protected internal virtual SignatureLevelBES VerifyLevelBES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, Document externalContent) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { SignatureValidationResult signingCertRefVerification = new SignatureValidationResult(); if (signature.SigningCertificate != null) { signingCertRefVerification.SetStatus(ResultStatus.VALID, null); } else { signingCertRefVerification.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoSigningCeritificate"); } SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx, externalContent); SignatureValidationResult levelReached = new SignatureValidationResult(signingCertRefVerification.IsValid); return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null)); } catch (Exception) { return(new SignatureLevelBES(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, null)); } }
public SignatureLevelEPES(IAdvancedSignature signature, SignatureValidationResult levelReached) : base (levelReached) { if (signature != null) { signaturePolicy = signature.PolicyId; } }
protected internal virtual SignatureLevelXL VerifyLevelXL(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger) { try { SignatureValidationResult levelReached = new SignatureValidationResult(); SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult(); everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null); SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(); everyNeededRevocationData.SetStatus(ResultStatus.VALID, null); IList <X509Certificate> refs = signature.Certificates; if (!refs.Any()) { logger.Info("There is no certificate refs in the signature"); everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateValue"); } else { if (!EveryCertificateValueAreThere(ctx, refs, signature.SigningCertificate, logger)) { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCertificateValues"); } } logger.Info("Every certificate found " + everyNeededCertAreInSignature); int valueCount = 0; IList <BasicOcspResp> ocspValues = signature.OCSPs; if (ocspValues != null) { valueCount += ocspValues.Count; if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPValues"); } } IList <X509Crl> crlValues = signature.CRLs; if (crlValues != null) { valueCount += crlValues.Count; if (!EveryCRLValueOrRefAreThere(ctx, crlValues, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLValues"); } } if (valueCount == 0) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataValue"); } levelReached.SetStatus((everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID) ? ResultStatus.VALID : ResultStatus.INVALID, null); return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData)); } catch (Exception) { return(new SignatureLevelXL(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"))); } }
protected internal virtual SignatureLevelT VerifyLevelT(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } IList <TimestampToken> sigTimestamps = signature.SignatureTimestamps; IList <TimestampVerificationResult> results = VerifyTimestamps(signature, referenceTime, ctx, sigTimestamps, signature.SignatureTimestampData); return(new SignatureLevelT(ResultForTimestamps(results, new SignatureValidationResult()), results)); }
protected internal virtual SignatureLevelEPES VerifyLevelEPES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx) { try { PolicyValue policyValue = signature.PolicyId; SignatureValidationResult levelReached = new SignatureValidationResult(policyValue != null); return(new SignatureLevelEPES(signature, levelReached)); } catch (Exception) { return(new SignatureLevelEPES(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"))); } }
/// <summary> /// Main method for validating a signature /// </summary> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <returns> /// the report part pertaining to the signature /// </returns> protected internal virtual SignatureInformation ValidateSignature(IAdvancedSignature signature, DateTime referenceTime, ICAdESLogger logger, SignatureValidationContext signatureValidationContext, bool checkIntegrity, Document externalContent) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } if (signature.SigningCertificate == null) { logger.Error("There is no signing certificate"); return(null); } var signatureVerification = new SignatureVerification(new SignatureValidationResult(checkIntegrity ? signature.CheckIntegrity(externalContent) : true), signature.SignatureAlgorithm); IValidationContext ctx = signatureValidationContext.GetExisted(signature.SigningCertificate, referenceTime); IList <CertificateAndContext> usedCerts = new List <CertificateAndContext>(); if (ctx == null) { ctx = CertificateVerifier.ValidateCertificate(signature.SigningCertificate, referenceTime, signature.CertificateSource, usedCerts, signature.CRLSource, signature.OCSPSource, logger); signatureValidationContext.Contexts.Add(ctx); } var qcStatementInformation = VerifyQStatement(signature.SigningCertificate); var qualificationsVerification = VerifyQualificationsElement(signature, referenceTime, ctx); // TODO: serviceinfo is never set, so invalid everytime - hack added - ?? new ServiceInfo() var info = new TrustedListInformation(ctx.GetRelevantServiceInfo() ?? new ServiceInfo()); var path = new CertPathRevocationAnalysis(ctx, info); var signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx, logger); // order matters var signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL?.LevelReached.IsValid ?? false, logger); var signatureLevelAnalysis = new SignatureLevelAnalysis( signature, VerifyLevelBES(signature, referenceTime, ctx, externalContent), VerifyLevelEPES(signature, referenceTime, ctx), VerifyLevelT(signature, referenceTime, ctx), signatureLevelC, VerifyLevelX(signature, referenceTime, ctx), signatureLevelXL, VerifyLevelA(signature, referenceTime, ctx, logger, externalContent)); var signatureInformation = new SignatureInformation(signatureVerification, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation, ctx.NeededCertificates.Select(cert => new CertificateVerification(cert, ctx)), ctx); return(signatureInformation); }
