private void IncorporateCertificateRefs(CompleteCertificateRefs completeCertificateRefs
, ValidationContext ctx)
{
if (ctx.GetNeededCertificates().Count > 1)
{
foreach (CertificateAndContext certificate in ctx.GetNeededCertificates())
{
X509Certificate x509Cert = certificate.GetCertificate();
//jbonilla Don't include signing certificate
if (!x509Cert.Equals(ctx.GetCertificate()))
{
Cert chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = x509Cert.IssuerDN.ToString();
chainCert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber.ToString();
//TODO jbonilla DigestMethod parameter?
chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
chainCert.CertDigest.DigestValue = DotNetUtilities.ToX509Certificate2(x509Cert).GetCertHash();
//unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = "CompleteCertificateRefsId-" + this.uid;
completeCertificateRefs.CertRefs.CertCollection.Add(chainCert);
}
}
}
else
{
throw new ArgumentException("Needed certificates empty", "chain");
}
}
/// <summary>
/// Inserta en la lista de certificados el certificado y comprueba la valided del certificado.
/// </summary>
/// <param name="cert"></param>
/// <param name="unsignedProperties"></param>
/// <param name="addCertValue"></param>
/// <param name="extraCerts"></param>
private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, X509Certificate2[] extraCerts = null)
{
if (addCert)
{
if (CertificateChecked(cert, unsignedProperties))
{
return;
}
string guidCert = Guid.NewGuid().ToString();
Cert chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name;
chainCert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(cert.SerialNumber);
DigestUtil.SetCertDigest(cert.GetRawCertData(), _firma.RefsDigestMethod, chainCert.CertDigest);
chainCert.URI = "#Cert" + guidCert;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert);
EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate();
encapsulatedX509Certificate.Id = "Cert" + guidCert;
encapsulatedX509Certificate.PkiData = cert.GetRawCertData();
unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate);
}
var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements;
if (chain.Count > 1)
{
X509ChainElementEnumerator enumerator = chain.GetEnumerator();
enumerator.MoveNext(); // el mismo certificado que el pasado por parametro
enumerator.MoveNext();
bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate);
if (!valid)
{
var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate);
if (ocspCerts != null)
{
X509Certificate2 startOcspCert = DetermineStartCert(new List<X509Certificate2>(ocspCerts));
if (startOcspCert.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name)
{
var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts);
AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspCerts);
}
}
}
AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, extraCerts);
}
}
private void AddSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties, string mimeType, X509Certificate2 certificado)
{
Cert cert;
cert = new Cert();
cert.IssuerSerial.X509IssuerName = certificado.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(certificado.SerialNumber);
DigestUtil.SetCertDigest(_signCertificate.GetRawCertData(), _refsMethodUri, cert.CertDigest);
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
if (!string.IsNullOrEmpty(_policyId))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = _policyId;
}
if (!string.IsNullOrEmpty(_policyUri))
{
SigPolicyQualifier spq = new SigPolicyQualifier();
spq.AnyXmlElement = _document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri);
spq.AnyXmlElement.InnerText = _policyUri;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq);
}
if (!string.IsNullOrEmpty(_policyHash))
{
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(PolicyHash);
}
signedSignatureProperties.SigningTime = DateTime.Now;
if (!string.IsNullOrEmpty(mimeType))
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.MimeType = mimeType;
newDataObjectFormat.ObjectReferenceAttribute = "#" + _objectReference;
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
}
private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties)
{
XmlDocument xmlDocument;
Cert cert;
xmlDocument = new XmlDocument();
cert = new Cert();
cert.IssuerSerial.X509IssuerName = this.Certificate.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = this.Certificate.SerialNumber;
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
cert.CertDigest.DigestValue = this.Certificate.GetCertHash();
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
signedSignatureProperties.SigningTime = DateTime.Parse(this.signingTimeTextBox.Text);
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
if (this.includeSignatureProductionPlaceCheckBox.Checked)
{
signedSignatureProperties.SignatureProductionPlace.City = this.signatureCityTextBox.Text;
signedSignatureProperties.SignatureProductionPlace.StateOrProvince = this.signatureStateOrProvinceTextBox.Text;
signedSignatureProperties.SignatureProductionPlace.PostalCode = this.signaturePostalCodeTextBox.Text;
signedSignatureProperties.SignatureProductionPlace.CountryName = this.signatureCountryNameTextBox.Text;
