Beispiel #1
2
        public override object EncodeCMS(X509Certificate2 certificate, string xmlFilePath)
        {
            XmlDocument Document = new XmlDocument();
            Document.PreserveWhitespace = true;
            XmlTextReader XmlFile = new XmlTextReader(xmlFilePath);
            Document.Load(XmlFile);
            XmlFile.Close();
            XmlNodeList SignaturesList = Document.GetElementsByTagName("Signature");
            // Remove existing signatures, this is not a countersigning.
            for (int i = 0; i < SignaturesList.Count; i++)
            {
                SignaturesList[i].ParentNode.RemoveChild(SignaturesList[i]);
                i--;
            }

            SignedXml SignedXml = new SignedXml(Document);
            SignedXml.SigningKey = certificate.PrivateKey;
            Reference Reference = new Reference();
            Reference.Uri = "";
            XmlDsigEnvelopedSignatureTransform EnvelopedSignatureTransform = new XmlDsigEnvelopedSignatureTransform();
            Reference.AddTransform(EnvelopedSignatureTransform);
            SignedXml.AddReference(Reference);
            KeyInfo Key = new KeyInfo();
            Key.AddClause(new KeyInfoX509Data(certificate));
            SignedXml.KeyInfo = Key;
            SignedXml.ComputeSignature();
            // Get the XML representation of the signature and save
            // it to an XmlElement object.
            XmlElement XmlDigitalSignature = SignedXml.GetXml();

            return XmlDigitalSignature;
        }
Beispiel #2
1
        // Sign an XML file.  
        // This document cannot be verified unless the verifying  
        // code has the key with which it was signed. 
        public static void SignXml(XmlDocument xmlDoc, RSA Key)
        {
            // Check arguments. 
            if (xmlDoc == null)
                throw new ArgumentException("xmlDoc");
            if (Key == null)
                throw new ArgumentException("Key");

            // Create a SignedXml object.
            SignedXml signedXml = new SignedXml(xmlDoc);

            // Add the key to the SignedXml document.
            signedXml.SigningKey = Key;

            // Create a reference to be signed.
            Reference reference = new Reference();
            reference.Uri = "";

            // Add an enveloped transformation to the reference.
            XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
            reference.AddTransform(env);

            // Add the reference to the SignedXml object.
            signedXml.AddReference(reference);

            // Compute the signature.
            signedXml.ComputeSignature();

            // Get the XML representation of the signature and save 
            // it to an XmlElement object.
            XmlElement xmlDigitalSignature = signedXml.GetXml();

            // Append the element to the XML document.
            xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
        }
        private static string SignXml(XmlDocument unsignedXml,
                                        AsymmetricAlgorithm key)
        {
            if (unsignedXml.DocumentElement == null)
            {
                throw new ArgumentNullException("unsignedXml");
            }

            // Create a reference to be signed. Blank == Everything
                var emptyReference = new Reference { Uri = "" };

            // Add an enveloped transformation to the reference.
            var envelope = new XmlDsigEnvelopedSignatureTransform();
            emptyReference.AddTransform(envelope);

            var signedXml = new SignedXml(unsignedXml) { SigningKey = key };
            signedXml.AddReference(emptyReference);
            signedXml.ComputeSignature();

            var digitalSignature = signedXml.GetXml();
       
                unsignedXml.DocumentElement.AppendChild(
                    unsignedXml.ImportNode(digitalSignature, true));

            var signedXmlOut = new StringBuilder();
            using (var swOut = new StringWriter(signedXmlOut))
            {
                unsignedXml.Save(swOut);
            }

            return signedXmlOut.ToString();
        }
        void AddSignedXml() {
            // Create a SignedXml object.
            SignedXml signedXml = new SignedXml(this.XmlDoc);
            // Add the key to the SignedXml document. 
            signedXml.SigningKey = SigningCertificate.PrivateKey;

            // http://stackoverflow.com/questions/13750343/net-signedxml-signing-xml-with-transform-algorithm-exc-c14n
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
            // Create a reference to be signed.
            Reference reference = new Reference() {
                Uri = "#" + Id
            };
            // Add an enveloped transformation to the reference.
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            //canonicalize
            reference.AddTransform(new XmlDsigExcC14NTransform());
            // Add the reference to the SignedXml object.
            signedXml.AddReference(reference);

            // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
            KeyInfo keyInfo = new KeyInfo();
            KeyInfoX509Data keyInfoData = new KeyInfoX509Data(SigningCertificate);
            keyInfo.AddClause(keyInfoData);
            signedXml.KeyInfo = keyInfo;

            // Compute the signature.
            signedXml.ComputeSignature();
            // Get the XML representation of the signature and save
            // it to an XmlElement object.
            XmlElement xmlDigitalSignature = signedXml.GetXml();
            // Append the element to the XML document.
            this.XmlDoc.DocumentElement.AppendChild(this.XmlDoc.ImportNode(xmlDigitalSignature, true));
        }
Beispiel #5
0
        public LicenseDetails ValidateLicenseXml(string xml)
        {
            var doc = new XmlDocument();
            using (TextReader reader = new StringReader(xml))
            {
                try
                {
                    doc.Load(reader);
                }
                catch
                {
                    throw new InvalidLicenseXmlException();
                }

                // Validate the xml's signature
                var signedXml = new SignedXml(doc);
                var nodeList = doc.GetElementsByTagName("Signature");
                if (nodeList.Count == 0)
                    throw new LicenseSignatureMissingException();

                signedXml.LoadXml((XmlElement) nodeList[0]);
                if (!signedXml.CheckSignature(_key))
                    throw new LicenseSignatureMismatchException();
            }

            // Deserialize the xml
            var deserializer = new XmlSerializer(typeof(LicenseDetails));
            using (TextReader reader = new StringReader(xml))
                return (LicenseDetails) deserializer.Deserialize(reader);
        }
Beispiel #6
0
        /// <summary>
        /// Creates a chain of X509Certificates given the provided XML-DSig.
        /// </summary>
        /// <param name="xmlDoc">XML-Dsig used to create the chain.</param>
        /// <returns>Chain of X509Certificates</returns>
        public static List<X509Certificate2> CertificateChain(string xmlDoc)
        {
            if (xmlDoc == null)
            {
                throw new ArgumentException("xmlDoc was null");
            }
            var xml = XmlUtil.LoadXml(xmlDoc);
            var xmlNamespaces = new XmlNamespaceManager(xml.NameTable);
            xmlNamespaces.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            var sigElement = (XmlElement)xml.SelectSingleNode("//ds:Signature[1]", xmlNamespaces);
            var signature = new SignedXml(xml);
            signature.LoadXml(sigElement);

            var certificates = new List<X509Certificate2>();
            foreach (var clause in signature.KeyInfo)
            {
                if (!(clause is KeyInfoX509Data)) continue;
                foreach (var x509Cert in ((KeyInfoX509Data)clause).Certificates)
                {
                    certificates.Add((X509Certificate2)x509Cert);
                }
            }

            return certificates;
        }
Beispiel #7
0
        // Verify the signature of an XML file against an asymmetric
        // algorithm and return the result.
        public static Boolean VerifyXml(XmlDocument Doc, RSA Key)
        {
            // Check arguments.
            if (Doc == null)
                throw new ArgumentException("Doc");
            if (Key == null)
                throw new ArgumentException("Key");

            // Create a new SignedXml object and pass it
            // the XML document class.
            SignedXml signedXml = new SignedXml(Doc);

            // Find the "Signature" node and create a new
            // XmlNodeList object.
            XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");

            // Throw an exception if no signature was found.
            if (nodeList.Count <= 0)
            {
                throw new CryptographicException("Verification failed: No Signature was found in the document.");
            }

            //One Sig per document
            if (nodeList.Count >= 2)
            {
                throw new CryptographicException("Verification failed: More that one signature was found for the document.");
            }

            // Load the first <signature> node.
            signedXml.LoadXml((XmlElement)nodeList[0]);

            // Check the signature and return the result.
            return signedXml.CheckSignature(Key);
        }
Beispiel #8
0
        public static string Sign(string xml, X509Certificate2 certificate)
        {
            if (xml == null) throw new ArgumentNullException("xml");
            if (certificate == null) throw new ArgumentNullException("certificate");
            if (!certificate.HasPrivateKey) throw new ArgumentException("Certificate should have a private key", "certificate");

