コード例 #1
0
        public static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
        {
            List <BasicOcspResp> ocsps = new List <BasicOcspResp>();

            if (pkcs7.Ocsp != null)
            {
                ocsps.Add(pkcs7.Ocsp);
            }
            OcspVerifier          ocspVerifier = new OcspVerifier(null, ocsps);
            List <VerificationOK> verification =
                ocspVerifier.Verify(signCert, issuerCert, date);

            if (verification.Count == 0)
            {
                List <X509Crl> crls = new List <X509Crl>();
                if (pkcs7.CRLs != null)
                {
                    foreach (X509Crl crl in pkcs7.CRLs)
                    {
                        crls.Add(crl);
                    }
                }
                CrlVerifier crlVerifier = new CrlVerifier(null, crls);
                verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
            }
            if (verification.Count == 0)
            {
                Console.WriteLine("The signing certificate couldn't be verified with the example");
            }
            else
            {
                foreach (VerificationOK v in verification)
                {
                    Console.WriteLine(v);
                }
            }


            //Code not in the example, added by me
            //This way, I can find out if the certificate is revoked or not (through CRL). Not sure if it's the right way though
            if (verification.Count == 0 && pkcs7.CRLs != null && pkcs7.CRLs.Count != 0)
            {
                bool revoked = false;
                foreach (X509Crl crl in pkcs7.CRLs)
                {
                    revoked = crl.IsRevoked(pkcs7.SigningCertificate);
                    if (revoked)
                    {
                        break;
                    }
                }

                Console.WriteLine("Is certificate revoked?: " + revoked.ToString());
            }
        }
コード例 #2
0
        private static bool CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
        {
            List <BasicOcspResp> ocsps = new List <BasicOcspResp>();

            if (pkcs7.Ocsp != null)
            {
                ocsps.Add(pkcs7.Ocsp);
            }
            OcspVerifier          ocspVerifier = new OcspVerifier(null, ocsps);
            List <VerificationOK> verification =
                ocspVerifier.Verify(signCert, issuerCert, date);

            if (verification.Count == 0)
            {
                List <X509Crl> crls = new List <X509Crl>();
                if (pkcs7.CRLs != null)
                {
                    foreach (X509Crl crl in pkcs7.CRLs)
                    {
                        crls.Add(crl);
                    }
                }

                if (crls.Count > 0)
                {
                    CrlVerifier crlVerifier = new CrlVerifier(null, crls);
                    verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
                }
            }
            if (verification.Count == 0)
            {
                return(false);
            }
            else
            {
                foreach (VerificationOK v in verification)
                {
                    Console.WriteLine(v);
                }
            }

            return(verification.Count > 0);
        }
コード例 #3
0
        public static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
        {
            List <BasicOcspResp> ocsps = new List <BasicOcspResp>();

            if (pkcs7.Ocsp != null)
            {
                ocsps.Add(pkcs7.Ocsp);
            }
            OcspVerifier          ocspVerifier = new OcspVerifier(null, ocsps);
            List <VerificationOK> verification =
                ocspVerifier.Verify(signCert, issuerCert, date);

            if (verification.Count == 0)
            {
                List <X509Crl> crls = new List <X509Crl>();
                if (pkcs7.CRLs != null)
                {
                    foreach (X509Crl crl in pkcs7.CRLs)
                    {
                        crls.Add(crl);
                    }
                }
                CrlVerifier crlVerifier = new CrlVerifier(null, crls);
                verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
            }
            if (verification.Count == 0)
            {
                Console.WriteLine("The signing certificate couldn't be verified");
            }
            else
            {
                foreach (VerificationOK v in verification)
                {
                    Console.WriteLine(v);
                }
            }
        }
コード例 #4
0
        private SignaturesResult VerifyP7m(byte[] barr, string fileName)
        {
            //System.Diagnostics.Trace.WriteLine(string.Format("Verifica firme del file {0} ...",
            //System.IO.Path.GetFileName(fileName)));
            var result = new SignaturesResult();

            result.SignatureInfos = new List <SignatureInfo>();
            try
            {
                var estensione = System.IO.Path.GetExtension(fileName).ToLower();
                var nomeFile   = System.IO.Path.GetFileName(fileName);
                while (estensione == ".p7m")
                {
                    Org.BouncyCastle.Cms.CmsSignedData cms = new CmsSignedData(barr);
                    var certs = cms.GetCertificates("Collection");
                    var sis   = cms.GetSignerInfos();
                    if (sis != null)
                    {
                        if (RecursiveP7m || ExtractSignedContent)
                        {
                            using (var ms = new MemoryStream())
                            {
                                cms.SignedContent.Write(ms);
                                barr = ms.ToArray();
                            }
                            if (ExtractSignedContent)
                            {
                                result.SignedContent = barr;
                            }
                        }

