private void SignObject(XmlNode nodes, object rps)
{
SignatureType sign = new SignatureType();
//Grupo: Signature->SignedInfo
sign.SignedInfo = new SignedInfoType();
sign.SignedInfo.CanonicalizationMethod = new CanonicalizationMethodType();
// <- Elemento foreach
sign.SignedInfo.SignatureMethod = new SignatureMethodType();
// <- Elemento foreach
// Grupo: Signature->SignedInfo->Reference
sign.SignedInfo.Reference = new ReferenceType[1];
ReferenceType referenceType = new ReferenceType();
// <- Elemento foreach
referenceType.DigestMethod = new DigestMethodType();
sign.SignedInfo.Reference[0] = referenceType;
// Grupo: Signature->SignedInfo->Reference->Transforms
sign.SignedInfo.Reference[0].Transforms = new TransformType[CountElements(nodes, "Transform")];
// <- Elemento foreach
//Tag: Signature->SignatureValue
sign.SignatureValue = new SignatureValueType();
// <- Elemento foreach
//Grupo: Signature->KeyInfo
sign.KeyInfo = new KeyInfoType();
X509DataType x509 = new X509DataType();
x509.Items = new object[1];
// <- Elemento foreach
x509.ItemsElementName = new ItemsChoiceType1[1] {
ItemsChoiceType1.X509Certificate
};
sign.KeyInfo.Items = new object[1];
sign.KeyInfo.Items[0] = x509;
sign.KeyInfo.ItemsElementName = new ItemsChoiceType2[1] {
ItemsChoiceType2.X509Data
};
PopulateSignature(sign, referenceType, x509, nodes);
SetProperty(rps, "Signature", sign);
}
public VerifyResponse ValidateCertificate(X509Certificate2 certificate, bool includeDetails, bool returnReadableCertificateInfo)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate", "El valor no puede ser nulo.");
}
List <XmlElement> optionalInputs = new List <XmlElement>();
ReturnVerificationReport verificationReport = new ReturnVerificationReport();
verificationReport.CheckOptions = new CheckOptionsType();
verificationReport.CheckOptions.CheckCertificateStatus = true;
verificationReport.ReportOptions = new ReportOptionsType();
if (includeDetails)
{
verificationReport.ReportOptions.ReportDetailLevel = "urn:oasis:names:tc:dss:1.0:reportdetail:allDetails";
}
else
{
verificationReport.ReportOptions.ReportDetailLevel = "urn:oasis:names:tc:dss:1.0:reportdetail:noDetails";
}
optionalInputs.Add(GetXmlElement(verificationReport));
if (returnReadableCertificateInfo)
{
optionalInputs.Add(GetXmlElement("<afxp:ReturnReadableCertificateInfo xmlns:afxp=\"urn:afirma:dss:1.0:profile:XSS:schema\"/>"));
}
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[] { new X509Cert(certificate.GetRawCertData()) };
x509Data.ItemsElementName = new ItemsChoiceType[] { ItemsChoiceType.X509Certificate };
SignatureObject signatureObject = new SignatureObject();
signatureObject.Item = new AnyType()
{
Any = new XmlElement[] { GetXmlElement(x509Data) }
};
VerifyRequest request = BuildRequest(null, signatureObject, optionalInputs.ToArray());
DSSAfirmaVerifyCertificateService ds = new DSSAfirmaVerifyCertificateService(_identity, _serverCert);
string result = ds.verify(GetXmlElement(request).OuterXml);
VerifyResponse response = DeserializeXml <VerifyResponse>(result);
if (!ResultType.Success.Equals(response.Result.ResultMajor))
{
throw new AfirmaResultException(response.Result.ResultMajor, response.Result.ResultMinor, response.Result.ResultMessage.Value);
}
return(response);
}
public void xr_X509DataType()
{
