Beispiel #1
0
        // According to book ".NET Framework Security" this method
        // iterates all possible keys then return null
        protected virtual AsymmetricAlgorithm GetPublicKey()
        {
            if (m_signature.KeyInfo == null)
            {
                return(null);
            }

            if (pkEnumerator == null)
            {
                pkEnumerator = m_signature.KeyInfo.GetEnumerator();
            }

#if SECURITY_DEP
            if (_x509Enumerator != null)
            {
                if (_x509Enumerator.MoveNext())
                {
                    X509Certificate cert = (X509Certificate)_x509Enumerator.Current;
                    return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key);
                }
                else
                {
                    _x509Enumerator = null;
                }
            }
#endif
            while (pkEnumerator.MoveNext())
            {
                AsymmetricAlgorithm key = null;
                KeyInfoClause       kic = (KeyInfoClause)pkEnumerator.Current;

                if (kic is DSAKeyValue)
                {
                    key = DSA.Create();
                }
                else if (kic is RSAKeyValue)
                {
                    key = RSA.Create();
                }

                if (key != null)
                {
                    key.FromXmlString(kic.GetXml().InnerXml);
                    return(key);
                }

#if SECURITY_DEP
                if (kic is KeyInfoX509Data)
                {
                    _x509Enumerator = ((KeyInfoX509Data)kic).Certificates.GetEnumerator();
                    if (_x509Enumerator.MoveNext())
                    {
                        X509Certificate cert = (X509Certificate)_x509Enumerator.Current;
                        return(new X509Certificate2(cert.GetRawCertData()).PublicKey.Key);
                    }
                }
#endif
            }
            return(null);
        }
Beispiel #2
0
        public void LoadXml(XmlElement value)
        {
            if (value is null)
            {
                throw new ArgumentNullException(nameof(value));
            }

            XmlElement keyInfoElement = value;

            _id = Utils.GetAttribute(keyInfoElement, "Id", SignedXml.XmlDsigNamespaceUrl);
            if (!Utils.VerifyAttributes(keyInfoElement, "Id"))
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo");
            }

            XmlNode child = keyInfoElement.FirstChild;

            while (child != null)
            {
                XmlElement elem = child as XmlElement;
                if (elem != null)
                {
                    // Create the right type of KeyInfoClause; we use a combination of the namespace and tag name (local name)
                    string kicString = elem.NamespaceURI + " " + elem.LocalName;
                    // Special-case handling for KeyValue -- we have to go one level deeper
                    if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue")
                    {
                        if (!Utils.VerifyAttributes(elem, (string[])null))
                        {
                            throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "KeyInfo/KeyValue");
                        }
                        XmlNodeList nodeList2 = elem.ChildNodes;
                        foreach (XmlNode node2 in nodeList2)
                        {
                            XmlElement elem2 = node2 as XmlElement;
                            if (elem2 != null)
                            {
                                kicString += "/" + elem2.LocalName;
                                break;
                            }
                        }
                    }

                    KeyInfoClause keyInfoClause = CryptoHelpers.CreateFromName <KeyInfoClause>(kicString);
                    // if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode:
                    if (keyInfoClause == null)
                    {
                        keyInfoClause = new KeyInfoNode();
                    }

                    // Ask the create clause to fill itself with the corresponding XML
                    keyInfoClause.LoadXml(elem);
                    // Add it to our list of KeyInfoClauses
                    AddClause(keyInfoClause);
                }
                child = child.NextSibling;
            }
        }
Beispiel #3
0
        /// <include file='doc\KeyInfo.uex' path='docs/doc[@for="KeyInfo.LoadXml"]/*' />
        public void LoadXml(XmlElement value)
        {
            // Guard against nulls
            if (value == null)
            {
                throw new ArgumentNullException("value");
            }

            // Validate what we are passed against the DTD

            XmlElement keyInfoElement = value;

            if (keyInfoElement.HasAttribute("Id"))
            {
                m_strId = keyInfoElement.GetAttribute("Id");
            }

