/// <summary>
/// Extracts a CDA package zip file and verifies the signature. An exception is thrown if verification fails.
/// </summary>
/// <param name="packageFilePath">The path to the CDA package zip file to extract.</param>
/// <param name="verifyCertificate">An optional delegate to verify the signature certificate (NULL accepted).</param>
/// <returns>A CDAPackage instance constructed from the CDA package zip file.</returns>
public static CDAPackage Extract(string packageFilePath, VerifyCertificateDelegate verifyCertificate)
{
byte[] zipContent = File.ReadAllBytes(packageFilePath);
CDAPackage newPackage = Extract(zipContent, verifyCertificate);
return(newPackage);
}
/// <summary>
/// Extracts a CDA package zip file and verifies the signature. An exception is thrown if verification fails.
/// </summary>
/// <param name="package">A byte array of a CDA package zip file.</param>
/// <param name="verifyCertificate">An optional delegate to verify the signature certificate (NULL accepted).</param>
/// <returns>A CDAPackage instance constructed from the CDA package zip file.</returns>
public static CDAPackage Extract(byte[] package, VerifyCertificateDelegate verifyCertificate)
{
// Validation on package
Validation.ValidateArgumentRequired("package", package);
var newPackage = ExtractAndIgnoreSignatureVerification(package);
if (newPackage.CDASignature != null)
{
VerifySignature(newPackage, verifyCertificate);
}
CDAPackageValidation.ValidateCDAPackage(newPackage, newPackage.SigningTime.HasValue);
return(newPackage);
}
/// <summary>
/// Verify the signature of a CDA package.
/// </summary>
/// <param name="package">The CDA package to verify.</param>
/// <param name="verifyCertificate">A delegate to verify the signature certificate.</param>
public static void VerifySignature(CDAPackage package, VerifyCertificateDelegate verifyCertificate)
{
// Return if package doesn't contain a signature.
if (package.CDASignature == null)
{
return;
}
byte[] signatureDocumentContent = package.CDASignature.FileContent;
byte[] rootDocumentContent = package.CDADocumentRoot.FileContent;
byte[] hash = CalculateSHA1(rootDocumentContent);
var signatureDocument = new XmlDocument();
signatureDocument.PreserveWhitespace = true;
signatureDocument.Load(new MemoryStream(signatureDocumentContent));
// Get eSignature
eSignatureType eSignature = null;
try
{
var eSignatureElement = signatureDocument.GetElementsByTagName("eSignature", "*")[0] as XmlElement;
eSignature = eSignatureElement.Deserialize <eSignatureType>();
}
catch (Exception ex)
{
throw new SignatureVerificationException("Error extracting eSignature");
}
if (eSignature == null)
{
throw new SignatureVerificationException("Error extracting eSignature");
}
var manifest = eSignature.Manifest;
var approver = eSignature.approver;
// Get signing time
package.SigningTime = eSignature.signingTime;
// Get approver
package.Approver = new Approver();
if (eSignature.approver != null)
{
if (eSignature.approver.personId != null)
{
package.Approver.PersonId = new Uri(eSignature.approver.personId, UriKind.RelativeOrAbsolute);
}
var personName = eSignature.approver.personName;
if (personName != null)
{
package.Approver.PersonFamilyName = personName.familyName;
if (personName.givenName != null)
{
package.Approver.PersonGivenNames = personName.givenName.ToList();
}
if (personName.nameSuffix != null)
{
package.Approver.PersonNameSuffixes = personName.nameSuffix.ToList();
}
if (personName.nameTitle != null)
{
package.Approver.PersonTitles = personName.nameTitle.ToList();
}
}
}
// Check signature digest
var manifestElement = signatureDocument.GetElementsByTagName("Manifest", "*")[0] as XmlElement;
if (manifest.Reference[0].URI != "CDA_ROOT.XML")
{
throw new SignatureVerificationException("Error verifying document - Manifest reference must have a URI of 'CDA_ROOT.XML'");
}
if (manifest.Reference[0].DigestMethod.Algorithm != SignedXml.XmlDsigSHA1Url)
{
throw new SignatureVerificationException("Error verifying document - Manifest digest method must have an algorithm of '" + SignedXml.XmlDsigSHA1Url + "'");
}
if (Convert.ToBase64String(manifest.Reference[0].DigestValue) != Convert.ToBase64String(hash))
{
throw new SignatureVerificationException("Error verifying document - Manifest digest value mismatch");
}
// Verify certificate
ICertificateVerifier verifier = new CertificateVerifier(verifyCertificate);
ISignedContainerProfileService signedContainerService = XspFactory.Instance.GetSignedContainerProfileService(XspVersion.V_2010);
signedContainerService.Check(signatureDocument, verifier);
// Verify attachments integrity checks
if (package.CDADocumentAttachments != null && package.CDADocumentAttachments.Count > 0)
{
VerifyAttachments(package);
}
return;
}
/// <summary>
/// Assign the delegate to use to verify the X.509 certificate.
/// </summary>
/// <param name="verifyCertificate"></param>
public void SetVerifyCertificate(VerifyCertificateDelegate verifyCertificate)
{
m_handshakeLayer.VerifyCertificate = verifyCertificate;
}
public void SetVerifyCertificate(VerifyCertificateDelegate verifyCertificate)
{
m_handshakeLayer.VerifyCertificate = verifyCertificate;
}
/// <summary>
/// Set the delegate for the verification method
/// </summary>
/// <param name="verifyCertificate">The certificate verification delegate.</param>
public CertificateVerifier(VerifyCertificateDelegate verifyCertificate)
{
this.verifyCertificate = verifyCertificate;
}
