protected internal virtual SignatureLevelBES VerifyLevelBES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult signingCertRefVerification = new SignatureValidationResult();
if (signature.SigningCertificate != null)
{
signingCertRefVerification.SetStatus(ResultStatus.VALID, null);
}
else
{
signingCertRefVerification.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoSigningCeritificate");
}
SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx, externalContent);
SignatureValidationResult levelReached = new SignatureValidationResult(signingCertRefVerification.IsValid);
return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null));
}
catch (Exception)
{
return(new SignatureLevelBES(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, null));
}
}
public QCStatementInformation(SignatureValidationResult qCPPresent, SignatureValidationResult qCPPlusPresent, SignatureValidationResult qcCompliancePresent, SignatureValidationResult qcSCCDPresent)
{
this.qCPPresent = qCPPresent;
this.qCPPlusPresent = qCPPlusPresent;
this.qcCompliancePresent = qcCompliancePresent;
this.qcSCCDPresent = qcSCCDPresent;
}
public QualificationsVerification(SignatureValidationResult qCWithSSCD, SignatureValidationResult qCNoSSCD, SignatureValidationResult qCSSCDStatusAsInCert, SignatureValidationResult qCForLegalPerson)
{
this.qCWithSSCD = qCWithSSCD;
this.qCNoSSCD = qCNoSSCD;
this.qCSSCDStatusAsInCert = qCSSCDStatusAsInCert;
this.qCForLegalPerson = qCForLegalPerson;
}
public SignatureLevelEPES(IAdvancedSignature signature, SignatureValidationResult levelReached) : base
(levelReached)
{
if (signature != null)
{
signaturePolicy = signature.PolicyId;
}
}
protected internal virtual SignatureLevelXL VerifyLevelXL(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult();
everyNeededRevocationData.SetStatus(ResultStatus.VALID, null);
IList <X509Certificate> refs = signature.Certificates;
if (!refs.Any())
{
logger.Info("There is no certificate refs in the signature");
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateValue");
}
else
{
if (!EveryCertificateValueAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCertificateValues");
}
}
logger.Info("Every certificate found " + everyNeededCertAreInSignature);
int valueCount = 0;
IList <BasicOcspResp> ocspValues = signature.OCSPs;
if (ocspValues != null)
{
valueCount += ocspValues.Count;
if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPValues");
}
}
IList <X509Crl> crlValues = signature.CRLs;
if (crlValues != null)
{
valueCount += crlValues.Count;
if (!EveryCRLValueOrRefAreThere(ctx, crlValues, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLValues");
}
}
if (valueCount == 0)
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataValue");
}
levelReached.SetStatus((everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID) ?
ResultStatus.VALID : ResultStatus.INVALID, null);
return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
catch (Exception)
{
return(new SignatureLevelXL(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
protected internal virtual SignatureLevelEPES VerifyLevelEPES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
try
{
PolicyValue policyValue = signature.PolicyId;
SignatureValidationResult levelReached = new SignatureValidationResult(policyValue != null);
return(new SignatureLevelEPES(signature, levelReached));
}
catch (Exception)
{
return(new SignatureLevelEPES(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
protected internal virtual QCStatementInformation VerifyQStatement(X509Certificate certificate)
{
if (certificate != null)
{
SignatureValidationResult qCPPresent = new SignatureValidationResult(qcp.Check(new CertificateAndContext(certificate)));
SignatureValidationResult qCPPlusPresent = new SignatureValidationResult(qcpplus.Check(new CertificateAndContext(certificate)));
SignatureValidationResult qcCompliancePresent = new SignatureValidationResult(qccompliance.Check(new CertificateAndContext(certificate)));
SignatureValidationResult qcSCCDPresent = new SignatureValidationResult(qcsscd.Check(new CertificateAndContext(certificate)));
return(new QCStatementInformation(qCPPresent, qCPPlusPresent, qcCompliancePresent, qcSCCDPresent));
}
else
{
return(new QCStatementInformation(null, null, null, null));
}
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, List <TimestampVerificationResult> signatureAndRefsTimestampsVerification, List <TimestampVerificationResult> referencesTimestampsVerification) : base(levelReached)
{
if (signatureAndRefsTimestampsVerification is null)
{
throw new System.ArgumentNullException(nameof(signatureAndRefsTimestampsVerification));
}
if (referencesTimestampsVerification is null)
{
throw new System.ArgumentNullException(nameof(referencesTimestampsVerification));
}
this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification.ToArray();
this.referencesTimestampsVerification = referencesTimestampsVerification.ToArray();
}
