static void Main(string[] args)
{
foreach (var xml in xmlList)
{
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(xml);
Console.WriteLine("===> ORIGINAL <====");
Console.WriteLine(xmlDocument.InnerXml);
Console.WriteLine("===> C14N <====");
var transformXml = new XmlDsigExcC14NTransform();
transformXml.LoadInput(xmlDocument);
var stream = transformXml.GetOutput(typeof(Stream)) as Stream;
var reader = new StreamReader(stream);
Console.WriteLine(reader.ReadToEnd());
Console.WriteLine("===> C14N#WithComments <====");
transformXml = new XmlDsigExcC14NTransform(true);
transformXml.LoadInput(xmlDocument);
stream = transformXml.GetOutput(typeof(Stream)) as Stream;
reader = new StreamReader(stream);
Console.WriteLine(reader.ReadToEnd());
Console.WriteLine();
}
}
public static string GetDocument(SignedXmlDocument doc)
{
Transform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(doc.Document.GetXmlDocument());
return(new StreamReader((MemoryStream)transform.GetOutput()).ReadToEnd());
}
public string CanonicalizeXml(string xml)
{
var document = new XmlDocument
{
PreserveWhitespace = false
};
document.LoadXml(xml);
var nodes = document.SelectNodes("/descendant-or-self::node() | //@* | //namespace::*");
Debug.Assert(nodes != null, "nodes != null");
//
// Canonicalize the document.
// <node /> expands to <node></node>, attributes are placed into
// alphabetical order, etc.
//
var transform = new XmlDsigExcC14NTransform();
transform.LoadInput(nodes);
using (var stream = (MemoryStream)transform.GetOutput(typeof(Stream)))
{
using (var reader = new StreamReader(stream))
{
return(reader.ReadToEnd());
}
}
}
private object UseXmlDocumentTransform(Type type)
{
var innerTransform = new XmlDsigExcC14NTransform();
innerTransform.LoadInput(this._inputStream);
return(innerTransform.GetOutput(type));
}
public byte[] CanonicalizeUsingClrLibrary(object input)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform(_includeComments, _inclusivePrefixes);
t.LoadInput(input);
MemoryStream s = (MemoryStream)t.GetOutput(typeof(Stream));
return(s.ToArray());
}
string C14N(string xml)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xml);
t.LoadInput(doc);
return(new StreamReader(t.GetOutput() as Stream).ReadToEnd());
}
public void StoreMessage(XmlReader reader)
{
doc.RemoveAll();
doc.AppendChild(doc.ReadNode(reader));
t.LoadInput(doc);
MemoryStream s = (MemoryStream)t.GetOutput();
byte [] bytes = s.ToArray();
stream.Write(bytes, 0, bytes.Length);
}
/// <summary>
/// Add a timestamp to the signature, complaint with the XAdES-T 1.3.1 standard.
/// </summary>
/// <remarks>
/// Requires a Timestamp Provider <see cref="XadesCreator.TimestampProvider"/>
/// </remarks>
/// <param name="signature">The signature to extend</param>
/// <exception cref="ArgumentNullException">When the signature is null</exception>
/// <exception cref="InvalidOperationException">When no timestamp provider is set</exception>
public void ExtendToXadesT(ref XmlElement signature)
{
if (signature == null)
{
throw new ArgumentNullException("signature", "A signature is required");
}
if (TimestampProvider == null)
{
throw new InvalidOperationException("The timestamp provider is required for XAdES-T");
}
var timestamp = new XmlDocument();
timestamp.Load(Assembly.GetExecutingAssembly().GetManifestResourceStream("IM.Xades.Resources.Timestamp.xml"));
var timestampValue = (XmlElement)timestamp.SelectSingleNode("//xades:EncapsulatedTimeStamp", nsMgr);
XmlNode sigValue = signature.SelectSingleNode("./ds:SignatureValue", nsMgr);
//Serialize because the C14N overloads wich accepts lists is totaly wrong (it C14N's the document)
MemoryStream stream = new MemoryStream();
using (var writer = XmlWriter.Create(stream))
{
sigValue.WriteTo(writer);
}
stream.Seek(0, SeekOrigin.Begin);
//Canocalize the signature value
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(stream);
var canonicalized = (Stream)transform.GetOutput(typeof(Stream));
//hash the canocalized version
SHA256 sha256 = SHA256.Create();
byte[] hashed = sha256.ComputeHash(canonicalized);
//Get the timestamp.
