public ValidationResult Validate(SignatureDocument sigDocument)
{
ValidationResult validationResult = new ValidationResult();
try
{
sigDocument.XadesSignature.CheckXmldsigSignature();
}
catch (Exception)
{
validationResult.IsValid = false;
validationResult.Message = "La verificación de la firma no ha sido satisfactoria";
return(validationResult);
}
if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
TimeStampToken timeStampToken = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
byte[] messageImprintDigest = timeStampToken.TimeStampInfo.GetMessageImprintDigest();
FirmaXades.Crypto.DigestMethod byOid = FirmaXades.Crypto.DigestMethod.GetByOid(timeStampToken.TimeStampInfo.HashAlgorithm.ObjectID.Id);
ArrayList arrayList = new ArrayList();
arrayList.Add("ds:SignatureValue");
byte[] b = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, arrayList), byOid);
if (!Arrays.AreEqual(messageImprintDigest, b))
{
validationResult.IsValid = false;
validationResult.Message = "La huella del sello de tiempo no se corresponde con la calculada";
return(validationResult);
}
}
validationResult.IsValid = true;
validationResult.Message = "Verificación de la firma satisfactoria";
return(validationResult);
}
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
try
{
if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
throw new Exception("La firma ya contiene un sello de tiempo");
}
ArrayList arrayList = new ArrayList();
arrayList.Add("ds:SignatureValue");
byte[] hash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod);
byte[] timeStamp = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true);
TimeStamp timeStamp2 = new TimeStamp("SignatureTimeStamp");
timeStamp2.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id;
timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp;
timeStamp2.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString();
unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(timeStamp2);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
signatureDocument.UpdateDocument();
}
catch (Exception innerException)
{
throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", innerException);
}
}
private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
XmlElement signatureElement = signatureDocument.XadesSignature.GetSignatureElement();
XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(signatureDocument.Document.NameTable);
xmlNamespaceManager.AddNamespace("xades", "http://uri.etsi.org/01903/v1.3.2#");
xmlNamespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlNode xmlNode = signatureElement.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", xmlNamespaceManager);
if (xmlNode == null)
{
signatureDocument.UpdateDocument();
}
ArrayList arrayList = new ArrayList();
arrayList.Add("ds:SignatureValue");
arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
arrayList.Add("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
byte[] hash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, arrayList), parameters.DigestMethod);
byte[] timeStamp = parameters.TimeStampClient.GetTimeStamp(hash, parameters.DigestMethod, true);
TimeStamp timeStamp2 = new TimeStamp("SigAndRefsTimeStamp");
timeStamp2.Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id;
timeStamp2.EncapsulatedTimeStamp.PkiData = timeStamp;
timeStamp2.EncapsulatedTimeStamp.Id = "SigAndRefsStamp-" + Guid.NewGuid().ToString();
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false;
unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(timeStamp2);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
}
public ValidationResult Validate(SignatureDocument sigDocument)
{
/* Los elementos que se validan son:
*
* 1. Las huellas de las referencias de la firma.
* 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado.
* 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo.
*
* La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto.
*/
ValidationResult result = new ValidationResult();
try
{
// Verifica las huellas de las referencias y la firma
sigDocument.XadesSignature.CheckXmldsigSignature();
}
catch
{
result.IsValid = false;
result.Message = "Signature verification is unsuccessful!";
return(result);
}
if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
// Se comprueba el sello de tiempo
TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();
Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);
ArrayList signatureValueElementXpaths = new ArrayList
{
"ds:SignatureValue"
};
byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod);
if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
{
result.IsValid = false;
result.Message = "La huella del sello de tiempo no se corresponde con la calculada";
return(result);
}
}
result.IsValid = true;
result.Message = "Verificación de la firma satisfactoria";
return(result);
}
/// <summary>
/// The elements that are validated are:
/// 1.The traces of the references of the signature.
/// 2.The trace of the SignedInfo element is verified and the signature is verified with the public key of the ///certificate.
