/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
public void LoadXml(System.Xml.XmlElement xmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
CRLRef newCRLRef;
IEnumerator enumerator;
XmlElement iterationXmlElement;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);
this.crlRefCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xades:CRLRef", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newCRLRef = new CRLRef();
newCRLRef.LoadXml(iterationXmlElement);
this.crlRefCollection.Add(newCRLRef);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
private void IncorporateCRLRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededCRL().IsEmpty())
{
var crl = ctx.GetNeededCRL()[0];
//TODO jbonilla Digest parameter?
byte[] crlDigest = DigestUtilities.CalculateDigest("SHA-1", crl.GetEncoded());
MSXades.CRLRef incCRLRef = new MSXades.CRLRef();
incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incCRLRef.CertDigest.DigestValue = crlDigest;
//incCRLRef.CRLIdentifier.UriAttribute = "";
incCRLRef.CRLIdentifier.Issuer = crl.IssuerDN.ToString();
incCRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate;
completeRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef);
}
}
private bool ValidateCertificateByCRL(UnsignedProperties unsignedProperties, X509Certificate2 certificate, X509Certificate2 issuer)
{
Org.BouncyCastle.X509.X509Certificate clientCert = CertUtil.ConvertToX509Certificate(certificate);
Org.BouncyCastle.X509.X509Certificate issuerCert = CertUtil.ConvertToX509Certificate(issuer);
foreach (var crlEntry in _firma.CRLEntries)
{
if (crlEntry.IssuerDN.Equivalent(issuerCert.SubjectDN) && crlEntry.NextUpdate.Value > DateTime.Now)
{
if (!crlEntry.IsRevoked(clientCert))
{
if (!ExistsCRL(unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection,
issuer.Subject))
{
string idCrlValue = "CRLValue-" + Guid.NewGuid().ToString();
CRLRef crlRef = new CRLRef();
crlRef.CRLIdentifier.UriAttribute = "#" + idCrlValue;
crlRef.CRLIdentifier.Issuer = issuer.Subject;
crlRef.CRLIdentifier.IssueTime = crlEntry.ThisUpdate.ToLocalTime();
var crlNumber = GetCRLNumber(crlEntry);
if (crlNumber.HasValue)
{
crlRef.CRLIdentifier.Number = crlNumber.Value;
}
byte[] crlEncoded = crlEntry.GetEncoded();
DigestUtil.SetCertDigest(crlEncoded, _firma.RefsDigestMethod, crlRef.CertDigest);
CRLValue crlValue = new CRLValue();
crlValue.PkiData = crlEncoded;
crlValue.Id = idCrlValue;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(crlRef);
unsignedProperties.UnsignedSignatureProperties.RevocationValues.CRLValues.CRLValueCollection.Add(crlValue);
}
return true;
}
else
{
throw new Exception("Certificado revocado");
}
}
}
return false;
}
/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
public void LoadXml(System.Xml.XmlElement xmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
CRLRef newCRLRef;
IEnumerator enumerator;
XmlElement iterationXmlElement;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);
this.crlRefCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xsd:CRLRef", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newCRLRef = new CRLRef();
newCRLRef.LoadXml(iterationXmlElement);
this.crlRefCollection.Add(newCRLRef);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
private void injectXadesCInformationButton_Click(object sender, System.EventArgs e)
{
UnsignedProperties unsignedProperties = null;
Cert chainCert = null;
SHA1 sha1Managed;
byte[] crlDigest;
CRLRef incCRLRef;
if (this.includeCertificateChainCheckBox.Checked)
{
if (this.Chain != null)
{
unsignedProperties = this.xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs();
foreach (X509ChainElement element in this.Chain.ChainElements)
{
chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = element.Certificate.IssuerName.Name;
chainCert.IssuerSerial.X509SerialNumber = element.Certificate.SerialNumber;
chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
chainCert.CertDigest.DigestValue = this.Certificate.GetCertHash();
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = this.completeCertificateRefsTextBox.Text;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert);
}
this.xadesSignedXml.UnsignedProperties = unsignedProperties;
}
else
{
MessageBox.Show("The certificate chain was not accepted, can't add certificate chain information to CompleteCertificateRefs element");
}
}
if (this.includeCrlCheckBox.Checked)
{ //In this sample we will load the CRL from file on a CRL archive.
Stream crlStream = File.OpenRead(this.crlFileTextBox.Text);
sha1Managed = new SHA1Managed();
crlDigest = sha1Managed.ComputeHash(crlStream);
crlStream.Close();
incCRLRef = new CRLRef();
incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incCRLRef.CertDigest.DigestValue = crlDigest;
incCRLRef.CRLIdentifier.UriAttribute = this.crlFileTextBox.Text;
Asn1Parser asn1Parser;
asn1Parser = new Asn1Parser();
asn1Parser.ParseAsn1(this.GetFileBytes(this.crlFileTextBox.Text));
XmlNode searchXmlNode;
searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Set/Universal_Constructed_Sequence/Universal_Primitive_PrintableString");
if (searchXmlNode != null)
{
incCRLRef.CRLIdentifier.Issuer = searchXmlNode.Attributes["Value"].Value;
}
else
{
throw new Exception("Parse error TSA response: can't find Issuer in CRL");
}
searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Primitive_UtcTime");
if (searchXmlNode != null)
{
incCRLRef.CRLIdentifier.IssueTime = DateTime.Parse(searchXmlNode.Attributes["Value"].Value);
}
else
{
throw new Exception("Parse error TSA response: can't find IssueTime in CRL");
}
unsignedProperties = this.xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.Id = this.completeRevocationRefsIdTextBox.Text;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef);
this.xadesSignedXml.UnsignedProperties = unsignedProperties;
}
if (this.includeCrlCheckBox.Checked || this.includeCertificateChainCheckBox.Checked)
{
this.ShowSignature();
}
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public CRLRef Add(CRLRef objectToAdd)
{
base.Add(objectToAdd);
return objectToAdd;
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public CRLRef Add(CRLRef objectToAdd)
{
base.Add(objectToAdd);
return(objectToAdd);
}
private void IncorporateCRLRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededCRL().IsEmpty())
{
var crl = ctx.GetNeededCRL()[0];
//TODO jbonilla Digest parameter?
byte[] crlDigest = DigestUtilities.CalculateDigest("SHA-1", crl.GetEncoded());
MSXades.CRLRef incCRLRef = new MSXades.CRLRef();
incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incCRLRef.CertDigest.DigestValue = crlDigest;
//incCRLRef.CRLIdentifier.UriAttribute = "";
incCRLRef.CRLIdentifier.Issuer = crl.IssuerDN.ToString();
incCRLRef.CRLIdentifier.IssueTime = crl.ThisUpdate;
completeRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef);
}
}
