, IEnumerable <string> ocspServers, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string str = Guid.NewGuid().ToString(); Cert cert2 = new Cert(); cert2.IssuerSerial.X509IssuerName = cert.IssuerName.Name; cert2.IssuerSerial.X509SerialNumber = cert.GetSerialNumberAsDecimalString(); DigestUtil.SetCertDigest(cert.GetRawCertData(), digestMethod, cert2.CertDigest); cert2.URI = "#Cert" + str; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(cert2); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + str; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } X509ChainElementCollection chainElements = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chainElements.Count > 1) { X509ChainElementEnumerator enumerator = chainElements.GetEnumerator(); enumerator.MoveNext(); enumerator.MoveNext(); if (!ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate, crlList, digestMethod)) { X509Certificate2[] array = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate, ocspServers, digestMethod); if (array != null) { X509Certificate2 x509Certificate = DetermineStartCert(new List <X509Certificate2>(array)); if (x509Certificate.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name) { X509Chain certChain = CertUtil.GetCertChain(x509Certificate, array); AddCertificate(certChain.ChainElements[1].Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, array); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, ocspServers, crlList, digestMethod, extraCerts); } }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("The signature already contains a time stamp"); } signatureValueElementXpaths = new ArrayList { "ds:SignatureValue" }; signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp") { Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id }; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); } catch (Exception ex) { throw new Exception("An error occurred while inserting the time stamp", ex); } }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("La firma ya contiene un sello de tiempo"); } XmlDsigExcC14NTransform excTransform = new XmlDsigExcC14NTransform(); signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths, excTransform), parameters.DigestMethod); byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp"); signatureTimeStamp.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id; signatureTimeStamp.CanonicalizationMethod = new CanonicalizationMethod(); signatureTimeStamp.CanonicalizationMethod.Algorithm = excTransform.Algorithm; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); } catch (Exception ex) { throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex); } }
private void InjectXadesXInformation(XadesSignedXml xadesSignedXml) { TimeStamp xadesXTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; byte[] tsaTimeStamp; signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:Object/xsd:QualifyingProperties/xsd:UnsignedProperties/xsd:UnsignedSignatureProperties/xsd:CompleteCertificateRefs"); signatureValueElementXpaths.Add("ds:Object/xsd:QualifyingProperties/xsd:UnsignedProperties/xsd:UnsignedSignatureProperties/xsd:CompleteRevocationRefs"); signatureValueHash = ComputeHashValueOfElementList(xadesSignedXml.GetXml(), signatureValueElementXpaths); //jbonilla tsaTimeStamp = this.tspSource.GetTimeStampToken(signatureValueHash); xadesXTimeStamp = new TimeStamp("RefsOnlyTimeStamp"); xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsaTimeStamp; xadesXTimeStamp.CanonicalizationMethod.Algorithm = SignedXml.XmlDsigExcC14NTransformUrl; //xadesXTimeStamp.EncapsulatedTimeStamp.Id = ""; //jbonilla Deprecated //foreach (string elementIdValue in elementIdValues) //{ // hashDataInfo = new HashDataInfo(); // hashDataInfo.UriAttribute = "#" + elementIdValue; // xadesXTimeStamp.HashDataInfoCollection.Add(hashDataInfo); //} UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = true; unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampCollection.Add(xadesXTimeStamp); xadesSignedXml.UnsignedProperties = unsignedProperties; }
public override void Upgrade() { TimeStamp signatureTimeStamp; ArrayList signatureValueElementXpaths; byte[] signatureValueHash; UnsignedProperties unsignedProperties = _firma.XadesSignature.UnsignedProperties; try { if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0) { throw new Exception("La firma ya contiene un sello de tiempo"); } signatureValueElementXpaths = new ArrayList(); signatureValueElementXpaths.Add("ds:SignatureValue"); signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(_firma.XadesSignature, signatureValueElementXpaths), DigestMethod.SHA1); byte[] tsa = TimeStampClient.GetTimeStamp(_firma.TSAServer, signatureValueHash, DigestMethod.SHA1, true); signatureTimeStamp = new TimeStamp("SignatureTimeStamp"); signatureTimeStamp.Id = "SignatureTimeStamp-" + _firma.XadesSignature.Signature.Id; signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa; signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp); _firma.XadesSignature.UnsignedProperties = unsignedProperties; _firma.UpdateDocument(); } catch (Exception