                        var signers = sis.GetSigners();
                        foreach (SignerInformation sign in signers)
                        {
                            var si = new SignatureInfo();

                            DateTime?dt  = null;
                            var      aaa = sign.SignedAttributes[CmsAttributes.SigningTime];
                            if (aaa != null && aaa.AttrValues != null && aaa.AttrValues.Count > 0)
                            {
                                var st = aaa.AttrValues[0] as DerUtcTime;
                                if (st != null)
                                {
                                    dt = st.ToAdjustedDateTime();
                                }
                            }
                            if (dt == null)
                            {
                                throw new Exception("Impossibile ricavare SignDateTime.");
                            }
                            si.SignDateTime = dt.Value;

                            //si.FilterSubtype=
                            IList ccc = new ArrayList(certs.GetMatches(null));
                            List <Org.BouncyCastle.X509.X509Certificate> list =
                                new List <Org.BouncyCastle.X509.X509Certificate>();
                            foreach (var c in ccc)
                            {
                                list.Add(c as Org.BouncyCastle.X509.X509Certificate);
                            }
                            var errors =
                                iTextSharp.text.pdf.security.CertificateVerification.VerifyCertificates(
                                    list, keyStore, si.SignDateTime);
                            if (errors.Count > 0)
                            {
                                si.ChainCertificatesNotValidAtSignedTime = true;
                            }

                            IList cs = new ArrayList(certs.GetMatches(sign.SignerID));
                            var   cc = (Org.BouncyCastle.X509.X509Certificate)cs[0];
                            si.DigestAlgorithm = cc.SigAlgName;
                            //si.EncryptionAlgorithm = sign.EncryptionAlgorithmID.ToString();
                            si.IntegrityValid = sign.Verify(cc);

                            X509Certificate2 cert2 = new X509Certificate2(cc.GetEncoded());
                            si.Name     = null;
                            si.Signer   = cert2.SubjectName.Name;
                            si.Revision = sign.Version;
                            if (CheckRevocation)
                            {
                                try
                                {
                                    //si.CertificateRevocatedAtSignedTime = pkcs7.IsRevocationValid();
                                    List <Org.BouncyCastle.Ocsp.BasicOcspResp> ocsps =
                                        new List <Org.BouncyCastle.Ocsp.BasicOcspResp>();
                                    //if (cc.Ocsp != null)
                                    //    ocsps.Add(pkcs7.Ocsp);
                                    iTextSharp.text.pdf.security.OcspVerifier ocspVerifier = new OcspVerifier(null,
                                                                                                              ocsps);
                                    var issueCert =
                                        keyStore.SingleOrDefault(
                                            c => c.SubjectDN.Equals(cc.IssuerDN));
                                    if (issueCert == null)
                                    {
                                        throw new Exception("Issuer certificate not found.");
                                    }
                                    List <VerificationOK> verification = ocspVerifier.Verify(
                                        cc,
                                        issueCert,
                                        si.SignDateTime);
                                    if (verification.Count == 0)
                                    {
                                        var         crls        = new List <Org.BouncyCastle.X509.X509Crl>();
                                        CrlVerifier crlVerifier = new CrlVerifier(null, crls);
                                        crlVerifier.OnlineCheckingAllowed = true;
                                        verification = crlVerifier.Verify(cc, issueCert,
                                                                          si.SignDateTime);
                                    }
                                    if (verification.Count == 0)
                                    {
                                        si.CertificateRevocatedAtSignedTime = null;
                                    }
                                    else
                                    {
                                        si.CertificateRevocatedAtSignedTime = false;
                                        foreach (var verificationOk in verification)
                                        {
                                            System.Diagnostics.Trace.WriteLine(verificationOk);
                                        }
                                    }
                                }
                                catch (Exception ex)
                                {
                                    si.CertificateRevocatedAtSignedTime = true; // o null?
                                    System.Diagnostics.Trace.WriteLine(
                                        string.Format(
                                            "Si è verificato il seguente errore durante la verifica di revoca per la firma {2}  del file {0} {1}",
                                            System.IO.Path.GetFileName(fileName), ex.Message, si.Revision));
                                }
                            }
                            si.SignatureValid = si.IntegrityValid &&
                                                !si.ChainCertificatesNotValidAtSignedTime &&
                                                (!CheckRevocation || !si.CertificateRevocatedAtSignedTime.GetValueOrDefault(true));

