/// <summary>
/// Perform XAdES checks on contained counter signatures. If couter signature is XMLDSIG, only XMLDSIG check (CheckSignature()) is done.
/// </summary>
/// <param name="counterSignatureMask">Check mask applied to counter signatures</param>
/// <returns>If the function returns true the check was OK</returns>
public virtual bool CheckCounterSignatures(XadesCheckSignatureMasks counterSignatureMask)
{
CounterSignatureCollection counterSignatureCollection;
XadesSignedXml counterSignature;
bool retVal;
retVal = true;
counterSignatureCollection = this.XadesObject.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection;
for (int counterSignatureCounter = 0; (retVal == true) && (counterSignatureCounter < counterSignatureCollection.Count); counterSignatureCounter++)
{
counterSignature = counterSignatureCollection[counterSignatureCounter];
//TODO: check if parent signature document is present in counterSignature (maybe a deep copy is required)
if (counterSignature.signatureStandard == KnownSignatureStandard.Xades)
{
retVal &= counterSignature.XadesCheckSignature(counterSignatureMask);
}
else
{
retVal &= counterSignature.CheckSignature();
}
}
if (retVal == false)
{
throw new CryptographicException("XadesCheckSignature() failed on at least one counter signature");
}
retVal = true;
return retVal;
}
/// <summary>
/// Additional tests for XAdES signatures. These tests focus on
/// XMLDSIG verification and correct form of the XAdES XML structure
/// (schema validation and completeness as defined by the XAdES standard).
/// </summary>
/// <remarks>
/// Because of the fact that the XAdES library is intentionally
/// independent of standards like TSP (RFC3161) or OCSP (RFC2560),
/// these tests do NOT include any verification of timestamps nor OCSP
/// responses.
/// These checks are important and have to be done in the application
/// built on top of the XAdES library.
/// </remarks>
/// <exception cref="System.Exception">Thrown when the signature is not
/// a XAdES signature. SignatureStandard should be equal to
/// <see cref="KnownSignatureStandard.Xades">KnownSignatureStandard.Xades</see>.
/// Use the CheckSignature method for non-XAdES signatures.</exception>
/// <param name="xadesCheckSignatureMasks">Bitmask to indicate which
/// tests need to be done. This function will call a public virtual
/// methods for each bit that has been set in this mask.
/// See the <see cref="XadesCheckSignatureMasks">XadesCheckSignatureMasks</see>
/// enum for the bitmask definitions. The virtual test method associated
/// with a bit in the mask has the same name as enum value name.</param>
/// <returns>If the function returns true the check was OK. If the
/// check fails an exception with a explanatory message is thrown.</returns>
public bool XadesCheckSignature(XadesCheckSignatureMasks xadesCheckSignatureMasks)
{
bool retVal;
retVal = true;
if (this.SignatureStandard != KnownSignatureStandard.Xades)
{
throw new Exception("SignatureStandard is not XAdES. CheckSignature returned: " + this.CheckSignature());
}
else
{
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXmldsigSignature) != 0)
{
retVal &= this.CheckXmldsigSignature();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.ValidateAgainstSchema) != 0)
{
retVal &= this.ValidateAgainstSchema();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckSameCertificate) != 0)
{
retVal &= this.CheckSameCertificate();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckAllReferencesExistInAllDataObjectsTimeStamp) != 0)
{
retVal &= this.CheckAllReferencesExistInAllDataObjectsTimeStamp();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckAllHashDataInfosInIndividualDataObjectsTimeStamp) != 0)
{
retVal &= this.CheckAllHashDataInfosInIndividualDataObjectsTimeStamp();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCounterSignatures) != 0)
{
retVal &= this.CheckCounterSignatures(xadesCheckSignatureMasks);
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCounterSignaturesReference) != 0)
{
retVal &= this.CheckCounterSignaturesReference();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckObjectReferencesInCommitmentTypeIndication) != 0)
{
retVal &= this.CheckObjectReferencesInCommitmentTypeIndication();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckIfClaimedRolesOrCertifiedRolesPresentInSignerRole) != 0)
{
retVal &= this.CheckIfClaimedRolesOrCertifiedRolesPresentInSignerRole();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckHashDataInfoOfSignatureTimeStampPointsToSignatureValue) != 0)
{
retVal &= this.CheckHashDataInfoOfSignatureTimeStampPointsToSignatureValue();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckQualifyingPropertiesTarget) != 0)
{
retVal &= this.CheckQualifyingPropertiesTarget();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckQualifyingProperties) != 0)
{
retVal &= this.CheckQualifyingProperties();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckSigAndRefsTimeStampHashDataInfos) != 0)
{
retVal &= this.CheckSigAndRefsTimeStampHashDataInfos();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckRefsOnlyTimeStampHashDataInfos) != 0)
{
retVal &= this.CheckRefsOnlyTimeStampHashDataInfos();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckArchiveTimeStampHashDataInfos) != 0)
{
retVal &= this.CheckArchiveTimeStampHashDataInfos();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXadesCIsXadesT) != 0)
{
retVal &= this.CheckXadesCIsXadesT();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckXadesXLIsXadesX) != 0)
{
retVal &= this.CheckXadesXLIsXadesX();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckCertificateValuesMatchCertificateRefs) != 0)
{
retVal &= this.CheckCertificateValuesMatchCertificateRefs();
}
if ((xadesCheckSignatureMasks & XadesCheckSignatureMasks.CheckRevocationValuesMatchRevocationRefs) != 0)
{
retVal &= this.CheckRevocationValuesMatchRevocationRefs();
}
}
return retVal;
}
