/// <summary>The default constructor for SignatureLevelAnalysis.</summary> /// <remarks>The default constructor for SignatureLevelAnalysis.</remarks> /// <param name="name"></param> /// <param name="signature"></param> public SignatureLevelAnalysis(AdvancedSignature signature, SignatureLevelBES levelBES , SignatureLevelEPES levelEPES, SignatureLevelT levelT, SignatureLevelC levelC, SignatureLevelX levelX, SignatureLevelXL levelXL, SignatureLevelA levelA, SignatureLevelLTV levelLTV) { //import eu.europa.ec.markt.dss.validation.pades.PAdESSignature; //import eu.europa.ec.markt.dss.validation.xades.XAdESSignature; bool levelReached = true; this.signature = signature; this.levelBES = levelBES; bool levelBESReached = LevelIsReached(levelBES, levelReached); levelReached = levelBESReached; this.levelEPES = levelEPES; LevelIsReached(levelEPES, levelReached); this.levelT = levelT; bool levelReachedT = LevelIsReached(levelT, levelReached); this.levelC = levelC; levelReached = LevelIsReached(levelC, levelReachedT); this.levelX = levelX; levelReached = LevelIsReached(levelX, levelReached); this.levelXL = levelXL; levelReached = LevelIsReached(levelXL, levelReached); this.levelA = levelA; levelReached = LevelIsReached(levelA, levelReached); this.levelLTV = levelLTV; levelReached = LevelIsReached(levelLTV, levelBESReached); }
protected internal virtual SignatureLevelBES VerifyLevelBES(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result signingCertRefVerification = new Result(); if (signature.GetSigningCertificate() != null) { signingCertRefVerification.SetStatus(Result.ResultStatus.VALID, null); } else { signingCertRefVerification.SetStatus(Result.ResultStatus.INVALID, "no.signing.certificate" ); } SignatureVerification[] counterSigsVerif = VerifyCounterSignatures(signature, ctx ); Result levelReached = new Result(signingCertRefVerification.IsValid()); return(new SignatureLevelBES(levelReached, signature, signingCertRefVerification, counterSigsVerif, null)); } catch (Exception) { return(new SignatureLevelBES(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), null, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null , null)); } }
private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, ValidationContext ctx, AdvancedSignature signature) { try { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.INVALID, "cannot.reached.tsl" ); ctx.ValidateTimestamp(t, signature.GetCertificateSource(), signature.GetCRLSource (), signature.GetOCSPSource()); foreach (CertificateAndContext c in ctx.GetNeededCertificates()) { if (c.GetCertificate().SubjectDN.Equals(t.GetSignerSubjectName())) { if (ctx.GetParentFromTrustedList(c) != null) { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.VALID, null); break; } } } } catch (IOException) { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.UNDETERMINED, "exception.while.verifying" ); } }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelX(AdvancedSignature signature, Result levelReached, TimestampVerificationResult [] signatureAndRefsTimestampsVerification, TimestampVerificationResult[] referencesTimestampsVerification ) : base(levelReached) { this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification; this.referencesTimestampsVerification = referencesTimestampsVerification; }
protected internal virtual SignatureLevelA VerifyLevelA(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result levelReached = new Result(); IList <TimestampVerificationResult> verifs = null; try { IList <TimestampToken> timestamps = signature.GetArchiveTimestamps(); verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData (0, ExternalContent)); } catch (IOException e) { LOG.Error("Error verifyind level A " + e.Message); levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "exception.while.verifying" ); } return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs)); } catch (Exception) { return(new SignatureLevelA(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), null)); } }
public SignatureLevelX(AdvancedSignature signature, Result levelReached, IList <TimestampVerificationResult > signatureAndRefsTimestampsVerification, IList <TimestampVerificationResult> referencesTimestampsVerification ) : base(levelReached) { this.signatureAndRefsTimestampsVerification = signatureAndRefsTimestampsVerification.ToArray(); this.referencesTimestampsVerification = referencesTimestampsVerification.ToArray(); }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelEPES(AdvancedSignature signature, Result levelReached) : base (levelReached) { if (signature != null) { signaturePolicy = signature.GetPolicyId(); } }
protected internal virtual SignatureLevelT VerifyLevelT(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { IList <TimestampToken> sigTimestamps = signature.GetSignatureTimestamps(); IList <TimestampVerificationResult> results = VerifyTimestamps(signature, referenceTime , ctx, sigTimestamps, signature.GetSignatureTimestampData()); return(new SignatureLevelT(ResultForTimestamps(results, new Result()), results)); }
