public static void Test(X509IncludeOption include)
{
cert = EndCert ;
X509Chain chain = new X509Chain() ;
chain.Build( cert ) ;
X509ChainElementCollection lmnts = chain.ChainElements ;
KeyInfoX509Data data = new KeyInfoX509Data( cert, include ) ;
ArrayList al = data.Certificates ;
if( al == null ) return ;
for( int i = 0 ; i < al.Count ; i++ )
{
rv = lmnts[i].Certificate.ToString(true) == ((X509Certificate) al[i]).ToString(true) ;
if( !rv )
Console.WriteLine( "i = " + i.ToString() + " and include=" + include.ToString() ) ;
}
Console.WriteLine( "*************************************************************" ) ;
}
static void Test5()
{
data = new KeyInfoX509Data() ;
//add issuer serials
data.AddIssuerSerial( TestCert.IssuerName.Name , TestCert.SerialNumber ) ;
data.AddIssuerSerial( EndCert.IssuerName.Name , EndCert.SerialNumber ) ;
rv = data.IssuerSerials.Count == 2;
byte[] b = { 100, 101 , 102 , 104 } ;
data = new KeyInfoX509Data() ;
data.CRL = b ;
for( int i = 0 ; i < b.Length ; i++ )
{
rv = b[i] == data.CRL[i] ;
}
}
public static void Test4()
{
data = new KeyInfoX509Data() ;
data.AddSubjectKeyId( "SKI0" ) ;
data.AddSubjectKeyId( "SKI1" ) ;
rv = data.SubjectKeyIds.Count == 2 ;
data = new KeyInfoX509Data() ;
data.AddSubjectKeyId( new byte[]{1,2,3,4,5,6} ) ;
data.AddSubjectKeyId( new byte[]{7,8,9,10,11,12} ) ;
rv = data.SubjectKeyIds.Count == 2 ;
}
public static void Test3()
{
cert = TestCert ;
data = new KeyInfoX509Data( cert.Export( X509ContentType.Cert ) ) ;
rv = ((X509Certificate2)data.Certificates[0]).ToString(true) == cert.ToString(true) ;
data = new KeyInfoX509Data( cert ) ;
rv = ((X509Certificate2)data.Certificates[0]).ToString(true) == cert.ToString(true) ;
}
public static string Sign(string xml, X509Certificate2 certificate)
{
if (xml == null) throw new ArgumentNullException("xml");
if (certificate == null) throw new ArgumentNullException("certificate");
if (!certificate.HasPrivateKey) throw new ArgumentException("certificate", "Certificate should have a private key");
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(xml);
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = certificate.PrivateKey;
// Attach certificate KeyInfo
KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate);
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
// Attach transforms
var reference = new Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false));
reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false));
signedXml.AddReference(reference);
// Compute signature
signedXml.ComputeSignature();
var signatureElement = signedXml.GetXml();
// Add signature to bundle
doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true));
return doc.OuterXml;
}
public void InvalidKeyNode1()
{
KeyInfoX509Data data1 = new KeyInfoX509Data();
Assert.Throws <ArgumentNullException>(() => data1.LoadXml(null));
}
/// <summary>
/// Message signing
/// </summary>
public virtual byte[] Sign(
ISignableMessage message,
X509Configuration x509Configuration)
{
if (message == null)
{
throw new ArgumentNullException("message");
}
if (x509Configuration == null ||
x509Configuration.SignatureCertificate == null
)
{
throw new ArgumentNullException("certificate");
}
// first, serialize to XML
var messageBody = this.messageSerializer.Serialize(message, new MessageSerializationParameters()
{
ShouldBase64Encode = false,
ShouldDeflate = false
});
var xml = new XmlDocument();
xml.LoadXml(messageBody);
// sign the node with the id
var reference = new Reference("#" + message.ID);
