private X509Certificate GetSignerCertificate(XmlDocument xmlDoc)
        {
            X509Certificate signerCertificate = null;

            try
            {
                TimeStampToken token        = XmlNodeHelper.GetTimeStampToken(xmlDoc);
                var            certificates = token.GetCertificates("Collection").GetMatches(null).Cast <X509Certificate>().ToList();

                foreach (X509Certificate certificate in certificates)
                {
                    string cerIssuerName    = certificate.IssuerDN.ToString(true, new Dictionary <string, string>());
                    string signerIssuerName = token.SignerID.Issuer.ToString(true, new Dictionary <string, string>());

                    if (cerIssuerName == signerIssuerName && certificate.SerialNumber.Equals(token.SignerID.SerialNumber))
                    {
                        signerCertificate = certificate;
                        break;
                    }
                }
            }
            catch (Exception) { }

            return(signerCertificate);
        }
        public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
        {
            ValidationError validationError = new ValidationError(xmlFileName, null);

            TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);

            Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);

            if (certificate == null)
            {
                return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát"));
            }

            if (token == null)
            {
                return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token"));
            }

            // Check certificate validity against timestamp token time
            try
            {
                certificate.CheckValidity(token.TimeStampInfo.GenTime);
            }
            catch (Exception ex)
            {
                return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message));
            }

            // Check certificate validity against crl
            X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber);

            if (entry == null)
            {
                return(validationError);
            }

            if (entry.RevocationDate < token.TimeStampInfo.GenTime)
            {
                return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala"));
            }

            return(validationError);
        }
        public ValidationError ValidationHandler2(XmlDocument xmlDoc, string xmlFileName)
        {
            ValidationError validationError = new ValidationError(xmlFileName, null);

            TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);

            byte[] timesStampDigestArray = token.TimeStampInfo.GetMessageImprintDigest();
            string hashAlgorithmId       = token.TimeStampInfo.HashAlgorithm.Algorithm.Id;

            var signatureEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue");

            if (signatureEle == null)
            {
                return(validationError.AppendErrorMessage("Missing SignatureValue element."));
            }

            byte[] signatureValueByteArray = Convert.FromBase64String(signatureEle.InnerText);

            var signatureMethodAlgorithm = xmlDoc.SelectXmlNode("//ds:SignedInfo/ds:SignatureMethod").AtrValue("Algorithm");

            if (signatureMethodAlgorithm != "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
            {
                return(validationError.AppendErrorMessage($"Unknown SignatureMethod Algorithm {signatureMethodAlgorithm}."));
            }

            System.Security.Cryptography.HashAlgorithm hashAlgo = System.Security.Cryptography.SHA256Managed.Create();

            var conputedSignatureByteArray = hashAlgo.ComputeHash(signatureValueByteArray);

            if (!StructuralComparisons.StructuralEqualityComparer.Equals(conputedSignatureByteArray, timesStampDigestArray))
            {
                return(validationError.AppendErrorMessage("Missing SignatureValue element."));
            }

            return(validationError);
        }