                            result.SignatureInfos.Add(si);
                        }
                    }

                    if (!RecursiveP7m)
                    {
                        break;
                    }

                    nomeFile   = System.IO.Path.GetFileNameWithoutExtension(nomeFile);
                    estensione = System.IO.Path.GetExtension(nomeFile);
                }

                result.SignaturesValid = result.SignatureInfos.All(si => si.SignatureValid);

                //System.Diagnostics.Trace.WriteLine(string.Format(
                //    "Verifica firme del file {0} completata con esito {1}", System.IO.Path.GetFileName(fileName),
                //    result.SignaturesValid ? "Positivo" : "Negativo"));
            }
            catch (Exception exx)
            {
                System.Diagnostics.Trace.WriteLine(
                    string.Format(
                        "Si è verificato il seguente errore durante la verifica delle firme del file {0} {1}",
                        System.IO.Path.GetFileName(fileName), exx.Message));
                throw exx;
            }

            return(result);
        }
コード例 #5
0
        private SignaturesResult VerifyPdf(byte[] barr, string fileName)
        {
            //System.Diagnostics.Trace.WriteLine(string.Format("Verifica firme del file {0} ...", System.IO.Path.GetFileName(fileName)));
            var result = new SignaturesResult();

            try
            {
                using (var reader = new PdfReader(barr))
                {
                    var fields = reader.AcroFields;
                    var sInfos = fields.GetSignatureNames();
                    if (sInfos.Count > 0) // è firmato
                    {
                        //System.IO.Stream stream = fields.ExtractRevision(sInfos[0]);
                        //using (var ms = new MemoryStream())
                        //{
                        //    stream.CopyTo(ms);
                        //    result.Content = ms.ToArray();
                        //}
                        result.SignatureInfos = new List <SignatureInfo>();
                        foreach (var sName in sInfos)
                        {
                            var si = new SignatureInfo()
                            {
                                Name = sName
                            };
                            result.SignatureInfos.Add(si);
                            si.Revision = fields.GetRevision(sName);
                            //si.SignCoverWholeDocument = fields.SignatureCoversWholeDocument(sName);
                            var pkcs7 = fields.VerifySignature(sName);
                            //si.Signer = pkcs7.SignName;
                            si.Signer         = new X509Certificate2(pkcs7.SigningCertificate.GetEncoded()).SubjectName.Name;
                            si.SignDateTime   = pkcs7.SignDate;
                            si.IntegrityValid = pkcs7.Verify(); //TODO: DMP Settings? annotations?
                            si.SignatureValid = si.IntegrityValid &&
                                                !si.ChainCertificatesNotValidAtSignedTime &&
                                                (!CheckRevocation || !si.CertificateRevocatedAtSignedTime.GetValueOrDefault(true));
                            si.DigestAlgorithm = pkcs7.GetDigestAlgorithm();
                            //si.EncryptionAlgorithm = pkcs7.GetEncryptionAlgorithm();
                            //si.FilterSubtype = pkcs7.GetFilterSubtype().Type;

                            //si.TimeStamp = pkcs7.TimeStampDate;
                            //si.TimeStampService = pkcs7.TimeStampToken.TimeStampInfo.Tsa.Name.;
                            //si.TimeStampVerified = pkcs7.VerifyTimestampImprint();

                            //verifica certificati
                            var errors =
                                iTextSharp.text.pdf.security.CertificateVerification.VerifyCertificates(
                                    pkcs7.SignCertificateChain, keyStore, pkcs7.SignDate);
                            if (errors.Count > 0)
                            {
                                si.ChainCertificatesNotValidAtSignedTime = true;
                            }