byte[] timestampHash = TimestampProvider.GetTimestampFromDocumentHash(hashed, "http://www.w3.org/2001/04/xmlenc#sha256");
timestampValue.InnerText = Convert.ToBase64String(timestampHash);
var qProps = (XmlElement)signature.SelectSingleNode("./ds:Object/xades:QualifyingProperties", nsMgr);
var unsignedProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedProperties", Extra.XadesTools.NS);
qProps.AppendChild(unsignedProps);
var unsignedSigProps = qProps.OwnerDocument.CreateElement("xades", "UnsignedSignatureProperties", Extra.XadesTools.NS);
unsignedProps.AppendChild(unsignedSigProps);
var imported = unsignedSigProps.OwnerDocument.ImportNode(timestamp.DocumentElement, true);
unsignedSigProps.AppendChild(imported);
}
void AppendNegotiationMessageXml(XmlReader reader, TlsServerSessionInfo tlsInfo)
{
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
reader.MoveToContent();
doc.AppendChild(doc.ReadNode(reader));
t.LoadInput(doc);
MemoryStream stream = (MemoryStream)t.GetOutput();
byte [] bytes = stream.ToArray();
tlsInfo.Messages.Write(bytes, 0, bytes.Length);
}
/// <summary>
/// Выполнить каноникализацию XML-узла
/// </summary>
/// <param name="node">
/// Узел
/// </param>
/// <returns>
/// Каноникализированный XM-текст
/// </returns>
public static string Canonicalize(this XmlNode node)
{
var transform = new XmlDsigExcC14NTransform();
var document = new XmlDocument();
document.LoadXml(node.OuterXml);
transform.LoadInput(document);
using (var stream = (Stream)transform.GetOutput())
using (var reader = new StreamReader(stream))
{
return(reader.ReadToEnd());
}
}
public Stream CanonicalizeNode(XmlElement nodeToCanon)
{
XmlNode node = (XmlNode)nodeToCanon;
XmlNodeReader reader = new XmlNodeReader(node);
Stream stream = new MemoryStream();
XmlWriter writer = new XmlTextWriter(stream, Encoding.UTF8);
writer.WriteNode(reader, false);
writer.Flush();
stream.Position = 0;
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(stream);
return(transform.GetOutput() as Stream);
}
private byte[] GetSignedInfoForVerification(XmlElement si)
{
XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false);
XmlDocument d = new XmlDocument();
d.AppendChild(d.ImportNode(si, true));
canon.LoadInput(d);
byte[] csi;
using (MemoryStream ms = new MemoryStream())
{
((Stream)canon.GetOutput()).CopyTo(ms);
csi = ms.GetBuffer();
}
return(csi);
}
public void SimpleNamespacePrefixes()
{
string input = "<a:Action xmlns:a='urn:foo'>http://tempuri.org/IFoo/Echo</a:Action>";
string expected = @"<a:Action xmlns:a=""urn:foo"">http://tempuri.org/IFoo/Echo</a:Action>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(input);
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(doc);
Stream s = t.GetOutput() as Stream;
Assert.Equal(new StreamReader(s, Encoding.UTF8).ReadToEnd(), expected);
}
public void PropagatedNamespaces()
{
XmlDocument doc = new XmlDocument();
doc.AppendChild(doc.CreateElement("foo", "urn:foo"));
doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar"));
Assert.AreEqual(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f"), "#1");
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(doc);
t.PropagatedNamespaces.Add("f", "urn:foo");
t.PropagatedNamespaces.Add("b", "urn:bar");
Stream s = t.GetOutput() as Stream;
Assert.AreEqual(new StreamReader(s, Encoding.UTF8).ReadToEnd(), "<f:foo xmlns:f=\"urn:foo\"><b:bar xmlns:b=\"urn:bar\"></b:bar></f:foo>");
Assert.AreEqual("urn:foo", doc.DocumentElement.GetAttribute("xmlns:f"), "#2");
}
public void Test(SignedXmlDocument doc)
{
Console.WriteLine("================== Certificate Test ==================");
var certVipNet = doc.CertificateValue.Value;
var result = doc.CertificateValue.Value == Convert.ToBase64String(Certificate.GetRawCertData());
Console.WriteLine("Test done: {0}", result);
Console.WriteLine("======================================================");
Console.WriteLine("================ Canonicalization Test ================");
var doc2 = doc.Document.GetXmlDocument();
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
var bodyNode = doc.Body.GetXmlNode();
t.LoadInput(bodyNode);
Stream canonicalXmlStream = (MemoryStream)t.GetOutput(typeof(Stream));
var canonicalXml = new StreamReader(canonicalXmlStream).ReadToEnd();
var t2 = new XmlDsigC14NTransform();
t2.LoadInput(doc.Body.GetXmlNode());
Stream canonicalXmlStream2 = (MemoryStream)t2.GetOutput(typeof(Stream));
var canonicalXml2 = new StreamReader(canonicalXmlStream2).ReadToEnd();
