/** Reads
* keyInfo{
* deprecated{
* kh{"true"}
* vt{"true"}
* }
* valueType{
* ca{"incremental"}
* h0{"single"}
* kr{"multiple"}
* vt{"multiple"}
* x0{"any"}
* }
* }
*/
private static void GetKeyInfo(UResourceBundle keyInfoRes)
{
ISet <string> _deprecatedKeys = new JCG.HashSet <string>();
IDictionary <string, KeyTypeDataValueType> _valueTypes = new JCG.LinkedDictionary <string, KeyTypeDataValueType>();
foreach (var keyInfoEntry in keyInfoRes)
{
string key = keyInfoEntry.Key;
KeyInfoType keyInfo = (KeyInfoType)Enum.Parse(typeof(KeyInfoType), key, true);
foreach (var keyInfoEntry2 in keyInfoEntry)
{
string key2 = keyInfoEntry2.Key;
string value2 = keyInfoEntry2.GetString();
switch (keyInfo)
{
case KeyInfoType.deprecated:
_deprecatedKeys.Add(key2);
break;
case KeyInfoType.valueType:
_valueTypes[key2] = (KeyTypeDataValueType)Enum.Parse(typeof(KeyTypeDataValueType), value2, true);
break;
}
}
}
DEPRECATED_KEYS = _deprecatedKeys.AsReadOnly();
VALUE_TYPES = _valueTypes.AsReadOnly();
}
/** Reads
* keyInfo{
* deprecated{
* kh{"true"}
* vt{"true"}
* }
* valueType{
* ca{"incremental"}
* h0{"single"}
* kr{"multiple"}
* vt{"multiple"}
* x0{"any"}
* }
* }
*/
private static void GetKeyInfo(UResourceBundle keyInfoRes)
{
ISet <string> _deprecatedKeys = new HashSet <string>();
IDictionary <string, ValueType> _valueTypes = new Dictionary <string, ValueType>(); // ICU4N NOTE: As long as we don't delete, Dictionary keeps insertion order the same as LinkedHashMap
foreach (var keyInfoEntry in keyInfoRes)
{
string key = keyInfoEntry.Key;
KeyInfoType keyInfo = (KeyInfoType)Enum.Parse(typeof(KeyInfoType), key, true);
foreach (var keyInfoEntry2 in keyInfoEntry)
{
string key2 = keyInfoEntry2.Key;
string value2 = keyInfoEntry2.GetString();
switch (keyInfo)
{
case KeyInfoType.deprecated:
_deprecatedKeys.Add(key2);
break;
case KeyInfoType.valueType:
_valueTypes[key2] = (ValueType)Enum.Parse(typeof(ValueType), value2, true);
break;
}
}
}
DEPRECATED_KEYS = _deprecatedKeys.ToUnmodifiableSet();
VALUE_TYPES = _valueTypes.ToUnmodifiableDictionary();
}
private KeyInfo createKeyInfo(CertificateX509 certificate, string keyInfoType)
{
KeyInfo keyInfo = new KeyInfo();
KeyInfoType kinfo = KeyInfoTypeUtils.getKeyInfoType(keyInfoType, this.error);
switch (kinfo)
{
case KeyInfoType.KeyValue:
if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "RSA"))
{
keyInfo.AddClause(new RSAKeyValue((RSA)certificate.getPublicKeyXML()));
}
else
{
keyInfo.AddClause(new DSAKeyValue((DSA)certificate.getPublicKeyXML()));
}
break;
case KeyInfoType.X509Certificate:
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data();
keyInfoX509Data.AddCertificate((X509Certificate)certificate.Cert);
keyInfoX509Data.AddSubjectName(certificate.Cert.SubjectName.Name);
keyInfoX509Data.AddIssuerSerial(certificate.Cert.IssuerName.Name, certificate.Cert.SerialNumber);
keyInfo.AddClause((KeyInfoClause)keyInfoX509Data);
break;
case KeyInfoType.NONE:
keyInfo = null;
break;
}
return(keyInfo);
}
public void xr_KeyInfoType()
{
Console.Out.WriteLine("serialization KeyInfoType");
KeyInfoType r = new KeyInfoType();
XmlSerializer xr = new XmlSerializer(typeof(KeyInfoType));
StringWriter sw = new StringWriter();
xr.Serialize(sw, r);
System.Console.Out.WriteLine(sw.ToString());
}
private void bulkTestWithKeyInfoID(CertificateX509 certificate, PrivateKeyManager key, string pathSigned)
{
XmlDSigSigner signer = new XmlDSigSigner();
string pathSignedID = pathSigned + "_id";
for (int c = 0; c < arrayCanonicalization.Length; c++)
{
/**** TEST FILES ****/
optionsID.DSigSignatureType = dSigType;
optionsID.Canonicalization = arrayCanonicalization[c];
optionsID.XmlSchemaPath = xmlIDSchemaPath;
bool signedFile = signer.DoSignFileElement(xmlUnsignedIDPathFile, id, key, certificate,
Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), optionsID);
Assert.IsTrue(signedFile);
True(signedFile, signer);
bool verifyFile = false;
optionsID.XmlSchemaPath = "";
KeyInfoType keyInfo = KeyInfoTypeUtils.getKeyInfoType(optionsID.KeyInfoType, error);
if (keyInfo != KeyInfoType.NONE)
{
verifyFile = signer.DoVerifyFile(Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), optionsID);
}
else
{
verifyFile = signer.DoVerifyFileWithCert(Path.Combine(xmlSignedPathRoot, pathSignedID + ".xml"), certificate,
optionsID);
}
True(verifyFile, signer);
/**** TEST STRINGS ****/