var envelope = new XmlDsigEnvelopedSignatureTransform(true);
reference.AddTransform(envelope);
// canonicalization
var c14 = new XmlDsigExcC14NTransform();
c14.Algorithm = SignedXml.XmlDsigExcC14NTransformUrl;
reference.AddTransform(c14);
// some more spells depending on SHA1 vs SHA256
var signed = new SignedXml(xml);
signed.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
switch (x509Configuration.SignatureAlgorithm)
{
case SignatureAlgorithm.SHA1:
signed.SigningKey = x509Configuration.SignatureCertificate.PrivateKey;
signed.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
break;
case SignatureAlgorithm.SHA256:
signed.SigningKey = x509Configuration.SignatureCertificate.ToSha256PrivateKey();
signed.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA256Url;
reference.DigestMethod = SignedXml.XmlDsigSHA256Url;
break;
}
if (x509Configuration.IncludeKeyInfo)
{
var key = new System.Security.Cryptography.Xml.KeyInfo();
var keyData = new KeyInfoX509Data(x509Configuration.SignatureCertificate);
key.AddClause(keyData);
signed.KeyInfo = key;
}
// show the reference
signed.AddReference(reference);
// create the signature
signed.ComputeSignature();
var signature = signed.GetXml();
// insert the signature into the document
var element = xml.DocumentElement.ChildNodes[0];
xml.DocumentElement.InsertAfter(xml.ImportNode(signature, true), element);
// log
new LoggerFactory().For(this).Debug(Event.SignedMessage, xml.OuterXml);
// convert
return(this.encoding.GetBytes(xml.OuterXml));
}
public void AddCertificate_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
Assert.Throws <ArgumentNullException>(() => data.AddCertificate(null));
}
public void AddIssuerSerial_Issuer_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data();
AssertExtensions.Throws <ArgumentException>("issuerName", () => data.AddIssuerSerial(null, "serial"));
}
public void Constructor_X509CertificateByteArray_Null()
{
KeyInfoX509Data data = new KeyInfoX509Data((byte[])null);
}
public string FirmarXml(string tramaXml)
{
// Vamos a firmar el XML con la ruta del certificado que está como serializado.
var certificate = new X509Certificate2();
certificate.Import(Convert.FromBase64String(RutaCertificadoDigital),
PasswordCertificado, X509KeyStorageFlags.MachineKeySet);
var xmlDoc = new XmlDocument();
string resultado;
using (var documento = new MemoryStream(Convert.FromBase64String(tramaXml)))
{
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load(documento);
int tipo;
if (TipoDocumento == 1 || TipoDocumento == 2 || TipoDocumento == 3 || TipoDocumento == 4)
{
tipo = 1;
}
else
{
tipo = 0;
}
var nodoExtension = xmlDoc.GetElementsByTagName("ExtensionContent", EspacioNombres.ext)
.Item(tipo);
if (nodoExtension == null)
{
throw new InvalidOperationException("No se pudo encontrar el nodo ExtensionContent en el XML");
}
nodoExtension.RemoveAll();
// Creamos el objeto SignedXml.
var signedXml = new SignedXml(xmlDoc)
{
SigningKey = (RSA)certificate.PrivateKey
};
signedXml.SigningKey = certificate.PrivateKey;
var xmlSignature = signedXml.Signature;
var env = new XmlDsigEnvelopedSignatureTransform();
var reference = new Reference(string.Empty);
reference.AddTransform(env);
xmlSignature.SignedInfo.AddReference(reference);
var keyInfo = new KeyInfo();
var x509Data = new KeyInfoX509Data(certificate);
x509Data.AddSubjectName(certificate.Subject);
keyInfo.AddClause(x509Data);
xmlSignature.KeyInfo = keyInfo;
xmlSignature.Id = "SignatureErickOrlando";
signedXml.ComputeSignature();
// Recuperamos el valor Hash de la firma para este documento.