Console.WriteLine(canonicalXml == canonicalXml2);
Console.WriteLine(canonicalXml);
Console.WriteLine("======================================================");
var signedXml = new SignedXml(doc2);
var reference = new Reference("#body");
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
Hash hash = new VipNetCrytoProvider().HashData(canonicalXml);
Console.WriteLine(hash.Base64);
Console.WriteLine(hash.Hex);
Console.WriteLine("CorrectHashExample: {0}", CorrectHashExample);
Console.WriteLine("CorrectHashExampleHex: {0}", Convert.FromBase64String(CorrectHashExample).ByteArrayToString());
}
private void VerifyGivenDigest(Verification v, XmlElement si)
{
StringBuilder sb = new StringBuilder();
XmlWriterSettings settings = new XmlWriterSettings
{
Indent = false,
CloseOutput = true,
Encoding = Encoding.UTF8,
NewLineChars = "\n"
};
XmlWriter xw = XmlWriter.Create(sb, settings);
fragmentExtractor.Transform(XmlReader.Create(new StringReader(v.GetParentPrescription().OuterXml)), null, xw);
XmlDocument fragments = new XmlDocument();
fragments.LoadXml(sb.ToString());
XmlDsigExcC14NTransform canon = new XmlDsigExcC14NTransform(false);
canon.LoadInput(fragments);
StreamReader sr = new StreamReader((Stream)canon.GetOutput());
string xf = sr.ReadToEnd();
byte[] fragmentHash;
if (v.HasSHA256Hash)
{
fragmentHash = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(xf));
}
else
{
fragmentHash = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(xf));
}
string fh64 = Convert.ToBase64String(fragmentHash);
XmlNodeList nl = si.GetElementsByTagName("DigestValue", "http://www.w3.org/2000/09/xmldsig#");
if (nl.Count == 0)
{
throw new Exception("DigestValue element not found");
}
string c = ((XmlElement)nl.Item(0)).InnerText;
if (!c.Equals(fh64))
{
throw new Exception("Digest match failure");
}
}
public static string GetDigestValue_SHA1(string XML, string URI = "infNFe")
{
XmlDocument docSource = new XmlDocument();
docSource.PreserveWhitespace = false;
docSource.LoadXml(XML);
var serializer = new XmlDsigExcC14NTransform();
string toBeCanonicalized = docSource.GetElementsByTagName(URI).Item(0).OuterXml;
XmlDocument docCanonicalized = new XmlDocument();
docCanonicalized.LoadXml(toBeCanonicalized);
serializer.LoadInput(docCanonicalized);
string c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd();
var HashAlg = SHA1.Create();
byte[] hash = HashAlg.ComputeHash(Encoding.UTF8.GetBytes(c14n));
var stHash = Convert.ToBase64String(hash);
return(stHash);
}
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat)
{
if (oldFormat)
{
XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform();
excC14Ntransform.LoadInput((object)manifestDom);
using (SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider())
{
byte[] hash = cryptoServiceProvider.ComputeHash((Stream)(excC14Ntransform.GetOutput() as MemoryStream));
if (hash == null)
{
throw new CryptographicException(-2146869232);
}
return(hash);
}
}
else
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
using (TextReader input = (TextReader) new StringReader(manifestDom.OuterXml))
{
XmlReader reader = XmlReader.Create(input, new XmlReaderSettings()
{
DtdProcessing = DtdProcessing.Parse
}, manifestDom.BaseURI);
xmlDocument.Load(reader);
}
XmlDsigExcC14NTransform excC14Ntransform = new XmlDsigExcC14NTransform();
excC14Ntransform.LoadInput((object)xmlDocument);
using (SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider())
{
byte[] hash = cryptoServiceProvider.ComputeHash((Stream)(excC14Ntransform.GetOutput() as MemoryStream));
if (hash == null)
{
throw new CryptographicException(-2146869232);
}
return(hash);
}
}
}
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat)
{
if (oldFormat)
{
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(manifestDom);
using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider())
{
byte[] buffer = provider.ComputeHash(transform.GetOutput() as MemoryStream);
if (buffer == null)
{
throw new CryptographicException(-2146869232);
}
return(buffer);
}
}
XmlDocument document = new XmlDocument {
PreserveWhitespace = true
};
using (TextReader reader = new StringReader(manifestDom.OuterXml))
{
XmlReaderSettings settings = new XmlReaderSettings {
DtdProcessing = DtdProcessing.Parse
};
XmlReader reader2 = XmlReader.Create(reader, settings, manifestDom.BaseURI);
document.Load(reader2);
}
XmlDsigExcC14NTransform transform2 = new XmlDsigExcC14NTransform();
transform2.LoadInput(document);
using (SHA1CryptoServiceProvider provider2 = new SHA1CryptoServiceProvider())
