public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { UnsignedProperties unsignedProperties = null; CertificateValues certificateValues = null; X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate(); unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs(); CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs; Guid guid = Guid.NewGuid(); completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues(); certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues; CertificateValues certificateValues2 = certificateValues; guid = Guid.NewGuid(); certificateValues2.Id = "CertificatesValues-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs(); CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs; guid = Guid.NewGuid(); completeRevocationRefs.Id = "CompleteRev-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues(); RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues; guid = Guid.NewGuid(); revocationValues.Id = "RevocationValues-" + guid.ToString(); AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null); AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; TimeStampCertRefs(signatureDocument, parameters); signatureDocument.UpdateDocument(); }
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml) { base.ExtendSignatureTag(xadesSignedXml); X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate( xadesSignedXml.GetSigningCertificate()); DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties .SignedProperties.SignedSignatureProperties.SigningTime; ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate , signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null); UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties; var completeCertificateRefs = new CompleteCertificateRefs(); IncorporateCertificateRefs(completeCertificateRefs, ctx); unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = completeCertificateRefs; var completeRevocationRefs = new CompleteRevocationRefs(); IncorporateOCSPRefs(completeRevocationRefs, ctx); IncorporateCRLRefs(completeRevocationRefs, ctx); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = completeRevocationRefs; xadesSignedXml.UnsignedProperties = unsignedProperties; }
private void IncorporateOCSPRefs(CompleteRevocationRefs completeRevocationRefs , ValidationContext ctx) { if (!ctx.GetNeededOCSPResp().IsEmpty()) { var ocsp = ctx.GetNeededOCSPResp()[0]; //TODO jbonill Digest parameter? byte[] ocspDigest = DigestUtilities.CalculateDigest("SHA-1", ocsp.GetEncoded()); MSXades.OCSPRef incOCSPRef = new MSXades.OCSPRef(); //TODO jbonilla Digest parameter? incOCSPRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; incOCSPRef.CertDigest.DigestValue = ocspDigest; //TODO jbonilla //incOCSPRef.OCSPIdentifier.UriAttribute = ""; incOCSPRef.OCSPIdentifier.ProducedAt = ocsp.ProducedAt; string responderIdText = ""; RespID respId = ocsp.ResponderId; ResponderID ocspResponderId = respId.ToAsn1Object(); DerTaggedObject derTaggedObject = (DerTaggedObject)ocspResponderId.ToAsn1Object(); if (2 == derTaggedObject.TagNo) { responderIdText = Convert.ToBase64String(ocspResponderId.GetKeyHash()); } else { responderIdText = ocspResponderId.Name.ToString(); } incOCSPRef.OCSPIdentifier.ResponderID = responderIdText; completeRevocationRefs.OCSPRefs.OCSPRefCollection.Add(incOCSPRef); } }
private void IncorporateCRLRefs(CompleteRevocationRefs completeRevocationRefs , ValidationContext ctx) { if (!ctx.GetNeededCRL().IsEmpty()) { var crl = ctx.GetNeededCRL()[0]; //TODO jbonilla Digest parameter? byte[] crlDigest = DigestUtilities.CalculateDigest("SHA-1", crl.GetEncoded()); MSXades.CRLRef incCRLRef = new MSXades.CRLRef(); incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; incCRLRef.CertDigest.DigestValue = crlDigest; //incCRLRef.CRLIdentifier.UriAttribute = ""; incCRLRef.CRLIdentifier.Issuer = crl.IssuerDN.ToString(); incCRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate; completeRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef); } }