/// 3. If the signature contains a time stamp it is verified that the imprint of the signature coincides with that of the time stamp.
/// The validation of profiles -C, -X, -XL and -A is outside the scope of this project.
/// </summary>
/// <param name="sigDocument"></param>
/// <returns></returns>
public ValidationResult Validate(SignatureDocument sigDocument)
{
ValidationResult result = new ValidationResult();
try
{
// Check the traces of references and signature
sigDocument.XadesSignature.CheckXmldsigSignature();
}
catch
{
result.IsValid = false;
result.Message = "Signature verification is unsuccessful!";
return(result);
}
if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
// Check time stamp
TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();
Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);
ArrayList signatureValueElementXpaths = new ArrayList
{
"ds:SignatureValue"
};
byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths), tsDigestMethod);
if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
{
result.IsValid = false;
result.Message = "The imprint of the time stamp does not correspond with the calculated";
return(result);
}
}
result.IsValid = true;
result.Message = "Signature validated successfully";
return(result);
}
private void TimeStampCertRefs(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
TimeStamp xadesXTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
XmlElement nodoFirma = signatureDocument.XadesSignature.GetSignatureElement();
XmlNamespaceManager nm = new XmlNamespaceManager(signatureDocument.Document.NameTable);
nm.AddNamespace("xades", XadesSignedXml.XadesNamespaceUri);
nm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlNode xmlCompleteCertRefs = nodoFirma.SelectSingleNode("ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs", nm);
if (xmlCompleteCertRefs == null)
{
signatureDocument.UpdateDocument();
}
signatureValueElementXpaths = new ArrayList
{
"ds:SignatureValue",
"ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp",
"ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs",
"ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs"
};
signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod);
byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);
xadesXTimeStamp = new TimeStamp("SigAndRefsTimeStamp")
{
Id = "SigAndRefsStamp-" + signatureDocument.XadesSignature.Signature.Id
};
xadesXTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
xadesXTimeStamp.EncapsulatedTimeStamp.Id = "SigAndRefsStamp-" + Guid.NewGuid().ToString();
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
unsignedProperties.UnsignedSignatureProperties.RefsOnlyTimeStampFlag = false;
unsignedProperties.UnsignedSignatureProperties.SigAndRefsTimeStampCollection.Add(xadesXTimeStamp);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
}
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
TimeStamp signatureTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
try
{
if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
throw new Exception("La firma ya contiene un sello de tiempo");
}
XmlDsigExcC14NTransform excTransform = new XmlDsigExcC14NTransform();
signatureValueElementXpaths = new ArrayList();
signatureValueElementXpaths.Add("ds:SignatureValue");
signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths, excTransform), parameters.DigestMethod);
byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);
signatureTimeStamp = new TimeStamp("SignatureTimeStamp");
signatureTimeStamp.Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id;
signatureTimeStamp.CanonicalizationMethod = new CanonicalizationMethod();
signatureTimeStamp.CanonicalizationMethod.Algorithm = excTransform.Algorithm;
signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString();
unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
signatureDocument.UpdateDocument();
}
catch (Exception ex)
{
throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex);
}
}
public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters)
{
TimeStamp signatureTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
UnsignedProperties unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties;
try
{
if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
throw new Exception("The signature already contains a time stamp");