            XmlNodeList nodeList = keyInfoElement.ChildNodes;

            foreach (XmlNode node in nodeList)
            {
                XmlElement elem = node as XmlElement;
                // We only care about XmlElement nodes here
                if (elem == null)
                {
                    continue;
                }
                // Create the right type of KeyInfoClause
                // We use a combination of the namespace and tag name (local name)
                String kicString = elem.NamespaceURI + " " + elem.LocalName;
                // Special-case handling for KeyValue -- we have to go one level deeper
                if (kicString == "http://www.w3.org/2000/09/xmldsig# KeyValue")
                {
                    XmlNodeList nodeList2 = elem.ChildNodes;
                    foreach (XmlNode node2 in nodeList2)
                    {
                        XmlElement elem2 = node2 as XmlElement;
                        if (elem2 != null)
                        {
                            kicString += "/" + elem2.LocalName;
                            break;
                        }
                    }
                }
                KeyInfoClause keyInfoClause = (KeyInfoClause)CryptoConfig.CreateFromName(kicString);
                // if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode:
                if (keyInfoClause == null)
                {
                    keyInfoClause = new KeyInfoNode();
                }

                // Ask the create clause to fill itself with the
                // corresponding XML
                keyInfoClause.LoadXml(elem);
                // Add it to our list of KeyInfoClauses
                AddClause(keyInfoClause);
            }
        }
Beispiel #4
0
        /**
         * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance).
         * @param sap the XmlSignatureAppearance
         * @param externalSignature  the interface providing the actual signing
         * @param keyInfo KeyInfo for verification
         * @throws GeneralSecurityException
         * @throws IOException
         * @throws DocumentException
         */
        public static void SignXmlDSig(XmlSignatureAppearance sap, IExternalSignature externalSignature, KeyInfoClause keyInfo) {

            VerifyArguments(sap, externalSignature);
            List<XmlElement> references = new List<XmlElement>(1);
            references.Add(GenerateContentReference(sap.GetXmlLocator().GetDocument(), sap, null));
                
            XmlElement signature = GenerateSignatureElement(sap.GetXmlLocator(), null, false);
            Sign(signature, sap.GetXmlLocator(), externalSignature, references, null, keyInfo);
            sap.Close();    
        }
        public void LoadXml(XmlElement value)
        {
            if (value == null)
            {
                throw new ArgumentNullException("value");
            }
            XmlElement element = value;

            this.m_id = System.Security.Cryptography.Xml.Utils.GetAttribute(element, "Id", "http://www.w3.org/2000/09/xmldsig#");
            for (XmlNode node = element.FirstChild; node != null; node = node.NextSibling)
            {
                XmlElement element2 = node as XmlElement;
                if (element2 != null)
                {
                    string name = element2.NamespaceURI + " " + element2.LocalName;
                    if (name == "http://www.w3.org/2000/09/xmldsig# KeyValue")
                    {
                        foreach (XmlNode node2 in element2.ChildNodes)
                        {
                            XmlElement element3 = node2 as XmlElement;
                            if (element3 != null)
                            {
                                name = name + "/" + element3.LocalName;
                                break;
                            }
                        }
                    }
                    KeyInfoClause clause = (KeyInfoClause)CryptoConfig.CreateFromName(name);
                    if (clause == null)
                    {
                        clause = new KeyInfoNode();
                    }
                    clause.LoadXml(element2);
                    this.AddClause(clause);
                }
            }
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="X509CertificateCredentials"/> class.
        /// </summary>
        /// <remarks>The X509Certificate2 argument should have private key in order to sign the message.</remarks>
        /// <param name="certificate">The X509Certificate2 object.</param>
        public X509CertificateCredentials(X509Certificate2 certificate)
            : base(null, true)
        {
            EwsUtilities.ValidateParam(certificate, "certificate");

            if (!certificate.HasPrivateKey)
            {
                throw new ServiceValidationException(Strings.CertificateHasNoPrivateKey);
            }

            this.certificate = certificate;

            string certId = WSSecurityUtilityIdSignedXml.GetUniqueId();

            this.SecurityToken = string.Format(
                X509CertificateCredentials.BinarySecurityTokenFormat,
                certId,
                Convert.ToBase64String(this.certificate.GetRawCertData()));

