/// <summary>
/// This constructor should be used when signing SOAP messages.
/// Create a new Reference instance with the input parameters initilaized to member variables.
/// </summary>
/// <param name="referenceURI">uri for the reference</param>
/// <param name="transformerInstanceDefinitions">
/// a ordered list of keys that identify transformers to use</param>
/// <param name="digesterInstanceDefinition">
/// a single digester instance definition used to fetch/create a corresponding digester</param>
/// <param name="soapRefLoader">The SOAPMessageReferenceLoader to use for loading the data of soapMessage
/// </param>
public Reference(string referenceURI, IList <InstantiationVO> transformerInstanceDefinitions,
InstantiationVO digesterInstanceDefinition, IReferenceLoader soapRefLoader) : this(referenceURI,
transformerInstanceDefinitions, digesterInstanceDefinition, "soap")
{
ExceptionHelper.ValidateNotNull(soapRefLoader, "soapRefLoader");
this.soapRefLoader = soapRefLoader;
}
public void TearDown()
{
uri = null;
transformers = null;
digester = null;
protocol = null;
}
public void TestVerifySignatureFailure1()
{
//First sign
sm = new SignatureManager();
XmlNode signed = sm.Sign(references, c14nIVO, signerIVO, "myFirstSign");
//get the SignatureValue
XmlNode sigValueNode = signed.SelectSingleNode("SignatureValue");
string signature = sigValueNode.InnerXml;
//Tamper it.
signature = signature.ToUpper();
signed.SelectSingleNode("SignatureValue").InnerXml = signature;
//Now verify the XmlSignature using the VerifySignature method exposed by the SignatureManager class
IDictionary <string, object> keyInfoProviderParams = new Dictionary <string, object>();
//Note here the use of false only exports the public key to the DSA parameters
DSAParameters verificationDSAParams = dsa.ExportParameters(false);
//Set the Public Key of the KeyInfoProvider class
keyInfoProviderParams.Add("PublicKey", verificationDSAParams);
//Create Instantiation VO for KeyInfoProvider
InstantiationVO keyInfoProvider = new InstantiationVO("testKeyInfoProvider", keyInfoProviderParams);
//Verify
sm.VerifySignature(signed, keyInfoProvider);
}
public void TestVerifySignatureFailure2()
{
//First sign
sm = new SignatureManager();
XmlNode signed = sm.Sign(references, c14nIVO, signerIVO, "myFirstSign");
XmlNamespaceManager nsMgr = new XmlNamespaceManager(signed.OwnerDocument.NameTable);
nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
//get the Digest value
XmlNode digValueNode = signed.SelectSingleNode("ds:SignedInfo/ds:Reference/ds:DigestValue", nsMgr);
string digest = digValueNode.InnerXml;
//Tamper it.
digest = digest.ToUpper();
signed.SelectSingleNode("ds:SignedInfo/ds:Reference/ds:DigestValue", nsMgr).InnerXml = digest;
//Now verify the XmlSignature using the VerifySignature method exposed by the SignatureManager class
IDictionary <string, object> keyInfoProviderParams = new Dictionary <string, object>();
//Note here the use of false only exports the public key to the DSA parameters
DSAParameters verificationDSAParams = dsa.ExportParameters(false);
//Set the Public Key of the KeyInfoProvider class
keyInfoProviderParams.Add("PublicKey", verificationDSAParams);
//Create Instantiation VO for KeyInfoProvider
InstantiationVO keyInfoProvider = new InstantiationVO("testKeyInfoProvider", keyInfoProviderParams);
//Verify
sm.VerifySignature(signed, keyInfoProvider);
}
public void SetUp()
{
//Setup References
transformersList1 = new List <InstantiationVO>();
digester1 = new InstantiationVO("http://www.w3.org/2000/09/xmldsig#sha256",
new Dictionary <string, object>());
reference1 = new Reference("http://www.topcoder.com", transformersList1, digester1, "http");
references = new List <IReference>();
references.Add(reference1);
//Setup Canonicalizer
c14nParams = new Dictionary <string, object>();
c14nIVO = new InstantiationVO("http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
c14nParams);
//Setup Signers
dsa = new DSACryptoServiceProvider();
dsaParams = dsa.ExportParameters(true);
signerParams = new Dictionary <string, object>();
signerParams.Add("DSAKeyInfo", dsaParams);
signerIVO = new InstantiationVO(dsa.SignatureAlgorithm, signerParams);
//Setup main digester
digesterMain = new InstantiationVO("http://www.w3.org/2000/09/xmldsig#sha256",
new Dictionary <string, object>());