ex) { throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex); } }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { UnsignedProperties unsignedProperties = null; CertificateValues certificateValues = null; X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate(); unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs { Id = "CompleteCertificates-" + Guid.NewGuid().ToString() }; unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues(); certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues; certificateValues.Id = "CertificatesValues-" + Guid.NewGuid().ToString(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs { Id = "CompleteRev-" + Guid.NewGuid().ToString() }; unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues { Id = "RevocationValues-" + Guid.NewGuid().ToString() }; AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, parameters.GetOcspUrlFromCertificate); AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, parameters.GetOcspUrlFromCertificate); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; TimeStampCertRefs(signatureDocument, parameters); signatureDocument.UpdateDocument(); }
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer, IEnumerable <X509Crl> crlList, FirmaXades.Crypto.DigestMethod digestMethod) { Org.BouncyCastle.X509.X509Certificate cert = certificate.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate(); foreach (X509Crl crl in crlList) { if (crl.IssuerDN.Equivalent(x509Certificate.SubjectDN) && crl.NextUpdate.Value > DateTime.Now) { if (crl.IsRevoked(cert)) { throw new Exception("Certificado revocado"); } if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection, issuer.Subject)) { string text = "CRLValue-" + Guid.NewGuid().ToString(); CRLRef cRLRef = new CRLRef(); cRLRef.CRLIdentifier.UriAttribute = "#" + text; cRLRef.CRLIdentifier.Issuer = issuer.Subject; cRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate.ToLocalTime(); long?cRLNumber = GetCRLNumber(crl); if (cRLNumber.HasValue) { cRLRef.CRLIdentifier.Number = cRLNumber.Value; } byte[] encoded = crl.GetEncoded(); DigestUtil.SetCertDigest(encoded, digestMethod, cRLRef.CertDigest); CRLValue cRLValue = new CRLValue(); cRLValue.PkiData = encoded; cRLValue.Id = text; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(cRLRef); unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(cRLValue); } return(true); } } return(false); }
private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer, IEnumerable <OcspServer> ocspServers, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl) { bool byKey = false; List <OcspServer> finalOcspServers = new List <OcspServer>(); Org.BouncyCastle.X509.X509Certificate clientCert = client.ToBouncyX509Certificate(); Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate(); OcspClient ocsp = new OcspClient(); if (addCertificateOcspUrl) { string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert); if (!string.IsNullOrEmpty(certOcspUrl)) { finalOcspServers.Add(new OcspServer(certOcspUrl)); } } foreach (var ocspServer in ocspServers) { finalOcspServers.Add(ocspServer); } foreach (var ocspServer in finalOcspServers) { byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspServer.Url, ocspServer.RequestorName, ocspServer.SignCertificate); FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(resp); if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked) { throw new Exception("Certificado revocado"); } else if (status == FirmaXadesNet.Clients.CertificateStatus.Good) { Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp); byte[] rEncoded = r.GetEncoded(); BasicOcspResp or = (BasicOcspResp)r.GetResponseObject(); string guidOcsp = Guid.NewGuid().ToString(); OCSPRef ocspRef = new OCSPRef(); ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp; DigestUtil.SetCertDigest(rEncoded, digestMethod, ocspRef.CertDigest); ResponderID rpId = or.ResponderId.ToAsn1Object(); ocspRef.OCSPIdentifier.ResponderID = GetResponderName(rpId, ref byKey); ocspRef.OCSPIdentifier.ByKey = byKey; ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef); OCSPValue ocspValue = new OCSPValue(); ocspValue.PkiData = rEncoded; ocspValue.Id = "OcspValue" + guidOcsp; unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue); return((from cert in or.GetCerts() select new X509Certificate2(cert.GetEncoded())).ToArray()); } } throw new Exception("El certificado no ha podido ser validado"); }
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml) { base.ExtendSignatureTag(xadesSignedXml); X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate( xadesSignedXml.GetSigningCertificate()); DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties .SignedProperties.SignedSignatureProperties.SigningTime; ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate , signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null); UnsignedProperties unsignedProperties = null; //int certificateValuesCounter; CertificateValues certificateValues; EncapsulatedX509Certificate encapsulatedX509Certificate; RevocationValues revocationValues; CRLValue newCRLValue; OCSPValue newOCSPValue; unsignedProperties = xadesSignedXml.UnsignedProperties; //TODO jbonilla Validate