private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, IValidationContext ctx, IAdvancedSignature signature)
{
try
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_CannotReachTSL");
ctx.ValidateTimestamp(t, signature.CertificateSource, signature.CRLSource, signature.OCSPSource, result.UsedCerts);
var tsSignerSubjectName = t.GetSignerSubjectName();
foreach (CertificateAndContext c in ctx.NeededCertificates)
{
if (c.Certificate.SubjectDN.Equals(tsSignerSubjectName))
{
if (ctx.GetParentFromTrustedList(c) != null)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.VALID, null);
break;
}
}
}
}
catch (IOException)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
}
/// <summary>
/// Check the list of Timestamptoken.
/// </summary>
/// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationSignatureValidationResult is produced
/// </remarks>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <param name="ctx"></param>
/// <param name="tstokens"></param>
/// <param name="data"></param>
/// <returns></returns>
protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, IList <TimestampToken> tstokens, byte[] data)
{
IList <TimestampVerificationResult> tstokenVerifs = new List <TimestampVerificationResult>();
if (tstokens != null)
{
foreach (TimestampToken t in tstokens)
{
TimestampVerificationResult verif = new TimestampVerificationResult(t);
if (t.MatchData(data))
{
verif.SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
else
{
verif.SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
CheckTimeStampCertPath(t, verif, ctx, signature);
tstokenVerifs.Add(verif);
}
}
return(tstokenVerifs);
}
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
levelReached.SetStatus(ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.TimestampsX1;
if (timestampX1 != null && timestampX1.Any())
{
byte[] data = signature.TimestampX1Data;
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
}
IList <TimestampToken> timestampX2 = signature.TimestampsX2;
if (timestampX2 != null && timestampX2.Any())
{
byte[] data = signature.TimestampX2Data;
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
}
if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
