private static X509Certificate2 CheckSigner(this TimeStampToken tst, Timestamp value)
{
BC.X509Certificate signerBc = tst.GetSigner();
if (signerBc == null)
{
trace.TraceEvent(TraceEventType.Warning, 0, "The signer of the time-stamp {0} isn't found", tst.TimeStampInfo.SerialNumber);
X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "Signer not found");
return(null);
}
//check the signature
try
{
tst.Validate(signerBc);
}
catch (Exception e)
{
trace.TraceEvent(TraceEventType.Warning, 0, "The signature from {1} of the time-stamp {0} is invalid: {2}", tst.TimeStampInfo.SerialNumber, signerBc.SubjectDN, e.Message);
X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "Time-stamp not signed by indicated certificate: " + e.Message);
}
//check if the certificate may be used for time-stamping
IList signerExtKeyUsage = signerBc.GetExtendedKeyUsage();
if (!signerExtKeyUsage.Contains("1.3.6.1.5.5.7.3.8"))
{
trace.TraceEvent(TraceEventType.Warning, 0, "The signer {1} of the time-stamp {0} isn't allowed to sign timestamps", tst.TimeStampInfo.SerialNumber, signerBc.SubjectDN);
X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "The certificate may not be used for timestamps");
}
return(new X509Certificate2(signerBc.GetEncoded()));
}