private SignatureValidationResult ResultForTimestamps(IList <TimestampVerificationResult> signatureTimestampsVerification, SignatureValidationResult levelReached) { if (signatureTimestampsVerification == null || !signatureTimestampsVerification.Any()) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp"); } else { levelReached.SetStatus(ResultStatus.VALID, null); foreach (TimestampVerificationResult result in signatureTimestampsVerification) { if (result.SameDigest.IsUndetermined) { levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_OneTimestampDigestUndetermined"); } else { if (result.SameDigest.IsInvalid) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"); break; } } } } return(levelReached); }
protected internal virtual SignatureLevelBES VerifyLevelBES(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, Document externalContent) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { SignatureValidationResult signingCertRefVerification = new SignatureValidationResult(); if (signature.SigningCertificate != null) { signingCertRefVerification.SetStatus(ResultStatus.VALID, null); } else { signingCertRefVerification.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoSigningCeritificate"); } SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx, externalContent); SignatureValidationResult levelReached = new SignatureValidationResult(signingCertRefVerification.IsValid); return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null)); } catch (Exception) { return(new SignatureLevelBES(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null, null)); } }
protected internal virtual SignatureLevelXL VerifyLevelXL(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger) { try { SignatureValidationResult levelReached = new SignatureValidationResult(); SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult(); everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null); SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(); everyNeededRevocationData.SetStatus(ResultStatus.VALID, null); IList <X509Certificate> refs = signature.Certificates; if (!refs.Any()) { logger.Info("There is no certificate refs in the signature"); everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateValue"); } else { if (!EveryCertificateValueAreThere(ctx, refs, signature.SigningCertificate, logger)) { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCertificateValues"); } } logger.Info("Every certificate found " + everyNeededCertAreInSignature); int valueCount = 0; IList <BasicOcspResp> ocspValues = signature.OCSPs; if (ocspValues != null) { valueCount += ocspValues.Count; if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPValues"); } } IList <X509Crl> crlValues = signature.CRLs; if (crlValues != null) { valueCount += crlValues.Count; if (!EveryCRLValueOrRefAreThere(ctx, crlValues, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLValues"); } } if (valueCount == 0) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataValue"); } levelReached.SetStatus((everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID) ? ResultStatus.VALID : ResultStatus.INVALID, null); return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData)); } catch (Exception) { return(new SignatureLevelXL(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"))); } }
public CertPathRevocationAnalysis(IValidationContext ctx, TrustedListInformation info) { summary = new SignatureValidationResult(); trustedListInformation = info; if (ctx != null && ctx.NeededCertificates != null) { foreach (CertificateAndContext cert in ctx.NeededCertificates) { CertificateVerification verif = new CertificateVerification(cert, ctx); certificatePathVerification.Add(verif); } } summary.SetStatus(ResultStatus.VALID, null); if (certificatePathVerification != null) { foreach (CertificateVerification verif in certificatePathVerification) { if (verif.Summary.IsInvalid) { summary.SetStatus(ResultStatus.INVALID, verif.Summary.Description ?? "$UI_Signatures_ValidationText_CertificateIsNotValid"); break; } if (verif.Summary.IsUndetermined) { summary.SetStatus(ResultStatus.UNDETERMINED, verif.Summary.Description ?? "$UI_Signatures_ValidationText_NoRevocationData"); } } } if (trustedListInformation != null) { if (!trustedListInformation.IsServiceWasFound) { summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound"); } } else { summary.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTrustedListServiceWasFound"); } }
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent) { try { SignatureValidationResult levelReached = new SignatureValidationResult(); IList <TimestampVerificationResult> verifs = null; try { IList <TimestampToken> timestamps = signature.ArchiveTimestamps; verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent)); } catch (IOException e) { logger.Error("Error verifyind level A " + e.Message); levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"); } return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs)); } catch (Exception) { return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null)); } }
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { SignatureValidationResult levelReached = new SignatureValidationResult(); levelReached.SetStatus(ResultStatus.VALID, null); TimestampVerificationResult[] x1Results = null; TimestampVerificationResult[] x2Results = null; IList <TimestampToken> timestampX1 = signature.TimestampsX1; if (timestampX1 != null && timestampX1.Any()) { byte[] data = signature.TimestampX1Data; x1Results = new TimestampVerificationResult[timestampX1.Count]; for (int i = 0; i < timestampX1.Count; i++) { TimestampToken t = timestampX1[i]; x1Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"); x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData")); } else { x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x1Results[i], ctx, signature); } } IList <TimestampToken> timestampX2 = signature.TimestampsX2; if (timestampX2 != null && timestampX2.Any()) { byte[] data = signature.TimestampX2Data; x2Results = new TimestampVerificationResult[timestampX2.Count]; int i = 0; foreach (TimestampToken t in timestampX2) { x2Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"); x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData")); } else { x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x2Results[i], ctx, signature); } } if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any())) { levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp"); } return(new SignatureLevelX(signature, levelReached, x1Results, x2Results)); } catch (Exception) { return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"))); } }
protected internal virtual SignatureLevelC VerifyLevelC(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, bool rehashValues, ICAdESLogger logger) { if (signature is null) { throw new ArgumentNullException(nameof(signature)); } try { IList <CertificateRef> refs = signature.CertificateRefs; SignatureValidationResult everyNeededCertAreInSignature = new SignatureValidationResult(); if (refs == null || !refs.Any()) { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoCertificateRef"); } else { if (EveryCertificateRefAreThere(ctx, refs, signature.SigningCertificate, logger)) { everyNeededCertAreInSignature.SetStatus(ResultStatus.VALID, null); } else { everyNeededCertAreInSignature.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededcertificateRef"); } } logger.Info("Every CertificateRef found " + everyNeededCertAreInSignature); IList <OCSPRef> ocspRefs = signature.OCSPRefs; IList <CRLRef> crlRefs = signature.CRLRefs; int refCount = 0; SignatureValidationResult everyNeededRevocationData = new SignatureValidationResult(ResultStatus.VALID, null); refCount += ocspRefs.Count; refCount += crlRefs.Count; SignatureValidationResult thereIsRevocationData = null; SignatureValidationResult levelCReached = null; if (rehashValues) { if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededOCSPRef"); } if (!EveryCRLValueOrRefAreThere(ctx, crlRefs, logger)) { everyNeededRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoAllNeededCRLRef"); } levelCReached = new SignatureValidationResult( everyNeededCertAreInSignature.Status == ResultStatus.VALID && everyNeededRevocationData.Status == ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData)); } else { thereIsRevocationData = new SignatureValidationResult(); if (refCount == 0) { thereIsRevocationData.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoRevocationDataRefs"); } else { thereIsRevocationData.SetStatus(ResultStatus.VALID, "$UI_Signatures_ValidationText_AtLeastOneRef"); } levelCReached = new SignatureValidationResult(everyNeededCertAreInSignature.Status == ResultStatus.VALID && thereIsRevocationData.Status == ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData)); } } catch (Exception) { return(new SignatureLevelC( new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying") )); } }