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.LoadXml(xml);

            SignedXml signedXml = new SignedXml(doc);
            signedXml.SigningKey = certificate.PrivateKey;

            // Attach certificate KeyInfo
            KeyInfoX509Data keyInfoData = new KeyInfoX509Data(certificate);
            KeyInfo keyInfo = new KeyInfo();
            keyInfo.AddClause(keyInfoData);
            signedXml.KeyInfo = keyInfo;

            // Attach transforms
            var reference = new Reference("");
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform(includeComments: false));
            reference.AddTransform(new XmlDsigExcC14NTransform(includeComments: false));
            signedXml.AddReference(reference);

            // Compute signature
            signedXml.ComputeSignature();
            var signatureElement = signedXml.GetXml();

            // Add signature to bundle
            doc.DocumentElement.AppendChild(doc.ImportNode(signatureElement, true));

            return doc.OuterXml;
        }
 /// <summary>
 /// Gets the signature from an XmlDocument.
 /// </summary>
 /// <param name="xmlDocument">The source XmlDocument.</param>
 /// <returns>A SignedXml object representing the signature.</returns>
 private static SignedXml ExtractSignature(XmlDocument xmlDocument)
 {
     var signedXml = new SignedXml(xmlDocument);
     XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature");
     signedXml.LoadXml((XmlElement)nodeList[0]);
     return signedXml;
 }
		public void LoadXmlMalformed1 ()
		{
			SignedXml s = new SignedXml ();
			XmlDocument doc = new XmlDocument ();
			doc.LoadXml ("<root/>");
			s.LoadXml (doc.DocumentElement);
		}
		public void LoadXmlMalformed2 ()
		{
			SignedXml s = new SignedXml ();
			XmlDocument doc = new XmlDocument ();
			doc.LoadXml ("<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'><foo/><bar/></ds:Signature>");
			s.LoadXml (doc.DocumentElement);
		}
        public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
        {
            if (xmlDocument == null)
            {
                throw new ArgumentNullException("xmlDocument");
            }

            if (cert == null)
            {
                throw new ArgumentNullException("cert");
            }

            var signedXml = new SignedXml(xmlDocument);

            // The transform XmlDsigExcC14NTransform and canonicalization method XmlDsigExcC14NTransformUrl is important for partially signed XML files
            // see: http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.xmldsigexcc14ntransformurl(v=vs.110).aspx
            // The reference URI has to be set correctly to avoid assertion injections
            // For both, the ID/Reference and the Transform/Canonicalization see as well: 
            // https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf section 5.4.2 and 5.4.3

            signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

            var reference = new Reference { Uri = "#" + xmlDocument.DocumentElement.GetAttribute("ID") };
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform(new XmlDsigExcC14NTransform());

            signedXml.AddReference(reference);
            signedXml.ComputeSignature();

            xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
        }
        /// <summary>
        /// Use an X509 certificate to append a computed signature to an XML serialized Response
        /// </summary>
        /// <param name="XMLSerializedSAMLResponse"></param>
        /// <param name="ReferenceURI">Assertion ID from SAML Response</param>
        /// <param name="SigningCert">X509 Certificate for signing</param>
        /// <remarks>Referenced this article:
        ///     http://www.west-wind.com/weblog/posts/2008/Feb/23/Digitally-Signing-an-XML-Document-and-Verifying-the-Signature
        /// </remarks>
        public static void AppendSignatureToXMLDocument(ref XmlDocument XMLSerializedSAMLResponse, String ReferenceURI, X509Certificate2 SigningCert)
        {
            XmlNamespaceManager ns = new XmlNamespaceManager(XMLSerializedSAMLResponse.NameTable);
            ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
            XmlElement xeAssertion = XMLSerializedSAMLResponse.DocumentElement.SelectSingleNode("saml:Assertion", ns) as XmlElement;

            //SignedXml signedXML = new SignedXml(XMLSerializedSAMLResponse);
            SignedXml signedXML = new SignedXml(xeAssertion);

            signedXML.SigningKey = SigningCert.PrivateKey;
            signedXML.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

            Reference reference = new Reference();
            reference.Uri = ReferenceURI;
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform(new XmlDsigExcC14NTransform());
            signedXML.AddReference(reference);
            signedXML.ComputeSignature();

            XmlElement signature = signedXML.GetXml();

            XmlElement xeResponse = XMLSerializedSAMLResponse.DocumentElement;

            xeResponse.AppendChild(signature);
        }
Beispiel #14
0
        /// <summary>
        /// 验证 XML 文档的数字签名
        /// </summary>
        /// <param name="Doc"></param>
        /// <param name="Key"></param>
        /// <returns></returns>
        public static Boolean VerifyXml(XmlDocument Doc, RSA Key)
        {
            // Check arguments.
            if (Doc == null)
                throw new ArgumentException("Doc");
            if (Key == null)
                throw new ArgumentException("Key");

            // 创建一个新的 SignedXml 对象,并将 XmlDocument 对象传递给它。
            SignedXml signedXml = new SignedXml(Doc);

            // 找到 <signature> 元素,并创建新的 XmlNodeList 对象。
            XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");

            // 如果没有签名,那么抛异常.
            if (nodeList.Count <= 0)
            {
                throw new CryptographicException("Verification failed: No Signature was found in the document.");
            }

            //  如果有多个签名,那么也抛异常.
            if (nodeList.Count >= 2)
            {
                throw new CryptographicException("Verification failed: More that one signature was found for the document.");
            }

            // 将第一个 <signature> 元素的 XML 加载到 SignedXml 对象中。
            signedXml.LoadXml((XmlElement)nodeList[0]);

            // 使用 CheckSignature 方法和 RSA 公钥检查签名。 此方法将返回指示成功或失败的布尔值。
            return signedXml.CheckSignature(Key);
        }
Beispiel #15
0
        /// <summary>
        /// Checks if an xml element is signed by the given certificate, through
        /// a contained enveloped signature.
        /// </summary>
        /// <param name="xmlElement">Xml Element that should be signed</param>
        /// <param name="signingKeys">Signing keys to test, one should validate.</param>
        /// <param name="validateCertificate">Should the certificate be validated too?</param>
        /// <returns>True on correct signature, false on missing signature</returns>
        /// <exception cref="InvalidSignatureException">If the data has
        /// been tampered with or is not valid according to the SAML spec.</exception>
        public static bool IsSignedByAny(
            this XmlElement xmlElement, 
            IEnumerable<SecurityKeyIdentifierClause> signingKeys,
            bool validateCertificate)
        {
            if (xmlElement == null)
            {
                throw new ArgumentNullException(nameof(xmlElement));
            }

            var signedXml = new SignedXml(xmlElement);

            var signatureElement = xmlElement["Signature", SignedXml.XmlDsigNamespaceUrl];

            if (signatureElement == null)
            {
                return false;
            }

            signedXml.LoadXml(signatureElement);
            ValidateSignedInfo(signedXml, xmlElement);
            VerifySignature(signingKeys, signedXml, signatureElement, validateCertificate);

            return true;
        }
        /// <summary>
        /// Verifies the digital signature.
        /// </summary>
        /// <param name="digitalSignature"> The XML Digital Signature.</param>
        /// <param name="publicKey"> The RSA public key.</param>
        /// <returns> Returns true if valid, else false.</returns>
        public static bool VerifyDigitalSignature(XmlTextReader digitalSignature, RSA publicKey)
        {
            bool valid = false;
            try
            {
                // Load license file into XmlDocument
                XmlDocument doc = new XmlDocument();
                doc.Load(digitalSignature);

                // Load Signature Element
                SignedXml verifier = new SignedXml(doc);
                verifier.LoadXml(doc.GetElementsByTagName("Signature")[0] as XmlElement);