protected internal virtual QualificationsVerification VerifyQualificationsElement(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
SignatureValidationResult qCWithSSCD = new SignatureValidationResult();
SignatureValidationResult qCNoSSCD = new SignatureValidationResult();
SignatureValidationResult qCSSCDStatusAsInCert = new SignatureValidationResult();
SignatureValidationResult qCForLegalPerson = new SignatureValidationResult();
IList <string> qualifiers = ctx.GetQualificationStatement();
if (qualifiers != null)
{
qCWithSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCWithSSCD"));
qCNoSSCD = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCNoSSCD"));
qCSSCDStatusAsInCert = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCSSCDStatusAsInCert"));
qCForLegalPerson = new SignatureValidationResult(qualifiers.Contains(SVC_INFO + "QCForLegalPerson"));
}
return(new QualificationsVerification(qCWithSSCD, qCNoSSCD, qCSSCDStatusAsInCert,
qCForLegalPerson));
}
protected internal virtual SignatureVerification[] VerifyCounterSignatures(IAdvancedSignature signature, IValidationContext ctx, Document externalContent)
{
IList <IAdvancedSignature> counterSignatures = signature.CounterSignatures;
if (counterSignatures == null)
{
return(null);
}
List <SignatureVerification> counterSigVerifs = new List <SignatureVerification>();
foreach (IAdvancedSignature counterSig in counterSignatures)
{
var counterSigSignatureValidationResult = new SignatureValidationResult(counterSig.CheckIntegrity(externalContent));
string counterSigAlg = counterSig.SignatureAlgorithm;
counterSigVerifs.Add(new SignatureVerification(counterSigSignatureValidationResult, counterSigAlg));
}
return(counterSigVerifs.ToArray());
}
public SignatureLevelBES(
SignatureValidationResult levelReached,
IAdvancedSignature signature,
SignatureValidationResult signingCertificateVerification,
SignatureVerification[] counterSignatureVerification,
IList <TimestampVerificationResult> timestampsVerification) : base(levelReached)
{
signingCertRefVerification = signingCertificateVerification;
counterSignaturesVerification = counterSignatureVerification;
this.timestampsVerification = timestampsVerification;
if (signature != null)
{
certificates = signature.Certificates;
signingCertificate = signature.SigningCertificate;
signingTime = signature.SigningTime.Value;
location = signature.Location;
claimedSignerRole = signature.ClaimedSignerRoles;
contentType = signature.ContentType;
}
}
public CertPathRevocationAnalysis(IValidationContext ctx, TrustedListInformation info)
{
summary = new SignatureValidationResult();
trustedListInformation = info;
if (ctx != null && ctx.NeededCertificates != null)
{
foreach (CertificateAndContext cert in ctx.NeededCertificates)
{
CertificateVerification verif = new CertificateVerification(cert, ctx);
certificatePathVerification.Add(verif);
}
}
summary.SetStatus(ResultStatus.VALID, null);
if (certificatePathVerification != null)
{
foreach (CertificateVerification verif in certificatePathVerification)
{
if (verif.Summary.IsInvalid)
{
summary.SetStatus(ResultStatus.INVALID, verif.Summary.Description ?? "$UI_Signatures_ValidationText_CertificateIsNotValid");
break;
}
if (verif.Summary.IsUndetermined)
{
summary.SetStatus(ResultStatus.UNDETERMINED, verif.Summary.Description ?? "$UI_Signatures_ValidationText_NoRevocationData");
}
}
}
if (trustedListInformation != null)
{
if (!trustedListInformation.IsServiceWasFound)
{
summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound");
}
}
else
{
summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound");
}
}
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
IList <TimestampVerificationResult> verifs = null;
try
{
IList <TimestampToken> timestamps = signature.ArchiveTimestamps;
verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent));
}
catch (IOException e)
{
logger.Error("Error verifyind level A " + e.Message);
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs));
}
catch (Exception)
{
return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null));
}
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached, TimestampVerificationResult
[] signatureAndRefsTimestampsVerification, TimestampVerificationResult[] referencesTimestampsVerification) : base(levelReached)
{
this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification;
this.referencesTimestampsVerification = referencesTimestampsVerification;
}
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
levelReached.SetStatus(ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.TimestampsX1;
if (timestampX1 != null && timestampX1.Any())
{
byte[] data = signature.TimestampX1Data;
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
}
IList <TimestampToken> timestampX2 = signature.TimestampsX2;
if (timestampX2 != null && timestampX2.Any())
{
byte[] data = signature.TimestampX2Data;
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
}
if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
/// <param name="qcSCCDPresent"></param>