}
public void SetUp()
{
dic = new Dictionary <string, object>();
short aShortVal = 10;
dic.Add("abcd", aShortVal);
ivo = new InstantiationVO("key", dic);
}
/// <summary>
/// <p><strong>Purpose:</strong></p> <p>This method processes the references and creates the digital signature
/// of the contents, and returns the whole XML Node of the signed contents. It produces an XmlNode
/// of type signature.</p>
/// <p>Note: Current implementation does not create a KeyInfoNode</p>
/// </summary>
/// <param name="references">references that we will be signing</param>
/// <param name="canonicalizer">the specific canonicalizer to use</param>
/// <param name="signer">the specific signer to use</param>
/// <param name="signID">Signature id</param>
/// <returns>Xml Node with digitally signed representation of the data</returns>
/// <exception cref="ArgumentNullException">if any element is null</exception>
/// <exception cref="SignatureManagerException">any internal exception thrown in this function
/// is wrapped up as SignatureManagerException</exception>
public XmlNode Sign(IList <IReference> references, InstantiationVO canonicalizer, InstantiationVO signer,
string signID)
{
//Validate not null
ExceptionHelper.ValidateNotNull(references, "references");
ExceptionHelper.ValidateNotNull(canonicalizer, "canonicalizer");
ExceptionHelper.ValidateNotNull(signer, "signer");
ExceptionHelper.ValidateNotNull(signID, "signID");
XmlDocument doc = new XmlDocument();
try
{
//Create Signature node
XmlNode signatureNode = doc.CreateNode(XmlNodeType.Element, "Signature", null);
//Create SignedInfo Node
XmlNode signedInfoNode = CreateSignedInfoNode(doc, canonicalizer, signer, references);
//Add an attribute representing default namespace to SignedInfo node
//since the two have the exact literal format
((XmlElement)signedInfoNode).SetAttribute("xmlns", DEF_XMLDSIG_NS);
//Get Canonicalizer and canonicalize
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonicalizer.Key,
canonicalizer.Params);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Add SignedInfo node to Signature node
signatureNode.InnerXml += canonicalized;
//Get Signer Instance, sign, assign to signatureValue node
ISigner signerInst = registry.GetSignerInstance(signer.Key, signer.Params);
string signed = signerInst.Sign(Encoding.UTF8.GetBytes(canonicalized));
XmlNode signValueNode = CreateSignatureValue(doc, signed);
//Append signatureValue to Signature node
signatureNode.InnerXml += signValueNode.OuterXml;
//Add an attribute representing default namespace to Signature node
XmlAttribute defNs = doc.CreateAttribute("xmlns");
defNs.Value = DEF_XMLDSIG_NS;
signatureNode.Attributes.Append(defNs);
//Add Id attribute to Signature node
XmlAttribute idAttr = doc.CreateAttribute("Id");
idAttr.Value = signID;
signatureNode.Attributes.Append(idAttr);
//Let default namespace takes effect
doc.LoadXml(signatureNode.OuterXml);
return(doc.DocumentElement);
}
catch (Exception ex)
{
throw new SignatureManagerException(SIGN_MAN_EXCP_MSG, ex);
}
}
public void SetUp()
{
uri = "http://www.topcoder.com";
transformers = new List <InstantiationVO>();
digester = new InstantiationVO("http://www.w3.org/2000/09/xmldsig#sha1",
new Dictionary <string, object>());
protocol = "http";
refer = new Reference(uri, transformers, digester, protocol);
}
public void TearDown()
{
sm = null;
transformersList1 = null;
digester1 = null;
reference1 = null;
references = null;
c14nParams = null;
c14nIVO = null;
dsa = null;
signerParams = null;
signerIVO = null;
digesterMain = null;
}
public void TheDemo()
{
//Setup References
IList <InstantiationVO> transformersList1 = new List <InstantiationVO>();
InstantiationVO digester1 = new InstantiationVO("http://www.w3.org/2000/09/xmldsig#sha1",
new Dictionary <string, object>());
IReference reference1 = new Reference("http://www.google.com", transformersList1, digester1, "http");
IList <IReference> references = new List <IReference>();
references.Add(reference1);
//Setup Canonicalizer
IDictionary <string, object> c14nParams = new Dictionary <string, object>();
InstantiationVO c14nIVO = new InstantiationVO("http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
c14nParams);
//Setup Signers
DSACryptoServiceProvider dsa = new DSACryptoServiceProvider();
DSAParameters dsaParams = dsa.ExportParameters(true);