                            //foreach (var cert in pkcs7.SignCertificateChain)
                            //{
                            //    try
                            //    {
                            //        cert.CheckValidity(pkcs7.SignDate);
                            //    }
                            //    catch (Org.BouncyCastle.Security.Certificates.CertificateExpiredException ex1)
                            //    {
                            //        //si.ChainCertificatesExpiredAtSignedTime = true;
                            //    }
                            //    catch (Org.BouncyCastle.Security.Certificates.CertificateNotYetValidException ex2)
                            //    {
                            //        si.ChainCertificatesNotValidAtSignedTime = true;
                            //    }
                            //}

                            //verifica revocation
                            if (CheckRevocation)
                            {
                                try
                                {
                                    //si.CertificateRevocatedAtSignedTime = pkcs7.IsRevocationValid();
                                    List <Org.BouncyCastle.Ocsp.BasicOcspResp> ocsps =
                                        new List <Org.BouncyCastle.Ocsp.BasicOcspResp>();
                                    if (pkcs7.Ocsp != null)
                                    {
                                        ocsps.Add(pkcs7.Ocsp);
                                    }
                                    iTextSharp.text.pdf.security.OcspVerifier ocspVerifier = new OcspVerifier(null,
                                                                                                              ocsps);
                                    var issueCert =
                                        keyStore.SingleOrDefault(
                                            c => c.SubjectDN.Equals(pkcs7.SigningCertificate.IssuerDN));
                                    if (issueCert == null)
                                    {
                                        throw new Exception("Issuer certificate not found.");
                                    }
                                    List <VerificationOK> verification = ocspVerifier.Verify(
                                        pkcs7.SigningCertificate,
                                        issueCert,
                                        pkcs7.SignDate);
                                    if (verification.Count == 0)
                                    {
                                        var         crls        = new List <Org.BouncyCastle.X509.X509Crl>(pkcs7.CRLs);
                                        CrlVerifier crlVerifier = new CrlVerifier(null, crls);
                                        crlVerifier.OnlineCheckingAllowed = true;
                                        verification = crlVerifier.Verify(pkcs7.SigningCertificate, issueCert,
                                                                          pkcs7.SignDate);
                                    }
                                    if (verification.Count == 0)
                                    {
                                        si.CertificateRevocatedAtSignedTime = null;
                                    }
                                    else
                                    {
                                        si.CertificateRevocatedAtSignedTime = false;
                                        foreach (var verificationOk in verification)
                                        {
                                            System.Diagnostics.Trace.WriteLine(verificationOk);
                                        }
                                    }
                                }
                                catch (Exception ex)
                                {
                                    si.CertificateRevocatedAtSignedTime = true; // o null?
                                    System.Diagnostics.Trace.WriteLine(
                                        string.Format(
                                            "Si è verificato il seguente errore durante la verifica di revoca per la firma {2}  del file {0} {1}",
                                            System.IO.Path.GetFileName(fileName), ex.Message, si.Revision));
                                }
                            }
                        }
                    }
                    reader.Close();
                }

                //result.SignaturesValid = result.SignatureInfos.All(si => si.IntegrityValid
                //                                         &&
                //                                         !si.ChainCertificatesNotValidAtSignedTime
                //                                         &&
                //                                         (!CheckRevocation || !si.CertificateRevocatedAtSignedTime
                //                                           .GetValueOrDefault(true)));

                //System.Diagnostics.Trace.WriteLine(string.Format("Verifica firme del file {0} completata con esito {1}", System.IO.Path.GetFileName(fileName),result.SignaturesValid?"Positivo":"Negativo"));

                return(result);
            }
            catch (InvalidPdfException ex)
            {
                System.Diagnostics.Trace.WriteLine(string.Format("Si è verificato il seguente errore durante la verifica delle firme del file {0} {1}", System.IO.Path.GetFileName(fileName), ex.Message));
                throw ex;
            }
            catch (Exception exx)
            {
                System.Diagnostics.Trace.WriteLine(string.Format("Si è verificato il seguente errore durante la verifica delle firme del file {0} {1}", System.IO.Path.GetFileName(fileName), exx.Message));
                throw exx;
            }
        }