Console.Out.WriteLine("serialization xr_X509DataType");
X509DataType r = new X509DataType();
XmlSerializer xr = new XmlSerializer(typeof(X509DataType));
StringWriter sw = new StringWriter();
xr.Serialize(sw, r);
System.Console.Out.WriteLine(sw.ToString());
}
static FLMRequiredExtensionsType BuildFlmRequiredExtention(X509Certificate2 x509Certificate2)
{
FLMRequiredExtensionsType flmRequiredExtention = new FLMRequiredExtensionsType();
flmRequiredExtention.FacilityInfo = new FLMRequiredExtensionsTypeFacilityInfo();
flmRequiredExtention.FacilityInfo.AnnotationText = new UserTextType();
flmRequiredExtention.FacilityInfo.AnnotationText.language = "en-us";
flmRequiredExtention.FacilityInfo.AnnotationText.Value = "Example Facility List Message";
flmRequiredExtention.FacilityInfo.FacilityName = new UserTextType();
flmRequiredExtention.FacilityInfo.FacilityName.Value = "urn:x-facilityID:dcipllc.com:000000";
flmRequiredExtention.FacilityInfo.UTCOffset = new UTCOffsetType();
flmRequiredExtention.FacilityInfo.UTCOffset.Offset = "-05:00";
flmRequiredExtention.SecurityDeviceList = new SecurityDeviceListType();
CombinedType securityDevice = new CombinedType();
securityDevice.KeyInfo = new KeyInfoType();
securityDevice.KeyInfo.ItemsElementName = new ItemsChoiceType3[2];
securityDevice.KeyInfo.ItemsElementName[0] = ItemsChoiceType3.KeyName;
securityDevice.KeyInfo.ItemsElementName[1] = ItemsChoiceType3.X509Data;
securityDevice.KeyInfo.Items = new object[2];
securityDevice.KeyInfo.Items[0] = x509Certificate2.IssuerName.Name;
X509DataType x509Data = new X509DataType();
x509Data.ItemsElementName = new ItemsChoiceType1[1];
x509Data.ItemsElementName[0] = ItemsChoiceType1.X509Certificate;
x509Data.Items = new object[1];
x509Data.Items[0] = x509Certificate2.RawData;
securityDevice.KeyInfo.Items[1] = x509Data;
securityDevice.DeviceDescription = new deviceDescriptionType();
securityDevice.DeviceDescription.DeviceIdentifier = new deviceIdentifierPolyType();
securityDevice.DeviceDescription.DeviceIdentifier.idtype = new deviceIdentifierPolyTypeIdtype();
securityDevice.DeviceDescription.DeviceIdentifier.idtype = deviceIdentifierPolyTypeIdtype.DeviceUID;
securityDevice.DeviceDescription.DeviceIdentifier.Value = "urn:uid:" + Guid.Empty;
securityDevice.DeviceDescription.DeviceTypeID = new deviceTypeType();
securityDevice.DeviceDescription.DeviceTypeID.scope = "http://www.dcipllc.com/schemas/430-7/2009/FLM#deviceTypes";
securityDevice.DeviceDescription.DeviceTypeID.Value = "SMS";
securityDevice.DeviceDescription.DeviceSerial = "000000";
securityDevice.DeviceDescription.ManufacturerName = "Doremi";
securityDevice.DeviceDescription.ModelNumber = "DCP0000";
securityDevice.DeviceDescription.DeviceComment = new UserTextType();
securityDevice.DeviceDescription.DeviceComment.Value = "Not a Real Device";
flmRequiredExtention.SecurityDeviceList.Items = new CertOnlyType[1];
flmRequiredExtention.SecurityDeviceList.Items[0] = securityDevice;
return(flmRequiredExtention);
}
private void PopulateSignature(SignatureType sign, ReferenceType referenceType, X509DataType x509, XmlNode nodes)
{
int transformCount = 0;
foreach (XmlNode item in nodes.ChildNodes)
{
if (item.Name.Equals("CanonicalizationMethod"))
{
sign.SignedInfo.CanonicalizationMethod.Algorithm = item.Attributes["Algorithm"].Value;
}