IDictionary <string, object> signerParams = new Dictionary <string, object>();
signerParams.Add("DSAKeyInfo", dsaParams);
InstantiationVO signerIVO = new InstantiationVO("xml:dig:signer:rsa-dsa",
signerParams);
//Setup main digester
InstantiationVO digesterMain = new InstantiationVO("http://www.w3.org/2000/09/xmldsig#sha1",
new Dictionary <string, object>());
SignatureManager sm = new SignatureManager();
//Sign the references
XmlNode signed = sm.Sign(references, c14nIVO, signerIVO, "myFirstSign");
//Now verify the XmlSignature using the VerifySignature method exposed by the SignatureManager class
IDictionary <string, object> keyInfoProviderParams = new Dictionary <string, object>();
//Note here the use of false only exports the public key to the DSA parameters
DSAParameters verificationDSAParams = dsa.ExportParameters(false);
//Set the Public Key of the KeyInfoProvider class
keyInfoProviderParams.Add("PublicKey", verificationDSAParams);
//Create Instantiation VO for KeyInfoProvider
InstantiationVO keyInfoProvider = new InstantiationVO("testKeyInfoProvider", keyInfoProviderParams);
//Verify
sm.VerifySignature(signed, keyInfoProvider);
}
/// <summary>
/// <p>Create a new Reference instance with the input parameters initilaized to member variables.</p>
/// <para> This constructor should not be used when signing SOAP messages.</para>
/// </summary>
/// <exception cref="ArgumentNullException">if any argument is null</exception>
/// <exception cref="ArgumentException">
/// if the referenceURI or digesterKey are empty. Also transformerInstanceDefinitions list can
/// be empty but when not empty it must contain valid non-null/non-empty strings
/// </exception>
/// <param name="referenceURI">uri for the reference</param>
/// <param name="transformerInstanceDefinitions">
/// a ordered list of keys that identify transformers to use
/// </param>
/// <param name="digesterInstanceDefinition">
/// a single digester instance definition used to fetch/create a corresponding digester
/// </param>
/// <param name="protocol">The protocol to use for loading the reference</param>
public Reference(string referenceURI, IList <InstantiationVO> transformerInstanceDefinitions,
InstantiationVO digesterInstanceDefinition, string protocol)
{
//Check for Null and Check for empty strings
ExceptionHelper.ValidateNotNull(transformerInstanceDefinitions, "transformerInstanceDefinitions");
ExceptionHelper.ValidateNotNull(digesterInstanceDefinition, "digesterInstanceDefinition");
ExceptionHelper.ValidateStringNotNullNotEmpty(protocol, "protocol");
ExceptionHelper.ValidateStringNotNullNotEmpty(referenceURI, "referenceURI");
this.referenceURI = referenceURI;
this.transformerInstanceDefinitions = transformerInstanceDefinitions;
this.digesterInstanceDefinition = digesterInstanceDefinition;
this.protocol = protocol;
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
// we use namespace manager since <Signature> has default namespace
XmlNamespaceManager nsMgr = new XmlNamespaceManager(node.OwnerDocument.NameTable);
nsMgr.AddNamespace("ds", DEF_XMLDSIG_NS);
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("ds:SignedInfo", nsMgr);
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("ds:CanonicalizationMethod", nsMgr);
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("ds:SignedInfo/ds:SignatureMethod", nsMgr);
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("ds:SignedInfo/ds:Reference", nsMgr);
VerifyReferences(list, null);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
/// <summary>
/// <p>Process the Signature node and verify the digital signatire of the contents.</p>
/// </summary>
/// <exception cref="VerificationException">if something went wrong during verification</exception>
/// <exception cref="VerificationFailedException">if the signature is invalid</exception>
/// <exception cref="ArgumentNullException">If any input parameter is null</exception>
/// <param name="node">xml node with digital signature to be verified</param>
/// <param name="keyInfoProvider">The key information for verifying the signature</param>
/// <param name="soapRefLoader">SoapMessageRefernceLoader instance if the Signature was used on a
/// SoapMessage. Should not be null incase of verification of soapMessage.
/// Can be null if verification is of a web reference.