{
byte[] buffer2 = provider2.ComputeHash(transform2.GetOutput() as MemoryStream);
if (buffer2 == null)
{
throw new CryptographicException(-2146869232);
}
return(buffer2);
}
}
private byte[] CanonicalizeSignedInfo(XmlNode signatureElement)
{
var signedInfoNode = signatureElement.SelectSingleNode("ds:SignedInfo", Manager);
var reader = new XmlNodeReader(signedInfoNode);
var stream = UnistreamReuse.Create();
var writer = new XmlTextWriter(stream, Encoding.UTF8);
writer.WriteNode(reader, false);
writer.Flush();
stream.Position = 0;
var transform = new XmlDsigExcC14NTransform();
transform.LoadInput(stream);
stream.Release();
var signedInfoStream = (Stream)transform.GetOutput();
var signedBytes = new byte[signedInfoStream.Length];
signedInfoStream.Read(signedBytes, 0, signedBytes.Length);
return(signedBytes);
}
public void PropagatedNamespaces()
{
XmlDocument doc = new XmlDocument();
doc.AppendChild(doc.CreateElement("foo", "urn:foo"));
doc.DocumentElement.AppendChild(doc.CreateElement("bar", "urn:bar"));
Assert.Equal(String.Empty, doc.DocumentElement.GetAttribute("xmlns:f"));
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(doc);
t.PropagatedNamespaces.Add("f", "urn:foo");
t.PropagatedNamespaces.Add("b", "urn:bar");
using (Stream s = t.GetOutput() as Stream)
using (StreamReader streamReader = new StreamReader(s, Encoding.UTF8))
{
string result = streamReader.ReadToEnd();
Assert.Equal(result,
"<foo xmlns=\"urn:foo\"><bar xmlns=\"urn:bar\"></bar></foo>");
Assert.Equal("urn:foo", doc.DocumentElement.NamespaceURI);
}
}
public bool C14NExc()
{
try
{
XmlDocument document = new XmlDocument {
PreserveWhitespace = false
};
document.LoadXml(this.XMLContent);
MemoryStream output = new MemoryStream();
XmlWriter w = XmlWriter.Create(output);
document.WriteTo(w);
w.Flush();
output.Position = 0L;
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.LoadInput(output);
this.XMLCanonicalizerResult = ((MemoryStream)transform.GetOutput(typeof(Stream))).ToArray();
return(true);
}
catch (Exception)
{
return(false);
}
}
public SoapSignature BuildSignatureWithEid(SoapEnvelope soapEnvelope, string pin, IBeIdCardConnector connector)
{
if (soapEnvelope == null)
{
throw new ArgumentNullException(nameof(soapEnvelope));
}
if (string.IsNullOrWhiteSpace(pin))
{
throw new ArgumentNullException(nameof(pin));
}
if (connector == null)
{
throw new ArgumentNullException(nameof(connector));
}
var serializer = new SoapMessageSerializer(); // Serialize into XML.
var xmlDocument = serializer.Serialize(soapEnvelope);
string xml = null;
using (var strWriter = new StringWriter())
{
using (var xmlTextWriter = XmlWriter.Create(strWriter))
{
xmlDocument.WriteTo(xmlTextWriter);
xmlTextWriter.Flush();
xml = strWriter.GetStringBuilder().ToString();
}
}
var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable); // 1. Construct the SignedInfo.
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsu, Common.Saml.Constants.XmlNamespaces.Wsu);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.SoapEnv, Common.Saml.Constants.XmlNamespaces.SoapEnvelope);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds);
var bodyTokenNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.SoapEnv}:Body", nsmgr);
var timeStampNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.Wsu}:Timestamp", nsmgr);
var binaryTokenNode = xmlDocument.SelectSingleNode($"//{Common.Saml.Constants.XmlPrefixes.Wsse}:BinarySecurityToken", nsmgr);
var timeStampId = timeStampNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value;
var binaryTokenId = binaryTokenNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value;
var bodyTokenId = bodyTokenNode.Attributes[$"{Common.Saml.Constants.XmlPrefixes.Wsu}:Id"].Value;
var signatureNode = Canonilize(xml, new[]
{
timeStampId,
binaryTokenId,
bodyTokenId
});
var c14Serializer = new XmlDsigExcC14NTransform(); // 2. Compute the signature value.
var c14Doc = new XmlDocument();
c14Doc.LoadXml(signatureNode.FirstChild.OuterXml);
c14Serializer.LoadInput(c14Doc);
var c14n = new StreamReader((Stream)c14Serializer.GetOutput(typeof(Stream))).ReadToEnd();
var signedInfoPayload = Encoding.UTF8.GetBytes(c14n);
var b64 = Convert.ToBase64String(signedInfoPayload);
byte[] hashResult = null;
using (var sha = new SHA1CryptoServiceProvider())
{
hashResult = sha.ComputeHash(signedInfoPayload);
}
var b64Hash = Convert.ToBase64String(hashResult);
byte[] signatureValue = null; // 3. Construct the result.
