/// <summary> /// Perform XAdES checks on contained counter signatures. If couter signature is XMLDSIG, only XMLDSIG check (CheckSignature()) is done. /// </summary> /// <param name="counterSignatureMask">Check mask applied to counter signatures</param> /// <returns>If the function returns true the check was OK</returns> public virtual bool CheckCounterSignatures(XadesCheckSignatureMasks counterSignatureMask) { CounterSignatureCollection counterSignatureCollection; XadesSignedXml counterSignature; bool retVal; retVal = true; counterSignatureCollection = this.XadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection; for (int counterSignatureCounter = 0; (retVal == true) && (counterSignatureCounter < counterSignatureCollection.Count); counterSignatureCounter++) { counterSignature = counterSignatureCollection[counterSignatureCounter]; //TODO: check if parent signature document is present in counterSignature (maybe a deep copy is required) if (counterSignature.signatureStandard == KnownSignatureStandard.Xades) { retVal &= counterSignature.XadesCheckSignature(counterSignatureMask); } else { retVal &= counterSignature.CheckSignature(); } } if (retVal == false) { throw new CryptographicException("XadesCheckSignature() failed on at least one counter signature"); } retVal = true; return retVal; }
/// <summary> /// Additional tests for XAdES signatures. These tests focus on /// XMLDSIG verification and correct form of the XAdES XML structure /// (schema validation and completeness as defined by the XAdES standard). /// </summary> /// <remarks> /// Because of the fact that the XAdES library is intentionally /// independent of standards like TSP (RFC3161) or OCSP (RFC2560), /// these tests do NOT include any verification of timestamps nor OCSP /// responses. /// These checks are important and have to be done in the application /// built on top of the XAdES library. /// </remarks> /// <exception cref="System.Exception">Thrown when the signature is not /// a XAdES signature. SignatureStandard should be equal to /// <see cref="KnownSignatureStandard.Xades">KnownSignatureStandard.Xades</see>. /// Use the CheckSignature method for non-XAdES signatures.</exception> /// <param name="xadesCheckSignatureMasks">Bitmask to indicate which /// tests need to be done. This function will call a public virtual /// methods for each bit that has been set in this mask. /// See the <see cref="XadesCheckSignatureMasks">XadesCheckSignatureMasks</see> /// enum for the bitmask definitions. The virtual test method associated /// with a bit in the mask has the same name as enum value name.</param> /// <returns>If the function returns true the check was OK. If the /// check fails an exception with a explanatory message is thrown.</returns> public bool XadesCheckSignature(XadesCheckSignatureMasks xadesCheckSignatureMasks) { bool retVal; retVal = true; if (this.SignatureStandard != KnownSignatureStandard.Xades) { throw new Exception("SignatureStandard is not XAdES. CheckSignature returned: " + this.CheckSignature()); } else { if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXmldsigSignature) != 0) { retVal &= this.CheckXmldsigSignature(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.ValidateAgainstSchema) != 0) { retVal &= this.ValidateAgainstSchema(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckSameCertificate) != 0) { retVal &= this.CheckSameCertificate(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckAllReferencesExistInAllDataObjectsTimeStamp) != 0) { retVal &= this.CheckAllReferencesExistInAllDataObjectsTimeStamp(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckAllHashDataInfosInIndividualDataObjectsTimeStamp) != 0) { retVal &= this.CheckAllHashDataInfosInIndividualDataObjectsTimeStamp(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCounterSignatures) != 0) { retVal &= this.CheckCounterSignatures(xadesCheckSignatureMasks); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCounterSignaturesReference) != 0) { retVal &= this.CheckCounterSignaturesReference(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckObjectReferencesInCommitmentTypeIndication) != 0) { retVal &= this.CheckObjectReferencesInCommitmentTypeIndication(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckIfClaimedRolesOrCertifiedRolesPresentInSignerRole) != 0) { retVal &= this.CheckIfClaimedRolesOrCertifiedRolesPresentInSignerRole(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckHashDataInfoOfSignatureTimeStampPointsToSignatureValue) != 0) { retVal &= this.CheckHashDataInfoOfSignatureTimeStampPointsToSignatureValue(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckQualifyingPropertiesTarget) != 0) { retVal &= this.CheckQualifyingPropertiesTarget(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckQualifyingProperties) != 0) { retVal &= this.CheckQualifyingProperties(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckSigAndRefsTimeStampHashDataInfos) != 0) { retVal &= this.CheckSigAndRefsTimeStampHashDataInfos(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckRefsOnlyTimeStampHashDataInfos) != 0) { retVal &= this.CheckRefsOnlyTimeStampHashDataInfos(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckArchiveTimeStampHashDataInfos) != 0) { retVal &= this.CheckArchiveTimeStampHashDataInfos(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXadesCIsXadesT) != 0) { retVal &= this.CheckXadesCIsXadesT(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXadesXLIsXadesX) != 0) { retVal &= this.CheckXadesXLIsXadesX(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCertificateValuesMatchCertificateRefs) != 0) { retVal &= this.CheckCertificateValuesMatchCertificateRefs(); } if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckRevocationValuesMatchRevocationRefs) != 0) { retVal &= this.CheckRevocationValuesMatchRevocationRefs(); } } return retVal; }