EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Timestamps invalid when using XAdESVerifier.AddValidationDataRefs()

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#25443
Posted: 06/25/2013 07:24:33
by Kees de Wit (Standard support level)
Joined: 06/13/2013
Posts: 17

Hello,

If I try to sign an XML document with an XAdES-A signature the timestamps get invalid when I use the XAdESVerifier.AddValidationDataRefs() method. If I don't execute this method the timestamps validate correctly. Here is the code that I'm using:

Code
TElDCBaseMessage Msg = state.FindMessageByType(TElDCOperationResponseMessage.MetaClass.Instance);
if (Msg != null)
{
    byte[] buf = ((TElDCOperationResponseMessage)Msg).KeysRDN.GetFirstValueByOID(SBDCPKIConstants.Unit.SB_OID_DC_SIGNING_CERTIFICATE);
    TElX509Certificate Cert = new TElX509Certificate();
    if (Cert.LoadFromBufferAuto(buf, 0, buf.Length, "") == 0)
    {
        TElMemoryCertStorage storage = new SBCustomCertStorage.TElMemoryCertStorage();
        storage.Add(Cert, false);
        X509Data.CertStorage = storage;
        X509Data.Certificate = Cert;

        Signer.KeyData = X509Data;
        Signer.IncludeKey = true;
    }
}

Signer.CompleteAsyncSign(document, state);

TElXMLVerifier Verifier = new TElXMLVerifier();
TElXAdESVerifier XAdESVerifier = new TElXAdESVerifier();
              
Verifier.XAdESProcessor = XAdESVerifier;
Verifier.Load(Signer.Signature.XMLElement);

SBHTTPTSPClient.TElHTTPTSPClient TSPClient = new SBHTTPTSPClient.TElHTTPTSPClient();
TSPClient.HTTPClient = HTTPClient;
TSPClient.URL = "http://timestamp.digicert.com";
TSPClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;

XAdESVerifier.AddSignatureTimestamp(TSPClient);

XAdESVerifier.OnStoreCertificate += new TSBXAdESStoreCertificateEvent(XAdESSigner_OnStoreCertificate);
XAdESVerifier.OnStoreCRL += new TSBXAdESStoreCRLEvent(XAdESSigner_OnStoreCRL);
XAdESVerifier.OnStoreOCSPResponse += new TSBXAdESStoreOCSPResponseEvent(XAdESSigner_OnStoreOCSPResponse);

XAdESVerifier.OnBeforeCertificateValidate -= new TSBXAdESBeforeCertificateValidateEvent(HandleBeforeCertificateValidate);
XAdESVerifier.OnBeforeCertificateValidate += new TSBXAdESBeforeCertificateValidateEvent(HandleBeforeCertificateValidate);

XAdESVerifier.AddValidationDataRefs();

XAdESVerifier.AddSigAndRefsTimestamp(TSPClient);

XAdESVerifier.AddValidationDataValues();

UpdateReferences(Verifier.References, document);

XAdESVerifier.AddArchiveTimestamp(TSPClient);


So if I don't do the XAdESVerifier.AddValidationDataRefs() it will show as valid. (see attachment)

UPDATE: I added the validation log (ValidationLog.txt) and it seems there is something with the timestamp servers CRL, but I don't understand. Could you please explain?

PROBLEM SOLVED: I used another timestamp server and it solved this issue


[ Download ]

Reply

Statistics

Topic viewed 474 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!