                // Validate license.
                if ( verifier.CheckSignature(publicKey) )
                {
                    valid = true;
                }
                else
                {
                    valid = false;
                }
            }
            catch
            {
                valid = false;
            }

            return valid;
        }
            public void VerifyXml(string xml)
            {
                var doc = LoadXmlDoc(xml);

                using (var rsa = new RSACryptoServiceProvider())
                {
                    rsa.FromXmlString(publicKey);

                    var nsMgr = new XmlNamespaceManager(doc.NameTable);
                    nsMgr.AddNamespace("sig", "http://www.w3.org/2000/09/xmldsig#");

                    var signedXml = new SignedXml(doc);
                    var signature = (XmlElement)doc.SelectSingleNode("//sig:Signature", nsMgr);
                    if (signature == null)
                    {
                        throw new Exception("Xml is invalid as it has no XML signature");
                    }
                    signedXml.LoadXml(signature);

                    if (!signedXml.CheckSignature(rsa))
                    {
                        throw new Exception("Xml is invalid as it failed signature check.");
                    }
                }
            }
        public static void Sign(this XmlDocument xmlDocument, X509Certificate2 cert)
        {
            if(xmlDocument == null)
            {
                throw new ArgumentNullException("xmlDocument");
            }

            if (cert == null)
            {
                throw new ArgumentNullException("cert");
            }

            var signedXml = new SignedXml(xmlDocument);

            signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;

            var reference = new Reference();
            reference.Uri = "";
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());

            signedXml.AddReference(reference);
            signedXml.ComputeSignature();

            xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(signedXml.GetXml(), true));
        }
Beispiel #19
0
        /// <summary>
        /// Adds a digital signature to the outgoing request message, before sending it to Acquirer.
        /// </summary>
        /// <param name="requestXml">
        /// The unsigned request XML message.
        /// </param>
        /// <returns>
        /// The request message, including digital signature.
        /// </returns>
        public string SignRequestXml(XDocument requestXml)
        {
            XmlDocument document = ToXmlDocument(requestXml);

            RSACryptoServiceProvider key = ExtractPrivateKeyFrom(acceptantPrivateCertificate);

            var signedXml = new SignedXml(document) { SigningKey = key };
            signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
            signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";

            // Add a signing reference, the uri is empty and so the whole document is signed. 
            var reference = new Reference { DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256" };
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            reference.Uri = "";
            signedXml.AddReference(reference);

            // Add the certificate as key info. Because of this, the certificate 
            // with the public key will be added in the signature part. 
            var keyInfo = new KeyInfo();
            keyInfo.AddClause(new KeyInfoName(acceptantPrivateCertificate.Thumbprint));
            signedXml.KeyInfo = keyInfo;

            // Generate the signature. 
            signedXml.ComputeSignature();

            XmlElement xmlSignature = signedXml.GetXml();
            document.DocumentElement.AppendChild(document.ImportNode(xmlSignature, true));

            // Check that outgoing signature is valid. Private certificate also contains public part.
            VerifyDocumentSignature(document, acceptantPrivateCertificate);

            return GetContentsFrom(document);
        }
        //        /// <summary>
        //        /// Signs a license.
        //        /// </summary>
        //        /// <param name="unsignedLicense"> The unsigned license stream.</param>
        //        /// <param name="keyPair"> The stream containing the private key file.</param>
        //        /// <param name="output"> The output stream containing the new signed license.</param>
        //        internal void SignLicense(XmlTextReader unsignedLicense, Stream keyPair, Stream output)
        //        {
        //            try
        //            {
        //                // setup the document to sign
        //                XmlDocument licenseDocument = new XmlDocument();
        //                licenseDocument.Load(unsignedLicense);
        //
        //                // read in the public key
        //                RSA signingKey = new RSACryptoServiceProvider();
        //                using(StreamReader reader = new StreamReader(keyPair))
        //                {
        //                    signingKey.FromXmlString(reader.ReadLine());
        //                }
        //
        //                // now sign the document
        //                SignedXml signer = new SignedXml(licenseDocument);
        //                signer.SigningKey = signingKey;
        //
        //                // create a reference to the root of the document
        //                Reference orderRef = new Reference("");
        //                orderRef.AddTransform(new XmlDsigEnvelopedSignatureTransform());
        //                signer.AddReference(orderRef);
        //
        //                // add transforms that only select the order items, type, and
        //                // compute the signature, and add it to the document
        //                signer.ComputeSignature();
        //                licenseDocument.DocumentElement.AppendChild(signer.GetXml());
        //
        //                licenseDocument.Save(output);
        //            }
        //            catch
        //            {
        //                throw;
        //            }
        //        }
        /// <summary>
        /// Signs the XmlDocument.
        /// </summary>
        /// <param name="document"> The XmlDocument to sign.</param>
        /// <param name="signingKey"> The signing key.</param>
        /// <returns> A signed XmlDocument.</returns>
        internal XmlDocument SignXmlDocument(XmlDocument document, RSA signingKey)
        {
            try
            {
            //				// setup the document to sign
            //				XmlDocument licenseDocument = new XmlDocument();
            //				licenseDocument.Load(unsignedLicense);

                // now sign the document
                SignedXml signer = new SignedXml(document);
                signer.SigningKey = signingKey;

                // create a reference to the root of the document
                Reference reference = new Reference("");
                reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
                signer.AddReference(reference);

                // compute the signature, and add it to the document
                signer.ComputeSignature();
                document.DocumentElement.AppendChild(signer.GetXml());

                return document;
            }
            catch
            {
                throw;
            }
        }
Beispiel #21
0
        private static XmlDocument SignXml()
        {
            XmlDocument xmlDoc = new XmlDocument();

            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load(".\\certificates\\samlRequestTemplate.xml");
            X509Certificate2 certificate = CertificateHelper.GetCertificate(".\\certificates\\HuaweiCA.p12", "Pr0d1234");

            //AsymmetricAlgorithm key = certificate.PrivateKey;
            AsymmetricAlgorithm key = certificate.PrivateKey;

            XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable);
            ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
            ns.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

            XmlElement issuerNode = (XmlElement)xmlDoc.DocumentElement.SelectSingleNode("saml:Issuer", ns);

            SignedXml signedXml = new SignedXml(xmlDoc.DocumentElement);
            signedXml.SigningKey = key;
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

            KeyInfo keyInfo = new KeyInfo();

            //XmlDocument keyDoc = new XmlDocument();

            //keyDoc.LoadXml(certificate.PublicKey.Key.ToXmlString(false));
            //keyInfo.LoadXml(keyDoc.DocumentElement);
            keyInfo.AddClause(new KeyInfoX509Data(certificate));
            signedXml.KeyInfo = keyInfo;

            string refId = xmlDoc.DocumentElement.GetAttribute("ID");

            Reference reference = new Reference();
            reference.Uri = "#" + refId;

            XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();

            reference.AddTransform(env);

            XmlDsigExcC14NTransform env2 = new XmlDsigExcC14NTransform();
            env2.InclusiveNamespacesPrefixList = "#default code ds kind rw saml samlp typens";
            reference.AddTransform(env2);

            signedXml.AddReference(reference);

            signedXml.ComputeSignature();
            XmlElement xmlDigitalSignature = signedXml.GetXml();
            xmlDoc.DocumentElement.InsertAfter(xmlDoc.ImportNode(xmlDigitalSignature, true), issuerNode);

            //xmlDoc.NameTable.Add("samlp");
            //XmlElement nameIDPolicyElem = xmlDoc.CreateElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol");
            //nameIDPolicyElem.SetAttribute("AllowCreate", "False");

            //xmlDoc.DocumentElement.AppendChild(nameIDPolicyElem);

            xmlDoc.Save("samleRequestCSharp.xml");

            return xmlDoc;
        }
Beispiel #22
0
        public void assinaturaXMLCancel()
        {
            
            try
            {
                Reference reference = new Reference();
                SignedXml docXML = new SignedXml(xmlDoc);

                try
                {
                    docXML.SigningKey = cert.PrivateKey;

                    XmlAttributeCollection uri = xmlDoc.GetElementsByTagName("infEvento").Item(0).Attributes;

                    foreach (XmlAttribute atributo in uri)
                    {
                        if (atributo.Name == "Id")
                            reference.Uri = "#" + atributo.InnerText;
                    }
                }
                catch (Exception ex)
                {
                    Utils.Logger.getInstance.error(ex);
                    throw new Exception("Erro em Assinatura p1" + ex.Message);
                }