var certificate = connector.GetAuthenticateCertificate();
var applicationName = "medikit";
var digestAlgo = BeIDDigest.Sha1;
var fileType = FileType.NonRepudiationCertificate;
var requireSecureReader = false;
signatureValue = connector.SignWithNoneRepudationCertificate(hashResult, digestAlgo, requireSecureReader, applicationName, pin);
var signatureValueB64 = Convert.ToBase64String(signatureValue);
var soapKeyInfo = new SoapKeyInfo(GenerateId("KI"),
GenerateId("STR"),
$"#{binaryTokenId}");
var result = new SoapSignature(GenerateId("SIG"), signatureValueB64, soapKeyInfo);
var referenceNodes = signatureNode.SelectNodes($"//{Common.Saml.Constants.XmlPrefixes.Ds}:Reference", nsmgr);
foreach (XmlNode referenceNode in referenceNodes)
{
var uri = referenceNode.Attributes["URI"].Value;
var digestValueNode = referenceNode.SelectSingleNode($"{Common.Saml.Constants.XmlPrefixes.Ds}:DigestValue", nsmgr);
result.References.Add(new SoapReference(uri, digestValueNode.InnerText));
}
return(result);
}
public void WhenAuthenticateUserWithSamlTokenThenNoExceptionIsThrown()
{
string outerXml;
XmlDocument xmlDocument;
SoapEnvelope soapEnvelope;
var beIdCardConnector = new BeIdCardConnector();
var context = beIdCardConnector.EstablishContext();
var readers = beIdCardConnector.GetReaders();
var connection = beIdCardConnector.Connect(readers.First());
var ehealthSamlTokenRequestBuilder = new EhealthSamlTokenRequestBuilder(); // 1. Construct SAML token.
var certificate = beIdCardConnector.GetAuthenticateCertificate();
var tlvParser = new TlvParser();
var identityPayload = beIdCardConnector.GetIdentity();
var addressPayload = beIdCardConnector.GetAddress();
var identity = tlvParser.Parse <Identity>(identityPayload);
var address = tlvParser.Parse <Address>(addressPayload);
ehealthSamlTokenRequestBuilder.New(certificate).SetIdentity(identity);
soapEnvelope = ehealthSamlTokenRequestBuilder.Build();
var signSamlToken = new SignSamlToken(); // 2. Build signature.
var signatureNode = signSamlToken.BuildSignatureWithEid(soapEnvelope, "0726", beIdCardConnector);
soapEnvelope.Header.Security.Signature = signatureNode;
var soapSerializer = new SoapMessageSerializer(); // 3. Serialize the request.
xmlDocument = soapSerializer.Serialize(soapEnvelope);
outerXml = xmlDocument.OuterXml;
beIdCardConnector.Dispose();
var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse);
var signatureValue = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr).InnerText; // 5. Check signature value.
var binarySecurityToken = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr).InnerText;
var signedInfo = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr).OuterXml;
var serializer = new XmlDsigExcC14NTransform();
var doc = new XmlDocument();
doc.LoadXml(signedInfo);
serializer.LoadInput(doc);
var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd();
var signedInfoPayload = Encoding.UTF8.GetBytes(c14n);
var b64 = Convert.ToBase64String(signedInfoPayload);
byte[] hashResult = null;
using (var sha = new SHA1CryptoServiceProvider())
{
hashResult = sha.ComputeHash(signedInfoPayload);
}
var b64Hash = Convert.ToBase64String(hashResult);
var signature = System.Convert.FromBase64String(signatureValue);
var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityToken));
var publicKey = x509Certificate.GetRSAPublicKey();
var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
Assert.True(isSignatureCorrect);
}
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat, bool useSha256)
{
if (oldFormat)
{
XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
exc.LoadInput(manifestDom);
if (useSha256)
{
using (SHA256CryptoServiceProvider sha2 = new SHA256CryptoServiceProvider())
{
byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream);
if (hash == null)
{
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
return(hash);
}
}
else
{
using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider())
{
byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream);
if (hash == null)
{
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
return(hash);
}
}
}
else
{
#endif
// Since the DOM given to us is not guaranteed to be normalized,
// we need to normalize it ourselves. Also, we always preserve
// white space as Fusion XML engine always preserve white space.
XmlDocument normalizedDom = new XmlDocument();
normalizedDom.PreserveWhitespace = true;
// Normalize the document
using (TextReader stringReader = new StringReader(manifestDom.OuterXml))
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI);
normalizedDom.Load(reader);
}
XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
exc.LoadInput(normalizedDom);
if (useSha256)
{
using (SHA256CryptoServiceProvider sha2 = new SHA256CryptoServiceProvider())
{
byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream);
if (hash == null)
{
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
return(hash);
}
}
else
{
using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider())
{
byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream);
if (hash == null)
{
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
return(hash);
}
}
#if (true) // BUGBUG: Remove before RTM when old format support is no longer needed.