            SafeXmlDocument doc = new SafeXmlDocument();
            doc.PreserveWhitespace = true;
            doc.LoadXml(string.Format(X509CertificateCredentials.KeyInfoClauseFormat, certId));
            this.keyInfoClause = new KeyInfoNode(doc.DocumentElement);
        }
Beispiel #7
0
        private Legacy.KeyInfoEncryptedKey EncryptKey(byte[] key, RSA encryptionKey, string method, Legacy.KeyInfoClause encryptionKeyInfoClause)
        {
            var encryptionKeyInfo = new Legacy.KeyInfo();

            encryptionKeyInfo.AddClause(encryptionKeyInfoClause);
            var cipherValue  = Legacy.EncryptedXml.EncryptKey(key, encryptionKey, true);
            var encryptedKey = new Legacy.EncryptedKey
            {
                CipherData = new Legacy.CipherData {
                    CipherValue = cipherValue
                },
                EncryptionMethod = new Legacy.EncryptionMethod(method),
                KeyInfo          = encryptionKeyInfo
            };

            return(new Legacy.KeyInfoEncryptedKey {
                EncryptedKey = encryptedKey
            });
        }
Beispiel #8
0
        private static void Sign(XmlElement signature, IXmlLocator xmlLocator, IExternalSignature externalSignature, 
                                 List<XmlElement> references, XmlElement dsObject, KeyInfoClause keyInfo) {

            XmlDocument originalDoc = xmlLocator.GetDocument();

            if (signature == null)
                throw new InvalidOperationException();

            XmlElement signedInfo = originalDoc.CreateElement("SignedInfo", SecurityConstants.XMLDSIG_URI);
            signature.AppendChild(signedInfo);

            XmlElement canonicalizationMethod = originalDoc.CreateElement("CanonicalizationMethod", SecurityConstants.XMLDSIG_URI);
            canonicalizationMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_C14N);
            signedInfo.AppendChild(canonicalizationMethod);

            XmlElement signatureMethod = originalDoc.CreateElement("SignatureMethod", SecurityConstants.XMLDSIG_URI);
            if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.RSA))
                signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_RSA_SHA1);
            else if(externalSignature.GetEncryptionAlgorithm().Equals(SecurityConstants.DSA))
                signatureMethod.SetAttribute("Algorithm", SecurityConstants.XMLDSIG_URI_DSA_SHA1);
            signedInfo.AppendChild(signatureMethod);

            foreach (XmlElement reference in references)
                signedInfo.AppendChild(reference);    
            
            //if append Signature to original document upper - reference digest will be incorrect.
            originalDoc.DocumentElement.AppendChild(signature);

            XmlElement signedInfoDigest = (XmlElement)signedInfo.CloneNode(true);
            NormalizeNamespaces(signedInfo.CreateNavigator(), signedInfoDigest.CreateNavigator());
            XmlDocument signedInfoDoc = new XmlDocument(originalDoc.NameTable);
            signedInfoDoc.LoadXml(signedInfoDigest.OuterXml);
            byte[] byteRange = CalculateC14nByteRange(signedInfoDoc);

            //Sign with ExternalSignature
            String valueBase64 = Convert.ToBase64String(externalSignature.Sign(byteRange));

            XmlElement signatureValue = originalDoc.CreateElement("SignatureValue", SecurityConstants.XMLDSIG_URI);
            signatureValue.AppendChild(originalDoc.CreateTextNode(valueBase64));

            signature.AppendChild(signatureValue);

            if(keyInfo != null) {
                XmlElement keyInfoElement = originalDoc.CreateElement("KeyInfo", SecurityConstants.XMLDSIG_URI);
                keyInfoElement.AppendChild(originalDoc.ImportNode(keyInfo.GetXml(), true));
                signature.AppendChild(keyInfoElement);
            }

            if (dsObject != null)
                signature.AppendChild(dsObject);

            xmlLocator.SetDocument(originalDoc);
        }
Beispiel #9
0
        //
        // public constructors
        //

        public void AddClause(KeyInfoClause clause) {
            m_KeyInfoClauses.Add(clause);
        }
Beispiel #10
0
        //
        // public constructors
        //

        public void AddClause(KeyInfoClause clause)
        {
            _keyInfoClauses.Add(clause);
        }
 public void AddClause(KeyInfoClause clause)
 {
     Info.Add(clause);
 }
        public void LoadXml(XmlElement value)
        {
            if (value == null)
            {
                throw new ArgumentNullException("value");
            }