                XmlDsigEnvelopedSignatureTransform envelopedSigntature = new XmlDsigEnvelopedSignatureTransform();
                reference.AddTransform(envelopedSigntature);

                XmlDsigC14NTransform c14Transform = new XmlDsigC14NTransform();
                reference.AddTransform(c14Transform);

                docXML.AddReference(reference);

                KeyInfo keyInfo = new KeyInfo();
                keyInfo.AddClause(new KeyInfoX509Data(cert));

                docXML.KeyInfo = keyInfo;
                docXML.ComputeSignature();

                XmlElement xmlDigitalSignature = docXML.GetXml();

                foreach (var _nfe in xmlDoc.GetElementsByTagName("evento").Cast<XmlElement>())
                {
                    _nfe.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
                }
            }
            catch (Exception ex)
            {
                Utils.Logger.getInstance.error(ex);
                throw new Exception("Erro preparando Assinatura Digital\n" + ex.Message);
            }

            //xmlDoc.PreserveWhitespace = true;


        }
        public bool IsValid() {
            XmlNamespaceManager manager = new XmlNamespaceManager(XmlDoc.NameTable);
            manager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
            XmlNodeList nodeList = XmlDoc.SelectNodes("//ds:Signature", manager);

            SignedXml signedXml = new SignedXml(XmlDoc);
            signedXml.LoadXml((XmlElement)nodeList[0]);
            return signedXml.CheckSignature(DecrypingCertificate, true);
        }
Beispiel #24
0
		public void Constructor_XmlDocument () 
		{
			XmlDocument doc = new XmlDocument ();
			doc.LoadXml (signature);
			XmlNodeList xnl = doc.GetElementsByTagName ("Signature", SignedXml.XmlDsigNamespaceUrl);
			XmlElement xel = (XmlElement) xnl [0];

			SignedXml sx = new SignedXml (doc);
			sx.LoadXml (doc.DocumentElement);
			Assert.IsTrue (sx.CheckSignature (), "CheckSignature");
		}
        protected OpensignAbstractSignature(XmlDocument doc)
        {
            Doc = doc;
            var xmlNamespaces = new XmlNamespaceManager(Doc.NameTable);
            xmlNamespaces.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            SigElement = (XmlElement)Doc.SelectSingleNode("//ds:Signature[1]", xmlNamespaces);
            Signature = new SignedXml(Doc);

            Valid = IsValidSignature();
        }
Beispiel #26
0
        public XmlDocument assinaturaXmlEnviar(XmlDocument _xml)
        {
            XmlDocument xmlDocAss = _xml;

            try
            {


                if (cert == null)
                    throw new Exception("Nao foi encontrado o certificado: " + config.configNFCe.NomeCertificadoDigital);

                Reference reference = new Reference();
                SignedXml docXML = new SignedXml(xmlDocAss);

                docXML.SigningKey = cert.PrivateKey;
                XmlAttributeCollection uri = xmlDocAss.GetElementsByTagName("infNFe").Item(0).Attributes;
                foreach (XmlAttribute atributo in uri)
                {
                    if (atributo.Name == "Id")
                        reference.Uri = "#" + atributo.InnerText;
                }

                XmlDsigEnvelopedSignatureTransform envelopedSigntature = new XmlDsigEnvelopedSignatureTransform();
                reference.AddTransform(envelopedSigntature);

                XmlDsigC14NTransform c14Transform = new XmlDsigC14NTransform();
                reference.AddTransform(c14Transform);
                docXML.AddReference(reference);

                KeyInfo keyInfo = new KeyInfo();
                keyInfo.AddClause(new KeyInfoX509Data(cert));

                docXML.KeyInfo = keyInfo;
                docXML.ComputeSignature();

                XmlElement xmlDigitalSignature = docXML.GetXml();

                foreach (var _nfe in xmlDocAss.GetElementsByTagName("NFe").Cast<XmlElement>())
                    _nfe.AppendChild(xmlDocAss.ImportNode(xmlDigitalSignature, true));


                xmlDocAss.PreserveWhitespace = true;
                return xmlDocAss;
            }

            catch (Exception e)
            {
                Utils.Logger.getInstance.error(e);
                return null;
                throw new Exception(e.ToString());
            }


        }
        public static Boolean CheckSignedXmlDocument(Stream sourceXmlFile)
        {
            // Carico il documento XML
            XmlDocument doc = new XmlDocument();
            doc.Load(sourceXmlFile);

            // Verifico la firma
            SignedXml sigs = new SignedXml(doc);
            XmlNodeList sigElems = doc.GetElementsByTagName("Signature");
            sigs.LoadXml((XmlElement)sigElems[0]);
            return (sigs.CheckSignature());
        }
        /// <summary>
        /// Validate script XML signature
        /// </summary>
        /// <param name="signedXml">Signed XML</param>
        /// <returns>true if signature is valid</returns>
        public virtual bool VerifyXmlSignature(SignedXml signedXml)
        {
            bool valid = false;
            foreach (var k in signedXml.KeyInfo)
            {
                var kv = k as RSAKeyValue;
                if (kv != null)
                {
                    var rsa = new RSACryptoServiceProvider();
                    var key = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
                    if (key == null || key.Length < 12)
                        return false;

                    // here is a trick: the public key in assembly file has a 12-byte header at the beginning.
                    // We strip it - and the remaining bytes can be now imported by RSACryptoServiceProvider class
                    var tmpKey = new byte[key.Length - 12];
                    Array.Copy(key, 12, tmpKey, 0, tmpKey.Length);
                    rsa.ImportCspBlob(tmpKey);
                    valid = signedXml.CheckSignature(rsa);
                    if (!valid)
                        break;
                    continue;
                }

                var ki = k as KeyInfoX509Data;
                if (ki != null)
                {
                    if (ki.Certificates == null)
                        valid = false;
                    else
                        foreach (X509Certificate2 cert in ki.Certificates)
                        {
                            // Verify that certificate is trusted for code signing
                            X509ChainPolicy pol = new X509ChainPolicy();
                            pol.RevocationMode = X509RevocationMode.NoCheck;
                            pol.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown | X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown | X509VerificationFlags.IgnoreRootRevocationUnknown;
                            pol.ApplicationPolicy.Add(new Oid("1.3.6.1.5.5.7.3.3"));

                            X509Chain chain = new X509Chain(true);
                            chain.ChainPolicy = pol;
                            if (chain.Build(cert))
                                valid = signedXml.CheckSignature(cert, true);
                            if (!valid)
                                break;
                        }
                    if (!valid)
                        break;
                    continue;
                }
            }
            return valid;
        }
Beispiel #29
0
        public  string SignXml(XDocument xml)
        {
          using (MemoryStream streamIn = new MemoryStream())
          {
            xml.Save(streamIn);
            streamIn.Position = 0;
          //  var rsaKey = (RSACryptoServiceProvider)_privateCertificate.PrivateKey; // Create rsa crypto provider from private key contained in certificate, weirdest cast ever!;



           // string sCertFileLocation = @"C:\plugins\idealtest\bin\Debug\certficate.pfx";
           // X509Certificate2 certificate = new X509Certificate2(sCertFileLocation, "D3M@ast3rsR0cks");
            RSA rsaKey = (RSACryptoServiceProvider)_privateCertificate.PrivateKey;

            XmlDocument xmlDoc = new XmlDocument();
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load(streamIn);

            SignedXml signedXml = new SignedXml(xmlDoc);
            signedXml.SigningKey = rsaKey;

            Reference reference = new Reference();
            reference.Uri = "";
            XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
            reference.AddTransform(env);
            signedXml.AddReference(reference);


            KeyInfo keyInfo = new KeyInfo();
            KeyInfoName kin = new KeyInfoName();
            kin.Value = _privateCertificate.Thumbprint;
            keyInfo.AddClause(kin);
            signedXml.KeyInfo = keyInfo;

            signedXml.ComputeSignature();
            XmlElement xmlDigitalSignature = signedXml.GetXml();
            xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));


            using (MemoryStream sout = new MemoryStream())
            {
              xmlDoc.Save(sout);
              sout.Position = 0;
              using (StreamReader reader = new StreamReader(sout))
              {
                string xmlOut = reader.ReadToEnd();
                return xmlOut;
              }
            }
          }

