Esempio n. 1
0
        internal virtual CertificateAndContext GetIssuerCertificate(ISignedToken signedToken, ICertificateSource optionalSource, DateTime validationDate)
        {
            if (signedToken.GetSignerSubjectName() == null)
            {
                return(null);
            }
            IList <CertificateAndContext> list = new CompositeCertificateSource(TrustedListCertificatesSource, optionalSource).GetCertificateBySubjectName(signedToken.GetSignerSubjectName());

            if (list != null)
            {
                foreach (CertificateAndContext cert in list)
                {
                    logger?.Info(cert.ToString());
                    if (validationDate != null)
                    {
                        try
                        {
                            cert.Certificate.CheckValidity(validationDate);
                        }
                        catch (CertificateExpiredException)
                        {
                            logger?.Info(WasExpiredMessage);
                            continue;
                        }
                        catch (CertificateNotYetValidException)
                        {
                            logger?.Info(WasNotYetValidMessage);
                            continue;
                        }
                        if (cert.CertificateSource == CertificateSourceType.TRUSTED_LIST && cert.Context != null)
                        {
                            ServiceInfo info = (ServiceInfo)cert.Context;
                            if (info.StatusStartingDateAtReferenceTime != null && validationDate.CompareTo( //jbonilla Before
                                    info.StatusStartingDateAtReferenceTime) < 0)
                            {
                                logger?.Info(WasNotValidTSLMessage);
                                continue;
                            }
                            else
                            {
                                if (info.StatusEndingDateAtReferenceTime != null && validationDate.CompareTo(info //jbonilla After
                                                                                                             .StatusEndingDateAtReferenceTime) > 0)
                                {
                                    logger?.Info(WasNotValidTSLMessage);
                                    continue;
                                }
                            }
                        }
                    }
                    if (signedToken.IsSignedBy(cert.Certificate))
                    {
                        return(cert);
                    }
                }
            }
            return(null);
        }
Esempio n. 2
0
        /// <summary>
        /// Build the validation context for the specific date
        /// </summary>
        public virtual void Validate(DateTime validationDate, ICertificateSource optionalSource, ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource, IList <CertificateAndContext> usedCerts)
        {
            int          previousSize     = RevocationInfo.Count;
            int          previousVerified = VerifiedTokenCount();
            ISignedToken signedToken      = GetOneNotYetVerifiedToken();

            if (signedToken != null)
            {
                ICertificateSource    otherSource = new CompositeCertificateSource(signedToken.GetWrappedCertificateSource(), optionalSource);
                CertificateAndContext issuer      = GetIssuerCertificate(signedToken, otherSource, validationDate);
                RevocationData        data        = null;
                if (issuer == null)
                {
                    logger?.Warn("Don't found any issuer for token " + signedToken);
                    data = new RevocationData(signedToken);
                }
                else
                {
                    usedCerts?.Add(issuer);
                    AddNotYetVerifiedToken(certificateTokenFactory(issuer));
                    if (issuer.Certificate.SubjectDN.Equals(issuer.Certificate.IssuerDN))
                    {
                        ISignedToken   trustedToken     = certificateTokenFactory(issuer);
                        RevocationData noNeedToValidate = new RevocationData();
                        if (issuer.CertificateSource == CertificateSourceType.TRUSTED_LIST)
                        {
                            noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST);
                        }
                        Validate(trustedToken, noNeedToValidate);
                    }
                    else if (issuer.CertificateSource == CertificateSourceType.TRUSTED_LIST)
                    {
                        ISignedToken   trustedToken     = certificateTokenFactory(issuer);
                        RevocationData noNeedToValidate = new RevocationData();
                        noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST);
                        Validate(trustedToken, noNeedToValidate);
                    }
                    if (signedToken is CertificateToken)
                    {
                        CertificateToken  ct     = (CertificateToken)signedToken;
                        CertificateStatus status = GetCertificateValidity(ct.GetCertificateAndContext(), issuer, validationDate, optionalCRLSource, optionalOCPSSource);
                        data = new RevocationData(signedToken);
                        if (status != null)
                        {
                            data.SetRevocationData(status.StatusSource);
                            if (status.StatusSource is X509Crl)
                            {
                                AddNotYetVerifiedToken(new CRLToken((X509Crl)status.StatusSource));
                            }
                            else
                            {
                                if (status.StatusSource is BasicOcspResp)
                                {
                                    AddNotYetVerifiedToken(new OCSPRespToken((BasicOcspResp)status.StatusSource));
                                }
                            }
                        }
                        else
                        {
                            logger?.Warn("No status for " + signedToken);
                        }
                    }
                    else
                    {
                        if (signedToken is CRLToken || signedToken is OCSPRespToken || signedToken is TimestampToken)
                        {
                            data = new RevocationData(signedToken);
                            data.SetRevocationData(issuer);
                        }
                        else
                        {
                            throw new Exception("Not supported token type " + signedToken.GetType().Name);
                        }
                    }
                }
                Validate(signedToken, data);
                logger?.Info(ToString());
                int newSize     = RevocationInfo.Count;
                int newVerified = VerifiedTokenCount();
                if (newSize != previousSize || newVerified != previousVerified)
                {
                    Validate(validationDate, otherSource, optionalCRLSource, optionalOCPSSource, usedCerts);
                }
            }
        }