Runexception in CAdES Conformance Checker

[fatihplt]

There are two CAdES-A signature files named valid and invalid in the attached cades_files.zip. The error I get in the checker for the file that cannot be verified is as shown in the image. I tested in other applications that there is no problem with the archive timestamp. But I cannot understand the error in the image here. Thanks.

cades_files.zip

using var toTimestamp = new MemoryStream();

                var contentInfo = _cmsSignedData.ContentInfo;
                var signedData = BcCms.SignedData.GetInstance(contentInfo.Content);

                var content = signedData.EncapContentInfo;

                if (content == null || content.Content == null)
                {
                    if (originalDocument != null)
                        toTimestamp.Write(Streams.ReadAll(originalDocument.Stream));
                    else
                        throw new Exception("İmza Original veri İçermiyor");
                }
                else
                {
                    toTimestamp.Write(content.GetDerEncoded());
                }

                var certificates = signedData.Certificates;

                if (certificates != null)
                {
                    var certificatesBytes = new DerTaggedObject(false, 0, new DerSequence(certificates.ToArray())).GetEncoded();
                    toTimestamp.Write(certificatesBytes);
                }

                if (signedData.CRLs != null)
                {
                    var crlBytes = signedData.CRLs.GetEncoded();
                    toTimestamp.Write(crlBytes);
                }                

                var signerInfo = signerInformation.ToSignerInfo();

                var signerByteArrayOutputStream = new MemoryStream();

                var unauthenticatedAttributes = signerInfo.UnauthenticatedAttributes;

                var tsTokens = signerInformation.GetSignatureTimestamps();

                if (unauthenticatedAttributes == null)
                    return null;

                var filteredUnauthenticatedAttributes = FilterUnauthenticatedAttributes(unauthenticatedAttributes, tsTokens);

                var asn1Object = SignerInfoEncoded(signerInfo, filteredUnauthenticatedAttributes);

                foreach (var crnAsn1Object in asn1Object)
                {
                    var signerInfoBytes = crnAsn1Object.ToAsn1Object().GetDerEncoded();

                    signerByteArrayOutputStream.Write(signerInfoBytes);
                }

                toTimestamp.Write(signerByteArrayOutputStream.ToArray());

                return toTimestamp.ToArray();

[jccruellas]

Dear Fatihplt,

Thank you very much for the report, and sorry for not reacting before. I will take a look to your signatures asap and will come back to you with my findings.

Best regards Juan Carlos Cruellas

[jccruellas]

Dear Fatih Polat,

I have gone through the CAdESCC. There was indeed an error, which I have fixed in my local copy of the CAdESCC. This error was the cause of the exception thrown.

However, I have noticed that the archive time-stamp that you included in your CAdES signature had the OID corresponding to ArchiveTimeStampV2. CAdESCC is able to deal with ArchiveTimeStampV3. Therefore, even once solved the error in the code, CAdESCC is not able to deal with the check of the message imprint of ArchiveTimeStampV2.

Please note that ArchiveTimeStampV2 was deprecated by ETSI EN 319 122-1, and in clause A.2.4, it says that New ATSv2 attributes shall not be created.

I have noticed that your signatures only have one archive-time-stamp, and that it is an ATSv2. I understand that this ATSv2 has been generated now, so this goes against the requirements in EN 319 122-1.

As ATSv2 was deprecated in EN 319 122-1, CAdESCC does not incorporate code for checking it.

Once again, thank you very much for using the CAdESCC.

I will upload the new version of CAdESCC to the ETSI Portal. I will let you know when I have done it.

[jccruellas]

Good morning. The new version of CAdESCC is now deployed at ETSI server. It throws a warning on hitting an archivetimestampV2. Once again, thanks for using CAdESCC.

Would you agree in closing the issue?

[fatihplt]

Dear jccruellas,

Thank you for your interest in my problem. Thank you also for developing CAdESCC.

[jccruellas]

Dear Fatih POLAT,

You are welcome. Thank you for using the CAdESCC. Best regards Juan-Carlos Cruellas