}
#endif
}
public byte[] ComputeHashValueOfElementList(XmlElement signatureXmlElement, ArrayList elementXpaths)
{
XmlDocument xmlDocument;
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList searchXmlNodeList;
XmlElement composedXmlElement;
XmlDsigExcC14NTransform xmlTransform;
Stream canonicalizedStream;
//SHA1 sha1Managed;
byte[] retVal;
xmlDocument = signatureXmlElement.OwnerDocument;
composedXmlElement = xmlDocument.CreateElement("ComposedElement", SignedXml.XmlDsigNamespaceUrl);
xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable);
xmlNamespaceManager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);
foreach (string elementXpath in elementXpaths)
{
searchXmlNodeList = signatureXmlElement.SelectNodes(elementXpath, xmlNamespaceManager);
if (searchXmlNodeList.Count == 0)
{
throw new CryptographicException("Element " + elementXpath + " not found while calculating hash");
}
foreach (XmlNode xmlNode in searchXmlNodeList)
{
//jbonilla Id attr deprecated
//if (((XmlElement)xmlNode).HasAttribute("Id"))
//{
// elementIdValues.Add(((XmlElement)xmlNode).Attributes["Id"].Value);
// composedXmlElement.AppendChild(xmlNode);
//}
//else
//{
// throw new CryptographicException("Id attribute missing on " + xmlNode.LocalName + " element");
//}
composedXmlElement.AppendChild(xmlNode);
}
}
//Initialise the stream to read the node list
MemoryStream nodeStream = new MemoryStream();
XmlWriter xw = XmlWriter.Create(nodeStream);
composedXmlElement.ChildNodes[0].WriteTo(xw);
xw.Flush();
nodeStream.Position = 0;
//modificado
xmlTransform = new XmlDsigExcC14NTransform();
xmlTransform.LoadInput(nodeStream);
canonicalizedStream = (Stream)xmlTransform.GetOutput(typeof(Stream));
//sha1Managed = new SHA1Managed();
//retVal = sha1Managed.ComputeHash(canonicalizedStream);
IDigest digest = this.tspSource.GetMessageDigest();
byte[] canonicalizedBytes = Streams.ReadAll(canonicalizedStream);
digest.BlockUpdate(canonicalizedBytes, 0, canonicalizedBytes.Length);
retVal = DigestUtilities.DoFinal(digest);
canonicalizedStream.Close();
return(retVal);
}
private static void CheckXmlWellFormed(XmlDocument xmlDocument)
{
if (xmlDocument == null)
{
throw new ArgumentNullException(nameof(xmlDocument));
}
var nsmgr = new XmlNamespaceManager(xmlDocument.NameTable);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Ds, Common.Saml.Constants.XmlNamespaces.Ds);
nsmgr.AddNamespace(Common.Saml.Constants.XmlPrefixes.Wsse, Common.Saml.Constants.XmlNamespaces.Wsse);
var signatureNode = xmlDocument.SelectSingleNode("//ds:SignatureValue", nsmgr);
if (signatureNode == null)
{
// TODO: Throw an exception.
}
var binarySecurityTokenNode = xmlDocument.SelectSingleNode("//wsse:BinarySecurityToken", nsmgr);
if (binarySecurityTokenNode == null)
{
// TODO: Throw an exception.
}
var signedInfoNode = xmlDocument.SelectSingleNode("//ds:SignedInfo", nsmgr);
if (signedInfoNode == null)
{
// TODO : Throw an exception.
}
var serializer = new XmlDsigExcC14NTransform();
var doc = new XmlDocument();
doc.LoadXml(signedInfoNode.OuterXml);
serializer.LoadInput(doc);
var c14n = new StreamReader((Stream)serializer.GetOutput(typeof(Stream))).ReadToEnd();
var signedInfoPayload = Encoding.UTF8.GetBytes(c14n);
var b64 = Convert.ToBase64String(signedInfoPayload);
byte[] hashResult = null;
using (var sha = new SHA1CryptoServiceProvider())
{
hashResult = sha.ComputeHash(signedInfoPayload);
}
var b64Hash = Convert.ToBase64String(hashResult);
var signature = System.Convert.FromBase64String(signatureNode.InnerText);
var x509Certificate = new X509Certificate2(Convert.FromBase64String(binarySecurityTokenNode.InnerText));
var publicKey = x509Certificate.GetRSAPublicKey();
var isSignatureCorrect = publicKey.VerifyHash(hashResult, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
if (!isSignatureCorrect)
{
// TODO: Throw an exception.
}
// TODO: CHECK THE DATE.
