private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult
result, ValidationContext ctx, AdvancedSignature signature)
{
try
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.INVALID, "cannot.reached.tsl"
);
ctx.ValidateTimestamp(t, signature.GetCertificateSource(), signature.GetCRLSource
(), signature.GetOCSPSource());
foreach (CertificateAndContext c in ctx.GetNeededCertificates())
{
if (c.GetCertificate().SubjectDN.Equals(t.GetSignerSubjectName()))
{
if (ctx.GetParentFromTrustedList(c) != null)
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.VALID, null);
break;
}
}
}
}
catch (IOException)
{
result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.UNDETERMINED, "exception.while.verifying"
);
}
}
/// <summary>Check the list of Timestamptoken.</summary>
/// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationResult is produced
/// </remarks>
/// <param name="signature"></param>
/// <param name="referenceTime"></param>
/// <param name="ctx"></param>
/// <param name="tstokens"></param>
/// <param name="data"></param>
/// <returns></returns>
protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(AdvancedSignature
signature, DateTime referenceTime, ValidationContext ctx, IList <TimestampToken>
tstokens, byte[] data)
{
IList <TimestampVerificationResult> tstokenVerifs = new AList <TimestampVerificationResult
>();
if (tstokens != null)
{
foreach (TimestampToken t in tstokens)
{
TimestampVerificationResult verif = new TimestampVerificationResult(t);
try
{
if (t.MatchData(data))
{
verif.SetSameDigest(new Result(Result.ResultStatus.VALID, null));
}
else
{
verif.SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"
));
}
}
catch (NoSuchAlgorithmException)
{
verif.SetSameDigest(new Result(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"
));
}
CheckTimeStampCertPath(t, verif, ctx, signature);
tstokenVerifs.AddItem(verif);
}
}
return(tstokenVerifs);
}
protected internal virtual SignatureLevelX VerifyLevelX(AdvancedSignature signature
, DateTime referenceTime, ValidationContext ctx)
{
try
{
Result levelReached = new Result();
levelReached.SetStatus(Result.ResultStatus.VALID, null);
TimestampVerificationResult[] x1Results = null;
TimestampVerificationResult[] x2Results = null;
IList <TimestampToken> timestampX1 = signature.GetTimestampsX1();
if (timestampX1 != null && !timestampX1.IsEmpty())
{
byte[] data = signature.GetTimestampX1Data();
x1Results = new TimestampVerificationResult[timestampX1.Count];
for (int i = 0; i < timestampX1.Count; i++)
{
try
{
TimestampToken t = timestampX1[i];
x1Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
x1Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"
));
}
else
{
x1Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x1Results[i], ctx, signature);
}
catch (NoSuchAlgorithmException)
{
levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
}
}
}
IList <TimestampToken> timestampX2 = signature.GetTimestampsX2();
if (timestampX2 != null && !timestampX2.IsEmpty())
{
byte[] data = signature.GetTimestampX2Data();
x2Results = new TimestampVerificationResult[timestampX2.Count];
int i = 0;
foreach (TimestampToken t in timestampX2)
{
try
{
x2Results[i] = new TimestampVerificationResult(t);
if (!t.MatchData(data))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
x2Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"
));
}
else
{
x2Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null));
}
CheckTimeStampCertPath(t, x2Results[i], ctx, signature);
}
catch (NoSuchAlgorithmException)
{
levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
}
}
}
if ((timestampX1 == null || timestampX1.IsEmpty()) && (timestampX2 == null || timestampX2
.IsEmpty()))
{
levelReached.SetStatus(Result.ResultStatus.INVALID, "no.timestamp");
}
return(new SignatureLevelX(signature, levelReached, x1Results, x2Results));
}
catch (Exception)
{
return(new SignatureLevelX(signature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"
)));
}
}
