private void CheckTimeStampCertPath(TimestampToken t, TimestampVerificationResult result, ValidationContext ctx, AdvancedSignature signature) { try { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.INVALID, "cannot.reached.tsl" ); ctx.ValidateTimestamp(t, signature.GetCertificateSource(), signature.GetCRLSource (), signature.GetOCSPSource()); foreach (CertificateAndContext c in ctx.GetNeededCertificates()) { if (c.GetCertificate().SubjectDN.Equals(t.GetSignerSubjectName())) { if (ctx.GetParentFromTrustedList(c) != null) { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.VALID, null); break; } } } } catch (IOException) { result.GetCertPathUpToTrustedList().SetStatus(Result.ResultStatus.UNDETERMINED, "exception.while.verifying" ); } }
/// <summary>Check the list of Timestamptoken.</summary> /// <remarks>Check the list of Timestamptoken. For each one a TimestampVerificationResult is produced /// </remarks> /// <param name="signature"></param> /// <param name="referenceTime"></param> /// <param name="ctx"></param> /// <param name="tstokens"></param> /// <param name="data"></param> /// <returns></returns> protected internal virtual IList <TimestampVerificationResult> VerifyTimestamps(AdvancedSignature signature, DateTime referenceTime, ValidationContext ctx, IList <TimestampToken> tstokens, byte[] data) { IList <TimestampVerificationResult> tstokenVerifs = new AList <TimestampVerificationResult >(); if (tstokens != null) { foreach (TimestampToken t in tstokens) { TimestampVerificationResult verif = new TimestampVerificationResult(t); try { if (t.MatchData(data)) { verif.SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } else { verif.SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } } catch (NoSuchAlgorithmException) { verif.SetSameDigest(new Result(Result.ResultStatus.UNDETERMINED, "no.such.algoritm" )); } CheckTimeStampCertPath(t, verif, ctx, signature); tstokenVerifs.AddItem(verif); } } return(tstokenVerifs); }
protected internal virtual SignatureLevelX VerifyLevelX(AdvancedSignature signature , DateTime referenceTime, ValidationContext ctx) { try { Result levelReached = new Result(); levelReached.SetStatus(Result.ResultStatus.VALID, null); TimestampVerificationResult[] x1Results = null; TimestampVerificationResult[] x2Results = null; IList <TimestampToken> timestampX1 = signature.GetTimestampsX1(); if (timestampX1 != null && !timestampX1.IsEmpty()) { byte[] data = signature.GetTimestampX1Data(); x1Results = new TimestampVerificationResult[timestampX1.Count]; for (int i = 0; i < timestampX1.Count; i++) { try { TimestampToken t = timestampX1[i]; x1Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"); x1Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } else { x1Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x1Results[i], ctx, signature); } catch (NoSuchAlgorithmException) { levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"); } } } IList <TimestampToken> timestampX2 = signature.GetTimestampsX2(); if (timestampX2 != null && !timestampX2.IsEmpty()) { byte[] data = signature.GetTimestampX2Data(); x2Results = new TimestampVerificationResult[timestampX2.Count]; int i = 0; foreach (TimestampToken t in timestampX2) { try { x2Results[i] = new TimestampVerificationResult(t); if (!t.MatchData(data)) { levelReached.SetStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"); x2Results[i].SetSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data" )); } else { x2Results[i].SetSameDigest(new Result(Result.ResultStatus.VALID, null)); } CheckTimeStampCertPath(t, x2Results[i], ctx, signature); } catch (NoSuchAlgorithmException) { levelReached.SetStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"); } } } if ((timestampX1 == null || timestampX1.IsEmpty()) && (timestampX2 == null || timestampX2 .IsEmpty())) { levelReached.SetStatus(Result.ResultStatus.INVALID, "no.timestamp"); } return(new SignatureLevelX(signature, levelReached, x1Results, x2Results)); } catch (Exception) { return(new SignatureLevelX(signature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying" ))); } }