protected internal virtual SignatureLevelBES VerifyLevelBES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult signingCertRefVerification = new SignatureValidationResult();
if (signature.SigningCertificate != null)
{
signingCertRefVerification.SetStatus(ResultStatus.VALID, null);
}
else
{
signingCertRefVerification.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoSigningCeritificate");
}
SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx, externalContent);
SignatureValidationResult levelReached = new SignatureValidationResult(signingCertRefVerification.IsValid);
return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null));
}
catch (Exception)
{
return(new SignatureLevelBES(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, null));
}
}
public SignatureLevelEPES(IAdvancedSignature signature, SignatureValidationResult levelReached) : base
(levelReached)
{
if (signature != null)
{
signaturePolicy = signature.PolicyId;
}
}
protected internal virtual SignatureLevelXL VerifyLevelXL(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult();
everyNeededRevocationData.SetStatus(ResultStatus.VALID, null);
IList <X509Certificate> refs = signature.Certificates;
if (!refs.Any())
{
logger.Info("There is no certificate refs in the signature");
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateValue");
}
else
{
if (!EveryCertificateValueAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCertificateValues");
}
}
logger.Info("Every certificate found " + everyNeededCertAreInSignature);
int valueCount = 0;
IList <BasicOcspResp> ocspValues = signature.OCSPs;
if (ocspValues != null)
{
valueCount += ocspValues.Count;
if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPValues");
}
}
IList <X509Crl> crlValues = signature.CRLs;
if (crlValues != null)
{
valueCount += crlValues.Count;
if (!EveryCRLValueOrRefAreThere(ctx, crlValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLValues");
}
}
if (valueCount == 0)
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataValue");
}
levelReached.SetStatus((everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID) ?
ResultStatus.VALID : ResultStatus.INVALID, null);
return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
catch (Exception)
{
return(new SignatureLevelXL(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
protected internal virtual SignatureLevelT VerifyLevelT(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
IList <TimestampToken> sigTimestamps = signature.SignatureTimestamps;
IList <TimestampVerificationResult> results = VerifyTimestamps(signature, referenceTime, ctx, sigTimestamps, signature.SignatureTimestampData);
return(new SignatureLevelT(ResultForTimestamps(results, new SignatureValidationResult()), results));
}
protected internal virtual SignatureLevelEPES VerifyLevelEPES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
try
{
PolicyValue policyValue = signature.PolicyId;
SignatureValidationResult levelReached = new SignatureValidationResult(policyValue != null);
return(new SignatureLevelEPES(signature, levelReached));
}
catch (Exception)
{
return(new SignatureLevelEPES(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
/// <summary>
/// Main method for validating a signature
/// </summary>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <returns>
/// the report part pertaining to the signature
/// </returns>
protected internal virtual SignatureInformation ValidateSignature(IAdvancedSignature signature, DateTime referenceTime, ICAdESLogger logger, SignatureValidationContext signatureValidationContext, bool checkIntegrity, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
if (signature.SigningCertificate == null)
{
logger.Error("There is no signing certificate");
return(null);
}
var signatureVerification = new SignatureVerification(new SignatureValidationResult(checkIntegrity ? signature.CheckIntegrity(externalContent) : true), signature.SignatureAlgorithm);
IValidationContext ctx = signatureValidationContext.GetExisted(signature.SigningCertificate, referenceTime);
IList <CertificateAndContext> usedCerts = new List <CertificateAndContext>();
if (ctx == null)
{
ctx = CertificateVerifier.ValidateCertificate(signature.SigningCertificate, referenceTime, signature.CertificateSource, usedCerts, signature.CRLSource, signature.OCSPSource, logger);
signatureValidationContext.Contexts.Add(ctx);
}
var qcStatementInformation = VerifyQStatement(signature.SigningCertificate);
var qualificationsVerification = VerifyQualificationsElement(signature, referenceTime, ctx);
// TODO: serviceinfo is never set, so invalid everytime - hack added - ?? new ServiceInfo()
var info = new TrustedListInformation(ctx.GetRelevantServiceInfo() ?? new ServiceInfo());
var path = new CertPathRevocationAnalysis(ctx, info);
var signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx, logger);
// order matters
var signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL?.LevelReached.IsValid ?? false, logger);
var signatureLevelAnalysis = new SignatureLevelAnalysis(
signature,
VerifyLevelBES(signature, referenceTime, ctx, externalContent),
VerifyLevelEPES(signature, referenceTime, ctx),
VerifyLevelT(signature, referenceTime, ctx),
signatureLevelC,