if (reference.DigestValue != null)
{
DigestValue = Convert.ToBase64String(reference.DigestValue);
}
ValorFirma = Convert.ToBase64String(signedXml.SignatureValue);
nodoExtension.AppendChild(signedXml.GetXml());
var settings = new XmlWriterSettings()
{
Encoding = Encoding.GetEncoding("ISO-8859-1")
};
using (var memDoc = new MemoryStream())
{
using (var writer = XmlWriter.Create(memDoc, settings))
{
xmlDoc.WriteTo(writer);
}
resultado = Convert.ToBase64String(memDoc.ToArray());
}
}
return(resultado);
}
public void WriteContentsTo(
AddressingVersion addressingVersion,
XmlDictionaryWriter writer)
{
if (writer == null)
{
throw new ArgumentNullException("writer");
}
#if MOBILE
if (addressingVersion == AddressingVersion.None)
{
writer.WriteString(Uri.AbsoluteUri);
}
else
{
writer.WriteStartElement("Address", addressingVersion.Namespace);
writer.WriteString(Uri.AbsoluteUri);
writer.WriteEndElement();
}
#else
if (addressingVersion == AddressingVersion.None)
{
writer.WriteString(Uri.AbsoluteUri);
}
else
{
writer.WriteStartElement("Address", addressingVersion.Namespace);
writer.WriteString(Uri.AbsoluteUri);
writer.WriteEndElement();
if (Identity == null)
{
return;
}
if (Headers != null)
{
foreach (AddressHeader ah in Headers)
{
ah.WriteAddressHeader(writer);
}
}
writer.WriteStartElement("Identity", Constants.WsaIdentityUri);
X509CertificateEndpointIdentity x509 =
Identity as X509CertificateEndpointIdentity;
if (x509 != null)
{
KeyInfo ki = new KeyInfo();
KeyInfoX509Data x = new KeyInfoX509Data();
foreach (X509Certificate2 cert in x509.Certificates)
{
x.AddCertificate(cert);
}
ki.AddClause(x);
ki.GetXml().WriteTo(writer);
}
else
{
DataContractSerializer ds = new DataContractSerializer(Identity.IdentityClaim.GetType());
ds.WriteObject(writer, Identity.IdentityClaim);
}
writer.WriteEndElement();
}
#endif
}
static void Asymmetric(string filename)
{
string shortName = Path.GetFileName(filename);
XmlDocument doc = new XmlDocument();
XmlTextReader xtr = new XmlTextReader(GetReader(filename));
XmlValidatingReader xvr = new XmlValidatingReader(xtr);
xtr.Normalization = true;
doc.PreserveWhitespace = true;
doc.Load(xvr);
try {
SignedXml s = null;
if (filename.IndexOf("enveloped") >= 0)
{
s = new SignedXml(doc);
}
else if (filename.IndexOf("signature-big") >= 0)
{
s = new SignedXml(doc);
}
else
{
s = new SignedXml();
}
XmlNodeList nodeList = doc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#");
s.LoadXml((XmlElement)nodeList [0]);
#if false // wanna dump?
Console.WriteLine("\n\nFilename : " + fi.Name);
DumpSignedXml(s);
#endif
// MS doesn't extract the public key out of the certificates
// http://www.dotnet247.com/247reference/a.aspx?u=http://www.kbalertz.com/Feedback_320602.aspx
Mono.Security.X509.X509Certificate mx = null;
foreach (KeyInfoClause kic in s.KeyInfo)
{
if (kic is KeyInfoX509Data)
{
KeyInfoX509Data kix = (kic as KeyInfoX509Data);
if ((kix.Certificates != null) && (kix.Certificates.Count > 0))
{
System.Security.Cryptography.X509Certificates.X509Certificate x509 = (System.Security.Cryptography.X509Certificates.X509Certificate)kix.Certificates [0];
byte[] data = x509.GetRawCertData();
mx = new Mono.Security.X509.X509Certificate(data);
}
}
}
// special cases
// 1- Merlin's certificate resolution (manual)
// 2- Phaos (because Fx doesn't support RetrievalMethod
switch (shortName)
{
case "signature-keyname.xml":
mx = LoadCertificate(GetPath(filename, "lugh.crt"));
break;
case "signature-retrievalmethod-rawx509crt.xml":
mx = LoadCertificate(GetPath(filename, "balor.crt"));
break;
case "signature-x509-is.xml":
mx = LoadCertificate(GetPath(filename, "macha.crt"));
break;
case "signature-x509-ski.xml":
mx = LoadCertificate(GetPath(filename, "nemain.crt"));
break;
case "signature-x509-sn.xml":
mx = LoadCertificate(GetPath(filename, "badb.crt"));
break;
// Phaos
case "signature-big.xml":
case "signature-rsa-manifest-x509-data-issuer-serial.xml":
case "signature-rsa-manifest-x509-data-ski.xml":
case "signature-rsa-manifest-x509-data-subject-name.xml":
case "signature-rsa-detached-xslt-transform-retrieval-method.xml":
mx = LoadCertificate(GetPath(filename, "rsa-cert.der"));
break;
case "signature-rsa-detached-xslt-transform-bad-retrieval-method.xml":
mx = LoadCertificate(GetPath(filename, "dsa-ca-cert.der"));
break;
default:
break;
}
bool result = false;
if (mx != null)
{
if (mx.RSA != null)
{
result = s.CheckSignature(mx.RSA);
}
else if (mx.DSA != null)
{
result = s.CheckSignature(mx.DSA);
}
}
else
{
// use a key existing in the document
result = s.CheckSignature();
}
if (result)
{
Console.WriteLine("valid " + shortName);
valid++;
}
else
{
Console.WriteLine("INVALID {0}", shortName);
invalid++;
}
}
catch (Exception ex) {
Console.WriteLine("EXCEPTION " + shortName + " " + ex);
error++;
}
}
// <Snippet2>
// Sign an XML file and save the signature in a new file.
