private X509Certificate GetSignerCertificate(XmlDocument xmlDoc) { X509Certificate signerCertificate = null; try { TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc); var certificates = token.GetCertificates("Collection").GetMatches(null).Cast <X509Certificate>().ToList(); foreach (X509Certificate certificate in certificates) { string cerIssuerName = certificate.IssuerDN.ToString(true, new Dictionary <string, string>()); string signerIssuerName = token.SignerID.Issuer.ToString(true, new Dictionary <string, string>()); if (cerIssuerName == signerIssuerName && certificate.SerialNumber.Equals(token.SignerID.SerialNumber)) { signerCertificate = certificate; break; } } } catch (Exception) { } return(signerCertificate); }
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc); Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc); if (certificate == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát")); } if (token == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token")); } // Check certificate validity against timestamp token time try { certificate.CheckValidity(token.TimeStampInfo.GenTime); } catch (Exception ex) { return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message)); } // Check certificate validity against crl X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber); if (entry == null) { return(validationError); } if (entry.RevocationDate < token.TimeStampInfo.GenTime) { return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala")); } return(validationError); }
public ValidationError ValidationHandler2(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc); byte[] timesStampDigestArray = token.TimeStampInfo.GetMessageImprintDigest(); string hashAlgorithmId = token.TimeStampInfo.HashAlgorithm.Algorithm.Id; var signatureEle = xmlDoc.SelectXmlNode("//ds:Signature/ds:SignatureValue"); if (signatureEle == null) { return(validationError.AppendErrorMessage("Missing SignatureValue element.")); } byte[] signatureValueByteArray = Convert.FromBase64String(signatureEle.InnerText); var signatureMethodAlgorithm = xmlDoc.SelectXmlNode("//ds:SignedInfo/ds:SignatureMethod").AtrValue("Algorithm"); if (signatureMethodAlgorithm != "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") { return(validationError.AppendErrorMessage($"Unknown SignatureMethod Algorithm {signatureMethodAlgorithm}.")); } System.Security.Cryptography.HashAlgorithm hashAlgo = System.Security.Cryptography.SHA256Managed.Create(); var conputedSignatureByteArray = hashAlgo.ComputeHash(signatureValueByteArray); if (!StructuralComparisons.StructuralEqualityComparer.Equals(conputedSignatureByteArray, timesStampDigestArray)) { return(validationError.AppendErrorMessage("Missing SignatureValue element.")); } return(validationError); }