certificate refs. { unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues(); certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues; //certificateValues.Id = this.certificateValuesIdTextBox.Text; //certificateValuesCounter = 0; foreach (CertificateAndContext certificate in ctx.GetNeededCertificates()) { encapsulatedX509Certificate = new EncapsulatedX509Certificate(); //encapsulatedX509Certificate.Id = this.certificateValuesIdTextBox.Text + certificateValuesCounter.ToString(); encapsulatedX509Certificate.PkiData = certificate.GetCertificate().GetEncoded(); //certificateValuesCounter++; certificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } } unsignedProperties = xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues(); revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues; //revocationValues.Id = this.revocationValuesIdTextBox.Text; if (ctx.GetNeededOCSPResp().Count > 0) { foreach (BasicOcspResp ocsp in ctx.GetNeededOCSPResp()) { newOCSPValue = new OCSPValue(); newOCSPValue.PkiData = OCSPUtils.FromBasicToResp(ocsp).GetEncoded(); revocationValues.OCSPValues.OCSPValueCollection.Add(newOCSPValue); } } if (ctx.GetNeededCRL().Count > 0) { foreach (X509Crl crl in ctx.GetNeededCRL()) { newCRLValue = new CRLValue(); newCRLValue.PkiData = crl.GetEncoded(); revocationValues.CRLValues.CRLValueCollection.Add(newCRLValue); } } xadesSignedXml.UnsignedProperties = unsignedProperties; }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("A valid certificate is required for the signature"); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument { Document = (XmlDocument)sigDocument.Document.Clone() }; counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference { Uri = "#" + sigDocument.XadesSignature.SignatureValueId, Id = "Reference-" + Guid.NewGuid().ToString(), Type = "http://uri.etsi.org/01903#CountersignedSignature" }; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo { Id = "KeyInfoId-" + counterSignature.Signature.Id }; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference { Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id, Uri = "#KeyInfoId-" + counterSignature.Signature.Id }; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject { Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString() }; counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = counterSigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); counterSigDocument.XadesSignature.UnsignedProperties = unsignedProperties; counterSigDocument.UpdateDocument(); return(counterSigDocument); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="certificate"></param> /// <param name="signMethod"></param> public void CounterSign(X509Certificate2 certificate, SignMethod?signMethod = null) { SetSignatureId(); if (_xadesSignedXml == null) { throw new Exception("No hay ninguna firma XADES cargada previamente."); } if (certificate == null) { throw new Exception("Es necesario un certificado válido para la firma."); } if (signMethod.HasValue) { this.SignMethod = signMethod.Value; } _signCertificate = certificate; XadesSignedXml counterSignature = new XadesSignedXml(_document); SetCryptoServiceProvider(); counterSignature.SigningKey = _rsaKey; Reference reference = new Reference(); reference.Uri = "#" + _xadesSignedXml.SignatureValueId; reference.Id = "Reference-" + Guid.NewGuid().ToString(); reference.Type = "http://uri.etsi.org/01903#CountersignedSignature"; reference.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(reference); _objectReference = reference.Id; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + _signatureId; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)_signCertificate)); keyInfo.AddClause(new RSAKeyValue((RSA)_rsaKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + _signatureId; referenceKeyInfo.Uri = "#KeyInfoId-" + _signatureId; counterSignature.AddReference(referenceKeyInfo); counterSignature.Signature.Id = _signatureId; counterSignature.SignatureValueId = _signatureValueId; XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + _signatureId; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + _signatureId; AddSignatureProperties(counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, "text/xml", _signCertificate); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = _refsMethodUri; } counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = _xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); _xadesSignedXml.UnsignedProperties = unsignedProperties; UpdateDocument(); _xadesSignedXml = new XadesSignedXml(_document); XmlNode xmlNode = _document.SelectSingleNode("//*[@Id='" + _signatureId + "']"); _xadesSignedXml.LoadXml((XmlElement)xmlNode); }