/// </param>
///
/// <example>
/// <para>If Signature node to be verified contains all non soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// sm.VerifySignature(node, keyInfoProvider, null);
/// </code>
/// </para>
/// <para>If Signature node to be verified contains soap references
/// <code>
/// SignatureManager sm = new SignatureManager();
/// SoapMessageReferenceLoader smrl = new SoapMessageRefernceLoader(theSoapMessage);
/// sm.VerifySignature(node, keyInfoProvider, smrl);
/// </code>
/// Here theSoapMessage is the soap message that was signed.
/// </para>
/// For more information see the demo in CS and in test cases.
/// </example>
public void VerifySignature(XmlNode node, InstantiationVO keyInfoProvider, IReferenceLoader soapRefLoader)
{
//Validate not null
ExceptionHelper.ValidateNotNull(node, "node");
ExceptionHelper.ValidateNotNull(keyInfoProvider, "keyInfoProvider");
try
{
//Get SignedInfo node
XmlNode signedInfoNode = node.SelectSingleNode("SignedInfo");
//Get CanonicalizationNode
XmlNode canonNode = signedInfoNode.SelectSingleNode("CanonicalizationMethod");
string canonMethod = canonNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Canonicalization instance
ICanonicalizer canonInst = registry.GetCanonicalizerInstance(canonMethod, emptyDic);
string canonicalized = canonInst.BringToCanonicalForm(signedInfoNode.OuterXml);
//Get Signing Algo
XmlNode signAlgoNode = node.SelectSingleNode("SignedInfo/SignatureMethod");
string signingAlgo = signAlgoNode.Attributes.GetNamedItem("Algorithm").Value;
//Get Signer instance using the Signature mEthos Algorithm attribute value
ISigner signer = registry.GetSignerInstance(signingAlgo, emptyDic);
//Get keyInfoProvider instance
IKeyInfoProvider keyInfoProviderInst = registry.GetKeyInfoProviderInstance(keyInfoProvider.Key,
keyInfoProvider.Params);
//Verify the sign
signer.Verify(canonicalized, keyInfoProviderInst, node);
//Now proceed to check all references
XmlNodeList list = node.SelectNodes("SignedInfo/Reference");
VerifyReferences(list, soapRefLoader);
}
catch (VerificationFailedException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new VerificationException(VERIF_EXCP_MSG, ex);
}
}
public void TestVerifySignature()
{
//First sign
sm = new SignatureManager(SHA256Namespace);
XmlNode signed = sm.Sign(references, c14nIVO, signerIVO, "myFirstSign");
//Now verify the XmlSignature using the VerifySignature method exposed by the SignatureManager class
IDictionary <string, object> keyInfoProviderParams = new Dictionary <string, object>();
//Note here the use of false only exports the public key to the DSA parameters
DSAParameters verificationDSAParams = dsa.ExportParameters(false);
//Set the Public Key of the KeyInfoProvider class
keyInfoProviderParams.Add("PublicKey", verificationDSAParams);
//Create Instantiation VO for KeyInfoProvider
InstantiationVO keyInfoProvider = new InstantiationVO("testKeyInfoProvider", keyInfoProviderParams);
//Verify. Note that if no exception is thrown here then verification was successful.
//No assert would be required.