}
public static void TestC14NInclusivePrefixes()
{
TestCase tc = TestConfigHelper.GetTest("TestC14NInclusivePrefixes");
int count = 0;
foreach (var input in tc.Inputs)
{
count++;
string rwTypeStr = input.Arguments[0].Value;
ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true);
Encoding encoding = Encoding.GetEncoding(input.Arguments[1].Value);
bool mustSupportV14N = input.Arguments[2].Value.ToLower() == "true";
MemoryStream ms = new MemoryStream();
XmlWriter w = ReaderWriterFactory.CreateXmlWriter(rwType, ms, encoding);
XmlDictionaryWriter writer = w as XmlDictionaryWriter;
if (writer == null)
{
writer = XmlDictionaryWriter.CreateDictionaryWriter(w);
}
if (!writer.CanCanonicalize)
{
Assert.False(mustSupportV14N,
string.Format("Error, writer {0},{1} should support C14N, but it doesn't!", rwTypeStr, encoding.ToString()));
continue;
}
string myDefaultNamespace = "http://mynamespace";
string myNamespace1 = "http://mynamespace1";
string myNamespace2 = "http://mynamespace2";
string myNamespace3 = "http://mynamespace3";
string myNamespace4 = "http://mynamespace4";
writer.WriteStartElement("Root");
writer.WriteXmlnsAttribute("p1", myNamespace1);
writer.WriteAttributeString("p1", "a", null, "b");
writer.WriteStartElement("", "Element1", myDefaultNamespace);
writer.WriteAttributeString("p3", "c", myNamespace3, "d");
writer.WriteStartElement("Element2");
MemoryStream canonicalStream = new MemoryStream();
writer.StartCanonicalization(canonicalStream, false, new string[] { "p3", "p2", "p1", "" });
writer.WriteStartElement("pre", "Element3", myNamespace2);
writer.WriteAttributeString("pre2", "attrName", myNamespace4, "attrValue");
writer.WriteStartElement("Element4", "");
writer.WriteStartAttribute("attr1");
writer.WriteQualifiedName("foo", myNamespace1);
writer.WriteEndAttribute();
writer.WriteStartAttribute("attr2");
writer.WriteQualifiedName("bar", myNamespace3);
writer.WriteEndAttribute();
writer.WriteString("Hello world");
writer.WriteEndElement(); // Element4
writer.WriteEndElement(); // pre:Element3
writer.EndCanonicalization();
writer.WriteEndElement(); // Element2
writer.WriteEndElement(); // Element1
writer.WriteEndElement(); // Root
writer.Flush();
byte[] canonicalDoc = canonicalStream.ToArray();
byte[] fullDoc = ms.ToArray();
writer.Close(); // Finished creating the document
XmlDsigExcC14NTransform transform = new XmlDsigExcC14NTransform();
transform.InclusiveNamespacesPrefixList = "p3 p2 p1 #default";
transform.LoadInput(new MemoryStream(canonicalDoc));
Stream transformedOutput = transform.GetOutput(typeof(Stream)) as Stream;
byte[] outputFromSecurity = StreamToByteArray(transformedOutput);
//Finished creating the doc from the security class
Helper.DumpToFile(fullDoc);
Helper.DumpToFile(canonicalDoc);
Helper.DumpToFile(outputFromSecurity);
Assert.True(Enumerable.SequenceEqual(outputFromSecurity, canonicalDoc), $"TestC14NInclusivePrefixes test variation #{count} failed");
}
}
public static void ReaderWriter_C14N_DifferentReadersWriters()
{
int count = 0;
var params1 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup1");
var params2 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup2");
var params3 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup3");
var params4 = TestConfigHelper.GetTest("ReaderWriter_C14N_DifferentReadersWriters_ParamGroup4");
Transform transform;
MemoryStream canonicalStream;
MemoryStream ms;
Stream transformedOutput;
byte[] outputFromSecurity;
byte[] outputFromIndigo;
//TestC14NInMultipleWriters
foreach (var input in params1.Inputs)
{
foreach (var input2 in params2.Inputs)
{
foreach (var input3 in params3.Inputs)
{
count++;
string rwTypeStr = input.Arguments[0].Value;
ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true);
Encoding encoding = Encoding.GetEncoding((string)input.Arguments[1].Value);
string sampleXmlFileName = input2.Arguments[0].Value;
bool mustSupportV14N = input.Arguments[2].Value == "true";
string baselineFileName = input2.Arguments[1].Value;
bool testWithComments = input3.Arguments[0].Value == "true";
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
if (testWithComments)
{
transform = new XmlDsigExcC14NWithCommentsTransform();
}
else
{
transform = new XmlDsigExcC14NTransform();
}
xmlDoc.Load(baselineFileName);
transform.LoadInput(xmlDoc);
transformedOutput = transform.GetOutput(typeof(Stream)) as Stream;
outputFromSecurity = StreamToByteArray(transformedOutput);
byte[] sampleXmlFileBytes = File.ReadAllBytes(sampleXmlFileName);
