public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
UnsignedProperties unsignedProperties = null;
CertificateValues certificateValues = null;
X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate();
unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs();
CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs;
Guid guid = Guid.NewGuid();
completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues();
certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues;
CertificateValues certificateValues2 = certificateValues;
guid = Guid.NewGuid();
certificateValues2.Id = "CertificatesValues-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs();
CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs;
guid = Guid.NewGuid();
completeRevocationRefs.Id = "CompleteRev-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues();
RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues;
guid = Guid.NewGuid();
revocationValues.Id = "RevocationValues-" + guid.ToString();
AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null);
AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
TimeStampCertRefs(signatureDocument, parameters);
signatureDocument.UpdateDocument();
}
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
{
base.ExtendSignatureTag(xadesSignedXml);
X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate(
xadesSignedXml.GetSigningCertificate());
DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties
.SignedProperties.SignedSignatureProperties.SigningTime;
ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate
, signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null);
UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties;
var completeCertificateRefs = new CompleteCertificateRefs();
IncorporateCertificateRefs(completeCertificateRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = completeCertificateRefs;
var completeRevocationRefs = new CompleteRevocationRefs();
IncorporateOCSPRefs(completeRevocationRefs, ctx);
IncorporateCRLRefs(completeRevocationRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = completeRevocationRefs;
xadesSignedXml.UnsignedProperties = unsignedProperties;
}
private void IncorporateOCSPRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededOCSPResp().IsEmpty())
{
var ocsp = ctx.GetNeededOCSPResp()[0];
//TODO jbonill Digest parameter?
byte[] ocspDigest = DigestUtilities.CalculateDigest("SHA-1", ocsp.GetEncoded());
MSXades.OCSPRef incOCSPRef = new MSXades.OCSPRef();
//TODO jbonilla Digest parameter?
incOCSPRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incOCSPRef.CertDigest.DigestValue = ocspDigest;
//TODO jbonilla
//incOCSPRef.OCSPIdentifier.UriAttribute = "";
incOCSPRef.OCSPIdentifier.ProducedAt = ocsp.ProducedAt;
string responderIdText = "";
RespID respId = ocsp.ResponderId;
ResponderID ocspResponderId = respId.ToAsn1Object();
DerTaggedObject derTaggedObject = (DerTaggedObject)ocspResponderId.ToAsn1Object();
if (2 == derTaggedObject.TagNo)
{
responderIdText = Convert.ToBase64String(ocspResponderId.GetKeyHash());
}
else
{
responderIdText = ocspResponderId.Name.ToString();
}
incOCSPRef.OCSPIdentifier.ResponderID = responderIdText;
completeRevocationRefs.OCSPRefs.OCSPRefCollection.Add(incOCSPRef);
}
}
private void IncorporateCRLRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededCRL().IsEmpty())
{
var crl = ctx.GetNeededCRL()[0];
//TODO jbonilla Digest parameter?
byte[] crlDigest = DigestUtilities.CalculateDigest("SHA-1", crl.GetEncoded());
MSXades.CRLRef incCRLRef = new MSXades.CRLRef();
incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incCRLRef.CertDigest.DigestValue = crlDigest;
//incCRLRef.CRLIdentifier.UriAttribute = "";
incCRLRef.CRLIdentifier.Issuer = crl.IssuerDN.ToString();
incCRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate;
completeRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef);
}
}
