private void IncorporateCertificateRefs(CompleteCertificateRefs completeCertificateRefs , ValidationContext ctx) { if (ctx.GetNeededCertificates().Count > 1) { foreach (CertificateAndContext certificate in ctx.GetNeededCertificates()) { X509Certificate x509Cert = certificate.GetCertificate(); //jbonilla Don't include signing certificate if (!x509Cert.Equals(ctx.GetCertificate())) { Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = x509Cert.IssuerDN.ToString(); chainCert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber.ToString(); //TODO jbonilla DigestMethod parameter? chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; chainCert.CertDigest.DigestValue = DotNetUtilities.ToX509Certificate2(x509Cert).GetCertHash(); //unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = "CompleteCertificateRefsId-" + this.uid; completeCertificateRefs.CertRefs.CertCollection.Add(chainCert); } } } else { throw new ArgumentException("Needed certificates empty", "chain"); } }
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { UnsignedProperties unsignedProperties = null; CertificateValues certificateValues = null; X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate(); unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs(); CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs; Guid guid = Guid.NewGuid(); completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues(); certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues; CertificateValues certificateValues2 = certificateValues; guid = Guid.NewGuid(); certificateValues2.Id = "CertificatesValues-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs(); CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs; guid = Guid.NewGuid(); completeRevocationRefs.Id = "CompleteRev-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues(); RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues; guid = Guid.NewGuid(); revocationValues.Id = "RevocationValues-" + guid.ToString(); AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null); AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; TimeStampCertRefs(signatureDocument, parameters); signatureDocument.UpdateDocument(); }
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml) { base.ExtendSignatureTag(xadesSignedXml); X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate( xadesSignedXml.GetSigningCertificate()); DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties .SignedProperties.SignedSignatureProperties.SigningTime; ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate , signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null); UnsignedProperties unsignedProperties = xadesSignedXml.UnsignedProperties; var completeCertificateRefs = new CompleteCertificateRefs(); IncorporateCertificateRefs(completeCertificateRefs, ctx); unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = completeCertificateRefs; var completeRevocationRefs = new CompleteRevocationRefs(); IncorporateOCSPRefs(completeRevocationRefs, ctx); IncorporateCRLRefs(completeRevocationRefs, ctx); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = completeRevocationRefs; xadesSignedXml.UnsignedProperties = unsignedProperties; }