        }
Beispiel #30
0
        static void Main(string[] args)
        {
            X509Store store = new X509Store("MY", StoreLocation.LocalMachine);

            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
            var x509 = collection.Find(X509FindType.FindBySubjectName, "note-oberdan.pca.com.br", true);
            X509Certificate2 cert = x509[0];

            RSA rsa = (RSA)cert.PrivateKey;

            XmlDocument doc = new XmlDocument();

            doc.InnerXml = "<teste vl=\"1\"></teste>";


            SignedXml SignedDocument = new SignedXml();
            KeyInfo   keyInfo        = new KeyInfo();

            keyInfo.AddClause(new System.Security.Cryptography.Xml.KeyInfoX509Data(cert));
            SignedDocument = new System.Security.Cryptography.Xml.SignedXml(doc);

            //Seta chaves
            SignedDocument.SigningKey = rsa;
            SignedDocument.KeyInfo    = keyInfo;

            //Cria referencia
            Reference reference = new Reference();

            reference.Uri = String.Empty;

            //Adiciona transformacao a referencia
            reference.AddTransform(new
                                   System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform(new
                                   System.Security.Cryptography.Xml.XmlDsigC14NTransform(false));

            //Adiciona referencia ao xml
            SignedDocument.AddReference(reference);

            //Calcula Assinatura
            SignedDocument.ComputeSignature();

            //Pega representação da assinatura
            XmlElement xmlDigitalSignature = SignedDocument.GetXml();

            //Adiciona ao doc XML
            doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));

            doc.Save(@"C:\testes\ExemploAssinaturaXML\ExemploAssinaturaXML\xmlAssinado3.xml");
        }
Beispiel #31
0
        internal static XmlElement GetXmlDigitalSignature(XmlDocument doc, AsymmetricAlgorithm key) {
            if(IsDebugEnabled)
                log.Debug("암호화된 Xml 문서를 만듭니다...");

            var signedXml = new SignedXml(doc) { SigningKey = key };
            var reference = new Reference { Uri = string.Empty };

            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            signedXml.AddReference(reference);
            signedXml.ComputeSignature();

            return signedXml.GetXml();
        }
Beispiel #32
0
        /// <include file='doc\KeyInfo.uex' path='docs/doc[@for="KeyInfoX509Data.LoadXml"]/*' />
        public override void LoadXml(XmlElement element)
        {
            int iNumNodes = 0;

            // Guard against nulls
            if (element == null)
            {
                throw new ArgumentNullException("element");
            }

            XmlNodeList x509IssuerSerialNodes = element.GetElementsByTagName("X509IssuerSerial", SignedXml.XmlDsigNamespaceUrl);
            XmlNodeList x509SKINodes          = element.GetElementsByTagName("X509SKI", SignedXml.XmlDsigNamespaceUrl);
            XmlNodeList x509SubjectNameNodes  = element.GetElementsByTagName("X509SubjectName", SignedXml.XmlDsigNamespaceUrl);
            XmlNodeList x509CertificateNodes  = element.GetElementsByTagName("X509Certificate", SignedXml.XmlDsigNamespaceUrl);
            XmlNodeList x509CRLNodes          = element.GetElementsByTagName("X509CRL", SignedXml.XmlDsigNamespaceUrl);

            iNumNodes += x509IssuerSerialNodes.Count;
            iNumNodes += x509SKINodes.Count;
            iNumNodes += x509SubjectNameNodes.Count;
            iNumNodes += x509CertificateNodes.Count;

            if ((x509CRLNodes.Count != 0 && iNumNodes != 0) || (x509CRLNodes.Count == 0 && iNumNodes == 0))  // Bad X509Data tag, or Empty tag
            {
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "X509Data");
            }

            if (x509CRLNodes.Count > 1)
            {
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "X509Data");
            }

            // Flush anything in the lists
            Clear();

            if (x509CRLNodes.Count != 0)
            {
                m_CRL = Convert.FromBase64String(SignedXml.DiscardWhiteSpaces(x509CRLNodes.Item(0).InnerText));
                return;
            }

            if (x509IssuerSerialNodes != null)
            {
                foreach (XmlNode node in x509IssuerSerialNodes)
                {
                    XmlNodeList elem = ((XmlNode)node).ChildNodes;
                    if (elem == null || elem.Count < 2)
                    {
                        throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "X509IssuerSerial");
                    }
                    string strIssuerName   = null;
                    string strSerialNumber = null;
                    foreach (XmlNode node1 in elem)
                    {
                        if (node1.Name.Equals("X509IssuerName"))
                        {
                            strIssuerName = node1.InnerText;
                        }
                        if (node1.Name.Equals("X509SerialNumber"))
                        {
                            strSerialNumber = node1.InnerText;
                        }
                    }
                    AddIssuerSerial(strIssuerName, strSerialNumber);
                }
            }

            if (x509SKINodes != null)
            {
                foreach (XmlNode node in x509SKINodes)
                {
                    string strSKI = node.InnerText;
                    AddSubjectKeyId(Convert.FromBase64String(SignedXml.DiscardWhiteSpaces(strSKI)));
                }
            }

            if (x509SubjectNameNodes != null)
            {
                foreach (XmlNode node in x509SubjectNameNodes)
                {
                    AddSubjectName(node.InnerText);
                }
            }

            if (x509CertificateNodes != null)
            {
                foreach (XmlNode node in x509CertificateNodes)
                {
                    AddCertificate(new X509Certificate(Convert.FromBase64String(SignedXml.DiscardWhiteSpaces(node.InnerText))));
                }
            }
        }
Beispiel #33
0
        /// <include file='doc\Reference.uex' path='docs/doc[@for="Reference.LoadXml"]/*' />
        public void LoadXml(XmlElement value)
        {
            // Guard against nulls
            if (value == null)
            {
                throw new ArgumentNullException("value");
            }

            XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);

            nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            // cache the Xml
            m_cachedXml    = value;
            m_originalNode = value;

            m_strId   = value.GetAttribute("Id");
            m_strUri  = value.GetAttribute("URI");
            m_strType = value.GetAttribute("Type");

            // Transforms
            m_transformChain = new TransformChain();

            XmlNodeList transformsNodes = value.SelectNodes("ds:Transforms", nsm);

            if (transformsNodes.Count != 0)
            {
                XmlElement  transformsElement = (XmlElement)transformsNodes.Item(0);
                XmlNodeList transformNodes    = transformsElement.SelectNodes("ds:Transform", nsm);
                if (transformNodes.Count == 0)
                {
                    throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Transforms");
                }
                for (int i = 0; i < transformNodes.Count; ++i)
                {
                    XmlElement transformElement = (XmlElement)transformNodes.Item(i);
                    String     strAlgorithm     = transformElement.GetAttribute("Algorithm");
                    Transform  transform        = (Transform)CryptoConfig.CreateFromName(strAlgorithm);
                    if (transform == null)
                    {
                        throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_UnknownTransform"));
                    }
                    // Hack! this is done to get around the lack of here() function support in XPath
                    if (transform is XmlDsigEnvelopedSignatureTransform)
                    {
                        // Walk back to the Signature tag. Find the nearest signature ancestor
                        // Signature-->SignedInfo-->Reference-->Transforms-->Transform
                        XmlNode     signatureTag  = transformElement.SelectSingleNode("ancestor::ds:Signature[1]", nsm);
                        XmlNodeList signatureList = transformElement.SelectNodes("//ds:Signature", nsm);
                        if (signatureList != null)
                        {
                            int position = 0;
                            foreach (XmlNode node in signatureList)
                            {
                                position++;
                                if (node == signatureTag)
                                {
                                    ((XmlDsigEnvelopedSignatureTransform)transform).SignaturePosition = position;
                                    break;
                                }
                            }
                        }
                    }
                    // let the transform read the children of the transformElement for data
                    transform.LoadInnerXml(transformElement.ChildNodes);
                    AddTransform(transform);
                }
            }