if (item.Name.Equals("SignatureMethod"))
{
sign.SignedInfo.SignatureMethod.Algorithm = item.Attributes["Algorithm"].Value;
}
if (item.Name.Equals("Reference"))
{
referenceType.URI = item.Attributes["URI"].Value;
}
if (item.Name.Equals("Transform"))
{
TransformType transformType = new TransformType();
transformType.Algorithm = item.Attributes["Algorithm"].Value;
sign.SignedInfo.Reference[0].Transforms[transformCount] = transformType;
transformCount += 1;
}
if (item.Name.Equals("DigestMethod"))
{
referenceType.DigestMethod.Algorithm = item.Attributes["Algorithm"].Value;
}
if (item.Name.Equals("DigestValue"))
{
referenceType.DigestValue = GetBytes(item.InnerText);
}
if (item.Name.Equals("SignatureValue"))
{
sign.SignatureValue.Value = GetBytes(item.InnerText);
}
if (item.Name.Equals("X509Certificate"))
{
x509.Items[0] = GetBytes(item.InnerText);
}
if (item.HasChildNodes)
{
PopulateSignature(sign, referenceType, x509, item);
}
}
}
private void SignObject(XmlDocument doc, object rps)
{
XmlNodeList nodes = doc.GetElementsByTagName("Signature");
if (nodes.Count > 0)
{
SignatureType sign = new SignatureType();
//Grupo: Signature->SignedInfo
sign.SignedInfo = new SignedInfoType();
sign.SignedInfo.CanonicalizationMethod = new CanonicalizationMethodType();
sign.SignedInfo.CanonicalizationMethod.Algorithm = doc.GetElementsByTagName("CanonicalizationMethod")[0].Attributes[0].Value; // Tag: CanonicalizationMethod
sign.SignedInfo.SignatureMethod = new SignatureMethodType();
sign.SignedInfo.SignatureMethod.Algorithm = doc.GetElementsByTagName("SignatureMethod")[0].Attributes[0].Value; // Tag: SignatureMethod
// Grupo: Signature->SignedInfo->Reference
sign.SignedInfo.Reference = new ReferenceType[1];
ReferenceType teste = new ReferenceType();
teste.URI = doc.GetElementsByTagName("Reference")[0].Attributes[0].Value;
teste.DigestMethod = new DigestMethodType();
teste.DigestMethod.Algorithm = doc.GetElementsByTagName("DigestMethod")[0].Attributes[0].Value;
teste.DigestValue = GetBytes(doc.GetElementsByTagName("DigestValue")[0].InnerText);
sign.SignedInfo.Reference[0] = teste;
// Grupo: Signature->SignedInfo->Reference->Transforms
XmlNodeList transforms = doc.GetElementsByTagName("Transform");
sign.SignedInfo.Reference[0].Transforms = new TransformType[transforms.Count];
int run = 0;
foreach (XmlNode item in transforms)
{
TransformType qq = new TransformType();
qq.Algorithm = item.Attributes[0].Value;
sign.SignedInfo.Reference[0].Transforms[run] = qq;
run += 1;
}
//Tag: Signature->SignatureValue
sign.SignatureValue = new SignatureValueType();
sign.SignatureValue.Value = GetBytes(doc.GetElementsByTagName("SignatureValue")[0].InnerText);
//Grupo: Signature->KeyInfo
sign.KeyInfo = new KeyInfoType();
X509DataType x509 = new X509DataType();
x509.Items = new object[1];
x509.Items[0] = GetBytes(doc.GetElementsByTagName("X509Certificate")[0].InnerText);
x509.ItemsElementName = new ItemsChoiceType1[1] {
ItemsChoiceType1.X509Certificate
};
sign.KeyInfo.Items = new object[1];
sign.KeyInfo.Items[0] = x509;
sign.KeyInfo.ItemsElementName = new ItemsChoiceType2[1] {
ItemsChoiceType2.X509Data
};
SetProperty(rps, "Signature", sign);
}
}
/*
* Validation
*/
private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
/*
* Validation
*/
private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
