public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc); Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc); if (certificate == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát")); } if (token == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token")); } // Check certificate validity against timestamp token time try { certificate.CheckValidity(token.TimeStampInfo.GenTime); } catch (Exception ex) { return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message)); } // Check certificate validity against crl X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber); if (entry == null) { return(validationError); } if (entry.RevocationDate < token.TimeStampInfo.GenTime) { return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala")); } return(validationError); }
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); var keyInfoEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo"); if (keyInfoEle == null || !keyInfoEle.AtrExists("Id")) { return(validationError.AppendErrorMessage("KeyInfo does not exists or missing Id attribute.")); } // check x509 var x509Data = xmlDoc.SelectXmlNode("//ds:Signature/ds:KeyInfo/ds:X509Data"); if (x509Data == null) { return(validationError.AppendErrorMessage("KeyInfo musí obsahovať element x509Data")); } if (x509Data.SelectXmlNode("ds:X509Certificate") == null) { return(validationError.AppendErrorMessage("x509Data musí obsahovať element x509Certificate")); } X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc); //check SubjectName if (x509Data.SelectXmlNode("ds:X509SubjectName") == null) { return(validationError.AppendErrorMessage("x509Data musí obsahovať element SubjectName")); } else { var X509SubjectName = x509Data.SelectXmlNode("ds:X509SubjectName"); if (X509SubjectName.InnerText != certificate.CertificateStructure.Subject.ToString()) { return(validationError.AppendErrorMessage("X509SubjectName sa nezhoduje")); } } //check IssuerSerial if (x509Data.SelectXmlNode("ds:X509IssuerSerial") == null) { validationError.AppendErrorMessage("x509Data musí obsahovať element IssuerSerial"); } else { var X509IssuerSerial = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509IssuerName"); X509Name xmlName = new X509Name(X509IssuerSerial.InnerText.Replace("S=", "ST=")); if (!xmlName.Equivalent(certificate.CertificateStructure.Issuer)) { return(validationError.AppendErrorMessage("IssuerSerial sa nezhoduje")); } } //check SerialNumber var X509SerialNumber = x509Data.SelectXmlNode("ds:X509IssuerSerial/ds:X509SerialNumber"); if (X509SerialNumber == null) { return(validationError.AppendErrorMessage("x509Data musí obsahovať element SerialNumber")); } else if (X509SerialNumber.InnerText != certificate.SerialNumber.ToString()) { return(validationError.AppendErrorMessage("X509SerialNumber sa nezhoduje")); } return(validationError); }
public ValidationError SignatureValueVerificationHandler(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); var signedInfoElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo"); var signatureMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:SignatureMethod"); var canonicalizationMethodElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignedInfo/ds:CanonicalizationMethod"); var signatureValueElement = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue"); if (signatureValueElement == null) { return(validationError.AppendErrorMessage(nameof(signatureValueElement) + " missing")); } if (signatureMethodElement == null) { return(validationError.AppendErrorMessage(nameof(signatureMethodElement) + " missing")); } if (canonicalizationMethodElement == null) { return(validationError.AppendErrorMessage(nameof(canonicalizationMethodElement) + " missing")); } if (signedInfoElement == null) { return(validationError.AppendErrorMessage(nameof(signedInfoElement) + " missing")); } var certificate = XmlNodeHelper.GetX509Certificate(xmlDoc); if (certificate == null) { return(validationError.AppendErrorMessage("X509Certificate element is missing")); } var canMethod = canonicalizationMethodElement.AtrValue("Algorithm"); if (canMethod != ValidationEnums.Canonicalization.CanonicalizationMethod) { return(validationError.AppendErrorMessage($"Not supported cannonicalization method. {canMethod}")); } var digestBytes = CanonicalizationHelper.CanonicalizeXml(signedInfoElement); string singnatureAlgorithm = signatureMethodElement.AtrValue("Algorithm"); if (!ValidationEnums.Cryptography.SupportedSignatureSchemasMappings.ContainsKey(singnatureAlgorithm)) { return(validationError.AppendErrorMessage($"Not supported signing algorithm {singnatureAlgorithm}")); } var signingAlgo = ValidationEnums.Cryptography.SupportedSignatureSchemasMappings[singnatureAlgorithm]; AsymmetricKeyParameter publicKey = certificate.GetPublicKey(); ISigner signer = SignerUtilities.GetSigner(signingAlgo); signer.Init(false, publicKey); signer.BlockUpdate(digestBytes, 0, digestBytes.Length); if (!signer.VerifySignature(Convert.FromBase64String(signatureValueElement.InnerText))) { return(validationError.AppendErrorMessage("Cannot verify signature with publick key.")); } return(validationError); }