            // DigestMethod
            XmlNodeList digestMethodNodes = value.SelectNodes("ds:DigestMethod", nsm);

            if (digestMethodNodes.Count == 0)
            {
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Reference/DigestMethod");
            }
            XmlElement digestMethodElement = (XmlElement)digestMethodNodes.Item(0);

            m_strDigestMethod = digestMethodElement.GetAttribute("Algorithm");

            // DigestValue
            XmlNodeList digestValueNodes = value.SelectNodes("ds:DigestValue", nsm);

            if (digestValueNodes.Count == 0)
            {
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidElement"), "Reference/DigestValue");
            }
            XmlElement digestValueElement = (XmlElement)digestValueNodes.Item(0);

            m_rgbDigestValue = Convert.FromBase64String(SignedXml.DiscardWhiteSpaces(digestValueElement.InnerText));
        }
Beispiel #34
0
        // What we want to do is pump the input throug the TransformChain and then
        // hash the output of the chain
        // document is the document context for resolving relative references
        internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
        {
            // refList is a list of elements that might be targets of references
            // Now's the time to create our hashing algorithm
            m_hashAlgorithm = (HashAlgorithm)CryptoConfig.CreateFromName(DigestMethod);
            if (m_hashAlgorithm == null)
            {
                throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_CreateHashAlgorithmFailed"));
            }

            string strBaseUri = (document == null ? null : document.BaseURI);
            // For interop w/ Petteri & IBM -- may not be required by the spec
            //if (m_transforms.Count == 0) {
            //if (DataObject != null && DataObject.Data != null) {
            //AddTransform(new W3cCanonicalization());
            //}
            //}

            // Let's go get the target.
            Stream      hashInputStream;
            WebRequest  theRequest  = null;
            WebResponse theResponse = null;
            Stream      inputStream = null;
            XmlResolver resolver    = null;

            switch (m_refTargetType)
            {
            case ReferenceTargetType.Stream:
                // This is the easiest case.  We already have a stream, so just pump it through
                // the TransformChain
                resolver        = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                hashInputStream = m_transformChain.TransformToOctetStream((Stream)m_refTarget, resolver, strBaseUri);
                break;

            case ReferenceTargetType.UriReference:
                // Second-easiest case -- dereference the URI & pump through the TransformChain
                // handle the special cases where the URI is null (meaning whole doc)
                // or the URI is just a fragment (meaning a reference to an embedded Object)
                if (m_strUri == "")
                {
                    // This is the self-referential case.
                    // The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process
                    // First, check that we have a document context.
                    if (document == null)
                    {
                        throw new CryptographicException(String.Format(SecurityResources.GetResourceString("Cryptography_Xml_SelfReferenceRequiresContext"), m_strUri));
                    }

                    // Normalize the containing document
                    resolver = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                    XmlDocument docWithNoComments = CanonicalXml.DiscardComments(SignedXml.PreProcessDocumentInput(document, resolver, strBaseUri));
                    hashInputStream = m_transformChain.TransformToOctetStream(docWithNoComments, resolver, strBaseUri);
                }
                else if (m_strUri[0] == '#')
                {
                    // If we get here, then we are constructing a Reference to an embedded DataObject
                    // referenced by an Id= attribute.  Go find the relevant object
                    String idref            = m_strUri.Substring(1);
                    bool   bDiscardComments = true;

                    // Deal with XPointer of types #xpointer(/) and #xpointer(id("ID")). Other XPointer support isn't handled here and is anyway optional
                    if (idref == "xpointer(/)")
                    {
                        // This is a self referencial case
                        if (document == null)
                        {
                            throw new CryptographicException(String.Format(SecurityResources.GetResourceString("Cryptography_Xml_SelfReferenceRequiresContext"), m_strUri));
                        }

                        // We should not discard comments here!!!
                        resolver        = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                        hashInputStream = m_transformChain.TransformToOctetStream(SignedXml.PreProcessDocumentInput(document, resolver, strBaseUri), resolver, strBaseUri);
                        goto end;
                    }
                    else if (idref.StartsWith("xpointer(id("))
                    {
                        int startId = idref.IndexOf("id(");
                        int endId   = idref.IndexOf(")");
                        if (endId < 0 || endId < startId + 3)
                        {
                            throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidReference"));
                        }
                        idref            = idref.Substring(startId + 3, endId - startId - 3);
                        idref            = idref.Replace("\'", "");
                        idref            = idref.Replace("\"", "");
                        bDiscardComments = false;
                    }

                    XmlElement elem = m_signedXml.GetIdElement(document, idref);

                    if (elem == null)
                    {
                        // Go throw the referenced items passed in
                        if (refList != null)
                        {
                            foreach (XmlNode node in refList)
                            {
                                XmlElement tempElem = node as XmlElement;
                                if ((tempElem != null) && (tempElem.HasAttribute("Id")) && (tempElem.GetAttribute("Id").Equals(idref)))
                                {
                                    elem = tempElem;
                                    break;
                                }
                            }
                        }
                    }

                    if (elem == null)
                    {
                        throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_InvalidReference"));
                    }

                    // Add the propagated attributes, clone the element first
                    XmlElement elemClone = elem.Clone() as XmlElement;
                    if (m_namespaces != null)
                    {
                        foreach (XmlNode attrib in m_namespaces)
                        {
                            string name = ((attrib.Prefix != String.Empty) ? attrib.Prefix + ":" + attrib.LocalName : attrib.LocalName);
                            // Skip the attribute if one with the same qualified name already exists
                            if (elemClone.HasAttribute(name) || (name.Equals("xmlns") && elemClone.NamespaceURI != String.Empty))
                            {
                                continue;
                            }
                            XmlAttribute nsattrib = (XmlAttribute)elemClone.OwnerDocument.CreateAttribute(name);
                            nsattrib.Value = attrib.Value;
                            elemClone.SetAttributeNode(nsattrib);
                        }
                    }

                    if (bDiscardComments)
                    {
                        // We should discard comments before going into the transform chain
                        resolver = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                        XmlDocument docWithNoComments = CanonicalXml.DiscardComments(SignedXml.PreProcessElementInput(elemClone, resolver, strBaseUri));
                        hashInputStream = m_transformChain.TransformToOctetStream(docWithNoComments, resolver, strBaseUri);
                    }
                    else
                    {
                        // This is an XPointer reference, do not discard comments!!!
                        resolver        = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                        hashInputStream = m_transformChain.TransformToOctetStream(SignedXml.PreProcessElementInput(elemClone, resolver, strBaseUri), resolver, strBaseUri);
                    }
                }
                else
                {
                    theRequest = WebRequest.Create(m_strUri);
                    if (theRequest == null)
                    {
                        goto default;
                    }
                    theResponse = theRequest.GetResponse();
                    if (theResponse == null)
                    {
                        goto default;
                    }
                    inputStream = theResponse.GetResponseStream();
                    if (inputStream == null)
                    {
                        goto default;
                    }
                    resolver        = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), m_strUri));
                    hashInputStream = m_transformChain.TransformToOctetStream(inputStream, resolver, m_strUri);
                }
                break;

            case ReferenceTargetType.XmlElement:
                // We need to create a DocumentNavigator out of the XmlElement
                resolver        = (m_signedXml.ResolverSet ? m_signedXml.m_xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), strBaseUri));
                hashInputStream = m_transformChain.TransformToOctetStream(SignedXml.PreProcessElementInput((XmlElement)m_refTarget, resolver, strBaseUri), resolver, strBaseUri);
                break;

            default:
                throw new CryptographicException();
            }

end:
            // Compute the new hash value
            byte[] hashval = m_hashAlgorithm.ComputeHash(hashInputStream);

            // Close the response to free resources, before returning
            if (theResponse != null)
            {
                theResponse.Close();
            }
            if (inputStream != null)
            {
                inputStream.Close();
            }

            return(hashval);
        }
Beispiel #35
0
        public void LoadXml(XmlElement value)
        {
            if (value is null)
            {
                throw new ArgumentNullException(nameof(value));
            }