}
signatureValueElementXpaths = new ArrayList
{
"ds:SignatureValue"
};
signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(signatureDocument.XadesSignature, signatureValueElementXpaths), parameters.DigestMethod);
byte[] tsa = parameters.TimeStampClient.GetTimeStamp(signatureValueHash, parameters.DigestMethod, true);
signatureTimeStamp = new TimeStamp("SignatureTimeStamp")
{
Id = "SignatureTimeStamp-" + signatureDocument.XadesSignature.Signature.Id
};
signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString();
unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);
signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties;
signatureDocument.UpdateDocument();
}
catch (Exception ex)
{
throw new Exception("An error occurred while inserting the time stamp", ex);
}
}
public override void Upgrade()
{
TimeStamp signatureTimeStamp;
ArrayList signatureValueElementXpaths;
byte[] signatureValueHash;
UnsignedProperties unsignedProperties = _firma.XadesSignature.UnsignedProperties;
try
{
if (unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
throw new Exception("La firma ya contiene un sello de tiempo");
}
signatureValueElementXpaths = new ArrayList();
signatureValueElementXpaths.Add("ds:SignatureValue");
signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(_firma.XadesSignature, signatureValueElementXpaths), DigestMethod.SHA1);
byte[] tsa = TimeStampClient.GetTimeStamp(_firma.TSAServer, signatureValueHash, DigestMethod.SHA1, true);
signatureTimeStamp = new TimeStamp("SignatureTimeStamp");
signatureTimeStamp.Id = "SignatureTimeStamp-" + _firma.XadesSignature.Signature.Id;
signatureTimeStamp.EncapsulatedTimeStamp.PkiData = tsa;
signatureTimeStamp.EncapsulatedTimeStamp.Id = "SignatureTimeStamp-" + Guid.NewGuid().ToString();
unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Add(signatureTimeStamp);
_firma.XadesSignature.UnsignedProperties = unsignedProperties;
_firma.UpdateDocument();
}
catch (Exception ex)
{
throw new Exception("Ha ocurrido un error al insertar el sellado de tiempo.", ex);
}
}
public ValidationResult Validate(SignatureDocument sigDocument)
{
/* Los elementos que se validan son:
*
* 1. Las huellas de las referencias de la firma.
* 2. Se comprueba la huella del elemento SignedInfo y se verifica la firma con la clave pública del certificado.
* 3. Si la firma contiene un sello de tiempo se comprueba que la huella de la firma coincide con la del sello de tiempo.
*
* La validación de perfiles -C, -X, -XL y -A esta fuera del ámbito de este proyecto.
*/
ValidationResult result = new ValidationResult();
try
{
// Verifica las huellas de las referencias y la firma
sigDocument.XadesSignature.CheckXmldsigSignature();
}
catch (Exception ex)
{
result.IsValid = false;
result.Message = "La verificación de la firma no ha sido satisfactoria";
return(result);
}
if (sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection.Count > 0)
{
// Se comprueba el sello de tiempo
TimeStamp timeStamp = sigDocument.XadesSignature.UnsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0];
TimeStampToken token = new TimeStampToken(new CmsSignedData(timeStamp.EncapsulatedTimeStamp.PkiData));
byte[] tsHashValue = token.TimeStampInfo.GetMessageImprintDigest();
//TODO: Verificare
// Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.ObjectID.Id);
Crypto.DigestMethod tsDigestMethod = Crypto.DigestMethod.GetByOid(token.TimeStampInfo.HashAlgorithm.Algorithm.Id);
System.Security.Cryptography.Xml.Transform transform = null;
if (timeStamp.CanonicalizationMethod != null)
{
transform = CryptoConfig.CreateFromName(timeStamp.CanonicalizationMethod.Algorithm) as System.Security.Cryptography.Xml.Transform;
}
else
{
transform = new XmlDsigC14NTransform();
}
ArrayList signatureValueElementXpaths = new ArrayList();
signatureValueElementXpaths.Add("ds:SignatureValue");
byte[] signatureValueHash = DigestUtil.ComputeHashValue(XMLUtil.ComputeValueOfElementList(sigDocument.XadesSignature, signatureValueElementXpaths, transform), tsDigestMethod);
if (!Arrays.AreEqual(tsHashValue, signatureValueHash))
{
result.IsValid = false;
result.Message = "La huella del sello de tiempo no se corresponde con la calculada";
return(result);
}
}
result.IsValid = true;
result.Message = "Verificación de la firma satisfactoria";
return(result);
}