private void IncorporateCertificateRefs(CompleteCertificateRefs completeCertificateRefs
, ValidationContext ctx)
{
if (ctx.GetNeededCertificates().Count > 1)
{
foreach (CertificateAndContext certificate in ctx.GetNeededCertificates())
{
X509Certificate x509Cert = certificate.GetCertificate();
//jbonilla Don't include signing certificate
if (!x509Cert.Equals(ctx.GetCertificate()))
{
Cert chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = x509Cert.IssuerDN.ToString();
chainCert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber.ToString();
//TODO jbonilla DigestMethod parameter?
chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
chainCert.CertDigest.DigestValue = DotNetUtilities.ToX509Certificate2(x509Cert).GetCertHash();
//unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = "CompleteCertificateRefsId-" + this.uid;
completeCertificateRefs.CertRefs.CertCollection.Add(chainCert);
}
}
}
else
{
throw new ArgumentException("Needed certificates empty", "chain");
}
}
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
UnsignedProperties unsignedProperties = null;
CertificateValues certificateValues = null;
X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate();
unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs();
CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs;
Guid guid = Guid.NewGuid();
completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues();
certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues;
CertificateValues certificateValues2 = certificateValues;
guid = Guid.NewGuid();
certificateValues2.Id = "CertificatesValues-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs();
CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs;
guid = Guid.NewGuid();
completeRevocationRefs.Id = "CompleteRev-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues();
RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues;
guid = Guid.NewGuid();
revocationValues.Id = "RevocationValues-" + guid.ToString();
AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null);
AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
TimeStampCertRefs(signatureDocument, parameters);
signatureDocument.UpdateDocument();
}
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
{
base.ExtendSignatureTag(xadesSignedXml);
X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate(
xadesSignedXml.GetSigningCertificate());
DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties
.SignedProperties.SignedSignatureProperties.SigningTime;
ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate
, signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null);
UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties;
var completeCertificateRefs = new CompleteCertificateRefs();
IncorporateCertificateRefs(completeCertificateRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = completeCertificateRefs;
var completeRevocationRefs = new CompleteRevocationRefs();
IncorporateOCSPRefs(completeRevocationRefs, ctx);
IncorporateCRLRefs(completeRevocationRefs, ctx);
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = completeRevocationRefs;
xadesSignedXml.UnsignedProperties = unsignedProperties;
}