            _id   = Utils.GetAttribute(value, "Id", SignedXml.XmlDsigNamespaceUrl);
            _uri  = Utils.GetAttribute(value, "URI", SignedXml.XmlDsigNamespaceUrl);
            _type = Utils.GetAttribute(value, "Type", SignedXml.XmlDsigNamespaceUrl);
            if (!Utils.VerifyAttributes(value, new string[] { "Id", "URI", "Type" }))
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference");
            }

            XmlNamespaceManager nsm = new XmlNamespaceManager(value.OwnerDocument.NameTable);

            nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

            // Transforms
            bool hasTransforms = false;

            TransformChain = new TransformChain();
            XmlNodeList transformsNodes = value.SelectNodes("ds:Transforms", nsm);

            if (transformsNodes != null && transformsNodes.Count != 0)
            {
                if (transformsNodes.Count > 1)
                {
                    throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
                }
                hasTransforms = true;
                XmlElement transformsElement = transformsNodes[0] as XmlElement;
                if (!Utils.VerifyAttributes(transformsElement, (string[])null))
                {
                    throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
                }
                XmlNodeList transformNodes = transformsElement.SelectNodes("ds:Transform", nsm);
                if (transformNodes != null)
                {
                    if (transformNodes.Count != transformsElement.SelectNodes("*").Count)
                    {
                        throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
                    }
                    if (transformNodes.Count > Utils.MaxTransformsPerReference)
                    {
                        throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/Transforms");
                    }
                    foreach (XmlNode transformNode in transformNodes)
                    {
                        XmlElement transformElement = transformNode as XmlElement;
                        string     algorithm        = Utils.GetAttribute(transformElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
                        if (algorithm == null || !Utils.VerifyAttributes(transformElement, "Algorithm"))
                        {
                            throw new CryptographicException(SR.Cryptography_Xml_UnknownTransform);
                        }
                        Transform transform = CryptoHelpers.CreateFromName <Transform>(algorithm);
                        if (transform == null)
                        {
                            throw new CryptographicException(SR.Cryptography_Xml_UnknownTransform);
                        }
                        AddTransform(transform);
                        // let the transform read the children of the transformElement for data
                        transform.LoadInnerXml(transformElement.ChildNodes);
                        // Hack! this is done to get around the lack of here() function support in XPath
                        if (transform is XmlDsigEnvelopedSignatureTransform &&
                            _uri != null && (_uri.Length == 0 || _uri[0] == '#'))
                        {
                            // Walk back to the Signature tag. Find the nearest signature ancestor
                            // Signature-->SignedInfo-->Reference-->Transforms-->Transform
                            XmlNode signatureTag = transformElement.SelectSingleNode("ancestor::ds:Signature[1]", nsm);

                            // Resolve the reference to get starting point for position calculation.
                            XmlNode referenceTarget =
                                _uri.Length == 0
                                ? transformElement.OwnerDocument
                                : SignedXml.GetIdElement(transformElement.OwnerDocument, Utils.GetIdFromLocalUri(_uri, out bool _));

                            XmlNodeList signatureList = referenceTarget?.SelectNodes(".//ds:Signature", nsm);
                            if (signatureList != null)
                            {
                                int position = 0;
                                foreach (XmlNode node in signatureList)
                                {
                                    position++;
                                    if (node == signatureTag)
                                    {
                                        ((XmlDsigEnvelopedSignatureTransform)transform).SignaturePosition = position;
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }

            // DigestMethod
            XmlNodeList digestMethodNodes = value.SelectNodes("ds:DigestMethod", nsm);

            if (digestMethodNodes == null || digestMethodNodes.Count == 0 || digestMethodNodes.Count > 1)
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestMethod");
            }
            XmlElement digestMethodElement = digestMethodNodes[0] as XmlElement;

            _digestMethod = Utils.GetAttribute(digestMethodElement, "Algorithm", SignedXml.XmlDsigNamespaceUrl);
            if (_digestMethod == null || !Utils.VerifyAttributes(digestMethodElement, "Algorithm"))
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestMethod");
            }


            // DigestValue
            XmlNodeList digestValueNodes = value.SelectNodes("ds:DigestValue", nsm);

            if (digestValueNodes == null || digestValueNodes.Count == 0 || digestValueNodes.Count > 1)
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestValue");
            }
            XmlElement digestValueElement = digestValueNodes[0] as XmlElement;

            _digestValue = Convert.FromBase64String(Utils.DiscardWhiteSpaces(digestValueElement.InnerText));
            if (!Utils.VerifyAttributes(digestValueElement, (string[])null))
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference/DigestValue");
            }
            // Verify that there aren't any extra nodes that aren't allowed
            int expectedChildNodeCount = hasTransforms ? 3 : 2;

            if (value.SelectNodes("*").Count != expectedChildNodeCount)
            {
                throw new CryptographicException(SR.Cryptography_Xml_InvalidElement, "Reference");
            }

            // cache the Xml
            _cachedXml = value;
        }
Beispiel #36
0
        // The goal behind this method is to pump the input stream through the transforms and get back something that
        // can be hashed
        internal Stream TransformToOctetStream(Object inputObject, Type inputType, XmlResolver resolver, string strBaseUri)
        {
            Object currentInput = inputObject;

            foreach (Object obj in m_transforms)
            {
                Transform transform = obj as Transform;
                if (transform.AcceptsType(currentInput.GetType()))
                {
                    //in this case, no translation necessary, pump it through
                    transform.Resolver = resolver;
                    transform.BaseURI  = strBaseUri;
                    transform.LoadInput(currentInput);
                    currentInput = transform.GetOutput();
                }
                else
                {
                    // We need translation
                    // For now, we just know about Stream->{XmlNodeList,XmlDocument} and {XmlNodeList,XmlDocument}->Stream
                    if (currentInput is Stream)
                    {
                        if (transform.AcceptsType(typeof(XmlDocument)))
                        {
                            XmlDocument doc = new XmlDocument();
                            doc.PreserveWhitespace = true;
                            XmlValidatingReader valReader = SignedXml.PreProcessStreamInput((Stream)currentInput, resolver, strBaseUri);
                            doc.Load(valReader);
                            transform.LoadInput(doc);
                            currentInput = transform.GetOutput();
                            continue;
                        }
                        else
                        {
                            throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_TransformIncorrectInputType"));
                        }
                    }
                    if (currentInput is XmlNodeList)
                    {
                        if (transform.AcceptsType(typeof(Stream)))
                        {
                            CanonicalXml c14n = new CanonicalXml((XmlNodeList)currentInput, false);
                            MemoryStream ms   = new MemoryStream(c14n.GetBytes());
                            transform.LoadInput((Stream)ms);
                            currentInput = transform.GetOutput();
                            continue;
                        }
                        else
                        {
                            throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_TransformIncorrectInputType"));
                        }
                    }
                    if (currentInput is XmlDocument)
                    {
                        if (transform.AcceptsType(typeof(Stream)))
                        {
                            CanonicalXml c14n = new CanonicalXml((XmlDocument)currentInput);
                            MemoryStream ms   = new MemoryStream(c14n.GetBytes());
                            transform.LoadInput((Stream)ms);
                            currentInput = transform.GetOutput();
                            continue;
                        }
                        else
                        {
                            throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_TransformIncorrectInputType"));
                        }
                    }
                    throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_TransformIncorrectInputType"));
                }
            }

            // Final processing, either we already have a stream or have to canonicalize
            if (currentInput is Stream)
            {
                return(currentInput as Stream);
            }
            if (currentInput is XmlNodeList)
            {
                CanonicalXml c14n = new CanonicalXml((XmlNodeList)currentInput, false);
                MemoryStream ms   = new MemoryStream(c14n.GetBytes());
                return(ms);
            }
            if (currentInput is XmlDocument)
            {
                CanonicalXml c14n = new CanonicalXml((XmlDocument)currentInput);
                MemoryStream ms   = new MemoryStream(c14n.GetBytes());
                return(ms);
            }
            throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_TransformIncorrectInputType"));
        }
Beispiel #37
0
        //
        // public virtual methods
        //

