public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
UnsignedProperties unsignedProperties = null;
CertificateValues certificateValues = null;
X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate();
unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs();
CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs;
Guid guid = Guid.NewGuid();
completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues();
certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues;
CertificateValues certificateValues2 = certificateValues;
guid = Guid.NewGuid();
certificateValues2.Id = "CertificatesValues-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs();
CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs;
guid = Guid.NewGuid();
completeRevocationRefs.Id = "CompleteRev-" + guid.ToString();
unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues();
RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues;
guid = Guid.NewGuid();
revocationValues.Id = "RevocationValues-" + guid.ToString();
AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null);
AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
TimeStampCertRefs(signatureDocument, parameters);
signatureDocument.UpdateDocument();
}
public override IList <X509Crl> GetCRLsFromSignature()
{
IList <X509Crl> list = new List <X509Crl>();
// Add certificates contained in SignedData
foreach (X509Crl crl in cmsSignedData.GetCrls
("Collection").GetMatches(null))
{
list.Add(crl);
}
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null)
{
RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]);
foreach (CertificateList crlObj in revValues.GetCrlVals())
{
X509Crl crl = new X509Crl(crlObj);
list.Add(crl);
}
}
return(list);
}
private IDictionary ExtendUnsignedAttributes(IDictionary unsignedAttrs, X509Certificate signingCertificate, DateTime signingDate, ICertificateSource optionalCertificateSource)
{
var validationContext = CertificateVerifier.ValidateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null);
List <X509CertificateStructure> certificateValues = new List <X509CertificateStructure>();
List <CertificateList> crlValues = new List <CertificateList>();
List <BasicOcspResponse> ocspValues = new List <BasicOcspResponse>();
foreach (CertificateAndContext c in validationContext.NeededCertificates)
{
if (!c.Equals(signingCertificate))
{
certificateValues.Add(X509CertificateStructure.GetInstance(((Asn1Sequence)Asn1Object.FromByteArray(c.Certificate.GetEncoded()))));
}
}
foreach (X509Crl relatedcrl in validationContext.NeededCRL)
{
crlValues.Add(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(relatedcrl.GetEncoded())));
}
foreach (BasicOcspResp relatedocspresp in validationContext.NeededOCSPResp)
{
ocspValues.Add((BasicOcspResponse.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(relatedocspresp.GetEncoded()))));
}
RevocationValues revocationValues = new RevocationValues(crlValues.ToArray(), ocspValues.ToArray(), null);
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new DerSet(revocationValues)));
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsCertValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(certificateValues.ToArray()))));
return(unsignedAttrs);
}
public override IList <X509Crl> GetCRLsFromSignature()
{
IList <X509Crl> list = new AList <X509Crl>();
try
{
// Add certificates contained in SignedData
foreach (X509Crl crl in cmsSignedData.GetCrls
("Collection").GetMatches(null))
{
list.AddItem(crl);
}
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = cmsSignedData.GetSignerInfos().GetFirstSigner(signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null)
{
RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]);
foreach (CertificateList crlObj in revValues.GetCrlVals())
{
X509Crl crl = new X509Crl(crlObj);
list.AddItem(crl);
}
}
}
/*catch (StoreException e)
* {
* throw new RuntimeException(e);
* }*/
catch (CrlException e)
{
throw new RuntimeException(e);
}
return(list);
}
/// <exception cref="System.IO.IOException"></exception>
//private IDictionary<DerObjectIdentifier, Asn1Encodable> ExtendUnsignedAttributes(IDictionary
// <DerObjectIdentifier, Asn1Encodable> unsignedAttrs, X509Certificate signingCertificate
// , DateTime signingDate, CertificateSource optionalCertificateSource)
private IDictionary ExtendUnsignedAttributes(IDictionary unsignedAttrs
, X509Certificate signingCertificate, DateTime signingDate
, CertificateSource optionalCertificateSource)
{
ValidationContext validationContext = certificateVerifier.ValidateCertificate(signingCertificate
, signingDate, optionalCertificateSource, null, null);
try
{
IList <X509CertificateStructure> certificateValues = new AList <X509CertificateStructure
>();
AList <CertificateList> crlValues = new AList <CertificateList>();
AList <BasicOcspResponse> ocspValues = new AList <BasicOcspResponse>();
foreach (CertificateAndContext c in validationContext.GetNeededCertificates())
{
if (!c.Equals(signingCertificate))
{
certificateValues.AddItem(X509CertificateStructure.GetInstance(((Asn1Sequence)Asn1Object.FromByteArray
(c.GetCertificate().GetEncoded()))));
}
}
foreach (X509Crl relatedcrl in validationContext.GetNeededCRL())
{
crlValues.AddItem(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(((X509Crl
)relatedcrl).GetEncoded())));
}
foreach (BasicOcspResp relatedocspresp in validationContext.GetNeededOCSPResp())
{
ocspValues.AddItem((BasicOcspResponse.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(
relatedocspresp.GetEncoded()))));
}