/// <summary> /// Realiza la contrafirma de la firma actual /// </summary> /// <param name="sigDocument"></param> /// <param name="parameters"></param> public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument counterSigDocument = new SignatureDocument(); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XadesSignedXml counterSignature = new XadesSignedXml(counterSigDocument.Document); SetSignatureId(counterSignature); counterSignature.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; _refContent.Id = "Reference-" + Guid.NewGuid().ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); counterSignature.AddReference(_refContent); _dataFormat = new DataObjectFormat(); _dataFormat.MimeType = "text/xml"; _dataFormat.Encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + counterSignature.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data((X509Certificate)parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); counterSignature.KeyInfo = keyInfo; Reference referenceKeyInfo = new Reference(); referenceKeyInfo.Id = "ReferenceKeyInfo-" + counterSignature.Signature.Id; referenceKeyInfo.Uri = "#KeyInfoId-" + counterSignature.Signature.Id; counterSignature.AddReference(referenceKeyInfo); XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObject-" + Guid.NewGuid().ToString(); counterSignatureXadesObject.QualifyingProperties.Target = "#" + counterSignature.Signature.Id; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + counterSignature.Signature.Id; AddSignatureProperties(counterSigDocument, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, counterSignatureXadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); counterSignature.AddXadesObject(counterSignatureXadesObject); foreach (Reference signReference in counterSignature.SignedInfo.References) { signReference.DigestMethod = parameters.DigestMethod.URI; } counterSignature.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; counterSignature.AddXadesNamespace = true; counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = sigDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); sigDocument.XadesSignature.UnsignedProperties = unsignedProperties; UpdateXadesSignature(sigDocument); counterSigDocument.Document = (XmlDocument)sigDocument.Document.Clone(); counterSigDocument.Document.PreserveWhitespace = true; XmlElement signatureElement = (XmlElement)sigDocument.Document.SelectSingleNode("//*[@Id='" + counterSignature.Signature.Id + "']"); counterSigDocument.XadesSignature = new XadesSignedXml(counterSigDocument.Document); counterSigDocument.XadesSignature.LoadXml(signatureElement); return(counterSigDocument); }
public SignatureDocument CounterSign(SignatureDocument sigDocument, SignatureParameters parameters) { if (parameters.Signer == null) { throw new Exception("Es necesario un certificado válido para la firma."); } SignatureDocument.CheckSignatureDocument(sigDocument); SignatureDocument signatureDocument = new SignatureDocument(); signatureDocument.Document = (XmlDocument)sigDocument.Document.Clone(); signatureDocument.Document.PreserveWhitespace = true; XadesSignedXml xadesSignedXml = new XadesSignedXml(signatureDocument.Document); xadesSignedXml.Signature.Id = "xmldsig-" + Guid.NewGuid().ToString(); xadesSignedXml.SignatureValueId = sigDocument.XadesSignature.Signature.Id + "-sigvalue"; xadesSignedXml.SigningKey = parameters.Signer.SigningKey; _refContent = new Reference(); _refContent.Uri = "#" + sigDocument.XadesSignature.SignatureValueId; Reference refContent = _refContent; Guid guid = Guid.NewGuid(); refContent.Id = "Reference-" + guid.ToString(); _refContent.Type = "http://uri.etsi.org/01903#CountersignedSignature"; _refContent.AddTransform(new XmlDsigC14NTransform()); xadesSignedXml.AddReference(_refContent); _mimeType = "text/xml"; _encoding = "UTF-8"; KeyInfo keyInfo = new KeyInfo(); keyInfo.Id = "KeyInfoId-" + xadesSignedXml.Signature.Id; keyInfo.AddClause(new KeyInfoX509Data(parameters.Signer.Certificate)); keyInfo.AddClause(new RSAKeyValue((RSA)parameters.Signer.SigningKey)); xadesSignedXml.KeyInfo = keyInfo; Reference reference = new Reference(); reference.Id = "ReferenceKeyInfo-" + xadesSignedXml.Signature.Id; reference.Uri = "#KeyInfoId-" + xadesSignedXml.Signature.Id; xadesSignedXml.AddReference(reference); XadesObject xadesObject = new XadesObject(); XadesObject xadesObject2 = xadesObject; guid = Guid.NewGuid(); xadesObject2.Id = "CounterSignatureXadesObject-" + guid.ToString(); xadesObject.QualifyingProperties.Target = "#" + xadesSignedXml.Signature.Id; xadesObject.QualifyingProperties.SignedProperties.Id = "SignedProperties-" + xadesSignedXml.Signature.Id; AddSignatureProperties(signatureDocument, xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties, xadesObject.QualifyingProperties.SignedProperties.SignedDataObjectProperties, xadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties, parameters); xadesSignedXml.AddXadesObject(xadesObject); foreach (Reference reference2 in xadesSignedXml.SignedInfo.References) { reference2.DigestMethod = parameters.DigestMethod.URI; } xadesSignedXml.SignedInfo.SignatureMethod = parameters.SignatureMethod.URI; xadesSignedXml.AddXadesNamespace = true; xadesSignedXml.ComputeSignature(); signatureDocument.XadesSignature = new XadesSignedXml(signatureDocument.Document); signatureDocument.XadesSignature.LoadXml(sigDocument.XadesSignature.GetXml()); UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(xadesSignedXml); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; signatureDocument.UpdateDocument(); return(signatureDocument); }