/// <summary>
/// Main method for validating a signature
/// </summary>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <returns>
/// the report part pertaining to the signature
/// </returns>
protected internal virtual SignatureInformation ValidateSignature(IAdvancedSignature signature, DateTime referenceTime, ICAdESLogger logger, SignatureValidationContext signatureValidationContext, bool checkIntegrity, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
if (signature.SigningCertificate == null)
{
logger.Error("There is no signing certificate");
return(null);
}
var signatureVerification = new SignatureVerification(new SignatureValidationResult(checkIntegrity ? signature.CheckIntegrity(externalContent) : true), signature.SignatureAlgorithm);
IValidationContext ctx = signatureValidationContext.GetExisted(signature.SigningCertificate, referenceTime);
IList <CertificateAndContext> usedCerts = new List <CertificateAndContext>();
if (ctx == null)
{
ctx = CertificateVerifier.ValidateCertificate(signature.SigningCertificate, referenceTime, signature.CertificateSource, usedCerts, signature.CRLSource, signature.OCSPSource, logger);
signatureValidationContext.Contexts.Add(ctx);
}
var qcStatementInformation = VerifyQStatement(signature.SigningCertificate);
var qualificationsVerification = VerifyQualificationsElement(signature, referenceTime, ctx);
// TODO: serviceinfo is never set, so invalid everytime - hack added - ?? new ServiceInfo()
var info = new TrustedListInformation(ctx.GetRelevantServiceInfo() ?? new ServiceInfo());
var path = new CertPathRevocationAnalysis(ctx, info);
var signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx, logger);
// order matters
var signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL?.LevelReached.IsValid ?? false, logger);
var signatureLevelAnalysis = new SignatureLevelAnalysis(
signature,
VerifyLevelBES(signature, referenceTime, ctx, externalContent),
VerifyLevelEPES(signature, referenceTime, ctx),
VerifyLevelT(signature, referenceTime, ctx),
signatureLevelC,
VerifyLevelX(signature, referenceTime, ctx),
signatureLevelXL,
VerifyLevelA(signature, referenceTime, ctx, logger, externalContent));
var signatureInformation = new SignatureInformation(signatureVerification, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation, ctx.NeededCertificates.Select(cert => new CertificateVerification(cert, ctx)), ctx);
return(signatureInformation);
}
public SignatureInformation(SignatureVerification signatureVerification, CertPathRevocationAnalysis
certPathRevocationAnalysis, SignatureLevelAnalysis signatureLevelAnalysis, QualificationsVerification
qualificationsVerification, QCStatementInformation qcStatementInformation, IEnumerable <CertificateVerification> usedCerts, IValidationContext ctx)
{
ValidationContext = ctx;
UsedCertsWithVerification = usedCerts;
SignatureVerification = signatureVerification;
CertPathRevocationAnalysis = certPathRevocationAnalysis;
SignatureLevelAnalysis = signatureLevelAnalysis;
QualificationsVerification = qualificationsVerification;
QcStatementInformation = qcStatementInformation;
int tlContentCase = -1;
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound)
{
tlContentCase = 0;
}
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound &&
qualificationsVerification != null && qualificationsVerification.QCWithSSCD.IsValid)
{
tlContentCase = 1;
}
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound &&
qualificationsVerification != null && qualificationsVerification.QCNoSSCD.IsValid)
{
tlContentCase = 2;
}
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound &&
qualificationsVerification != null && qualificationsVerification.QCSSCDStatusAsInCert.IsValid)
{
tlContentCase = 3;
}
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound &&
qualificationsVerification != null && qualificationsVerification.QCForLegalPerson.IsValid)
{
tlContentCase = 4;
}
if (!certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound)
{
// Case 5 and 6 are not discriminable */
tlContentCase = 5;
FinalConclusionComment = "no.tl.confirmation";
}
if (certPathRevocationAnalysis.TrustedListInformation.IsServiceWasFound &&
!certPathRevocationAnalysis.TrustedListInformation.IsWellSigned)
{
tlContentCase = 7;
FinalConclusionComment = "unsigned.tl.confirmation";
}
int certContentCase = -1;
if (qcStatementInformation != null && !qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 0;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 1;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && qcStatementInformation
.QCPPresent.IsValid && qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 2;
}
if (qcStatementInformation != null && !qcStatementInformation.QcCompliancePresent.IsValid && qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 3;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 4;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && qcStatementInformation.QCPPlusPresent.IsValid && qcStatementInformation
.QcSCCDPresent.IsValid)
{
// QCPPlus stronger than QCP. If QCP is present, then it's ok.
// && !qcStatementInformation.QCPPresent.isValid
certContentCase = 5;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 6;
}
if (qcStatementInformation != null && !qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 7;
}
if (qcStatementInformation != null && qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && qcStatementInformation.QcSCCDPresent.IsValid)
{
certContentCase = 8;
}
if (qcStatementInformation == null || (!qcStatementInformation.QcCompliancePresent.IsValid && !qcStatementInformation.QCPPlusPresent.IsValid && !qcStatementInformation
.QCPPresent.IsValid && !qcStatementInformation.QcSCCDPresent.IsValid))
{
certContentCase = 9;
}
logger.Info("TLCase : " + (tlContentCase + 1) + " - CertCase : " + (certContentCase + 1));
try
{
FinalConclusions[][] matrix = new FinalConclusions[][] {
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.AdES_QC, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES },
new FinalConclusions[] { FinalConclusions.AdES_QC, FinalConclusions.AdES_QC, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.QES, FinalConclusions.AdES_QC, FinalConclusions.AdES, FinalConclusions.QES, FinalConclusions.AdES }
};
FinalConclusion = matrix[tlContentCase][certContentCase];
}
catch (IndexOutOfRangeException)
{
FinalConclusion = FinalConclusions.UNDETERMINED;
}
}
/// <param>
/// the signatureVerification to set
/// </param>
public virtual void SetSignatureVerification(SignatureVerification signatureVerification)
{
this.signatureVerification = signatureVerification;
}