            Id = value.Attributes ["Id"] != null?value.GetAttribute("Id") : null;

            if ((value.LocalName == XmlSignature.ElementNames.KeyInfo) && (value.NamespaceURI == XmlSignature.NamespaceURI))
            {
                foreach (XmlNode n in value.ChildNodes)
                {
                    if (n.NodeType != XmlNodeType.Element)
                    {
                        continue;
                    }

                    KeyInfoClause kic = null;

                    switch (n.LocalName)
                    {
                    case XmlSignature.ElementNames.KeyValue:
                        XmlNodeList xnl = n.ChildNodes;
                        if (xnl.Count > 0)
                        {
                            // we must now treat the whitespace !
                            foreach (XmlNode m in xnl)
                            {
                                switch (m.LocalName)
                                {
                                case XmlSignature.ElementNames.DSAKeyValue:
                                    kic = (KeyInfoClause) new DSAKeyValue();
                                    break;

                                case XmlSignature.ElementNames.RSAKeyValue:
                                    kic = (KeyInfoClause) new RSAKeyValue();
                                    break;
                                }
                            }
                        }
                        break;

                    case XmlSignature.ElementNames.KeyName:
                        kic = (KeyInfoClause) new KeyInfoName();
                        break;

                    case XmlSignature.ElementNames.RetrievalMethod:
                        kic = (KeyInfoClause) new KeyInfoRetrievalMethod();
                        break;

                    case XmlSignature.ElementNames.X509Data:
                        kic = (KeyInfoClause) new KeyInfoX509Data();
                        break;

                    case XmlSignature.ElementNames.RSAKeyValue:
                        kic = (KeyInfoClause) new RSAKeyValue();
                        break;

#if NET_2_0
                    case XmlSignature.ElementNames.EncryptedKey:
                        kic = (KeyInfoClause) new KeyInfoEncryptedKey();
                        break;
#endif
                    default:
                        kic = (KeyInfoClause) new KeyInfoNode();
                        break;
                    }

                    if (kic != null)
                    {
                        kic.LoadXml((XmlElement)n);
                        AddClause(kic);
                    }
                }
            }
            // No check is performed on MS.NET...
        }
Beispiel #13
0
        /// <summary>
        /// Attempts to retrieve an asymmetric key from the KeyInfoClause given as parameter.
        /// </summary>
        /// <param name="keyInfoClause">The key info clause.</param>
        /// <returns>null if the key could not be found.</returns>
        public static AsymmetricAlgorithm ExtractKey(KeyInfoClause keyInfoClause)
        {
            if (keyInfoClause is RSAKeyValue)
            {
                var key = (RSAKeyValue)keyInfoClause;
                return key.Key;
            }

            if (keyInfoClause is KeyInfoX509Data)
            {
                var cert = GetCertificateFromKeyInfo((KeyInfoX509Data)keyInfoClause);
                return cert != null ? cert.PublicKey.Key : null;
            }

            if (keyInfoClause is DSAKeyValue)
            {
                var key = (DSAKeyValue)keyInfoClause;
                return key.Key;
            }

            return null;
        }
Beispiel #14
0
 /**
  * Signs the xml using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance).
  * @param sap the XmlSignatureAppearance
  * @param externalSignature  the interface providing the actual signing
  * @param keyInfo KeyInfo for verification
  * @throws GeneralSecurityException
  * @throws IOException
  * @throws DocumentException
  */
 public static void signXmlDSig(XmlSignatureAppearance sap,
     IExternalSignature externalSignature, KeyInfoClause keyInfo) {
         throw new NotImplementedException("Xml signatures are not supported yet");
 }
 public void AddClause(KeyInfoClause clause)
 {
     this.m_KeyInfoClauses.Add(clause);
 }
Beispiel #16
0
		public void AddClause (KeyInfoClause clause) 
		{
			Info.Add (clause);
		}