sm.VerifySignature(signed, keyInfoProvider);
}
public void TestVerifySignatureFailure3()
{
//First sign
sm = new SignatureManager();
XmlNode signed = sm.Sign(references, c14nIVO, signerIVO, "myFirstSign");
//Now verify the XmlSignature using the VerifySignature method exposed by the SignatureManager class
IDictionary <string, object> keyInfoProviderParams = new Dictionary <string, object>();
//Note here the use of false only exports the public key to the DSA parameters
//Note that new instance of DSACryptoServiceProvider creates a different public key than
//the one that was used for signing
DSACryptoServiceProvider dsa1 = new DSACryptoServiceProvider();
DSAParameters verificationDSAParams = dsa1.ExportParameters(false);
//Set the Public Key of the KeyInfoProvider class
keyInfoProviderParams.Add("PublicKey", verificationDSAParams);
//Create Instantiation VO for KeyInfoProvider
InstantiationVO keyInfoProvider = new InstantiationVO("testKeyInfoProvider", keyInfoProviderParams);
//Verify
sm.VerifySignature(signed, keyInfoProvider);
}
public void ConstructorTestFail1()
{
ivo = new InstantiationVO((string)null, dic);
}
/// <summary>
/// Creates SignedInfo node according to Xml spec at http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
/// </summary>
/// <param name="doc">XmlDocument used to create new attribute and nodes</param>
/// <param name="canonicalizer">InstantiationVO containing the instance and
/// property values of the canonicalizer to load</param>
/// <param name="signer">InstantiationVO containing the instance and property
/// values of the signer to load</param>
/// <param name="references">List of references to sign</param>
/// <returns>SignedInfo node according to Xml spec at http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
/// </returns>
private XmlNode CreateSignedInfoNode(XmlDocument doc, InstantiationVO canonicalizer, InstantiationVO signer,
IList <IReference> references)
{
//Create SignedInfo node
XmlNode signedInfoNode = doc.CreateNode(XmlNodeType.Element, "SignedInfo", null);
//Create CanonicalizationMethod node and add it to SignedInfo node
XmlNode canonMethodNode = CreateCanonicalizationMethodNode(doc, canonicalizer.Key);
signedInfoNode.InnerXml += canonMethodNode.OuterXml;
//Create SignatureMethod node and add it to SignedInfo node
XmlNode signMethodNode = CreateSignatureMethod(doc, signer.Key);
signedInfoNode.InnerXml += signMethodNode.OuterXml;
//Process all the references
foreach (IReference reference in references)
{
//Get instance of reference loader.
IReferenceLoader referenceLoader = null;
switch (reference.Protocol)
{
case "http":
referenceLoader = registry.GetReferenceLoaderInstance("http", emptyDic);
break;
case "soap":
referenceLoader = reference.SoapRefLoader;
break;
}
//Load reference data using the reference loader.
byte[] uriData = referenceLoader.LoadReferenceData(reference.ReferenceURI);
XmlNode dummyNode = doc.CreateElement("dummy");
//Apply Transforms if necessary
if (reference.TransformerInstanceDefinitions.Count > 0)
{
//Create Transforms node
XmlNode transformsNode = doc.CreateNode(XmlNodeType.Element, "Transforms", null);
foreach (InstantiationVO transfInstVO in reference.TransformerInstanceDefinitions)
{
//Get Transformer instance
ITransformer transfInst =
registry.GetTransformerInstance(transfInstVO.Key, transfInstVO.Params);
//Create Transform node and add Algorithm attribute
XmlNode transformNode = doc.CreateNode(XmlNodeType.Element, "Transform", null);
XmlAttribute attr = doc.CreateAttribute("Algorithm");
attr.Value = transfInstVO.Key;
transformNode.Attributes.Append(attr);
//Add Transform node to Transforms node
transformsNode.InnerXml += transformNode.OuterXml;
//Do the transform
uriData = transfInst.Transform(uriData);
}
//Add Transforms node to the dummy node
dummyNode.InnerXml += transformsNode.OuterXml;
}
//Get instance of digester
IDigester digester = registry.GetDigesterInstance(reference.DigesterInstanceDefinition.Key,
reference.DigesterInstanceDefinition.Params);
//Produce a digest for the reference data bytes
byte[] digestedData = digester.Digest(uriData);
//Create Reference node with appropriate data set
XmlNode refNode = CreateReferenceNode(doc, Convert.ToBase64String(digestedData),
reference.ReferenceURI, reference.DigesterInstanceDefinition.Key);
//Add Transforms node to the dummy node
refNode.InnerXml = dummyNode.InnerXml + refNode.InnerXml;
//Add reference node to SignedInfo node
signedInfoNode.InnerXml += refNode.OuterXml;
}
return(signedInfoNode);
}
public void ConstructorTestFail5()
{
dic.Add("abcdef", (string)null);
ivo = new InstantiationVO("abcd", dic);
}
public void ConstructorTestFail4()
{
dic.Add(" ", "abcdef");
ivo = new InstantiationVO("abcd", dic);
}
public void ConstructorTestFail3()
{
ivo = new InstantiationVO("abcd", (IDictionary <string, object>)null);
}
public void ConstructorTestFail2()
{
ivo = new InstantiationVO(" ", dic);
}
public void TestSignFail3()
{
sm = new SignatureManager();
signerIVO = new InstantiationVO("nonExistantSignerKey", signerParams);
sm.Sign(references, c14nIVO, signerIVO, "myId");
}
public void TearDown()
{
dic = null;
ivo = null;
}
