public TimestampVerificationResult(TimestampToken token)
{
if (token != null && token.GetTimeStamp() != null)
{
var signers = token.GetTimeStamp().ToCmsSignedData().GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
signatureAlgorithm = ((SignerInformation)signers.Current).EncryptionAlgOid;
serialNumber = token.GetTimeStamp().TimeStampInfo.SerialNumber.ToString();
creationTime = token.GetTimeStamp().TimeStampInfo.GenTime;
issuerName = token.GetSignerSubjectName().ToString();
}
}
/// <summary>
/// Validate the timestamp
/// </summary>
public virtual void ValidateTimestamp(TimestampToken timestamp, ICertificateSource optionalSource, ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource, IList <CertificateAndContext> usedCerts)
{
if (timestamp is null)
{
throw new ArgumentNullException(nameof(timestamp));
}
AddNotYetVerifiedToken(timestamp);
Validate(
timestamp.GetTimeStamp().TimeStampInfo.GenTime,
new CompositeCertificateSource(timestamp.GetWrappedCertificateSource(), optionalSource),
optionalCRLSource,
optionalOCPSSource,
usedCerts);
}
private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, IValidationContext ctx, IAdvancedSignature signature)
{
try
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_CannotReachTSL");
ctx.ValidateTimestamp(t, signature.CertificateSource, signature.CRLSource, signature.OCSPSource, result.UsedCerts);
var tsSignerSubjectName = t.GetSignerSubjectName();
foreach (CertificateAndContext c in ctx.NeededCertificates)
{
if (c.Certificate.SubjectDN.Equals(tsSignerSubjectName))
{
if (ctx.GetParentFromTrustedList(c) != null)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.VALID, null);
break;
}
}
}
}
catch (IOException)
{
result.CertPathUpToTrustedList.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
}
protected internal virtual SignatureLevelX VerifyLevelX(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
levelReached.SetStatus(ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.TimestampsX1;
if (timestampX1 != null && timestampX1.Any())
{
byte[] data = signature.TimestampX1Data;
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x1Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
}
IList <TimestampToken> timestampX2 = signature.TimestampsX2;
if (timestampX2 != null && timestampX2.Any())
{
byte[] data = signature.TimestampX2Data;
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData");
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_TimestampDontSignData"));
}
else
{
x2Results[i].SetSameDigest(new SignatureValidationResult(ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
}
if ((timestampX1 == null || !timestampX1.Any()) && (timestampX2 == null || !timestampX2.Any()))
{
levelReached.SetStatus(ResultStatus.INVALID, "$UI_Signatures_ValidationText_NoTimestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying")));
}
}
