示例#1
0
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            ValidationResult validationResult = new ValidationResult();

            try
            {
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch (Exception)
            {
                validationResult.IsValid = false;
                validationResult.Message = "La verificación de la firma no ha sido satisfactoria";
                return(validationResult);
            }
            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                TimeStamp      timeStamp             = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken timeStampToken        = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
                byte[]         messageImprintDigest  = timeStampToken.TimeStampInfo.GetMessageImprintDigest();
                FirmaXades.Crypto.DigestMethod byOid = FirmaXades.Crypto.DigestMethod.GetByOid(timeStampToken.TimeStampInfo.HashAlgorithm.ObjectID.Id);
                ArrayList arrayList = new ArrayList();
                arrayList.Add("ds:SignatureValue");
                byte[] b = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, arrayList), byOid);
                if (!Arrays.AreEqual(messageImprintDigest, b))
                {
                    validationResult.IsValid = false;
                    validationResult.Message = "La huella del sello de tiempo no se corresponde con la calculada";
                    return(validationResult);
                }
            }
            validationResult.IsValid = true;
            validationResult.Message = "Verificación de la firma satisfactoria";
            return(validationResult);
        }
示例#2
0
        public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
        {
            UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;

            try
            {
                if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
                {
                    throw new Exception("La firma ya contiene un sello de tiempo");
                }
                ArrayList arrayList = new ArrayList();
                arrayList.Add("ds:SignatureValue");
                byte[]    hash       = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod);
                byte[]    timeStamp  = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true);
                TimeStamp timeStamp2 = new TimeStamp("SignatureTimeStamp");
                timeStamp2.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id;
                timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp;
                timeStamp2.EncapsulatedTimeStamp.Id      = "SignatureTimeStamp-" + Guid.NewGuid().ToString();
                unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(timeStamp2);
                signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
                signatureDocument.UpdateDocument();
            }
            catch (Exception innerException)
            {
                throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", innerException);
            }
        }
示例#3
0
        private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters)
        {
            XmlElement          signatureElement    = signatureDocument.XadesSignature.GetSignatureElement();
            XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(signatureDocument.Document.NameTable);

            xmlNamespaceManager.AddNamespace("xades", "http://uri.etsi.org/01903/v1.3.2#");
            xmlNamespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
            XmlNode xmlNode = signatureElement.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", xmlNamespaceManager);

            if (xmlNode == null)
            {
                signatureDocument.UpdateDocument();
            }
            ArrayList arrayList = new ArrayList();

            arrayList.Add("ds:SignatureValue");
            arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
            arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
            arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
            byte[]    hash       = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod);
            byte[]    timeStamp  = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true);
            TimeStamp timeStamp2 = new TimeStamp("SigAndRefsTimeStamp");

            timeStamp2.Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id;
            timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp;
            timeStamp2.EncapsulatedTimeStamp.Id      = "SigAndRefsStamp-" + Guid.NewGuid().ToString();
            UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;

            unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false;
            unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(timeStamp2);
            signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
        }
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            /* Los elementos que se validan son:
             *
             * 1. Las huellas de las referencias de la firma.
             * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado.
             * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo.
             *
             * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto.
             */

            ValidationResult result = new ValidationResult();

            try
            {
                // Verifica las huellas de las referencias y la firma
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch
            {
                result.IsValid = false;
                result.Message = "Signature verification is unsuccessful!";

                return(result);
            }

            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                // Se comprueba el sello de tiempo

                TimeStamp      timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken token     = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));

                byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();
                Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);

                ArrayList signatureValueElementXpaths = new ArrayList
                {
                    "ds:SignatureValue"
                };
                byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod);

                if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
                {
                    result.IsValid = false;
                    result.Message = "La huella del sello de tiempo no se corresponde con la calculada";

                    return(result);
                }
            }

            result.IsValid = true;
            result.Message = "Verificación de la firma satisfactoria";

            return(result);
        }
示例#5
0
        /// <summary>
        /// The elements that are validated are:
        /// 1.The traces of the references of the signature.
        /// 2.The trace of the SignedInfo element is verified and the signature is verified with the public key of the ///certificate.
        /// 3. If the signature contains a time stamp it is verified that the imprint of the signature coincides with that of the time stamp.
        /// The validation of profiles -C, -X, -XL and -A is outside the scope of this project.
        /// </summary>
        /// <param name="sigDocument"></param>
        /// <returns></returns>
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            ValidationResult result = new ValidationResult();

            try
            {
                // Check the traces of references and signature
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch
            {
                result.IsValid = false;
                result.Message = "Signature verification is unsuccessful!";

                return(result);
            }

            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                // Check time stamp
                TimeStamp      timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken token     = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));

                byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();
                Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);

                ArrayList signatureValueElementXpaths = new ArrayList
                {
                    "ds:SignatureValue"
                };
                byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod);

                if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
                {
                    result.IsValid = false;
                    result.Message = "The imprint of the time stamp does not correspond with the calculated";

                    return(result);
                }
            }

            result.IsValid = true;
            result.Message = "Signature validated successfully";

            return(result);
        }
示例#6
0
        private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters)
        {
            TimeStamp xadesXTimeStamp;
            ArrayList signatureValueElementXpaths;

            byte[] signatureValueHash;

            XmlElement nodoFirma = signatureDocument.XadesSignature.GetSignatureElement();