CertificateList[] crlValuesArray = new CertificateList[crlValues.Count];
BasicOcspResponse[] ocspValuesArray = new BasicOcspResponse[ocspValues.Count];
RevocationValues revocationValues = new RevocationValues(Sharpen.Collections.ToArray
(crlValues, crlValuesArray), Sharpen.Collections.ToArray(ocspValues, ocspValuesArray
), null);
//unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new Attribute
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new BcCms.Attribute
(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new DerSet(revocationValues))
);
X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues
.Count];
//unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsCertValues, new Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsCertValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues
, certValuesArray)))));
}
catch (CertificateEncodingException e)
{
throw new RuntimeException(e);
}
catch (CrlException e)
{
throw new RuntimeException(e);
}
return(unsignedAttrs);
}
public override IList <BasicOcspResp> GetOCSPResponsesFromSignature()
{
IList <BasicOcspResp> list = new List <BasicOcspResp>();
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null)
{
RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]);
foreach (BasicOcspResponse ocspObj in revValues.GetOcspVals())
{
BasicOcspResp bOcspObj = new BasicOcspResp(ocspObj);
list.Add(bOcspObj);
}
}
return(list);
}
protected void Complete(Level?level, Stream embedded, Stream signed, Stream content, X509Certificate2 providedSigner, out TimemarkKey timemarkKey)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Completing the message with of {0} bytes to level {1}", signed.Length, level);
#else
logger.LogInformation("Completing the message with of {0} bytes to level {1}", signed.Length, level);
#endif
//Create the objects we need
var gen = new CmsSignedDataStreamGenerator();
var parser = new CmsSignedDataParser(signed);
timemarkKey = new TimemarkKey();
//preset the digests so we can add the signers afterwards
gen.AddDigests(parser.DigestOids);
//Copy the content to the output
Stream contentOut = gen.Open(embedded, parser.SignedContentType.Id, true);
if (content != null)
{
content.CopyTo(contentOut);
}
else
{
parser.GetSignedContent().ContentStream.CopyTo(contentOut);
}
//Extract the various data from outer layer
SignerInformation signerInfo = ExtractSignerInfo(parser);
IX509Store embeddedCerts = parser.GetCertificates("Collection");
//Extract the various data from signer info
timemarkKey.SignatureValue = signerInfo.GetSignature();
timemarkKey.SigningTime = ExtractSigningTime(signerInfo);
timemarkKey.Signer = ExtractSignerCert(embeddedCerts, signerInfo, providedSigner);
if (timemarkKey.Signer != null)
{
timemarkKey.SignerId = DotNetUtilities.FromX509Certificate(timemarkKey.Signer).GetSubjectKeyIdentifier();
}
else
{
timemarkKey.SignerId = signerInfo.SignerID.ExtractSignerId();
}
//Extract the various data from unsiged attributes of signer info
IDictionary unsignedAttributes = signerInfo.UnsignedAttributes != null?signerInfo.UnsignedAttributes.ToDictionary() : new Hashtable();
TimeStampToken tst = ExtractTimestamp(unsignedAttributes);
RevocationValues revocationInfo = ExtractRevocationInfo(unsignedAttributes);
//quick check for an expected error and extrapolate some info
if (timemarkKey.SignerId == null)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Error, 0, "We could not find any signer information");
#else
logger.LogError("We could not find any signer information");
#endif
throw new InvalidMessageException("The message does not contain any valid signer info");
}
if (timemarkKey.SigningTime == default && tst != null)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Implicit signing time is replaced with time-stamp time {1}", tst.TimeStampInfo.GenTime);
#else
logger.LogInformation("Implicit signing time is replaced with time-stamp time {1}", tst.TimeStampInfo.GenTime);
#endif
timemarkKey.SigningTime = tst.TimeStampInfo.GenTime;
}
//Are we missing embedded certs and should we add them?
if ((embeddedCerts == null || embeddedCerts.GetMatches(null).Count <= 1) &&
timemarkKey.Signer != null &&
level != null)
{
embeddedCerts = GetEmbeddedCerts(timemarkKey);
}
if (embeddedCerts != null)
{
gen.AddCertificates(embeddedCerts); //add the existing or new embedded certs to the output.
}
//Are we missing timestamp and should we add them (not that time-mark authorities do not require a timestamp provider)
if (tst == null &&
(level & Level.T_Level) == Level.T_Level && timestampProvider != null)
{
tst = GetTimestamp(timemarkKey);
AddTimestamp(unsignedAttributes, tst);
}
//should be make sure we have the proper revocation info (it is hard to tell if we have everything, just go for it)
if ((level & Level.L_Level) == Level.L_Level)
{
if (embeddedCerts != null && embeddedCerts.GetMatches(null).Count > 0)
{
//extend the revocation info with info about the embedded certs
revocationInfo = GetRevocationValues(timemarkKey, embeddedCerts, revocationInfo);
}
if (tst != null)
{
//extend the revocation info with info about the TST
revocationInfo = GetRevocationValues(tst, revocationInfo);
}
//update the unsigned attributes
AddRevocationValues(unsignedAttributes, revocationInfo);
}
//Update the unsigned attributes of the signer info
signerInfo = SignerInformation.ReplaceUnsignedAttributes(signerInfo, new BC::Asn1.Cms.AttributeTable(unsignedAttributes));
//Copy the signer
gen.AddSigners(new SignerInformationStore(new SignerInformation[] { signerInfo }));
contentOut.Close();
}
