/// <summary>Build the validation context for the specific date</summary> /// <param name="validationDate"></param> /// <param name="optionalSource"></param> /// <exception cref="System.IO.IOException"></exception> public virtual void Validate(DateTime validationDate, CertificateSource optionalSource , ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource) { int previousSize = revocationInfo.Count; int previousVerified = VerifiedTokenCount(); SignedToken signedToken = GetOneNotYetVerifiedToken(); if (signedToken != null) { CertificateSource otherSource = optionalSource; if (signedToken != null) { otherSource = new CompositeCertificateSource(signedToken.GetWrappedCertificateSource (), optionalSource); } CertificateAndContext issuer = GetIssuerCertificate(signedToken, otherSource, validationDate ); RevocationData data = null; if (issuer == null) { LOG.Warn("Don't found any issuer for token " + signedToken); data = new RevocationData(signedToken); } else { AddNotYetVerifiedToken(new CertificateToken(issuer)); if (issuer.GetCertificate().SubjectDN.Equals(issuer.GetCertificate ().IssuerDN)) { SignedToken trustedToken = new CertificateToken(issuer); RevocationData noNeedToValidate = new RevocationData(); // noNeedToValidate.setRevocationData(CertificateSourceType.TRUSTED_LIST); Validate(trustedToken, noNeedToValidate); } if (issuer.GetCertificateSource() == CertificateSourceType.TRUSTED_LIST) { SignedToken trustedToken = new CertificateToken(issuer); RevocationData noNeedToValidate = new RevocationData(); noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST); Validate(trustedToken, noNeedToValidate); } if (signedToken is CertificateToken) { CertificateToken ct = (CertificateToken)signedToken; CertificateStatus status = GetCertificateValidity(ct.GetCertificateAndContext(), issuer, validationDate, optionalCRLSource, optionalOCPSSource); data = new RevocationData(signedToken); if (status != null) { data.SetRevocationData(status.StatusSource); if (status.StatusSource is X509Crl) { AddNotYetVerifiedToken(new CRLToken((X509Crl)status.StatusSource)); } else { if (status.StatusSource is BasicOcspResp) { AddNotYetVerifiedToken(new OCSPRespToken((BasicOcspResp)status.StatusSource)); } } } else { LOG.Warn("No status for " + signedToken); } } else { if (signedToken is CRLToken || signedToken is OCSPRespToken || signedToken is TimestampToken) { data = new RevocationData(signedToken); data.SetRevocationData(issuer); } else { throw new RuntimeException("Not supported token type " + signedToken.GetType().Name ); } } } Validate(signedToken, data); LOG.Info(this.ToString()); int newSize = revocationInfo.Count; int newVerified = VerifiedTokenCount(); if (newSize != previousSize || newVerified != previousVerified) { Validate(validationDate, otherSource, optionalCRLSource, optionalOCPSSource); } } }
/// <param name="signedToken"></param> /// <param name="optionalSource"></param> /// <param name="validationDate"></param> /// <returns></returns> /// <exception cref="System.IO.IOException">An error occurs when accessing the CertificateSource /// </exception> internal virtual CertificateAndContext GetIssuerCertificate(SignedToken signedToken , CertificateSource optionalSource, DateTime validationDate) { if (signedToken.GetSignerSubjectName() == null) { return(null); } IList <CertificateAndContext> list = new CompositeCertificateSource(trustedListCertificatesSource , optionalSource).GetCertificateBySubjectName(signedToken.GetSignerSubjectName() ); if (list != null) { foreach (CertificateAndContext cert in list) { LOG.Info(cert.ToString()); if (validationDate != null) { try { cert.GetCertificate().CheckValidity(validationDate); } catch (CertificateExpiredException) { LOG.Info("Was expired"); continue; } catch (CertificateNotYetValidException) { LOG.Info("Was not yet valid"); continue; } if (cert.GetCertificateSource() == CertificateSourceType.TRUSTED_LIST && cert.GetContext () != null) { ServiceInfo info = (ServiceInfo)cert.GetContext(); if (info.GetStatusStartingDateAtReferenceTime() != null && validationDate.CompareTo( //jbonilla Before info.GetStatusStartingDateAtReferenceTime()) < 0) { LOG.Info("Was not valid in the TSL"); continue; } else { if (info.GetStatusEndingDateAtReferenceTime() != null && validationDate.CompareTo(info //jbonilla After .GetStatusEndingDateAtReferenceTime()) > 0) { LOG.Info("Was not valid in the TSL"); continue; } } } } if (signedToken.IsSignedBy(cert.GetCertificate())) { return(cert); } } } return(null); }