            XmlNamespaceManager nm = new XmlNamespaceManager(signatureDocument.Document.NameTable);

            nm.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);
            nm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            XmlNode xmlCompleteCertRefs = nodoFirma.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", nm);

            if (xmlCompleteCertRefs == null)
            {
                signatureDocument.UpdateDocument();
            }

            signatureValueElementXpaths = new ArrayList
            {
                "ds:SignatureValue",
                "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp",
                "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs",
                "ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs"
            };
            signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod);

            byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);

            xadesXTimeStamp = new TimeStamp("SigAndRefsTimeStamp")
            {
                Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id
            };
            xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
            xadesXTimeStamp.EncapsulatedTimeStamp.Id      = "SigAndRefsStamp-" + Guid.NewGuid().ToString();
            UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;

            unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false;
            unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(xadesXTimeStamp);


            signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
        }
示例#7
0
        public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
        {
            TimeStamp signatureTimeStamp;
            ArrayList signatureValueElementXpaths;

            byte[]             signatureValueHash;
            UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;

            try
            {
                if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
                {
                    throw new Exception("La firma ya contiene un sello de tiempo");
                }

                XmlDsigExcC14NTransform excTransform = new XmlDsigExcC14NTransform();

                signatureValueElementXpaths = new ArrayList();
                signatureValueElementXpaths.Add("ds:SignatureValue");
                signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths, excTransform), parameters.DigestMethod);

                byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);

                signatureTimeStamp    = new TimeStamp("SignatureTimeStamp");
                signatureTimeStamp.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id;
                signatureTimeStamp.CanonicalizationMethod           = new CanonicalizationMethod();
                signatureTimeStamp.CanonicalizationMethod.Algorithm = excTransform.Algorithm;
                signatureTimeStamp.EncapsulatedTimeStamp.PkiData    = tsa;
                signatureTimeStamp.EncapsulatedTimeStamp.Id         = "SignatureTimeStamp-" + Guid.NewGuid().ToString();

                unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);

                signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;

                signatureDocument.UpdateDocument();
            }
            catch (Exception ex)
            {
                throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex);
            }
        }
        public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
        {
            TimeStamp signatureTimeStamp;
            ArrayList signatureValueElementXpaths;

            byte[]             signatureValueHash;
            UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;

            try
            {
                if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
                {
                    throw new Exception("The signature already contains a time stamp");
                }

                signatureValueElementXpaths = new ArrayList
                {
                    "ds:SignatureValue"
                };
                signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod);

                byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);

                signatureTimeStamp = new TimeStamp("SignatureTimeStamp")
                {
                    Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id
                };
                signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
                signatureTimeStamp.EncapsulatedTimeStamp.Id      = "SignatureTimeStamp-" + Guid.NewGuid().ToString();

                unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);

                signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;

                signatureDocument.UpdateDocument();
            }
            catch (Exception ex)
            {
                throw new Exception("An error occurred while inserting the time stamp", ex);
            }
        }
示例#9
0
        public override void Upgrade()
        {
            TimeStamp signatureTimeStamp;
            ArrayList signatureValueElementXpaths;

            byte[]             signatureValueHash;
            UnsignedProperties unsignedProperties = _firma.XadesSignature.UnsignedProperties;

            try
            {
                if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
                {
                    throw new Exception("La firma ya contiene un sello de tiempo");
                }

                signatureValueElementXpaths = new ArrayList();
                signatureValueElementXpaths.Add("ds:SignatureValue");
                signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(_firma.XadesSignature, signatureValueElementXpaths), DigestMethod.SHA1);

                byte[] tsa = TimeStampClient.GetTimeStamp(_firma.TSAServer, signatureValueHash, DigestMethod.SHA1, true);

                signatureTimeStamp    = new TimeStamp("SignatureTimeStamp");
                signatureTimeStamp.Id = "SignatureTimeStamp-" + _firma.XadesSignature.Signature.Id;
                signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
                signatureTimeStamp.EncapsulatedTimeStamp.Id      = "SignatureTimeStamp-" + Guid.NewGuid().ToString();

                unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);

                _firma.XadesSignature.UnsignedProperties = unsignedProperties;

                _firma.UpdateDocument();
            }
            catch (Exception ex)
            {
                throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex);
            }
        }
示例#10
0
        public ValidationResult Validate(SignatureDocument sigDocument)
        {
            /* Los elementos que se validan son:
             *
             * 1. Las huellas de las referencias de la firma.
             * 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado.
             * 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo.
             *
             * La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto.
             */

            ValidationResult result = new ValidationResult();

            try
            {
                // Verifica las huellas de las referencias y la firma
                sigDocument.XadesSignature.CheckXmldsigSignature();
            }
            catch (Exception ex)
            {
                result.IsValid = false;
                result.Message = "La verificación de la firma no ha sido satisfactoria";

                return(result);
            }

            if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
            {
                // Se comprueba el sello de tiempo

                TimeStamp      timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
                TimeStampToken token     = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));

                byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();

                //TODO: Verificare
                // Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.ObjectID.Id);
                Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);

                System.Security.Cryptography.Xml.Transform transform = null;

                if (timeStamp.CanonicalizationMethod != null)
                {
                    transform = CryptoConfig.CreateFromName(timeStamp.CanonicalizationMethod.Algorithm) as System.Security.Cryptography.Xml.Transform;
                }
                else
                {
                    transform = new XmlDsigC14NTransform();
                }

                ArrayList signatureValueElementXpaths = new ArrayList();
                signatureValueElementXpaths.Add("ds:SignatureValue");
                byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths, transform), tsDigestMethod);

                if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
                {
                    result.IsValid = false;
                    result.Message = "La huella del sello de tiempo no se corresponde con la calculada";

                    return(result);
                }
            }

            result.IsValid = true;
            result.Message = "Verificación de la firma satisfactoria";

            return(result);
        }