}
if (this.includeSignerRoleCheckBox.Checked)
{
ClaimedRole newClaimedRole = new ClaimedRole();
xmlDocument.LoadXml(this.claimedRoleTextBox.Text);
newClaimedRole.AnyXmlElement = (XmlElement)xmlDocument.FirstChild;
signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(newClaimedRole);
}
if (this.includeCommitmentTypeIndicationCheckBox.Checked)
{
CommitmentTypeIndication newCommitmentTypeIndication = new CommitmentTypeIndication();
newCommitmentTypeIndication.CommitmentTypeId.Identifier.IdentifierUri = this.commitmentTypeIdentifierURITextBox.Text;
switch (this.commitmentTypeIndicatorQualifierComboBox.Text)
{
case "":
newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.Uninitalized;
break;
case "OIDAsURI":
newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.OIDAsURI;
break;
case "OIDAsURN":
newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.OIDAsURN;
break;
}
newCommitmentTypeIndication.CommitmentTypeId.Description = this.commitmentTypeIndicationIdTextBox.Text;
newCommitmentTypeIndication.AllSignedDataObjects = true;
signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(newCommitmentTypeIndication);
}
if (this.includeDataObjectFormatCheckBox.Checked)
{
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
newDataObjectFormat.Description = this.dataObjectDescriptionTextBox.Text;
newDataObjectFormat.MimeType = this.dataObjectFormatMimetypeTextBox.Text;
newDataObjectFormat.ObjectReferenceAttribute = this.dataObjectReferenceTextBox.Text;
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
}
private void addCounterSignatureButton_Click(object sender, System.EventArgs e)
{
X509Certificate2 certificateForCounterSignature = this.LetUserChooseCertificate();
if (certificateForCounterSignature != null)
{
this.xadesSignedXml.SignatureValueId = this.signatureValueIdTextBox.Text;
XmlElement parentSignatureXmlElement = this.xadesSignedXml.GetXml();
XmlDocument parentSignatureXmlDocument = new XmlDocument();
parentSignatureXmlDocument.AppendChild(parentSignatureXmlDocument.ImportNode(parentSignatureXmlElement, true));
XadesSignedXml counterSignature = new XadesSignedXml(parentSignatureXmlDocument);
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider) this.Certificate.PrivateKey;
counterSignature.SigningKey = rsaKey;
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data((X509Certificate) certificateForCounterSignature));
keyInfo.AddClause(new RSAKeyValue(rsaKey));
counterSignature.KeyInfo = keyInfo;
Cert cert = new Cert();
cert.IssuerSerial.X509IssuerName = certificateForCounterSignature.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = certificateForCounterSignature.SerialNumber;
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
cert.CertDigest.DigestValue = certificateForCounterSignature.GetCertHash();
counterSignature.Signature.Id = "CounterSignatureId";
XadesObject counterSignatureXadesObject = new XadesObject();
counterSignatureXadesObject.Id = "CounterSignatureXadesObjectId";
counterSignatureXadesObject.QualifyingProperties.Target = "#CounterSignatureId";
counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "CounterSignatureSignedProperiesId";
Reference newReference = new Reference();
newReference.Uri = "#" + this.xadesSignedXml.SignatureValueId;
counterSignature.AddReference(newReference);
SignedSignatureProperties signedSignatureProperties = counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties;
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
signedSignatureProperties.SigningTime = DateTime.Parse(this.signingTimeTextBox.Text);
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
counterSignature.AddXadesObject(counterSignatureXadesObject);
counterSignature.ComputeSignature();
UnsignedProperties unsignedProperties = this.xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature);
this.xadesSignedXml.UnsignedProperties = unsignedProperties;
this.ShowSignature();
}
}
private void injectXadesCInformationButton_Click(object sender, System.EventArgs e)
{
UnsignedProperties unsignedProperties = null;
Cert chainCert = null;
SHA1 sha1Managed;
byte[] crlDigest;
CRLRef incCRLRef;
if (this.includeCertificateChainCheckBox.Checked)
{
if (this.Chain != null)
{
unsignedProperties = this.xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs();
foreach (X509ChainElement element in this.Chain.ChainElements)
{
chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = element.Certificate.IssuerName.Name;
chainCert.IssuerSerial.X509SerialNumber = element.Certificate.SerialNumber;
chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
chainCert.CertDigest.DigestValue = this.Certificate.GetCertHash();
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = this.completeCertificateRefsTextBox.Text;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert);
}
this.xadesSignedXml.UnsignedProperties = unsignedProperties;
}
else
{
MessageBox.Show("The certificate chain was not accepted, can't add certificate chain information to CompleteCertificateRefs element");
}
}
if (this.includeCrlCheckBox.Checked)
{ //In this sample we will load the CRL from file on a CRL archive.