optionsID.XmlSchemaPath = xmlIDSchemaPath;
string signedString = signer.DoSignElement(xmlUnsignedID, id, key, certificate, optionsID);
bool resultSignString = false;
optionsID.XmlSchemaPath = "";
if (keyInfo != KeyInfoType.NONE)
{
resultSignString = signer.DoVerify(signedString, optionsID);
}
else
{
resultSignString = signer.DoVerifyWithCert(signedString, certificate, optionsID);
}
Assert.IsTrue(resultSignString);
True(resultSignString, signer);
}
}
private void bulkTestWithKeyInfoXPath(CertificateX509 certificate, PrivateKeyManager key, string pathSigned)
{
#if NETCORE
//******Net Core no tiene habilitado usar la transform xpath******//
Assert.IsTrue(true);
#else
XmlDSigSigner signer = new XmlDSigSigner();
string pathSignedXPath = pathSigned + "_xPAth";
for (int c = 0; c < arrayCanonicalization.Length; c++)
{
/**** TEST FILES ****/
optionsXPath.DSigSignatureType = dSigType;
optionsXPath.Canonicalization = arrayCanonicalization[c];
bool signedFile = signer.DoSignFileElement(xmlUnsignedXPathFile, xPath, key, certificate,
Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), optionsXPath);
Assert.IsTrue(signedFile);
True(signedFile, signer);
bool verifyFile = false;
KeyInfoType keyInfo = KeyInfoTypeUtils.getKeyInfoType(optionsXPath.KeyInfoType, error);
if (keyInfo != KeyInfoType.NONE)
{
verifyFile = signer.DoVerifyFile(Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), optionsXPath);
}
else
{
verifyFile = signer.DoVerifyFileWithCert(Path.Combine(xmlSignedPathRoot, pathSignedXPath + ".xml"), certificate,
optionsXPath);
}
//True(verifyFile, signer);
/**** TEST STRINGS ****/
string signedString = signer.DoSignElement(xmlUnsignedXPath, xPath, key, certificate, optionsXPath);
bool resultSignString = false;
if (keyInfo != KeyInfoType.NONE)
{
resultSignString = signer.DoVerify(signedString, optionsXPath);
}
else
{
resultSignString = signer.DoVerifyWithCert(signedString, certificate, optionsXPath);
}
//True(resultSignString, signer);
}
#endif
}
public static string valueOf(KeyInfoType keyInfoType, Error error)
{
switch (keyInfoType)
{
case KeyInfoType.NONE:
return("NONE");
case KeyInfoType.KeyValue:
return("KeyValue");
case KeyInfoType.X509Certificate:
return("X509Certificate");
default:
error.setError("KI002", "Unrecognized KeyInfoType");
return("");
}
}
/// <summary>
/// קבלת מידע על שורה אחת מסויימת מתוך הקובץ הנוכחי.
/// </summary>
/// <param name="t">סוג המידע להחזרה</param>
/// <param name="findByKey">מציאת המידע לפי מפתח</param>
/// <param name="findByValue">מציאת המידע לפי ערך</param>
/// <param name="findByLine">מציאת המידע לפי מספר שורה</param>
/// <returns>המידע שהתבקש, או כלום אם הפעולה לא הצליחה</returns>
public object GetKeyInfo(KeyInfoType t, string findByKey = "", string findByValue = "", int findByLine = 0)
{
try
{
if (findByKey.Length > 0)
{
switch (t)
{
case KeyInfoType.Key: return(findByKey);
case KeyInfoType.Value: return(GetKey(findByKey));
case KeyInfoType.Line:
{
string[] lines = File.ReadAllLines(path);
for (int i = 0; i < lines.Length; i++)
{
if (NoticeThisLine(lines[i]) && SplitThisLine(lines[i], LineSplitMode.GetKey) == findByKey)
{
return(i + 1);
}
}
return(0);
}
default: return(null);
}
}
else if (findByValue.Length > 0)
{
switch (t)
{
case KeyInfoType.Key:
{
string[] lines = File.ReadAllLines(path);
for (int i = 0; i < lines.Length; i++)
{
if (NoticeThisLine(lines[i]) && SplitThisLine(lines[i], LineSplitMode.GetValue) == findByValue)
{
return(SplitThisLine(lines[i], LineSplitMode.GetKey));
}
}
return(string.Empty);
}
case KeyInfoType.Value: return(findByValue);
case KeyInfoType.Line:
{
string[] lines = File.ReadAllLines(path);
for (int i = 0; i < lines.Length; i++)
{
if (NoticeThisLine(lines[i]) && SplitThisLine(lines[i], LineSplitMode.GetValue) == findByValue)
{
return(i + 1);
}
}
return(0);
}
default: return(null);
}
}
else if (findByLine > 0)
{
switch (t)
{
case KeyInfoType.Key: return(SplitThisLine(File.ReadAllLines(path)[findByLine], LineSplitMode.GetKey));
case KeyInfoType.Value: return(SplitThisLine(File.ReadAllLines(path)[findByLine], LineSplitMode.GetValue));
case KeyInfoType.Line: return(findByLine);
default: return(null);
}
}
}
catch
{
return(null);
}
return(null);
}
/*
* Validation
*/
private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
/*
* Validation
*/
private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