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, List <TimestampVerificationResult> signatureAndRefsTimestampsVerification, List <TimestampVerificationResult> referencesTimestampsVerification) : base(levelReached) { if (signatureAndRefsTimestampsVerification is null) { throw new System.ArgumentNullException(nameof(signatureAndRefsTimestampsVerification)); } if (referencesTimestampsVerification is null) { throw new System.ArgumentNullException(nameof(referencesTimestampsVerification)); } this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification.ToArray(); this.referencesTimestampsVerification = referencesTimestampsVerification.ToArray(); }
protected internal virtual SignatureVerification[] VerifyCounterSignatures(IAdvancedSignature signature, IValidationContext ctx, Document externalContent) { IList <IAdvancedSignature> counterSignatures = signature.CounterSignatures; if (counterSignatures == null) { return(null); } List <SignatureVerification> counterSigVerifs = new List <SignatureVerification>(); foreach (IAdvancedSignature counterSig in counterSignatures) { var counterSigSignatureValidationResult = new SignatureValidationResult(counterSig.CheckIntegrity(externalContent)); string counterSigAlg = counterSig.SignatureAlgorithm; counterSigVerifs.Add(new SignatureVerification(counterSigSignatureValidationResult, counterSigAlg)); } return(counterSigVerifs.ToArray()); }
public SignatureLevelBES( SignatureValidationResult levelReached, IAdvancedSignature signature, SignatureValidationResult signingCertificateVerification, SignatureVerification[] counterSignatureVerification, IList <TimestampVerificationResult> timestampsVerification) : base(levelReached) { signingCertRefVerification = signingCertificateVerification; counterSignaturesVerification = counterSignatureVerification; this.timestampsVerification = timestampsVerification; if (signature != null) { certificates = signature.Certificates; signingCertificate = signature.SigningCertificate; signingTime = signature.SigningTime.Value; location = signature.Location; claimedSignerRole = signature.ClaimedSignerRoles; contentType = signature.ContentType; } }
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent) { try { SignatureValidationResult levelReached = new SignatureValidationResult(); IList <TimestampVerificationResult> verifs = null; try { IList <TimestampToken> timestamps = signature.ArchiveTimestamps; verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent)); } catch (IOException e) { logger.Error("Error verifyind level A " + e.Message); levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"); } return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs)); } catch (Exception) { return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null)); } }
public SignatureLevelAnalysis(IAdvancedSignature signature, SignatureLevelBES levelBES, SignatureLevelEPES levelEPES, SignatureLevelT levelT, SignatureLevelC levelC, SignatureLevelX levelX, SignatureLevelXL levelXL, SignatureLevelA levelA) { bool levelReached = true; this.signature = signature; this.levelBES = levelBES; bool levelBESReached = LevelIsReached(levelBES, levelReached); levelReached = levelBESReached; this.levelEPES = levelEPES; LevelIsReached(levelEPES, levelReached); this.levelT = levelT; bool levelReachedT = LevelIsReached(levelT, levelReached); this.levelC = levelC; levelReached = LevelIsReached(levelC, levelReachedT); this.levelX = levelX; levelReached = LevelIsReached(levelX, levelReached); this.levelXL = levelXL; levelReached = LevelIsReached(levelXL, levelReached); this.levelA = levelA; levelReached = LevelIsReached(levelA, levelReached); }
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, TimestampVerificationResult [] signatureAndRefsTimestampsVerification, TimestampVerificationResult[] referencesTimestampsVerification) : base(levelReached) { this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification; this.referencesTimestampsVerification = referencesTimestampsVerification; }
protected internal virtual QualificationsVerification VerifyQualificationsElement(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx) { SignatureValidationResult qCWithSSCD = new SignatureValidationResult(); SignatureValidationResult qCNoSSCD = new SignatureValidationResult(); SignatureValidationResult qCSSCDStatusAsInCert = new SignatureValidationResult(); SignatureValidationResult qCForLegalPerson = new SignatureValidationResult(); IList <string> qualifiers = ctx.GetQualificationStatement(); if (qualifiers != null) { qCWithSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCWithSSCD")); qCNoSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCNoSSCD")); qCSSCDStatusAsInCert = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCSSCDStatusAsInCert")); qCForLegalPerson = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCForLegalPerson")); } return(new QualificationsVerification(qCWithSSCD, qCNoSSCD, qCSSCDStatusAsInCert, qCForLegalPerson)); }