public SignatureLevelX(AdvancedSignature signature, Result levelReached, IList<TimestampVerificationResult > signatureAndRefsTimestampsVerification, IList<TimestampVerificationResult> referencesTimestampsVerification ) : base(levelReached) { TimestampVerificationResult[] array1 = new TimestampVerificationResult[signatureAndRefsTimestampsVerification .Count]; this.signatureAndRefsTimestampsVerification = Sharpen.Collections.ToArray(signatureAndRefsTimestampsVerification , array1); TimestampVerificationResult[] array2 = new TimestampVerificationResult[referencesTimestampsVerification .Count]; this.referencesTimestampsVerification = Sharpen.Collections.ToArray(referencesTimestampsVerification , array2); }
public SignatureLevelX(AdvancedSignature signature, Result levelReached, IList <TimestampVerificationResult > signatureAndRefsTimestampsVerification, IList <TimestampVerificationResult> referencesTimestampsVerification ) : base(levelReached) { TimestampVerificationResult[] array1 = new TimestampVerificationResult[signatureAndRefsTimestampsVerification .Count]; this.signatureAndRefsTimestampsVerification = Sharpen.Collections.ToArray(signatureAndRefsTimestampsVerification , array1); TimestampVerificationResult[] array2 = new TimestampVerificationResult[referencesTimestampsVerification .Count]; this.referencesTimestampsVerification = Sharpen.Collections.ToArray(referencesTimestampsVerification , array2); }
protected internal virtual SignatureLevelEPES VerifyLevelEPES(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { PolicyValue policyValue = signature.GetPolicyId(); Result levelReached = new Result(policyValue != null); return(new SignatureLevelEPES(signature, levelReached)); } catch (Exception) { return(new SignatureLevelEPES(signature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"))); } }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result signingCertificateVerification, SignatureVerification[] counterSignatureVerification , IList<TimestampVerificationResult> timestampsVerification) : base(levelReached ) { this.signingCertRefVerification = signingCertificateVerification; this.counterSignaturesVerification = counterSignatureVerification; this.timestampsVerification = timestampsVerification; if (signature != null) { certificates = signature.GetCertificates(); signingCertificate = signature.GetSigningCertificate(); signingTime = signature.GetSigningTime().Value; location = signature.GetLocation(); claimedSignerRole = signature.GetClaimedSignerRoles(); contentType = signature.GetContentType(); } }
/// <summary>The default constructor for SignatureLevelBES.</summary> /// <remarks>The default constructor for SignatureLevelBES.</remarks> /// <param name="name"></param> /// <param name="signature"></param> /// <param name="levelReached"></param> public SignatureLevelBES(Result levelReached, AdvancedSignature signature, Result signingCertificateVerification, SignatureVerification[] counterSignatureVerification , IList <TimestampVerificationResult> timestampsVerification) : base(levelReached ) { this.signingCertRefVerification = signingCertificateVerification; this.counterSignaturesVerification = counterSignatureVerification; this.timestampsVerification = timestampsVerification; if (signature != null) { certificates = signature.GetCertificates(); signingCertificate = signature.GetSigningCertificate(); signingTime = signature.GetSigningTime().Value; location = signature.GetLocation(); claimedSignerRole = signature.GetClaimedSignerRoles(); contentType = signature.GetContentType(); } }
/// <summary>Main method for validating a signature</summary> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <returns>the report part pertaining to the signature</returns> protected internal virtual SignatureInformation ValidateSignature(AdvancedSignature signature, DateTime referenceTime) { if (signature.GetSigningCertificate() == null) { LOG.Error("There is no signing certificate"); return(null); } QCStatementInformation qcStatementInformation = VerifyQStatement(signature.GetSigningCertificate ()); SignatureVerification signatureVerification = new SignatureVerification(new Result (signature.CheckIntegrity(this.ExternalContent)), signature.GetSignatureAlgorithm ()); try { ValidationContext ctx = CertificateVerifier.ValidateCertificate(signature.GetSigningCertificate (), referenceTime, signature.GetCertificateSource(), signature.GetCRLSource(), signature .GetOCSPSource()); TrustedListInformation info = new TrustedListInformation(ctx.GetRelevantServiceInfo ()); CertPathRevocationAnalysis path = new CertPathRevocationAnalysis(ctx, info); SignatureLevelXL signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx); SignatureLevelC signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL != null ? signatureLevelXL.GetLevelReached().IsValid() : false); SignatureLevelAnalysis signatureLevelAnalysis = new SignatureLevelAnalysis(signature , VerifyLevelBES(signature, referenceTime, ctx), VerifyLevelEPES(signature, referenceTime , ctx), VerifyLevelT(signature, referenceTime, ctx), signatureLevelC, VerifyLevelX (signature, referenceTime, ctx), signatureLevelXL, VerifyLevelA(signature, referenceTime , ctx), VerifyLevelLTV(signature, referenceTime, ctx)); QualificationsVerification qualificationsVerification = VerifyQualificationsElement (signature, referenceTime, ctx); SignatureInformation signatureInformation = new SignatureInformation(signatureVerification , path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation ); return(signatureInformation); } catch (IOException e) { throw new RuntimeException("Cannot read signature file", e); } }
protected internal virtual QualificationsVerification VerifyQualificationsElement (AdvancedSignature signature, DateTime referenceTime, ValidationContext ctx) { Result qCWithSSCD = new Result(); Result qCNoSSCD = new Result(); Result qCSSCDStatusAsInCert = new Result(); Result qCForLegalPerson = new Result(); IList <string> qualifiers = ctx.GetQualificationStatement(); if (qualifiers != null) { qCWithSSCD = new Result(qualifiers.Contains(SVC_INFO + "QCWithSSCD")); qCNoSSCD = new Result(qualifiers.Contains(SVC_INFO + "QCNoSSCD")); qCSSCDStatusAsInCert = new Result(qualifiers.Contains(SVC_INFO + "QCSSCDStatusAsInCert" )); qCForLegalPerson = new Result(qualifiers.Contains(SVC_INFO + "QCForLegalPerson")); } return(new QualificationsVerification(qCWithSSCD, qCNoSSCD, qCSSCDStatusAsInCert, qCForLegalPerson)); }
protected internal virtual SignatureVerification[] VerifyCounterSignatures(AdvancedSignature signature, ValidationContext ctx) { IList <AdvancedSignature> counterSignatures = signature.GetCounterSignatures(); if (counterSignatures == null) { return(null); } IList <SignatureVerification> counterSigVerifs = new List <SignatureVerification>( ); foreach (AdvancedSignature counterSig in counterSignatures) { Result counterSigResult = new Result(counterSig.CheckIntegrity(ExternalContent)); string counterSigAlg = counterSig.GetSignatureAlgorithm(); counterSigVerifs.Add(new SignatureVerification(counterSigResult, counterSigAlg )); } return(counterSigVerifs.ToArray()); }
/// <summary>Check the list of Timestamptoken.</summary> /// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationResult is produced /// </remarks> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <param name="ctx"></param> /// <param name="tstokens"></param> /// <param name="data"></param> /// <returns></returns> protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(AdvancedSignature signature, DateTime referenceTime, ValidationContext ctx, IList <TimestampToken> tstokens, byte[] data) { IList <TimestampVerificationResult> tstokenVerifs = new AList <TimestampVerificationResult >(); if (tstokens != null) { foreach (TimestampToken t in tstokens) { TimestampVerificationResult verif = new TimestampVerificationResult(t); try { if (t.MatchData(data)) { verif.SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } else { verif.SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } } catch (NoSuchAlgorithmException) { verif.SetSameDigest(new Result(Result.ResultStatus.UNDETERMINED, "no.such.algoritm" )); } CheckTimeStampCertPath(t, verif, ctx, signature); tstokenVerifs.AddItem(verif); } } return(tstokenVerifs); }
protected internal virtual SignatureLevelLTV VerifyLevelLTV(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { return(null); }
public SignatureLevelX(AdvancedSignature signature, Result levelReached) : base(levelReached ) { }
protected internal virtual SignatureLevelXL VerifyLevelXL(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result levelReached = new Result(); Result everyNeededCertAreInSignature = new Result(); everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null); Result everyNeededRevocationData = new Result(); everyNeededRevocationData.SetStatus(Result.ResultStatus.VALID, null); IList <X509Certificate> refs = signature.GetCertificates(); if (refs.IsEmpty()) { LOG.Info("There is no certificate refs in the signature"); everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.value" ); } else { if (!EveryCertificateValueAreThere(ctx, refs, signature.GetSigningCertificate())) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.value" ); } } LOG.Info("Every certificate found " + everyNeededCertAreInSignature); int valueCount = 0; IList <BasicOcspResp> ocspValues = signature.GetOCSPs(); if (ocspValues != null) { valueCount += ocspValues.Count; if (!EveryOCSPValueOrRefAreThere(ctx, ocspValues)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.value" ); } } IList <X509Crl> crlValues = signature.GetCRLs(); if (crlValues != null) { valueCount += crlValues.Count; if (!EveryCRLValueOrRefAreThere(ctx, crlValues)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.value" ); } } if (valueCount == 0) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.value" ); } levelReached.SetStatus((everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID) ? Result.ResultStatus.VALID : Result.ResultStatus.INVALID, null); return(new SignatureLevelXL(levelReached, everyNeededCertAreInSignature, everyNeededRevocationData )); } catch (Exception) { return(new SignatureLevelXL(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result (Result.ResultStatus.INVALID, "exception.while.verifying"))); } }
protected internal virtual SignatureLevelX VerifyLevelX(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result levelReached = new Result(); levelReached.SetStatus(Result.ResultStatus.VALID, null); TimestampVerificationResult[] x1Results = null; TimestampVerificationResult[] x2Results = null; IList <TimestampToken> timestampX1 = signature.GetTimestampsX1(); if (timestampX1 != null && !timestampX1.IsEmpty()) { byte[] data = signature.GetTimestampX1Data(); x1Results = new TimestampVerificationResult[timestampX1.Count]; for (int i = 0; i < timestampX1.Count; i++) { try { TimestampToken t = timestampX1[i]; x1Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"); x1Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } else { x1Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x1Results[i], ctx, signature); } catch (NoSuchAlgorithmException) { levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"); } } } IList <TimestampToken> timestampX2 = signature.GetTimestampsX2(); if (timestampX2 != null && !timestampX2.IsEmpty()) { byte[] data = signature.GetTimestampX2Data(); x2Results = new TimestampVerificationResult[timestampX2.Count]; int i = 0; foreach (TimestampToken t in timestampX2) { try { x2Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"); x2Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } else { x2Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x2Results[i], ctx, signature); } catch (NoSuchAlgorithmException) { levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"); } } } if ((timestampX1 == null || timestampX1.IsEmpty()) && (timestampX2 == null || timestampX2 .IsEmpty())) { levelReached.SetStatus(Result.ResultStatus.INVALID, "no.timestamp"); } return(new SignatureLevelX(signature, levelReached, x1Results, x2Results)); } catch (Exception) { return(new SignatureLevelX(signature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ))); } }
protected internal virtual SignatureLevelC VerifyLevelC(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx, bool rehashValues) { try { IList <CertificateRef> refs = signature.GetCertificateRefs(); Result everyNeededCertAreInSignature = new Result(); if (refs == null || refs.IsEmpty()) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "no.certificate.ref" ); } else { if (EveryCertificateRefAreThere(ctx, refs, signature.GetSigningCertificate())) { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.VALID, null); } else { everyNeededCertAreInSignature.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.ref" ); } } LOG.Info("Every CertificateRef found " + everyNeededCertAreInSignature); IList <OCSPRef> ocspRefs = signature.GetOCSPRefs(); IList <CRLRef> crlRefs = signature.GetCRLRefs(); int refCount = 0; Result everyNeededRevocationData = new Result(Result.ResultStatus.VALID, null); refCount += ocspRefs.Count; refCount += crlRefs.Count; Result thereIsRevocationData = null; Result levelCReached = null; if (rehashValues) { if (!EveryOCSPValueOrRefAreThere(ctx, ocspRefs)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.ref" ); } if (!EveryCRLValueOrRefAreThere(ctx, crlRefs)) { everyNeededRevocationData.SetStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.ref" ); } levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && everyNeededRevocationData.GetStatus() == Result.ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, everyNeededRevocationData )); } else { thereIsRevocationData = new Result(); if (refCount == 0) { thereIsRevocationData.SetStatus(Result.ResultStatus.INVALID, "no.revocation.data.reference" ); } else { thereIsRevocationData.SetStatus(Result.ResultStatus.VALID, "at.least.one.reference" ); } levelCReached = new Result(everyNeededCertAreInSignature.GetStatus() == Result.ResultStatus .VALID && thereIsRevocationData.GetStatus() == Result.ResultStatus.VALID); return(new SignatureLevelC(levelCReached, everyNeededCertAreInSignature, thereIsRevocationData )); } } catch (Exception) { return(new SignatureLevelC(new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result (Result.ResultStatus.INVALID, "exception.while.verifying"))); } }