VerifyLevelX(signature, referenceTime, ctx),
signatureLevelXL,
VerifyLevelA(signature, referenceTime, ctx, logger, externalContent));
var signatureInformation = new SignatureInformation(signatureVerification, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation, ctx.NeededCertificates.Select(cert => new CertificateVerification(cert, ctx)), ctx);
return(signatureInformation);
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, List <TimestampVerificationResult> signatureAndRefsTimestampsVerification, List <TimestampVerificationResult> referencesTimestampsVerification) : base(levelReached)
{
if (signatureAndRefsTimestampsVerification is null)
{
throw new System.ArgumentNullException(nameof(signatureAndRefsTimestampsVerification));
}
if (referencesTimestampsVerification is null)
{
throw new System.ArgumentNullException(nameof(referencesTimestampsVerification));
}
this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification.ToArray();
this.referencesTimestampsVerification = referencesTimestampsVerification.ToArray();
}
protected internal virtual SignatureVerification[] VerifyCounterSignatures(IAdvancedSignature signature, IValidationContext ctx, Document externalContent)
{
IList <IAdvancedSignature> counterSignatures = signature.CounterSignatures;
if (counterSignatures == null)
{
return(null);
}
List <SignatureVerification> counterSigVerifs = new List <SignatureVerification>();
foreach (IAdvancedSignature counterSig in counterSignatures)
{
var counterSigSignatureValidationResult = new SignatureValidationResult(counterSig.CheckIntegrity(externalContent));
string counterSigAlg = counterSig.SignatureAlgorithm;
counterSigVerifs.Add(new SignatureVerification(counterSigSignatureValidationResult, counterSigAlg));
}
return(counterSigVerifs.ToArray());
}
public SignatureLevelBES(
SignatureValidationResult levelReached,
IAdvancedSignature signature,
SignatureValidationResult signingCertificateVerification,
SignatureVerification[] counterSignatureVerification,
IList <TimestampVerificationResult> timestampsVerification) : base(levelReached)
{
signingCertRefVerification = signingCertificateVerification;
counterSignaturesVerification = counterSignatureVerification;
this.timestampsVerification = timestampsVerification;
if (signature != null)
{
certificates = signature.Certificates;
signingCertificate = signature.SigningCertificate;
signingTime = signature.SigningTime.Value;
location = signature.Location;
claimedSignerRole = signature.ClaimedSignerRoles;
contentType = signature.ContentType;
}
}
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
IList <TimestampVerificationResult> verifs = null;
try
{
IList <TimestampToken> timestamps = signature.ArchiveTimestamps;
verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent));
}
catch (IOException e)
{
logger.Error("Error verifyind level A " + e.Message);
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs));
}
catch (Exception)
{
return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null));
}
}
public SignatureLevelAnalysis(IAdvancedSignature signature, SignatureLevelBES levelBES, SignatureLevelEPES levelEPES, SignatureLevelT levelT, SignatureLevelC levelC,
SignatureLevelX levelX, SignatureLevelXL levelXL, SignatureLevelA levelA)
{
bool levelReached = true;
this.signature = signature;
this.levelBES = levelBES;
bool levelBESReached = LevelIsReached(levelBES, levelReached);
levelReached = levelBESReached;
this.levelEPES = levelEPES;
LevelIsReached(levelEPES, levelReached);
this.levelT = levelT;
bool levelReachedT = LevelIsReached(levelT, levelReached);
this.levelC = levelC;
levelReached = LevelIsReached(levelC, levelReachedT);
this.levelX = levelX;
levelReached = LevelIsReached(levelX, levelReached);
this.levelXL = levelXL;
levelReached = LevelIsReached(levelXL, levelReached);
this.levelA = levelA;
levelReached = LevelIsReached(levelA, levelReached);
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, TimestampVerificationResult
[] signatureAndRefsTimestampsVerification, TimestampVerificationResult[] referencesTimestampsVerification) : base(levelReached)
{
this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification;
this.referencesTimestampsVerification = referencesTimestampsVerification;
}
protected internal virtual QualificationsVerification VerifyQualificationsElement(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
SignatureValidationResult qCWithSSCD = new SignatureValidationResult();
SignatureValidationResult qCNoSSCD = new SignatureValidationResult();
SignatureValidationResult qCSSCDStatusAsInCert = new SignatureValidationResult();
SignatureValidationResult qCForLegalPerson = new SignatureValidationResult();
IList <string> qualifiers = ctx.GetQualificationStatement();
if (qualifiers != null)
{
qCWithSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCWithSSCD"));
qCNoSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCNoSSCD"));
qCSSCDStatusAsInCert = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCSSCDStatusAsInCert"));
qCForLegalPerson = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCForLegalPerson"));
}
return(new QualificationsVerification(qCWithSSCD, qCNoSSCD, qCSSCDStatusAsInCert,
qCForLegalPerson));
}
/// <summary>
/// Check the list of Timestamptoken.