public static void SignXmlFile(string FileName, string SignedFileName, string SubjectName)
{
if (null == FileName)
{
throw new ArgumentNullException("FileName");
}
if (null == SignedFileName)
{
throw new ArgumentNullException("SignedFileName");
}
if (null == SubjectName)
{
throw new ArgumentNullException("SubjectName");
}
// Load the certificate from the certificate store.
X509Certificate2 cert = GetCertificateBySubject(SubjectName);
// Create a new XML document.
XmlDocument doc = new XmlDocument();
// Format the document to ignore white spaces.
doc.PreserveWhitespace = false;
// Load the passed XML file using it's name.
doc.Load(new XmlTextReader(FileName));
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
// Add the key to the SignedXml document.
signedXml.SigningKey = cert.PrivateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a new KeyInfo object.
KeyInfo keyInfo = new KeyInfo();
// Load the certificate into a KeyInfoX509Data object
// and add it to the KeyInfo object.
// Create an X509IssuerSerial object and add it to the
// KeyInfoX509Data object.
KeyInfoX509Data kdata = new KeyInfoX509Data(cert);
X509IssuerSerial xserial;
xserial.IssuerName = cert.IssuerName.ToString();
xserial.SerialNumber = cert.SerialNumber;
kdata.AddIssuerSerial(xserial.IssuerName, xserial.SerialNumber);
keyInfo.AddClause(kdata);
// Add the KeyInfo object to the SignedXml object.
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
// Save the signed XML document to a file specified
// using the passed string.
using (XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)))
{
doc.WriteTo(xmltw);
xmltw.Close();
}
}
static void Test6() //Xml roundtrip
{
int i = 0 ;
data = new KeyInfoX509Data() ;
//add certs
data.AddCertificate( TestCert ) ;
data.AddCertificate( EndCert ) ;
//add subject name
data.AddSubjectName( TestCert.SubjectName.Name ) ;
data.AddSubjectName( EndCert.SubjectName.Name ) ;
//add subject keys
data.AddSubjectKeyId( new byte[]{1,2,3,4,5,6} ) ;
data.AddSubjectKeyId( new byte[]{7,8,9,10,11,12} ) ;
//add issuer serials
data.AddIssuerSerial( TestCert.IssuerName.Name , TestCert.SerialNumber ) ;
data.AddIssuerSerial( EndCert.IssuerName.Name , EndCert.SerialNumber ) ;
//add the crl
byte[] b = { 100, 101 , 102 , 104 } ;
data.CRL = b ;
KeyInfoX509Data rt = new KeyInfoX509Data() ;
rt.LoadXml( data.GetXml() ) ;
for( i = 0 ; i < rt.CRL.Length ; i++ )
{
rv = rt.CRL[i] == data.CRL[i] ;
}
for( i = 0 ; i < rt.Certificates.Count ; i++ )
{
rv = rt.Certificates[i].ToString() == data.Certificates[i].ToString() ;
}
for( i = 0 ; i < rt.SubjectKeyIds.Count ; i++ )
{
rv = rt.SubjectKeyIds[i].ToString() == data.SubjectKeyIds[i].ToString() ;
}
for( i = 0 ; i < rt.SubjectNames.Count ; i++ )
{
rv = rt.SubjectNames[i].ToString() == data.SubjectNames[i].ToString() ;
}
}
public void AddIssuerSerial_Invalid_Serial()
{
KeyInfoX509Data data = new KeyInfoX509Data();
AssertExtensions.Throws <ArgumentException>("serialNumber", () => data.AddIssuerSerial("issuer", "NotANumber"));
