public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát"));
}
if (token == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token"));
}
// Check certificate validity against timestamp token time
try
{
certificate.CheckValidity(token.TimeStampInfo.GenTime);
}
catch (Exception ex)
{
return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message));
}
// Check certificate validity against crl
X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber);
if (entry == null)
{
return(validationError);
}
if (entry.RevocationDate < token.TimeStampInfo.GenTime)
{
return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala"));
}
return(validationError);
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
var keyInfoEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo");
if (keyInfoEle == null || !keyInfoEle.AtrExists("Id"))
{
return(validationError.AppendErrorMessage("KeyInfo does not exists or missing Id attribute."));
}
// check x509
var x509Data = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo/ds:X509Data");
if (x509Data == null)
{
return(validationError.AppendErrorMessage("KeyInfo musí obsahovať element x509Data"));
}
if (x509Data.SelectXmlNode("ds:X509Certificate") == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element x509Certificate"));
}
X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
//check SubjectName
if (x509Data.SelectXmlNode("ds:X509SubjectName") == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element SubjectName"));
}
else
{
var X509SubjectName = x509Data.SelectXmlNode("ds:X509SubjectName");
if (X509SubjectName.InnerText != certificate.CertificateStructure.Subject.ToString())
{
return(validationError.AppendErrorMessage("X509SubjectName sa nezhoduje"));
}
}
//check IssuerSerial
if (x509Data.SelectXmlNode("ds:X509IssuerSerial") == null)
{
validationError.AppendErrorMessage("x509Data musí obsahovať element IssuerSerial");
}
else
{
var X509IssuerSerial = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509IssuerName");
X509Name xmlName = new X509Name(X509IssuerSerial.InnerText.Replace("S=", "ST="));
if (!xmlName.Equivalent(certificate.CertificateStructure.Issuer))
{
return(validationError.AppendErrorMessage("IssuerSerial sa nezhoduje"));
}
}
//check SerialNumber
var X509SerialNumber = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509SerialNumber");
if (X509SerialNumber == null)
{
return(validationError.AppendErrorMessage("x509Data musí obsahovať element SerialNumber"));
}
else if (X509SerialNumber.InnerText != certificate.SerialNumber.ToString())
{
return(validationError.AppendErrorMessage("X509SerialNumber sa nezhoduje"));
}
return(validationError);
}
public ValidationError SignatureValueVerificationHandler(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
var signedInfoElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo");
var signatureMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:SignatureMethod");
var canonicalizationMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:CanonicalizationMethod");
var signatureValueElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue");
if (signatureValueElement == null)
{
return(validationError.AppendErrorMessage(nameof(signatureValueElement) + " missing"));
}
if (signatureMethodElement == null)
{
return(validationError.AppendErrorMessage(nameof(signatureMethodElement) + " missing"));
}
if (canonicalizationMethodElement == null)
{
return(validationError.AppendErrorMessage(nameof(canonicalizationMethodElement) + " missing"));
}
if (signedInfoElement == null)
{
return(validationError.AppendErrorMessage(nameof(signedInfoElement) + " missing"));
}
var certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("X509Certificate element is missing"));
}
var canMethod = canonicalizationMethodElement.AtrValue("Algorithm");
if (canMethod != ValidationEnums.Canonicalization.CanonicalizationMethod)
{
return(validationError.AppendErrorMessage($"Not supported cannonicalization method. {canMethod}"));
}
var digestBytes = CanonicalizationHelper.CanonicalizeXml(signedInfoElement);
string singnatureAlgorithm = signatureMethodElement.AtrValue("Algorithm");
if (!ValidationEnums.Cryptography.SupportedSignatureSchemasMappings.ContainsKey(singnatureAlgorithm))
{
return(validationError.AppendErrorMessage($"Not supported signing algorithm {singnatureAlgorithm}"));
}
var signingAlgo = ValidationEnums.Cryptography.SupportedSignatureSchemasMappings[singnatureAlgorithm];
AsymmetricKeyParameter publicKey = certificate.GetPublicKey();
ISigner signer = SignerUtilities.GetSigner(signingAlgo);
signer.Init(false, publicKey);
signer.BlockUpdate(digestBytes, 0, digestBytes.Length);
if (!signer.VerifySignature(Convert.FromBase64String(signatureValueElement.InnerText)))
{
return(validationError.AppendErrorMessage("Cannot verify signature with publick key."));
}
return(validationError);
}
