private X509Certificate GetSignerCertificate(XmlDocument xmlDoc)
{
X509Certificate signerCertificate = null;
try
{
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
var certificates = token.GetCertificates("Collection").GetMatches(null).Cast <X509Certificate>().ToList();
foreach (X509Certificate certificate in certificates)
{
string cerIssuerName = certificate.IssuerDN.ToString(true, new Dictionary <string, string>());
string signerIssuerName = token.SignerID.Issuer.ToString(true, new Dictionary <string, string>());
if (cerIssuerName == signerIssuerName && certificate.SerialNumber.Equals(token.SignerID.SerialNumber))
{
signerCertificate = certificate;
break;
}
}
}
catch (Exception) { }
return(signerCertificate);
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát"));
}
if (token == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token"));
}
// Check certificate validity against timestamp token time
try
{
certificate.CheckValidity(token.TimeStampInfo.GenTime);
}
catch (Exception ex)
{
return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message));
}
// Check certificate validity against crl
X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber);
if (entry == null)
{
return(validationError);
}
if (entry.RevocationDate < token.TimeStampInfo.GenTime)
{
return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala"));
}
return(validationError);
}
public ValidationError ValidationHandler2(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
byte[] timesStampDigestArray = token.TimeStampInfo.GetMessageImprintDigest();
string hashAlgorithmId = token.TimeStampInfo.HashAlgorithm.Algorithm.Id;
var signatureEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue");
if (signatureEle == null)
{
return(validationError.AppendErrorMessage("Missing SignatureValue element."));
}
byte[] signatureValueByteArray = Convert.FromBase64String(signatureEle.InnerText);
var signatureMethodAlgorithm = xmlDoc.SelectXmlNode("//ds:SignedInfo/ds:SignatureMethod").AtrValue("Algorithm");
if (signatureMethodAlgorithm != "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
{
return(validationError.AppendErrorMessage($"Unknown SignatureMethod Algorithm {signatureMethodAlgorithm}."));
}
System.Security.Cryptography.HashAlgorithm hashAlgo = System.Security.Cryptography.SHA256Managed.Create();
var conputedSignatureByteArray = hashAlgo.ComputeHash(signatureValueByteArray);
if (!StructuralComparisons.StructuralEqualityComparer.Equals(conputedSignatureByteArray, timesStampDigestArray))
{
return(validationError.AppendErrorMessage("Missing SignatureValue element."));
}
return(validationError);
}
