private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer,
IEnumerable <OcspServer> ocspServers, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl)
{
bool byKey = false;
List <OcspServer> finalOcspServers = new List <OcspServer>();
Org.BouncyCastle.X509.X509Certificate clientCert = client.ToBouncyX509Certificate();
Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate();
OcspClient ocsp = new OcspClient();
if (addCertificateOcspUrl)
{
string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert);
if (!string.IsNullOrEmpty(certOcspUrl))
{
finalOcspServers.Add(new OcspServer(certOcspUrl));
}
}
foreach (var ocspServer in ocspServers)
{
finalOcspServers.Add(ocspServer);
}
foreach (var ocspServer in finalOcspServers)
{
byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspServer.Url, ocspServer.RequestorName,
ocspServer.SignCertificate);
FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(resp);
if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked)
{
throw new Exception("Certificado revocado");
}
else if (status == FirmaXadesNet.Clients.CertificateStatus.Good)
{
Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp);
byte[] rEncoded = r.GetEncoded();
BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();
string guidOcsp = Guid.NewGuid().ToString();
OCSPRef ocspRef = new OCSPRef();
ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp;
DigestUtil.SetCertDigest(rEncoded, digestMethod, ocspRef.CertDigest);
ResponderID rpId = or.ResponderId.ToAsn1Object();
ocspRef.OCSPIdentifier.ResponderID = GetResponderName(rpId, ref byKey);
ocspRef.OCSPIdentifier.ByKey = byKey;
ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef);
OCSPValue ocspValue = new OCSPValue();
ocspValue.PkiData = rEncoded;
ocspValue.Id = "OcspValue" + guidOcsp;
unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue);
return((from cert in or.GetCerts()
select new X509Certificate2(cert.GetEncoded())).ToArray());
}
}
throw new Exception("El certificado no ha podido ser validado");
}
protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
{
base.ExtendSignatureTag(xadesSignedXml);
X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate(
xadesSignedXml.GetSigningCertificate());
DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties
.SignedProperties.SignedSignatureProperties.SigningTime;
ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate
, signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null);
UnsignedProperties unsignedProperties = null;
//int certificateValuesCounter;
CertificateValues certificateValues;
EncapsulatedX509Certificate encapsulatedX509Certificate;
RevocationValues revocationValues;
CRLValue newCRLValue;
OCSPValue newOCSPValue;
unsignedProperties = xadesSignedXml.UnsignedProperties;
//TODO jbonilla Validate certificate refs.
{
unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues();
certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues;
//certificateValues.Id = this.certificateValuesIdTextBox.Text;
//certificateValuesCounter = 0;
foreach (CertificateAndContext certificate in ctx.GetNeededCertificates())
{
encapsulatedX509Certificate = new EncapsulatedX509Certificate();
//encapsulatedX509Certificate.Id = this.certificateValuesIdTextBox.Text + certificateValuesCounter.ToString();
encapsulatedX509Certificate.PkiData = certificate.GetCertificate().GetEncoded();
//certificateValuesCounter++;
certificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate);
}
}
unsignedProperties = xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues();
revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues;
//revocationValues.Id = this.revocationValuesIdTextBox.Text;
if (ctx.GetNeededOCSPResp().Count > 0)
{
foreach (BasicOcspResp ocsp in ctx.GetNeededOCSPResp())
{
newOCSPValue = new OCSPValue();
newOCSPValue.PkiData = OCSPUtils.FromBasicToResp(ocsp).GetEncoded();
revocationValues.OCSPValues.OCSPValueCollection.Add(newOCSPValue);
}
}
if (ctx.GetNeededCRL().Count > 0)
{
foreach (X509Crl crl in ctx.GetNeededCRL())
{
newCRLValue = new CRLValue();
newCRLValue.PkiData = crl.GetEncoded();
revocationValues.CRLValues.CRLValueCollection.Add(newCRLValue);
}
}
xadesSignedXml.UnsignedProperties = unsignedProperties;
}