public virtual void SetQcSCCDPresent(SignatureValidationResult qcSCCDPresent)
{
this.qcSCCDPresent = qcSCCDPresent;
}
/// <param name="qCPPlusPresent"></param>
public virtual void SetQCPPlusPresent(SignatureValidationResult qCPPlusPresent)
{
this.qCPPlusPresent = qCPPlusPresent;
}
/// <param>
/// the sameDigest to set
/// </param>
public virtual void SetSameDigest(SignatureValidationResult sameDigest)
{
this.sameDigest = sameDigest;
}
public SignatureLevelA(SignatureValidationResult levelReached, IList <TimestampVerificationResult> archiveTimestampsVerification) : base(levelReached)
{
this.archiveTimestampsVerification = archiveTimestampsVerification;
}
/// <param>
/// the summary to set
/// </param>
public virtual void SetSummary(SignatureValidationResult summary)
{
this.summary = summary;
}
public SignatureVerification(SignatureValidationResult signatureVerificationResult, string signatureAlgorithm)
{
SignatureVerificationResult = signatureVerificationResult;
SignatureAlgorithm = signatureAlgorithm;
}
public SignatureLevelC(SignatureValidationResult levelReached, SignatureValidationResult certificateRefsVerification, SignatureValidationResult
revocationRefsVerification) : base(levelReached)
{
this.certificateRefsVerification = certificateRefsVerification;
this.revocationRefsVerification = revocationRefsVerification;
}
public SignatureLevelX(IAdvancedSignature signature, SignatureValidationResult levelReached) : base(levelReached)
{
}
/// <param name="qcCompliancePresent"></param>
public virtual void SetQcCompliancePresent(SignatureValidationResult qcCompliancePresent)
{
this.qcCompliancePresent = qcCompliancePresent;
}
private SignatureValidationResult ResultForTimestamps(IList <TimestampVerificationResult> signatureTimestampsVerification, SignatureValidationResult levelReached)
{
if (signatureTimestampsVerification == null || !signatureTimestampsVerification.Any())
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
else
{
levelReached.SetStatus(ResultStatus.VALID, null);
foreach (TimestampVerificationResult result in signatureTimestampsVerification)
{
if (result.SameDigest.IsUndetermined)
{
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_OneTimestampDigestUndetermined");
}
else
{
if (result.SameDigest.IsInvalid)
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
break;
}
}
}
}
return(levelReached);
}
protected internal virtual SignatureLevelC VerifyLevelC(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, bool rehashValues, ICAdESLogger logger)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
IList <CertificateRef> refs = signature.CertificateRefs;
SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult();
if (refs == null || !refs.Any())
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateRef");
}
else
{
if (EveryCertificateRefAreThere(ctx, refs, signature.SigningCertificate, logger))
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null);
}
else
{
everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededcertificateRef");
}
}
logger.Info("Every CertificateRef found " + everyNeededCertAreInSignature);
IList <OCSPRef> ocspRefs = signature.OCSPRefs;
IList <CRLRef> crlRefs = signature.CRLRefs;
int refCount = 0;
SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(ResultStatus.VALID, null);
refCount += ocspRefs.Count;
refCount += crlRefs.Count;
SignatureValidationResult thereIsRevocationData = null;
SignatureValidationResult levelCReached = null;
if (rehashValues)
{
if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPRef");
}
if (!EveryCRLValueOrRefAreThere(ctx, crlRefs, logger))
{
everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLRef");
}
levelCReached = new SignatureValidationResult(
everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData));
}
else
{
thereIsRevocationData = new SignatureValidationResult();
if (refCount == 0)
{
thereIsRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataRefs");
}
else
{
thereIsRevocationData.SetStatus(ResultStatus.VALID, "$UI_Signatures_ValidationText_AtLeastOneRef");
}
levelCReached = new SignatureValidationResult(everyNeededCertAreInSignature.Status == ResultStatus.VALID && thereIsRevocationData.Status == ResultStatus.VALID);
return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData));
}
}
catch (Exception)
{
return(new SignatureLevelC(
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"),
new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")
));
}
}
public SignatureLevel(SignatureValidationResult levelReached)
{
this.levelReached = levelReached;
}
/// <param>
/// the certPathVerification to set
/// </param>
public virtual void SetCertPathVerification(SignatureValidationResult certPathVerification)
{
this.certPathVerification = certPathVerification;
}
public SignatureLevelT(SignatureValidationResult levelReached, IList <TimestampVerificationResult> signatureTimestampsVerification) : base(levelReached)
{
this.signatureTimestampsVerification = signatureTimestampsVerification;
}