}
static void Test7() //negative LoadXml test
{
try
{
data = new KeyInfoX509Data() ;
data.LoadXml( data.GetXml() ) ;
rv = false ;
}
catch( CryptographicException ce )
{
Console.WriteLine( ce.ToString() ) ;
rv = true ;
}
catch( Exception e )
{
Console.WriteLine( e.ToString() ) ;
rv = false ;
}
try
{
data = new KeyInfoX509Data() ;
data.LoadXml( null ) ;
rv = false ;
}
catch
{
rv = true ;
}
}
public void AddSubjectKeyId_String_Null()
{
KeyInfoX509Data data1 = new KeyInfoX509Data();
Assert.Throws <NullReferenceException>(() => data1.AddSubjectKeyId((string)null));
}
public static void Test2()
{
try
{
data = new KeyInfoX509Data( new X509Certificate2() , X509IncludeOption.WholeChain ) ;
rv = false ;
}
catch( Exception e )
{
Console.WriteLine( e.ToString() ) ;
rv = true ;
}
}
public async Task <FirmadoResponse> FirmarXml(FirmadoRequest request)
{
var task = Task.Factory.StartNew(() =>
{
var response = new FirmadoResponse();
var certificate = new X509Certificate2();
certificate.Import(Convert.FromBase64String(request.CertificadoDigital),
request.PasswordCertificado, X509KeyStorageFlags.MachineKeySet);
var xmlDoc = new XmlDocument();
string resultado;
var betterBytes = Encoding.Convert(Encoding.UTF8,
Encoding.GetEncoding(Formatos.EncodingIso),
Convert.FromBase64String(request.TramaXmlSinFirma));
using (var documento = new MemoryStream(betterBytes))
{
xmlDoc.PreserveWhitespace = false;
xmlDoc.Load(documento);
var indiceNodo = request.UnSoloNodoExtension ? 0 : 1;
var nodoExtension = xmlDoc.GetElementsByTagName("ExtensionContent", EspacioNombres.ext)
.Item(indiceNodo);
if (nodoExtension == null)
{
throw new InvalidOperationException("No se pudo encontrar el nodo ExtensionContent en el XML");
}
nodoExtension.RemoveAll();
// Creamos el objeto SignedXml.
var signedXml = new SignedXml(xmlDoc)
{
SigningKey = certificate.PrivateKey
};
var xmlSignature = signedXml.Signature;
var env = new XmlDsigEnvelopedSignatureTransform();
var reference = new Reference(string.Empty);
reference.AddTransform(env);
xmlSignature.SignedInfo.AddReference(reference);
var keyInfo = new KeyInfo();
var x509Data = new KeyInfoX509Data(certificate);
x509Data.AddSubjectName(certificate.Subject);
keyInfo.AddClause(x509Data);
xmlSignature.KeyInfo = keyInfo;
xmlSignature.Id = "SignOpenInvoicePeru";
signedXml.ComputeSignature();
// Recuperamos el valor Hash de la firma para este documento.
if (reference.DigestValue != null)
{
response.ResumenFirma = Convert.ToBase64String(reference.DigestValue);
}
response.ValorFirma = Convert.ToBase64String(signedXml.SignatureValue);
nodoExtension.AppendChild(signedXml.GetXml());
using (var memDoc = new MemoryStream())
{
using (var writer = XmlWriter.Create(memDoc,
new XmlWriterSettings {
Encoding = Encoding.GetEncoding(Formatos.EncodingIso)
}))
{
xmlDoc.WriteTo(writer);
}
resultado = Convert.ToBase64String(memDoc.ToArray());
}
}
response.TramaXmlFirmado = resultado;
return(response);
});
return(await task);
}
