コード例 #1
0
 /// <summary>Adds verification to the signature.</summary>
 /// <param name="signatureName">name of the signature</param>
 /// <param name="ocsps">collection of ocsp responses</param>
 /// <param name="crls">collection of crls</param>
 /// <param name="certs">collection of certificates</param>
 /// <returns>boolean</returns>
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
 public virtual bool AddVerification(String signatureName, ICollection <byte[]> ocsps, ICollection <byte[]> crls
                                     , ICollection <byte[]> certs)
 {
     if (used)
     {
         throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
     }
     LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
     if (ocsps != null)
     {
         foreach (byte[] ocsp in ocsps)
         {
             vd.ocsps.Add(BuildOCSPResponse(ocsp));
         }
     }
     if (crls != null)
     {
         foreach (byte[] crl in crls)
         {
             vd.crls.Add(crl);
         }
     }
     if (certs != null)
     {
         foreach (byte[] cert in certs)
         {
             vd.certs.Add(cert);
         }
     }
     validated.Put(GetSignatureHashKey(signatureName), vd);
     return(true);
 }
コード例 #2
0
        /// <summary>Add verification for a particular signature.</summary>
        /// <param name="signatureName">the signature to validate (it may be a timestamp)</param>
        /// <param name="ocsp">the interface to get the OCSP</param>
        /// <param name="crl">the interface to get the CRL</param>
        /// <param name="certOption">options as to how many certificates to include</param>
        /// <param name="level">the validation options to include</param>
        /// <param name="certInclude">certificate inclusion options</param>
        /// <returns>true if a validation was generated, false otherwise</returns>
        /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, LtvVerification.CertificateOption
                                            certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
        {
            if (used)
            {
                throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
            }
            PdfPKCS7 pk = sgnUtil.VerifySignature(signatureName);

            LOGGER.Info("Adding verification for " + signatureName);
            X509Certificate[] xc = pk.GetCertificates();
            X509Certificate   cert;
            X509Certificate   signingCert = pk.GetSigningCertificate();

            LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
            for (int k = 0; k < xc.Length; ++k)
            {
                cert = (X509Certificate)xc[k];
                LOGGER.Info("Certificate: " + cert.SubjectDN);
                if (certOption == LtvVerification.CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert))
                {
                    continue;
                }
                byte[] ocspEnc = null;
                if (ocsp != null && level != LtvVerification.Level.CRL)
                {
                    ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
                    if (ocspEnc != null)
                    {
                        vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
                        LOGGER.Info("OCSP added");
                    }
                }
                if (crl != null && (level == LtvVerification.Level.CRL || level == LtvVerification.Level.OCSP_CRL || (level
                                                                                                                      == LtvVerification.Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
                {
                    ICollection <byte[]> cims = crl.GetEncoded(cert, null);
                    if (cims != null)
                    {
                        foreach (byte[] cim in cims)
                        {
                            bool dup = false;
                            foreach (byte[] b in vd.crls)
                            {
                                if (JavaUtil.ArraysEquals(b, cim))
                                {
                                    dup = true;
                                    break;
                                }
                            }
                            if (!dup)
                            {
                                vd.crls.Add(cim);
                                LOGGER.Info("CRL added");
                            }
                        }
                    }
                }
                if (certInclude == LtvVerification.CertificateInclusion.YES)
                {
                    vd.certs.Add(cert.GetEncoded());
                }
            }
            if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
            {
                return(false);
            }
            validated.Put(GetSignatureHashKey(signatureName), vd);
            return(true);
        }