protected internal virtual SignatureLevelBES VerifyLevelBES(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result signingCertRefVerification = new Result(); if (signature.GetSigningCertificate() != null) { signingCertRefVerification.SetStatus(Result.ResultStatus.VALID, null); } else { signingCertRefVerification.SetStatus(Result.ResultStatus.INVALID, "no.signing.certificate" ); } SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx ); Result levelReached = new Result(signingCertRefVerification.IsValid()); return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null)); } catch (Exception) { return(new SignatureLevelBES(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), null, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null , null)); } }
/// <summary>Main method for validating a signature</summary> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <returns>the report part pertaining to the signature</returns> protected internal virtual SignatureInformation ValidateSignature(AdvancedSignature signature, DateTime referenceTime) { if (signature.GetSigningCertificate() == null) { LOG.Error("There is no signing certificate"); return(null); } QCStatementInformation qcStatementInformation = VerifyQStatement(signature.GetSigningCertificate ()); SignatureVerification signatureVerification = new SignatureVerification(new Result (signature.CheckIntegrity(this.ExternalContent)), signature.GetSignatureAlgorithm ()); try { ValidationContext ctx = CertificateVerifier.ValidateCertificate(signature.GetSigningCertificate (), referenceTime, signature.GetCertificateSource(), signature.GetCRLSource(), signature .GetOCSPSource()); TrustedListInformation info = new TrustedListInformation(ctx.GetRelevantServiceInfo ()); CertPathRevocationAnalysis path = new CertPathRevocationAnalysis(ctx, info); SignatureLevelXL signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx); SignatureLevelC signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL != null ? signatureLevelXL.GetLevelReached().IsValid() : false); SignatureLevelAnalysis signatureLevelAnalysis = new SignatureLevelAnalysis(signature , VerifyLevelBES(signature, referenceTime, ctx), VerifyLevelEPES(signature, referenceTime , ctx), VerifyLevelT(signature, referenceTime, ctx), signatureLevelC, VerifyLevelX (signature, referenceTime, ctx), signatureLevelXL, VerifyLevelA(signature, referenceTime , ctx), VerifyLevelLTV(signature, referenceTime, ctx)); QualificationsVerification qualificationsVerification = VerifyQualificationsElement (signature, referenceTime, ctx); SignatureInformation signatureInformation = new SignatureInformation(signatureVerification , path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation ); return(signatureInformation); } catch (IOException e) { throw new RuntimeException("Cannot read signature file", e); } }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result signingCertificateVerification, SignatureVerification[] counterSignatureVerification , IList <TimestampVerificationResult> timestampsVerification) : base(levelReached ) { this.signingCertRefVerification = signingCertificateVerification; this.counterSignaturesVerification = counterSignatureVerification; this.timestampsVerification = timestampsVerification; if (signature != null) { certificates = signature.GetCertificates(); signingCertificate = signature.GetSigningCertificate(); signingTime = signature.GetSigningTime().Value; location = signature.GetLocation(); claimedSignerRole = signature.GetClaimedSignerRoles(); contentType = signature.GetContentType(); } }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result signingCertificateVerification, SignatureVerification[] counterSignatureVerification , IList<TimestampVerificationResult> timestampsVerification) : base(levelReached ) { this.signingCertRefVerification = signingCertificateVerification; this.counterSignaturesVerification = counterSignatureVerification; this.timestampsVerification = timestampsVerification; if (signature != null) { certificates = signature.GetCertificates(); signingCertificate = signature.GetSigningCertificate(); signingTime = signature.GetSigningTime().Value; location = signature.GetLocation(); claimedSignerRole = signature.GetClaimedSignerRoles(); contentType = signature.GetContentType(); } }
protected internal virtual SignatureLevelXL VerifyLevelXL(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result levelReached = new Result(); Result everyNeededCertAreInSignature = new Result(); everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null); Result everyNeededRevocationData = new Result(); everyNeededRevocationData.SetStatus(Result.ResultStatus.VALID, null); IList <X509Certificate> refs = signature.GetCertificates(); if (refs.IsEmpty()) { LOG.Info("There is no certificate refs in the signature"); everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.value" ); } else { if (!EveryCertificateValueAreThere(ctx, refs, signature.GetSigningCertificate())) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.value" ); } } LOG.Info("Every certificate found " + everyNeededCertAreInSignature); int valueCount = 0; IList <BasicOcspResp> ocspValues = signature.GetOCSPs(); if (ocspValues != null) { valueCount += ocspValues.Count; if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.value" ); } } IList <X509Crl> crlValues = signature.GetCRLs(); if (crlValues != null) { valueCount += crlValues.Count; if (!EveryCRLValueOrRefAreThere(ctx, crlValues)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.value" ); } } if (valueCount == 0) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.value" ); } levelReached.SetStatus((everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID) ? Result.ResultStatus.VALID : Result.ResultStatus.INVALID, null); return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData )); } catch (Exception) { return(new SignatureLevelXL(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result (Result.ResultStatus.INVALID, "exception.while.verifying"))); } }
protected internal virtual SignatureLevelC VerifyLevelC(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx, bool rehashValues) { try { IList <CertificateRef> refs = signature.GetCertificateRefs(); Result everyNeededCertAreInSignature = new Result(); if (refs == null || refs.IsEmpty()) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.ref" ); } else { if (EveryCertificateRefAreThere(ctx, refs, signature.GetSigningCertificate())) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null); } else { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.ref" ); } } LOG.Info("Every CertificateRef found " + everyNeededCertAreInSignature); IList <OCSPRef> ocspRefs = signature.GetOCSPRefs(); IList <CRLRef> crlRefs = signature.GetCRLRefs(); int refCount = 0; Result everyNeededRevocationData = new Result(Result.ResultStatus.VALID, null); refCount += ocspRefs.Count; refCount += crlRefs.Count; Result thereIsRevocationData = null; Result levelCReached = null; if (rehashValues) { if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.ref" ); } if (!EveryCRLValueOrRefAreThere(ctx, crlRefs)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.ref" ); } levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData )); } else { thereIsRevocationData = new Result(); if (refCount == 0) { thereIsRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.reference" ); } else { thereIsRevocationData.SetStatus(Result.ResultStatus.VALID, "at.least.one.reference" ); } levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && thereIsRevocationData.GetStatus() == Result.ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData )); } } catch (Exception) { return(new SignatureLevelC(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result (Result.ResultStatus.INVALID, "exception.while.verifying"))); } }