/// <summary>
/// Main method for validating a signature
/// </summary>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <returns>
/// the report part pertaining to the signature
/// </returns>
protected internal virtual SignatureInformation ValidateSignature(IAdvancedSignature signature, DateTime referenceTime, ICAdESLogger logger, SignatureValidationContext signatureValidationContext, bool checkIntegrity, Document externalContent)
{
if (signature is null)
{
throw new ArgumentNullException(nameof(signature));
}
if (signature.SigningCertificate == null)
{
logger.Error("There is no signing certificate");
return(null);
}
var signatureVerification = new SignatureVerification(new SignatureValidationResult(checkIntegrity ? signature.CheckIntegrity(externalContent) : true), signature.SignatureAlgorithm);
IValidationContext ctx = signatureValidationContext.GetExisted(signature.SigningCertificate, referenceTime);
IList <CertificateAndContext> usedCerts = new List <CertificateAndContext>();
if (ctx == null)
{
ctx = CertificateVerifier.ValidateCertificate(signature.SigningCertificate, referenceTime, signature.CertificateSource, usedCerts, signature.CRLSource, signature.OCSPSource, logger);
signatureValidationContext.Contexts.Add(ctx);
}
var qcStatementInformation = VerifyQStatement(signature.SigningCertificate);
var qualificationsVerification = VerifyQualificationsElement(signature, referenceTime, ctx);
// TODO: serviceinfo is never set, so invalid everytime - hack added - ?? new ServiceInfo()
var info = new TrustedListInformation(ctx.GetRelevantServiceInfo() ?? new ServiceInfo());
var path = new CertPathRevocationAnalysis(ctx, info);
var signatureLevelXL = VerifyLevelXL(signature, referenceTime, ctx, logger);
// order matters
var signatureLevelC = VerifyLevelC(signature, referenceTime, ctx, signatureLevelXL?.LevelReached.IsValid ?? false, logger);
var signatureLevelAnalysis = new SignatureLevelAnalysis(
signature,
VerifyLevelBES(signature, referenceTime, ctx, externalContent),
VerifyLevelEPES(signature, referenceTime, ctx),
VerifyLevelT(signature, referenceTime, ctx),
signatureLevelC,
VerifyLevelX(signature, referenceTime, ctx),
signatureLevelXL,
VerifyLevelA(signature, referenceTime, ctx, logger, externalContent));
var signatureInformation = new SignatureInformation(signatureVerification, path, signatureLevelAnalysis, qualificationsVerification, qcStatementInformation, ctx.NeededCertificates.Select(cert => new CertificateVerification(cert, ctx)), ctx);
return(signatureInformation);
}
protected internal virtual SignatureLevelA VerifyLevelA(IAdvancedSignature signature, DateTime referenceTime, IValidationContext ctx, ICAdESLogger logger, Document externalContent)
{
try
{
SignatureValidationResult levelReached = new SignatureValidationResult();
IList <TimestampVerificationResult> verifs = null;
try
{
IList <TimestampToken> timestamps = signature.ArchiveTimestamps;
verifs = VerifyTimestamps(signature, referenceTime, ctx, timestamps, signature.GetArchiveTimestampData(0, externalContent));
}
catch (IOException e)
{
logger.Error("Error verifyind level A " + e.Message);
levelReached.SetStatus(ResultStatus.UNDETERMINED, "$UI_Signatures_ValidationText_ExceptionWhileVerifying");
}
return(new SignatureLevelA(ResultForTimestamps(verifs, levelReached), verifs));
}
catch (Exception)
{
return(new SignatureLevelA(new SignatureValidationResult(ResultStatus.INVALID, "$UI_Signatures_ValidationText_ExceptionWhileVerifying"), null));
}
}