/// </summary>
/// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationSignatureValidationResult is produced
/// </remarks>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <param name="ctx"></param>
/// <param name="tstokens"></param>
/// <param name="data"></param>
/// <returns></returns>
protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, IList <TimestampToken> tstokens, byte[] data)
{
IList <TimestampVerificationResult> tstokenVerifs = new List <TimestampVerificationResult>();
if (tstokens != null)
{
foreach (TimestampToken t in tstokens)
{
TimestampVerificationResult verif = new TimestampVerificationResult(t);
if (t.MatchData(data))
{
verif.SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
else
{
verif.SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
CheckTimeStampCertPath(t, verif, ctx, signature);
tstokenVerifs.Add(verif);
}
}
return(tstokenVerifs);
}
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
levelReached.SetStatus(ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.TimestampsX1;
if (timestampX1 != null && timestampX1.Any())
{
byte[] data = signature.TimestampX1Data;
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
}
IList <TimestampToken> timestampX2 = signature.TimestampsX2;
if (timestampX2 != null && timestampX2.Any())
{
byte[] data = signature.TimestampX2Data;
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
}
if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, IValidationContext ctx, IAdvancedSignature signature)
{
try
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_CannotReachTSL");
ctx.ValidateTimestamp(t, signature.CertificateSource, signature.CRLSource, signature.OCSPSource, result.UsedCerts);
var tsSignerSubjectName = t.GetSignerSubjectName();
foreach (CertificateAndContext c in ctx.NeededCertificates)
{
if (c.Certificate.SubjectDN.Equals(tsSignerSubjectName))
{
if (ctx.GetParentFromTrustedList(c) != null)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.VALID, null);
break;
}
}
}
}
catch (IOException)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
}
protected internal virtual SignatureLevelC VerifyLevelC(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, bool rehashValues, ICAdESLogger logger)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
IList <CertificateRef> refs = signature.CertificateRefs;
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
if (refs == null || !refs.Any())
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateRef");
}
else
{
if (EveryCertificateRefAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
}
else
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededcertificateRef");
}
}
logger.Info("Every CertificateRef found " + everyNeededCertAreInSignature);
IList <OCSPRef> ocspRefs = signature.OCSPRefs;
IList <CRLRef> crlRefs = signature.CRLRefs;
int refCount = 0;
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(ResultStatus.VALID, null);
refCount += ocspRefs.Count;
refCount += crlRefs.Count;
SignatureValidationResult thereIsRevocationData = null;
SignatureValidationResult levelCReached = null;
if (rehashValues)
{
if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPRef");
}
if (!EveryCRLValueOrRefAreThere(ctx, crlRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLRef");
}
levelCReached = new SignatureValidationResult(
everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
else
{
thereIsRevocationData = new SignatureValidationResult();
if (refCount == 0)
{
thereIsRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataRefs");
}
else
{
thereIsRevocationData.SetStatus(ResultStatus.VALID, "$UI_Signatures_ValidationText_AtLeastOneRef");
}
levelCReached = new SignatureValidationResult(everyNeededCertAreInSignature.Status == ResultStatus.VALID && thereIsRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData));
}
}
catch (Exception)
{
return(new SignatureLevelC(
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")
));
}
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached) : base(levelReached)
{
}