        // This describes how the application wants to associate id references to elements
        public virtual XmlElement GetIdElement(XmlDocument document, string idValue)
        {
            return(SignedXml.DefaultGetIdElement(document, idValue));
        }
Beispiel #38
0
        internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
        {
            // refList is a list of elements that might be targets of references
            // Now's the time to create our hashing algorithm
            _hashAlgorithm = CryptoHelpers.CreateFromName <HashAlgorithm>(_digestMethod);
            if (_hashAlgorithm == null)
            {
                throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);
            }

            // Let's go get the target.
            string      baseUri         = (document == null ? System.Environment.CurrentDirectory + "\\" : document.BaseURI);
            Stream      hashInputStream = null;
            WebResponse response        = null;
            Stream      inputStream     = null;
            XmlResolver resolver        = null;

            byte[] hashval = null;

            try
            {
                switch (_refTargetType)
                {
                case ReferenceTargetType.Stream:
                    // This is the easiest case. We already have a stream, so just pump it through the TransformChain
                    resolver        = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                    hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri);
                    break;

                case ReferenceTargetType.UriReference:
                    // Second-easiest case -- dereference the URI & pump through the TransformChain
                    // handle the special cases where the URI is null (meaning whole doc)
                    // or the URI is just a fragment (meaning a reference to an embedded Object)
                    if (_uri == null)
                    {
                        // We need to create a DocumentNavigator out of the XmlElement
                        resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                        // In the case of a Uri-less reference, we will simply pass null to the transform chain.
                        // The first transform in the chain is expected to know how to retrieve the data to hash.
                        hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri);
                    }
                    else if (_uri.Length == 0)
                    {
                        // This is the self-referential case. First, check that we have a document context.
                        // The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process
                        if (document == null)
                        {
                            throw new CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
                        }

                        // Normalize the containing document
                        resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                        XmlDocument docWithNoComments = Utils.DiscardComments(Utils.PreProcessDocumentInput(document, resolver, baseUri));
                        hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
                    }
                    else if (_uri[0] == '#')
                    {
                        // If we get here, then we are constructing a Reference to an embedded DataObject
                        // referenced by an Id = attribute. Go find the relevant object
                        bool   discardComments = true;
                        string idref           = Utils.GetIdFromLocalUri(_uri, out discardComments);
                        if (idref == "xpointer(/)")
                        {
                            // This is a self referencial case
                            if (document == null)
                            {
                                throw new CryptographicException(string.Format(CultureInfo.CurrentCulture, SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri));
                            }

                            // We should not discard comments here!!!
                            resolver        = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                            hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessDocumentInput(document, resolver, baseUri), resolver, baseUri);
                            break;
                        }

                        XmlElement elem = SignedXml.GetIdElement(document, idref);
                        if (elem != null)
                        {
                            _namespaces = Utils.GetPropagatedAttributes(elem.ParentNode as XmlElement);
                        }

                        if (elem == null)
                        {
                            // Go throw the referenced items passed in
                            if (refList != null)
                            {
                                foreach (XmlNode node in refList)
                                {
                                    XmlElement tempElem = node as XmlElement;
                                    if ((tempElem != null) && (Utils.HasAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl)) &&
                                        (Utils.GetAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl).Equals(idref)))
                                    {
                                        elem = tempElem;
                                        if (_signedXml._context != null)
                                        {
                                            _namespaces = Utils.GetPropagatedAttributes(_signedXml._context);
                                        }
                                        break;
                                    }
                                }
                            }
                        }

                        if (elem == null)
                        {
                            throw new CryptographicException(SR.Cryptography_Xml_InvalidReference);
                        }

                        XmlDocument normDocument = Utils.PreProcessElementInput(elem, resolver, baseUri);
                        // Add the propagated attributes
                        Utils.AddNamespaces(normDocument.DocumentElement, _namespaces);

                        resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                        if (discardComments)
                        {
                            // We should discard comments before going into the transform chain
                            XmlDocument docWithNoComments = Utils.DiscardComments(normDocument);
                            hashInputStream = TransformChain.TransformToOctetStream(docWithNoComments, resolver, baseUri);
                        }
                        else
                        {
                            // This is an XPointer reference, do not discard comments!!!
                            hashInputStream = TransformChain.TransformToOctetStream(normDocument, resolver, baseUri);
                        }
                    }
                    else
                    {
                        throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
                    }
                    break;

                case ReferenceTargetType.XmlElement:
                    // We need to create a DocumentNavigator out of the XmlElement
                    resolver        = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri));
                    hashInputStream = TransformChain.TransformToOctetStream(Utils.PreProcessElementInput((XmlElement)_refTarget, resolver, baseUri), resolver, baseUri);
                    break;

                default:
                    throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri);
                }

                // Compute the new hash value
                hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream);
                hashval         = _hashAlgorithm.ComputeHash(hashInputStream);
            }
            finally
            {
                if (hashInputStream != null)
                {
                    hashInputStream.Close();
                }
                if (response != null)
                {
                    response.Close();
                }
                if (inputStream != null)
                {
                    inputStream.Close();
                }
            }

            return(hashval);
        }
        /// <summary>
        ///     Log that an X509 chain is being built for a certificate
        /// </summary>
        /// <param name="signedXml">SignedXml object building the chain</param>
        /// <param name="chain">chain built for the certificate</param>
        /// <param name="certificate">certificate having the chain built for it</param>
        internal static void LogVerifyX509Chain(SignedXml signedXml, X509Chain chain, X509Certificate certificate)
        {
            Debug.Assert(signedXml != null, "signedXml != null");
            Debug.Assert(certificate != null, "certificate != null");
            Debug.Assert(chain != null, "chain != null");

            if (InformationLoggingEnabled)
            {
                string buildMessage = SR.Format(CultureInfo.InvariantCulture,
                                                SR.Log_BuildX509Chain,
                                                GetKeyName(certificate));
                WriteLine(signedXml,
                          TraceEventType.Information,
                          SignedXmlDebugEvent.X509Verification,
                          buildMessage);
            }

            if (VerboseLoggingEnabled)
            {
                // Dump out the flags and other miscelanious information used for building
                string revocationMode = SR.Format(CultureInfo.InvariantCulture,
                                                  SR.Log_RevocationMode,
                                                  chain.ChainPolicy.RevocationFlag);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, revocationMode);

                string revocationFlag = SR.Format(CultureInfo.InvariantCulture,
                                                  SR.Log_RevocationFlag,
                                                  chain.ChainPolicy.RevocationFlag);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, revocationFlag);

                string verificationFlags = SR.Format(CultureInfo.InvariantCulture,
                                                     SR.Log_VerificationFlag,
                                                     chain.ChainPolicy.VerificationFlags);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, verificationFlags);

                string verificationTime = SR.Format(CultureInfo.InvariantCulture,
                                                    SR.Log_VerificationTime,
                                                    chain.ChainPolicy.VerificationTime);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, verificationTime);

                string urlTimeout = SR.Format(CultureInfo.InvariantCulture,
                                              SR.Log_UrlTimeout,
                                              chain.ChainPolicy.UrlRetrievalTimeout);
                WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.X509Verification, urlTimeout);
            }

            // If there were any errors in the chain, make sure to dump those out
            if (InformationLoggingEnabled)
            {
                foreach (X509ChainStatus status in chain.ChainStatus)
                {
                    if (status.Status != X509ChainStatusFlags.NoError)
                    {
                        string logMessage = SR.Format(CultureInfo.InvariantCulture,
                                                      SR.Log_X509ChainError,
                                                      status.Status,
                                                      status.StatusInformation);

                        WriteLine(signedXml,
                                  TraceEventType.Information,
                                  SignedXmlDebugEvent.X509Verification,
                                  logMessage);
                    }
                }
            }

            // Finally, dump out the chain itself
            if (VerboseLoggingEnabled)
            {
                StringBuilder chainElements = new StringBuilder();
                chainElements.Append(SR.Log_CertificateChain);

                foreach (X509ChainElement element in chain.ChainElements)
                {
                    chainElements.AppendFormat(CultureInfo.InvariantCulture, " {0}", GetKeyName(element.Certificate));
                }

                WriteLine(signedXml,
                          TraceEventType.Verbose,
                          SignedXmlDebugEvent.X509Verification,
                          chainElements.ToString());
            }
        }