ms = new MemoryStream();
XmlWriter w = ReaderWriterFactory.CreateXmlWriter(rwType, ms, encoding);
canonicalStream = new MemoryStream();
XmlDictionaryWriter dicWriter = w as XmlDictionaryWriter;
if (dicWriter == null)
{
dicWriter = XmlDictionaryWriter.CreateDictionaryWriter(w);
}
if (!dicWriter.CanCanonicalize)
{
Assert.False(mustSupportV14N, "Error, writer should support C14N, but it doesn't!");
continue;
}
dicWriter.WriteStartElement("MyRoot");
dicWriter.StartCanonicalization(canonicalStream, testWithComments, null);
FileStream fs = File.OpenRead(sampleXmlFileName);
XmlReader webdataReader = XmlReader.Create(fs);
CopyXmlToWriter(webdataReader, dicWriter);
dicWriter.EndCanonicalization();
dicWriter.WriteEndElement();
dicWriter.Flush();
webdataReader.Close();
fs.Close();
outputFromIndigo = canonicalStream.ToArray();
Helper.DumpToFile(outputFromSecurity);
Helper.DumpToFile(outputFromIndigo);
Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed");
}
}
}
//TestC14NInReader
foreach (var input in params4.Inputs)
{
count++;
string sampleXmlFileName = input.Arguments[3].Value;
string rwTypeStr = input.Arguments[0].Value;
ReaderWriterFactory.ReaderWriterType rwType = (ReaderWriterFactory.ReaderWriterType)Enum.Parse(typeof(ReaderWriterFactory.ReaderWriterType), rwTypeStr, true);
Encoding encoding = Encoding.GetEncoding((string)input.Arguments[1].Value);
bool mustSupportV14N = input.Arguments[2].Value == "true";
string baselineFileName = "ReaderWriter_C14N_BaselineXML_OnlyLF.xml";
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
transform = new XmlDsigExcC14NTransform();
xmlDoc.Load(baselineFileName);
transform.LoadInput(xmlDoc);
transformedOutput = transform.GetOutput(typeof(Stream)) as Stream;
outputFromSecurity = StreamToByteArray(transformedOutput);
byte[] sampleXmlFileBytes = File.ReadAllBytes(sampleXmlFileName);
XmlReader r = ReaderWriterFactory.CreateXmlReader(rwType, sampleXmlFileBytes, encoding);
XmlDictionaryReader dicReader = r as XmlDictionaryReader;
if (dicReader == null)
{
dicReader = XmlDictionaryReader.CreateDictionaryReader(r);
}
canonicalStream = new MemoryStream();
if (!dicReader.CanCanonicalize)
{
Assert.False(mustSupportV14N, "Error, reader should support C14N, but it doesn't!");
continue;
}
dicReader.StartCanonicalization(canonicalStream, false, null);
canonicalStream.Position = 0;
string str = new StreamReader(canonicalStream).ReadToEnd();
canonicalStream.Position = 0;
while (dicReader.Read())
{
; // simply read it all into the C14N writer
}
dicReader.EndCanonicalization();
dicReader.Close();
outputFromIndigo = canonicalStream.ToArray();
Helper.DumpToFile(outputFromSecurity);
Helper.DumpToFile(outputFromIndigo);
Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed");
}
//TestC14NWriterWithManyAttributes
int numberOfAttributes = 1000;
int seed = (int)DateTime.Now.Ticks;
Random rndGen = new Random(seed);
StringBuilder sb = new StringBuilder();
sb.Append("<Root><Element");
int prefixIndex = 0;
for (int i = 0; i < numberOfAttributes; i++)
{
string namespaceUri = null;
string prefix = null;
if ((rndGen.Next() % 5) == 0)
{
prefix = "p" + (prefixIndex++);
namespaceUri = "http://namespace_" + i;
}
string localName = "attr" + i;
string value = "attrValue" + i;
if (prefix == null)
{
sb.Append($" {localName}=\"{value}\"");
}
else
{
sb.Append($" {prefix}:{localName}=\"{2}\" xmlns:{value}=\"{namespaceUri}\"");
}
}
sb.Append(">Hello world</Element></Root>");
string xmlString = sb.ToString();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xmlString);
ms = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(ms);
canonicalStream = new MemoryStream();
writer.StartCanonicalization(canonicalStream, false, null);
doc.WriteTo(writer);
writer.Flush();
writer.EndCanonicalization();
outputFromIndigo = canonicalStream.ToArray();
byte[] nonCanonicalOutput = ms.ToArray();
XmlDsigExcC14NTransform transform2 = new XmlDsigExcC14NTransform();
transform2.LoadInput(doc);
transformedOutput = transform2.GetOutput(typeof(Stream)) as Stream;
outputFromSecurity = StreamToByteArray(transformedOutput);
Helper.DumpToFile(outputFromSecurity);
Helper.DumpToFile(outputFromIndigo);
Helper.DumpToFile(nonCanonicalOutput);
Assert.True(Enumerable.SequenceEqual(outputFromSecurity, outputFromIndigo), $"ReaderWriter_C14N_DifferentReadersWriters test variation #{count} failed");
count++;
Assert.Equal(params1.Inputs.Count * params2.Inputs.Count * params3.Inputs.Count + params4.Inputs.Count + 1, count);
}