/// <summary> /// Check the list of Timestamptoken. /// </summary> /// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationSignatureValidationResult is produced /// </remarks> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <param name="ctx"></param> /// <param name="tstokens"></param> /// <param name="data"></param> /// <returns></returns> protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, IList <TimestampToken> tstokens, byte[] data) { IList <TimestampVerificationResult> tstokenVerifs = new List <TimestampVerificationResult>(); if (tstokens != null) { foreach (TimestampToken t in tstokens) { TimestampVerificationResult verif = new TimestampVerificationResult(t); if (t.MatchData(data)) { verif.SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null)); } else { verif.SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData")); } CheckTimeStampCertPath(t, verif, ctx, signature); tstokenVerifs.Add(verif); } } return(tstokenVerifs); }
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { SignatureValidationResult levelReached = new SignatureValidationResult(); levelReached.SetStatus(ResultStatus.VALID, null); TimestampVerificationResult[] x1Results = null; TimestampVerificationResult[] x2Results = null; IList <TimestampToken> timestampX1 = signature.TimestampsX1; if (timestampX1 != null && timestampX1.Any()) { byte[] data = signature.TimestampX1Data; x1Results = new TimestampVerificationResult[timestampX1.Count]; for (int i = 0; i < timestampX1.Count; i++) { TimestampToken t = timestampX1[i]; x1Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"); x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData")); } else { x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x1Results[i], ctx, signature); } } IList <TimestampToken> timestampX2 = signature.TimestampsX2; if (timestampX2 != null && timestampX2.Any()) { byte[] data = signature.TimestampX2Data; x2Results = new TimestampVerificationResult[timestampX2.Count]; int i = 0; foreach (TimestampToken t in timestampX2) { x2Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"); x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData")); } else { x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x2Results[i], ctx, signature); } } if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any())) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp"); } return(new SignatureLevelX(signature, levelReached, x1Results, x2Results)); } catch (Exception) { return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"))); } }
private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, IValidationContext ctx, IAdvancedSignature signature) { try { result.CertPathUpToTrustedList.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_CannotReachTSL"); ctx.ValidateTimestamp(t, signature.CertificateSource, signature.CRLSource, signature.OCSPSource, result.UsedCerts); var tsSignerSubjectName = t.GetSignerSubjectName(); foreach (CertificateAndContext c in ctx.NeededCertificates) { if (c.Certificate.SubjectDN.Equals(tsSignerSubjectName)) { if (ctx.GetParentFromTrustedList(c) != null) { result.CertPathUpToTrustedList.SetStatus(ResultStatus.VALID, null); break; } } } } catch (IOException) { result.CertPathUpToTrustedList.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"); } }
protected internal virtual SignatureLevelC VerifyLevelC(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, bool rehashValues, ICAdESLogger logger) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { IList <CertificateRef> refs = signature.CertificateRefs; SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult(); if (refs == null || !refs.Any()) { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateRef"); } else { if (EveryCertificateRefAreThere(ctx, refs, signature.SigningCertificate, logger)) { everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null); } else { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededcertificateRef"); } } logger.Info("Every CertificateRef found " + everyNeededCertAreInSignature); IList <OCSPRef> ocspRefs = signature.OCSPRefs; IList <CRLRef> crlRefs = signature.CRLRefs; int refCount = 0; SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(ResultStatus.VALID, null); refCount += ocspRefs.Count; refCount += crlRefs.Count; SignatureValidationResult thereIsRevocationData = null; SignatureValidationResult levelCReached = null; if (rehashValues) { if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPRef"); } if (!EveryCRLValueOrRefAreThere(ctx, crlRefs, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLRef"); } levelCReached = new SignatureValidationResult( everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData)); } else { thereIsRevocationData = new SignatureValidationResult(); if (refCount == 0) { thereIsRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataRefs"); } else { thereIsRevocationData.SetStatus(ResultStatus.VALID, "$UI_Signatures_ValidationText_AtLeastOneRef"); } levelCReached = new SignatureValidationResult(everyNeededCertAreInSignature.Status == ResultStatus.VALID && thereIsRevocationData.Status == ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData)); } } catch (Exception) { return(new SignatureLevelC( new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying") )); } }
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached) : base(levelReached) { }