Stream crlStream = File.OpenRead(this.crlFileTextBox.Text);
sha1Managed = new SHA1Managed();
crlDigest = sha1Managed.ComputeHash(crlStream);
crlStream.Close();
incCRLRef = new CRLRef();
incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incCRLRef.CertDigest.DigestValue = crlDigest;
incCRLRef.CRLIdentifier.UriAttribute = this.crlFileTextBox.Text;
Asn1Parser asn1Parser;
asn1Parser = new Asn1Parser();
asn1Parser.ParseAsn1(this.GetFileBytes(this.crlFileTextBox.Text));
XmlNode searchXmlNode;
searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Set/Universal_Constructed_Sequence/Universal_Primitive_PrintableString");
if (searchXmlNode != null)
{
incCRLRef.CRLIdentifier.Issuer = searchXmlNode.Attributes["Value"].Value;
}
else
{
throw new Exception("Parse error TSA response: can't find Issuer in CRL");
}
searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Primitive_UtcTime");
if (searchXmlNode != null)
{
incCRLRef.CRLIdentifier.IssueTime = DateTime.Parse(searchXmlNode.Attributes["Value"].Value);
}
else
{
throw new Exception("Parse error TSA response: can't find IssueTime in CRL");
}
unsignedProperties = this.xadesSignedXml.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.Id = this.completeRevocationRefsIdTextBox.Text;
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef);
this.xadesSignedXml.UnsignedProperties = unsignedProperties;
}
if (this.includeCrlCheckBox.Checked || this.includeCertificateChainCheckBox.Checked)
{
this.ShowSignature();
}
}
/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
public void LoadXml(System.Xml.XmlElement xmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
IEnumerator enumerator;
XmlElement iterationXmlElement;
Cert newCert;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);
this.certCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xsd:Cert", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newCert = new Cert();
newCert.LoadXml(iterationXmlElement);
this.certCollection.Add(newCert);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public Cert Add(Cert objectToAdd)
{
base.Add(objectToAdd);
return objectToAdd;
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public Cert Add(Cert objectToAdd)
{
base.Add(objectToAdd);
return(objectToAdd);
}
private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties,
SignedDataObjectProperties signedDataObjectProperties,
UnsignedSignatureProperties unsignedSignatureProperties,
SignatureParameters parameters
)
{
XmlDocument xmlDocument;
Cert cert;
SystemX509.X509Certificate2 x509Cert;
x509Cert = DotNetUtilities.ToX509Certificate2(parameters.SigningCertificate);
xmlDocument = new XmlDocument();
cert = new Cert();
cert.IssuerSerial.X509IssuerName = x509Cert.IssuerName.Name;
cert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber;
cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
cert.CertDigest.DigestValue = x509Cert.GetCertHash();
signedSignatureProperties.SigningCertificate.CertCollection.Add(cert);
signedSignatureProperties.SigningTime = parameters.SigningDate;
signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true;
DataObjectFormat newDataObjectFormat = new DataObjectFormat();
//TODO jbonilla - Replace Description with text parameter
newDataObjectFormat.Description = "Generado con 'intisign'";
newDataObjectFormat.MimeType = "text/xml";
newDataObjectFormat.ObjectReferenceAttribute = "#xml_ref_id";
signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat);
}
